Old MS Alerts [Archive] - Safer Networking Forums

AplusWebMaster

2007-10-10, 01:38

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms07-oct.mspx
Published: October 9, 2007
"This bulletin summary lists security bulletins released for October 2007...

Critical (4)

Microsoft Security Bulletin MS07-055
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)
- http://www.microsoft.com/technet/security/bulletin/ms07-055.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Windows...

Microsoft Security Bulletin MS07-056
Security Update for Outlook Express and Windows Mail (941202)
- http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Windows, Outlook Express, Windows Mail...

Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)
- http://www.microsoft.com/technet/security/bulletin/ms07-057.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Windows, Internet Explorer...

Microsoft Security Bulletin MS07-060
Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)
- http://www.microsoft.com/technet/security/bulletin/ms07-060.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Office...

Important (2)

Microsoft Security Bulletin MS07-058
Vulnerability in RPC Could Allow Denial of Service (933729)
- http://www.microsoft.com/technet/security/bulletin/ms07-058.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service
Affected Software: Windows...

Microsoft Security Bulletin MS07-059
Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)
- http://www.microsoft.com/technet/security/bulletin/ms07-059.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Windows, Office...

------------------------------------------------------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=3480

==========================================

- http://blogs.technet.com/msrc/archive/2007/10/09/october-2007-monthly-release.aspx
"...Microsoft also re-released bulletin MS05-004*. This re-release updates detection includes Server 2003 Service Pack 2 and Vista as affected platforms. There were no changes to the update binaries, so if you have already successfully installed this update, you do not need to reinstall it..."

Microsoft Security Bulletin MS05-004
ASP.NET Path Validation Vulnerability (887219)
* http://www.microsoft.com/technet/security/Bulletin/MS05-004.mspx
Revisions:
• V1.0 (February 8, 2005): Bulletin published
• V1.1 (February 15, 2005): Bulletin updated to include Knowledge Base Article numbers for each individual download under Affected Products.
• V1.2 (March 16, 2005): Bulletin “Caveats” section has been updated to document known issues that customers may experience when installing the available security updates.
• V2.0 (June 14, 2005): Bulletin updated to announce the availability of an updated package for .NET Framework 1.0 Service Pack 3 for the following operating system versions: (887998) Windows XP Tablet PC Edition and Windows XP Media Center Edition.
• V3.0 (August 8, 2006): Bulletin updated to reflect the addition of Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 x64 Edition for .NET Framework 1.1 Service Pack 1 under “Affected Software” for “Microsoft .NET Framework 1.1”.
• V4.0 (October 9, 2007): Bulletin updated as Windows Server 2003 Service Pack 2 and Windows Vista have been added to the “Affected Software” sections for .NET Framework 1.0 Service Pack 3 KB886906 and .NET Framework 1.1 Service Pack 1 KB886903.

.

AplusWebMaster

2007-10-12, 01:31

FYI...

Microsoft Security Advisory (943521)
URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/943521.mspx
Published: October 10, 2007
"Microsoft is investigating public reports of a remote code execution vulnerability in supported editions of Windows XP and Windows Server 2003 with Windows Internet Explorer 7 installed. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. Microsoft is investigating the public reports.
• This vulnerability does not affect Windows Vista or any supported editions of Windows where Internet Explorer 7 is not installed..."

MSRC blog
> http://preview.tinyurl.com/yoadp8
October 10, 2007
--------------------

> http://www.microsoft.com/technet/security/advisory/943521.mspx
Updated: November 13, 2007 - "...We have issued MS07-061* to address this issue..."
* http://www.microsoft.com/technet/security/bulletin/MS07-061.mspx

.

AplusWebMaster

2007-10-12, 01:32

FYI...

- http://preview.tinyurl.com/2q4xop
October 11, 2007 (Computerworld) - Security researchers spotted an attack yesterday that exploits a vulnerability in Microsoft Word patched just the day before. On Wednesday, Symantec Corp. reported it had obtained a suspicious Word document that crashed every version of the application except the newest, Word 2007, when opened. After it examined the document, Symantec found that the document included shell code and three pieces of malware. Among its more surprising findings: Symantec found that the document had been created with the edition of Word included with Office for Mac 2004. On Tuesday, Microsoft Corp. issued a patch that closed a critical vulnerability in multiple editions of the popular word processor, including Word 2000, Word XP and Word for the Mac. Symantec put the two together. "Taking a closer look at that vulnerability, we confirmed that this document was in fact exploiting the same vulnerability"... Updates to the Windows versions of Word can be obtained via Microsoft Update or Office Update..."

- http://preview.tinyurl.com/2saysc
October 10, 2007 (Symantec Security Response Weblog)

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3899

> http://cwe.mitre.org/data/definitions/94.html

:fear:

AplusWebMaster

2007-10-26, 15:36

FYI...

- http://preview.tinyurl.com/27znt2
October 16, 2007 (Computerworld) - "For the second time in a month, Microsoft Corp. has had to defend Windows Update against charges that it upgraded machines without users' permission. So far, it has no explanation for the newest instance of unauthorized updating..."

- https://windowssecrets.com/2007/10/25/03-PC-rebooting-The-cause-may-be-MS-OneCare
October 25, 2007 - "...My finding is that Windows Live OneCare silently changes the AU settings. This explains at least some of the complaints that have been reported so far. Users could have installed OneCare — even a free-trial version — at any time in the recent past and been unaware of any changes until Automatic Updates forced a reboot in the wee hours..."

- http://support.microsoft.com/kb/943144/en-us
Last Review: October 26, 2007
Revision: 2.2

AplusWebMaster

2007-10-26, 15:48

FYI...

URL Update to IE URL Handling Vuln
- http://isc.sans.org/diary.php?storyid=3547
Last Updated: 2007-10-26 02:05:06 UTC - "Earlier this month, Microsoft published KB943521. This article acknowledged that third party software had to validate URLs before passing them to Internet Explorer, as Internet Explorer will not validate them. Today, Microsoft published an update to the advisory, suggesting limited exploitation of this vulnerability.
Microsoft does not appear to plan to fix the issue in Internet Explorer. Instead, it asks vendors releasing tools that pass URLs to Internet Explorer to validate them...

Links:

http://www.microsoft.com/technet/security/advisory/943521.mspx
Revisions:
• October 10, 2007: Advisory published
• October 25, 2007: Advisory updated to reflect increased threat level

http://blogs.technet.com/msrc/archive/2007/10/25/msrc-blog-october-25th-update-to-security-advisory-943521.aspx "

.

AplusWebMaster

2007-10-29, 23:40

FYI...

- http://preview.tinyurl.com/ysz6so
October 29, 2007 - (Infoworld) "A hacker has released attack code that could be used to exploit a critical bug in some versions of the Windows operating system. Microsoft patched the flaw, which affects older versions of Windows, on Oct. 9. When the Image Viewer tries to open a maliciously encoded TIFF file, it can be tricked into running unauthorized software on the PC. A sample of the exploit was posted Monday to the Milw0rm Web site. The code has not yet been used in online attacks, according to Symantec, which issued an alert Monday. Symantec recommends that Windows users install the MS07-055 update* as quickly as possible. Microsoft took the unusual step of issuing its own security update for Kodak's software, because the image viewer (formerly known as the Wang Image Viewer) had shipped in Windows 2000 systems by default. Still, many Windows users are not affected by the problem. Windows XP and Windows Server 2003 users should not have the software installed on their PCs, unless they downloaded it directly or upgraded from Windows 2000. Windows Vista users are not affected by the bug. Also, users would have to open the TIFF file using the Kodak Image Viewer for the attack to work..."

* http://forums.spybot.info/showpost.php?p=125886&postcount=17

:fear:

AplusWebMaster

2007-11-06, 15:06

FYI...

Microsoft Security Advisory (944653)
Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/944653.mspx
November 5, 2007 - "Microsoft is working with Macrovision, investigating new public reports of a vulnerability in the Macrovision secdrv.sys driver on supported editions of Windows Server 2003 and Windows XP. This vulnerability does not affect Windows Vista. We are aware of limited attacks that try to use the reported vulnerability. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This will include providing a security update through our monthly release process..."

> http://www.macrovision.com/promolanding/7352.htm

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5587

:fear:

FYI...

Follow-up on Macrovision Secdrv exploit
- http://www.symantec.com/enterprise/security_response/weblog/2007/11/followup_on_macrovision_secdrv.html
November 6, 2007 - "...Microsoft posted Microsoft Security Advisory (944653) about this issue. With the release of this advisory, I’d like to answer a few follow-up questions for blog readers:
Q: I don’t play games and I don’t use Macrovision software, so am I safe?
A: No. The vulnerable component affected by the bug is the Macrovision driver SECDRV.SYS, which is shipped by default with Windows systems. It is usually installed under the %System%\drivers folder.
Q: Is Windows Vista affected by this vulnerability?
A: Vista is not affected. Only SECDRV versions shipped with Windows XP and 2003 are. Instead the version shipped with Vista is a completely different driver, reworked and not vulnerable to this attack.All users should keep in mind that, in a multi-layered defense perspective, it is possible that malware dropped on the system via some other exploit (e.g. browser vulnerability or the recent PDF exploit) could potentially take advantage of the SECDRV bug to take further control of the computer and bypass other layers of protection.
Q: Where is the patch?
A: Macrovision released a version of the driver today (almost identical to the one shipped with Vista) that fixes this problem. The update is available here:
http://www.macrovision.com/promolanding/7352.htm
It’s not clear at the moment if Microsoft will distribute this update with the next cycle of Windows Update."

- http://www.microsoft.com/technet/security/advisory/944653.mspx
Revisions:
• November 05, 2007: Advisory published
• November 07, 2007: Advisory revised to include indentified workarounds for this vulnerability and additional information on what is secdrv.sys.

:fear:

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms07-nov.mspx
November 13, 2007
"...The security bulletins for this month are as follows, in order of severity:

Critical (1)

Microsoft Security Bulletin MS07-061
Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)
- http://www.microsoft.com/technet/security/bulletin/MS07-061.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Important (1)

Microsoft Security Bulletin MS07-062
Vulnerability in DNS Could Allow Spoofing (941672)
- http://www.microsoft.com/technet/security/bulletin/MS07-062.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Windows...
------------------------------------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=3642
Last Updated: 2007-11-13 18:47:44 UTC

.

FYI...

- http://www.eweek.com/article2/0,1759,2218894,00.asp?kc=EWRSS03119TX1K0000594
November 18, 2007 - "An MSN Messenger Trojan is growing a botnet by hundreds of infected PCs per hour, adding VMs to the mix as well... The malware is being introduced by MSN Messenger files posing as pictures, mostly seeming to come from known acquaintances. The files are a new type of Trojan that has snared several thousand PCs for a bot network within hours of its launch earlier on Nov. 18 and is being used to discover virtual PCs as a means of increasing its growth vector. The eSafe CSRT (Content Security Response Team) at Aladdin — a security company — detected the new threat propagating around noon EST on Nov. 18. At 18:00 UTC (Coordinated Universal Time), eSafe had detected 1 operator and more than 500 on-command bots in the network. Less than three hours later, or by 2:30 EST, when eWEEK spoke with Roei Lichtman, eSafe director of product management, the number had soared to several thousand PCs and was growing by several hundred systems per hour. eSafe is monitoring the IRC channel used to control the botnet. The only inhabitants of the network besides the operator are in fact infected PCs. The Trojan is an IRC bot that's spreading through MSN Messenger by sending itself in a .zip file with two names. One of the names includes the word "pics" as a double extension executable — a name generally used by scanners and digital cameras: for example, DSC00432.jpg.exe. The Trojan is also contained in a .zip file with the name "images" as a .pif executable—for example, IMG34814.pif... Given the familiar social engineering aspect of the attack, individuals are being urged to not open files sent unexpectedly from either friends or strangers..."

- http://www.us-cert.gov/current/#msn_messenger_trojan
November 19, 2007 - "...The Trojan arrives as a chat message that appears to contain an image file, that when opened, downloads and installs a Internet Relay Chat Bot. These messages may appear to come from a known contact..."

:fear:

FYI...

- http://preview.tinyurl.com/2sezx7
November 21, 2007 (Computerworld) - "Windows XP, Microsoft Corp.'s most popular operating system, sports the same encryption flaws that Israeli researchers recently disclosed in Windows 2000, Microsoft officials confirmed late Tuesday... As recently as last Friday, Microsoft hedged in answering questions about whether XP and Vista could be attacked in the same way, saying only that later versions of Windows "contain various changes and enhancements to the random number generator." Yesterday, however, Microsoft responded to further questions and acknowledged that Windows XP is vulnerable to the complex attack that Pinkas, Gutterman and Dorrendorf laid out in their paper, which was published earlier this month. Windows Vista, Windows Server 2003 and the not-yet-released Windows Server 2008, however, apparently use a modified or different random number generator; Microsoft said they were immune to the attack strategy. In addition, Microsoft said Windows XP Service Pack 3 (SP3), a major update expected sometime in the first half of 2008, includes fixes that address the random number generator problem... Because the company has determined that the PRNG problem is not a security vulnerability, it is unlikely to provide a patch."

:fear:

FYI...

Microsoft Security Advisory (945713)
Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure
- http://www.microsoft.com/technet/security/advisory/945713.mspx
December 3, 2007 - "Microsoft is investigating new public reports of a vulnerability in the way Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). The technology that the vulnerability affects is Web Proxy Auto-Discovery (WPAD). Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers, and Microsoft is not aware of any customer impact at this time. Microsoft is aggressively investigating the public reports. Customers whose domain name begins in a third-level or deeper domain, such as “contoso.co.us”, or for whom the following mitigating factors do not apply, are at risk from this vulnerability. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers...
Mitigating Factors:
• Customers who do not have a primary DNS suffix configured on their system are not affected by this vulnerability. In most cases, home users that are not members of a domain have no primary DNS suffix configured. Connection-specific DNS suffixes may be provided by some Internet Service Providers (ISPs), and these configurations are not affected by this vulnerability.
• Customers whose DNS domain name is registered as a second-level domain (SLD) below a top-level domain (TLD) are not affected by this vulnerability. Customers whose DNS suffixes reflect this registration would not be affected by this vulnerability. An example of a customer who is not affected is contoso.com or fabrikam.gov, where “contoso” and “fabrikam” are customer registered SLDs under their respective “.com” and “.gov” TLDs.
• Customers who have specified a proxy server via DHCP server settings or DNS are not affected by this vulnerability.
• Customers who have a trusted WPAD server in their organization are not affected by this vulnerability. (See the Workaround section for specific steps in creating a WPAD.DAT file on a WPAD server.)
• Customers who have manually specified a proxy server in Internet Explorer are not at risk from this vulnerability when using Internet Explorer.
• Customers who have disabled 'Automatically Detect Settings' in Internet Explorer are not at risk from this vulnerability when using Internet Explorer..."

- http://secunia.com/advisories/27901/
"...WPAD feature resolves "wpad" hostnames up to the second-level domain, which is potentially untrusted. This can be exploited to conduct man-in-the-middle attacks against third-level or deeper domains..."

:fear:

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx
Published: December 11, 2007
Version: 1.0
"This bulletin summary lists security bulletins released for December 2007..."

Critical (3)

Microsoft Security Bulletin MS07-064
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
- http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, DirectX, DirectShow...

Microsoft Security Bulletin MS07-068
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
- http://www.microsoft.com/technet/security/bulletin/MS07-068.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Windows Media Format Runtime...

Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)
- http://www.microsoft.com/technet/security/bulletin/MS07-069.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...

Important (4)

Microsoft Security Bulletin MS07-063
Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
- http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Microsoft Security Bulletin MS07-065
Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)
- http://www.microsoft.com/technet/security/bulletin/MS07-065.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Microsoft Security Bulletin MS07-066
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)
- http://www.microsoft.com/technet/security/bulletin/MS07-066.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows...

Microsoft Security Bulletin MS07-067
Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)
- http://www.microsoft.com/technet/security/bulletin/MS07-067.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Local Elevation of Privilege...
Affected Software: Windows..."

===================================

ISC Analysis
- http://isc.sans.org/diary.html?storyid=3735
Last Updated: 2007-12-11 19:14:09 UTC

===================================

- http://blog.washingtonpost.com/securityfix/2007/12/microsoft_plugs_11_windows_sec.html
December 11, 2007 - "...December's seven update bundles includes fixes for four separate security holes in Internet Explorer 6 and IE7, vulnerabilities that are considered critical for Windows 2000, Windows XP and Windows Vista users. Microsoft rates a flaw "critical" if it can be exploited to break into vulnerable systems with little or no help from the user, save perhaps for browsing a Web site or by clicking on a malicious link in an e-mail or instant message. The IE patch is probably the most important update Redmond issued this month, as the vulnerabilities it corrects have the potential to affect the largest number of people. Microsoft said that criminals already exploited one of the IE flaws to remotely compromise IE users. Microsoft also issued critical updates to fix at least two different problems with the way Windows handles the processing and display of various video and audio files..."

:santa:

AplusWebMaster

2007-11-08, 22:10

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms07-nov.mspx
Published: November 8, 2007
"This is an advance notification of two security bulletins that Microsoft is intending to release on November 13, 2007...

Critical (1)

Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Important (1)

Microsoft Security Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Windows...

Other Information:

Microsoft Windows Malicious Software Removal Tool
- Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft is planning to release three non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft is planning to release zero non-security, high-priority updates for Windows on Windows Update (WU).

Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."

AplusWebMaster

2007-11-15, 18:27

FYI...

- http://www.us-cert.gov/current/#false_microsoft_update_emails_circulating
November 15, 2007 - " US-CERT is aware of false Microsoft Update email messages being publicly circulated. These messages contain multiple links that may direct a user to a malicious web site. The impact of following these links is currently unknown, more information will be provided as it becomes available. US-CERT encourages users to take the following measures to protect themselves:
> Do not follow unsolicited web links in email messages
> Follow the Microsoft guidelines* for recognizing fraudulent email messages ..."
* http://www.microsoft.com/protect/yourself/phishing/msemail.mspx

- http://atlas.arbor.net/briefs/index#-1494625952
Microsoft MS07-055 Trojan Emails
Severity: Elevated Severity
"...The message states that users should install the Kodak Image Viewer patch for advisory MS07-055. The user is directed to a website not owned by Microsoft and told to download a patch. The binary includes the real MS07-055 Windows XP patch, together with a Bandok Trojan. We are working with vendors and security companies to address this issue.
Analysis: This is a potentially serious problem due to the fact that the original Trojan binary is not recognized by any AV tools. Once unpacked, however, the Bandok Trojan is properly recognized by many AV tools. We are working on site takedown."

:fear:

AplusWebMaster

2007-12-05, 16:54

FYI...

A blank Web page is displayed when you start Internet Explorer 7
- http://support.microsoft.com/default.aspx/kb/945385
Last Review: December 4, 2007
Revision: 1.0

Internet Explorer stops responding, stops working, or restarts
Self-help steps for a beginning to an intermediate computer user
- http://support.microsoft.com/gp/pc_ie_intro

(Found at Sandi Hardmeier's "Spyware Sucks" site - thanks Sandi!)
> http://msmvps.com/blogs/spywaresucks/

:cool:

AplusWebMaster

2007-12-06, 20:49

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx
Published: December 6, 2007
"...This is an advance notification of -seven- security bulletins that Microsoft is intending to release on December 11, 2007...

Critical (3)

Microsoft Security Bulletin 2
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, DirectX, DirectShow...

Microsoft Security Bulletin 6
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Windows Media Format Runtime...

Microsoft Security Bulletin 7
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...

Important (4)

Microsoft Security Bulletin 1
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Microsoft Security Bulletin 3
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Microsoft Security Bulletin 4
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows...

Microsoft Security Bulletin 5
Maximum Severity Rating: Important
Impact of Vulnerability: Local Elevation of Privilege...
Affected Software: Windows...
---

Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft is planning to release -six- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft is planning to release -one- non-security, high-priority update for Windows on Windows Update (WU).
Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."

AplusWebMaster

2007-12-12, 14:23

FYI...

- http://preview.tinyurl.com/2rtbmz
December 11, 2007 (Symantec Security Response Weblog) - "...Microsoft released seven bulletins this month, covering a total of eleven vulnerabilities. Nine of the vulnerabilities affect Microsoft Vista either directly or through applications running on that operating system..."

> http://forums.spybot.info/showpost.php?p=144071&postcount=31

:fear:

AplusWebMaster

2007-12-12, 14:52

FYI...

- http://www.microsoft.com/presspass/features/2007/dec07/12-11Office2007SP1.mspx
Dec 11, 2007 - "...Customers can download SP1 immediately from http://office.microsoft.com/en-us/downloads/default.aspx . They can also place an order for a CD at http://office.microsoft.com/en-us/default.aspx . At a later date, we also will provide SP1 through automatic update..."
=====================================

Office 2007 SP1 auto-installs confuse Vista, XP users
- http://preview.tinyurl.com/2aysx4
December 13, 2007 (Infoworld) - "Some users have gotten the massive Office 2007 SP1 update automatically, even though Microsoft said it would not use Windows' AU (Automatic Updates) to push out the large upgrade for several months, the company confirmed Thursday. Anyone running a preview copy of Windows Vista Service Pack 1 (SP1), which was made available to all comers only Wednesday, will receive the Office 2007 upgrade automatically. Users of other in-beta Microsoft products, including Windows XP SP3, which is still in limited testing, will also be hit by the Office update, which weighs in at almost 220MB. "As noted to beta customers, if [they] are running Vista SP1 beta software, as part of the beta program, Office 2007 SP1 on pre-release Windows Vista SP1 will automatically install as planned for this beta program," said Bobbie Harder, a senior program manager with the WSUS (Windows Server Update Services) group... even if users of Vista SP1, Windows XP SP3, or WSUS 3.0 SP3 manually installed Office 2007 SP1, AU later automatically installs -- actually re-installs -- the service pack... The next time Windows Update runs, however, Office 2007 SP1 reappears, again checked by default. To strike it off the list, users must right-click the item in the list and choose "hide update."

:fear:

AplusWebMaster

2007-12-12, 15:01

FYI...

Microsoft Security Advisory (944653)
Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/944653.mspx
Updated: December 11, 2007 - "...We have issued MS07-067* to address this issue..."

* http://www.microsoft.com/technet/security/Bulletin/MS07-067.mspx

:fear:

AplusWebMaster

2007-12-12, 15:41

FYI... (Windows Genuine Annoyance)

- http://support.microsoft.com/kb/892130/en-us
Last Review: December 5, 2007
Revision: 3.8
"...you may be prompted to complete the Windows Genuine Advantage (WGA) validation check process. On the Download Center Web site, you may be prompted to install an ActiveX control when you select a download that is marked with the WGA icon. On the Windows Update Web site, the ActiveX control is a mandatory update..."

.

AplusWebMaster

2007-12-19, 14:47

FYI...

MS07-069 (IE update)... Post Install Issue
- http://preview.tinyurl.com/252f8d
December 18, 2007 (MSRC) - "...We have been investigating public reports of possible problems on systems that have installed the Cumulative Security Update for Internet Explorer (942615),
http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx
released earlier this month. We have some information to share with you regarding the results of our investigation into these reports. First, I want to note the security update does protect against the vulnerabilities noted in the bulletin. If you are not experiencing issues noted in the below referenced Knowledge Base article, no action is needed. We have been working with a small number of customers that reported issues related to the installation of MS07-069. Specifically, on a Windows XP Service Pack 2 (SP2)-based computer, Internet Explorer 6 may stop responding when you try to a visit a web site. We’ve made an update to the Knowledge Base article for MS07-069, KB942615, which highlights the known issue.
http://support.microsoft.com/kb/942615
We have also added the following known issue Knowledge Base article KB946627. Because this occurs in a customized installation, this isn’t a widespread issue.
http://support.microsoft.com/kb/946627
Customers who believe they are affected can contact Customer Support Services at no charge using the PC Safety line at 1-866-PCSAFETY (North America). All customers, including those outside the U.S., can visit http://support.microsoft.com/security for assistance."
-----------------------------

- http://secunia.com/advisories/28036/
"...NOTE: This vulnerability is reportedly being actively exploited.
Successful exploitation of the vulnerabilities allows execution of arbitrary code when a user e.g. visits a malicious website..."

> http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
• V1.2 (December 18, 2007): Bulletin updated to reflect a known issue; a change to the Removal Information text in the Windows Vista Reference Table in the Security Update Information section; and, a change to the File Information text in the Reference Table within the Security Update Information section for all affected operating systems...

:fear:

AplusWebMaster

2007-12-20, 13:29

What?

XPSP2 w/IE6 registry edit fix for MS07-069
- http://support.microsoft.com/kb/946627
Last Review: December 19, 2007
Revision: 1.0
"...WORKAROUND
Warning: Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk..."

- http://blogs.msdn.com/ie/archive/2007/12/18/post-install-issues-with-ms07-069-ie6-on-xpsp2.aspx#6806843
December 19, 2007 - "...can Microsoft be serious that the solution is to edit each registry? Is this some sort of joke? It would be easier to have each user install Mozilla Firefox and stop using IE completely."

:sad:

AplusWebMaster

2007-12-21, 14:04

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS07-069.mspx
• V1.3 (December 20, 2007): Bulletin revised to reflect a new Security Update FAQ entry for a known issue documented in KB946627.

IE 6 crashes after you install (MS07-069) security update 942615 on a computer that is running Windows XPSP2
- http://support.microsoft.com/kb/946627/
Last Review: December 21, 2007
Revision: 2.0

:fear:

AplusWebMaster

2008-01-03, 22:57

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
January 3, 2008
"...This is an advance notification of -two- security bulletins that Microsoft is intending to release on January 8, 2008... The security bulletins for this month are as follows, in order of severity:

Critical (1)

Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Important (1)

Microsoft Security Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Local Elevation of Privilege...
Affected Software: Windows...

Other...
Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft is planning to release -five- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft is planning to release -two- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.
Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."

AplusWebMaster

2008-01-08, 20:34

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
January 8, 2008
"This bulletin summary lists security bulletins released for January 2008...

Critical (1)

Microsoft Security Bulletin MS08-001
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
- http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...

Important (1)

Microsoft Security Bulletin MS08-002
Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
- http://www.microsoft.com/technet/security/bulletin/ms08-002.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Local Elevation of Privilege...

Other...

Microsoft Windows Malicious Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS
• Microsoft has released -five- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft has released -two- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.

Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
---------------------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=3819
Last Updated: 2008-01-08 18:25:59 UTC

AplusWebMaster

2008-01-09, 19:17

FYI...

Microsoft Security Advisory (943411)
Update to Improve Windows Sidebar Protection
- http://www.microsoft.com/technet/security/advisory/943411.mspx
January 8, 2008 - "An update is available for currently supported editions of the Windows Vista operating system. The update to improve Windows Sidebar Protection enables Windows Sidebar to help block gadgets from running in Sidebar. For more information about installing this update, see Microsoft Knowledge Base Article 943411*. For more information about how Windows Sidebar Protection helps block installed gadgets from running in Windows Sidebar, see Microsoft Knowledge Base Article 941411**..."

* http://support.microsoft.com/kb/943411

** http://support.microsoft.com/kb/941411

AplusWebMaster

2008-01-10, 17:35

The following bulletins have undergone a -minor- revision increment.

* MS07-064 - Critical
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
- http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx
- Reason for Revision: Bulletin updated to remove known issues notation. This update does not have any known issues.
- Originally posted: December 11, 2007
- Updated: January 9, 2008
- Bulletin Severity Rating: Critical
- Version: 1.3

* MS07-057 - Critical
Cumulative security update for Internet Explorer
- http://www.microsoft.com/technet/security/bulletin/ms07-057.mspx
- Reason for Revision: Revised to add a known issue.
(Known issues since original release of the bulletin:
• KB904710*: WinINet ignores the policies that you set when you create a custom administrative template file in Windows XP with Service Pack 2 - * http://support.microsoft.com/kb/904710 )
- Originally posted: October 9, 2007
- Updated: January 9, 2008
- Bulletin Severity Rating: Critical
- Version: 1.2

The following bulletins have undergone a -major- revision increment.

* MS07-042 - Critical
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
- http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx
- Reason for Revision: Bulletin updated: Added Microsoft Word Viewer 2003 as an affected product. Also added an Update FAQ clarifying the kill bit for Microsoft XML Parser 2.6 and its applicability to this security update.
- Originally posted: August 14, 2007
- Updated: January 9, 2008
- Bulletin Severity Rating: Critical
- Version: 3.0

.

AplusWebMaster

2008-01-11, 21:30

FYI...

Microsoft Security Advisory (945713)
Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure
- http://www.microsoft.com/technet/security/advisory/945713.mspx
Updated: January 9, 2008
Revisions:
• December 3, 2007: Advisory published.
• January 9, 2008: Advisory updated: The registry key for the Configure a Domain Suffix Search List workaround has been corrected to the proper key of SearchList.

.

AplusWebMaster

2008-01-13, 06:08

FYI... ThreatCon Level is 2

- http://www.symantec.com/avcenter/threatcon/learnabout.html
"The ThreatCon is currently at Level 2 in response to the disclosure of a critical remote vulnerability affecting the default configurations of Windows XP and Windows Vista. Nondefault configurations of Windows 2003 are also affected... The MS08-001 bulletin also addresses a remote kernel-based denial-of-service issue affecting nondefault configurations of Windows 2000, XP, and 2003. IBM Internet Security Systems, the team that discovered these kernel-based flaws, has recently released an official advisory* suggesting that the ICMP-based flaw, which Microsoft has considered a low-severity, denial-of-service issue, may in fact be exploitable to execute code. However, we have not confirmed this. Windows 2000 users who are not affected by the critical vulnerability may want to reevaluate their stance on patching the lower-severity issue in light of this new information. Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities
( * http://iss.net/threats/282.html ) The MS08-002 bulletin was also released to address a local privilege-escalation vulnerability affecting LSASS. Users are advised to review the Microsoft Security Bulletins and to apply the patches as soon as possible..."

* "...An attacker does not need to invoke any kind of user interaction to exploit this vulnerability. The lack of user interaction, widespread availability of the protocols, and the possibility of complete compromise of targeted systems means that administrators should treat this vulnerability as highly critical. The lack of user interaction makes this exploit a probable target for botnets, such as the Storm Worm. Administrators should monitor the signatures listed in the ISS Coverage section for any attempted worm or botnet activity. Administrators should also keep in mind that multicast traffic is usually received by multiple destinations, so a single stream of attack traffic would likely affect more than one target..."

:fear:

AplusWebMaster

2008-01-14, 19:08

FYI...

Windows Vista Application Compatibility Update
- http://support.microsoft.com/kb/943302
Last Review: January 11, 2008
Revision: 2.0

.

AplusWebMaster

2008-01-16, 13:44

FYI...

Microsoft Security Advisory (947563)
Vulnerability in Microsoft Excel Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/947563.mspx
January 15, 2008 - "Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac. At this time, our initial investigation indicates that customers who are using Microsoft Office Excel 2007 or Microsoft Excel 2008 for Mac, or who have installed Microsoft Office Excel 2003 Service Pack 3 are not affected by this vulnerability. Microsoft is investigating the public reports and customer impact. Upon completion of this investigation, Microsoft will take the appropriate action... At this time, we are aware only of targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited...
Note: There are no known workarounds for Microsoft Office Excel 2002 or Microsoft Office Excel 2000 at this time..."

- http://isc.sans.org/diary.html?storyid=3854
Last Updated: 2008-01-16 02:54:29 UTC - "... The vulnerability is, according to the blog*, already actively exploited by targeted attacks. Excel 2003SP3 and Excel 2007 are not affected, but most other versions are."
* http://blogs.technet.com/msrc/archive/2008/01/15/msrc-blog-security-advisory-947563.aspx

- http://secunia.com/advisories/28506/
Release Date: 2008-01-16
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched...

:fear:

AplusWebMaster

2008-01-18, 15:38

FYI...

- http://preview.tinyurl.com/364gvn
January 17, 2008 (Infoworld) - "...The code is not available to the general public (Ed. note: "Yet"). It was released Thursday to security professionals who use Immunity's Canvas computer security testing software. It causes the Windows system to crash but does not let the attacker run malicious software on the victim's system... The bug is particularly troublesome for two reasons. First, it affects a widely used Windows component that is turned on by default. Worse, no user interaction is required to trigger the flaw, meaning that it could be exploited in a self-copying worm attack. MS patched the flaw in its MS08-001 update**, released last week, but it takes time for enterprise users to test and install Microsoft's patches..."
* http://seclists.org/dailydave/2008/q1/0017.html
17 Jan 2008

** http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
January 8, 2008 - Critical

- http://atlas.arbor.net/briefs/index#1659842965
January 17, 2008 - "...Analysis: Like we anticipated, an exploit is now available in limited release. However, this issue should not affect too many networks, as the attackers need subnet access to send the traffic to the victim..."

:fear:

AplusWebMaster

2008-01-24, 19:03

FYI...

Microsoft Security Bulletin MS08-001 – Critical
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
- http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx
• V2.0 (January 23, 2008): Bulletin updated to add Windows Small Business Server 2003 Service Pack 2 as an affected product. Also added an FAQ to clarify that current Microsoft detection and deployment tools already correctly offer the update to Windows Small Business Server 2003 Service Pack 2 customers.

:fear:

AplusWebMaster

2008-01-25, 13:06

FYI... Microsoft Security Bulletin Re-Releases and Revisions

Microsoft Security Bulletin MS07-057 - Critical
Cumulative Security Update for Internet Explorer (939653)
- http://www.microsoft.com/technet/security/bulletin/ms07-057.mspx
• V1.0 (October 9, 2007): Bulletin published.
• V1.1 (October 10, 2007): Bulletin revised to correct the "What does the update do?" section for CVE-2007-3893.
• V1.2 (January 09, 2008): Bulletin revised to add a known issue.
• V1.3 (January 23, 2008): Bulletin revised to address rendering issues.

Microsoft Security Bulletin MS07-064 – Critical
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
- http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx
• V1.0 (December 11, 2007): Bulletin published.
• V1.1 (December 12, 2007): Bulletin updated to reflect that DirectX that ships on Windows 2000 is not supported by SMS 2.0 unless the Extended Security Update Inventory Tool (ESUIT) is used.
• V1.2 (December 19, 2007): Bulletin updated to reflect a change to the Removal Information text in the Windows Vista Reference Table portion of the Security Update Information section. Also removed the web-based mitigation from vulnerability CVE-2007-3901.
• V1.3 (January 9, 2008): Bulletin updated to remove known issues notation. This update does not have any known issues.
• V2.0 (January 23, 2008): Bulletin updated to reflect that the update for DirectX 9.0 also applies to DirectX 9.0b and DirectX 9.0c.

Microsoft Security Bulletin MS07-068 - Critical
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
- http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx
• V1.0 (December 11, 2007): Bulletin published...
• V1.2 (January 23, 2008): Bulletin updated to add an FAQ regarding installing the updates for Windows Media Format Runtime 9.5 on Windows XP Professional x64 Edition.

Microsoft Security Bulletin MS08-001 – Critical
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
- http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
• V1.0 (January 8, 2008): Bulletin published.
• V2.0 (January 23, 2008): Bulletin updated to add Windows Small Business Server 2003 Service Pack 2 as an affected product. Also added an FAQ to clarify that current Microsoft detection and deployment tools already correctly offer the update to Windows Small Business Server 2003 Service Pack 2 customers.

AplusWebMaster

2008-01-28, 10:44

FYI...

Microsoft Security Bulletin MS08-001 – Critical
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
- http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx
• V3.0 (January 25 2008): This bulletin was revised to clarify the impact of Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability (CVE-2007-0069*) on supported editions of Windows Small Business Server 2003 and Windows Home Server. Also included is an explanation and clarification that current Microsoft detection and deployment tools already correctly offer the update to systems running Windows Small Business Server 2003 and Windows Home Server.
* http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0069

:fear::lip:

AplusWebMaster

2008-01-30, 19:05

FYI...

- http://preview.tinyurl.com/26fx8c
January 30, 2008 (Computerworld) - "... On Tuesday, Immunity Inc. updated a working exploit for the TCP/IP flaw spelled out Jan. 8 in Microsoft's MS08-001 security bulletin, and posted a Flash demonstration of the attack on its Web site. The exploit, which was released to customers of its CANVAS penetration testing software - but is not available to the public - was a revised version of code first issued two weeks ago... Other security companies reacted to the revamped attack code and Flash proof by issuing new alerts. Symantec Corp., for instance, sent a new warning to customers of its DeepSight threat network... It urged users who have not already deployed the patches Microsoft issued Jan. 8 to do (so) immediately..."

:fear:

AplusWebMaster

2008-02-01, 14:28

FYI...

- http://news.yahoo.com/s/ap/20080201/ap_on_hi_te/microsoft_yahoo_9
Feb. 1, 2008 - REDMOND, Wash. - "Microsoft Corp. is offering $44.6 billion in cash and stock for search engine operator Yahoo Inc. in a move to boost its competitive edge in the online services market. The unexpected announcement Friday comes as Microsoft, the world's biggest software company, seeks new ways to compete more efrfectively against the search and online advertising powerhouse Google Inc. In a letter to Yahoo's board of directors, Microsoft Chief Executive Steve Ballmer said the company will bid $31 per share, representing a 62 percent premium to Yahoo's closing stock price Thursday..."

- http://www.reuters.com/article/technologyNews/idUSWNAS894220080201?sp=true
Feb. 1, 2008 - "...Skeptics say Microsoft and Yahoo have very different corporate cultures and worry about a clash such as the one that marred AOL's $182 billion purchase of Time Warner in 2001, which is seen as the worst merger in recent history...."

:lip:

AplusWebMaster

2008-02-04, 23:45

FYI...

- http://secunia.com/advisories/28715
Last Update: 2008-02-05
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: MySpace Uploader Control 1.x
...The vulnerability is confirmed in MySpaceUploader.ocx version 1.0.0.5 and reported in version 1.0.0.4. Other versions may also be affected.
Solution: Update to version 1.0.0.6. <<<

- http://secunia.com/advisories/28713/
Release Date: 2008-02-04
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Facebook Photo Uploader 4.x
...The vulnerability is confirmed in version 4.5.57.0. Other versions may also be affected.
Solution: Update to version 4.5.57.1. <<<

- http://secunia.com/advisories/28757/
Last Update: 2008-02-07
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Yahoo! Music Jukebox 2.x...
NOTE: Working exploit code is publicly available.
The vulnerabilities are confirmed in Yahoo! Music Jukebox version 2.2.2.056. Other versions may also be affected...
Solution: Set the kill-bit for the affected ActiveX controls. <<<
Other References:
US-CERT VU#101676: http://www.kb.cert.org/vuls/id/101676
US-CERT VU#340860: http://www.kb.cert.org/vuls/id/340860
---------------------
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0623
release date: 2/6/2008 - YMP Datagrid ActiveX control (datagrid.dll)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0624
release date: 2/6/2008 - YMP Datagrid ActiveX control (datagrid.dll)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0625
release date: 2/6/2008 - MediaGrid ActiveX control (mediagrid.dll)

:fear:

AplusWebMaster

2008-02-07, 06:49

FYI...

- http://isc.sans.org/diary.html?storyid=3946
Last Updated: 2008-02-07 02:13:00 UTC - "Just a quick reminder to those in the corporate world and using WSUS. From a technet update email Volume 10, Issue 3: February 6, 2008

"...On February 12, 2008 Microsoft will release the Windows Internet Explorer 7 Installation and Availability update to Windows Server Update Services (WSUS). Windows Internet Explorer 7 Installation and Availability Update is a complete installation package that will upgrade machines running Internet Explorer 6 to Windows Internet Explorer 7. Customers who have configured WSUS to "auto-approve" Update Rollup packages will automatically upgrade machines running Internet Explorer 6 to Windows Internet Explorer 7 after February 12, 2008 and consequently, may want to read Knowledge Base article 946202 [links to http://go.microsoft.com/?linkid=8250930 ] to manage how and when this update is installed. For more on the Windows Internet Explorer 7 Installation and Availability Update, read Knowledge Base article 940767 [links to http://go.microsoft.com/?linkid=8250931 ]..."

There are still many organisations that use IE6 because of internal applications that may not work with IE 7 or alternate browsers. So if you use WSUS and have a need to stay with IE6, you should check out the knowledge base articles. Otherwise the 13th is not going to be a happy day for you."

AplusWebMaster

2008-02-07, 20:41

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-feb.mspx
Published: February 7, 2008 - "This is an advance notification of -twelve- security bulletins that Microsoft is intending to release on February 12, 2008...

> Critical (7)

Bulletin Identifier: Microsoft Security Bulletin 5
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Bulletin Identifier: Microsoft Security Bulletin 6
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Office, Visual Basic...

Bulletin Identifier: Microsoft Security Bulletin 7
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, VBScript, JScript...

Bulletin Identifier: Microsoft Security Bulletin 8
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...

Bulletin Identifier: Microsoft Security Bulletin 10
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...

Bulletin Identifier: Microsoft Security Bulletin 11
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...

Bulletin Identifier: Microsoft Security Bulletin 12
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...

> Important (5)

Bulletin Identifier: Microsoft Security Bulletin 1
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service
Affected Software: Windows, Active Directory, ADAM...

Bulletin Identifier: Microsoft Security Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Windows...

Bulletin Identifier: Microsoft Security Bulletin 3
Maximum Severity Rating:Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows, IIS...

Bulletin Identifier: Microsoft Security Bulletin 4
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, IIS...

Bulletin Identifier: Microsoft Security Bulletin 9
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office, Works, Works Suite...

------------------------------

Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft is planning to release -seven- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft is planning to release -two- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.

Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."

AplusWebMaster

2008-02-12, 21:07

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx
February 12, 2008

"This bulletin summary lists security bulletins released for February 2008...

> Critical (6)

Microsoft Security Bulletin MS08-007
Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)
- http://www.microsoft.com/technet/security/bulletin/ms08-007.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...

Microsoft Security Bulletin MS08-008
Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)
- http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Office, Visual Basic...

Microsoft Security Bulletin MS08-009
Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)
- http://www.microsoft.com/technet/security/bulletin/ms08-009.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...

Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)
- http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...

Microsoft Security Bulletin MS08-012
Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)
- http://www.microsoft.com/technet/security/bulletin/ms08-012.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...

Microsoft Security Bulletin MS08-013
Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)
- http://www.microsoft.com/technet/security/bulletin/ms08-013.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...

> Important (5)

Microsoft Security Bulletin MS08-003
Vulnerability in Active Directory Could Allow Denial of Service (946538)
- http://www.microsoft.com/technet/security/bulletin/ms08-003.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Windows, Active Directory, ADAM...

Microsoft Security Bulletin MS08-004
Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
- http://www.microsoft.com/technet/security/bulletin/ms08-004.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Windows...

Microsoft Security Bulletin MS08-005
Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
- http://www.microsoft.com/technet/security/bulletin/ms08-005.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows, IIS...

Microsoft Security Bulletin MS08-006
Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
- http://www.microsoft.com/technet/security/bulletin/ms08-006.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, IIS...

Microsoft Security Bulletin MS08-011
Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)
- http://www.microsoft.com/technet/security/bulletin/ms08-011.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office, Works, Works Suite..."
----------------------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=3973
Last Updated: 2008-02-12 19:23:49 UTC

.

AplusWebMaster

2008-02-14, 02:08

FYI...

- http://isc.sans.org/diary.html?storyid=3973
Last Updated: 2008-02-13 18:25:13 UTC ...(Version: 3)
"...
MS08-007... WebDAV - Exploit instructions public... Critical
Vulnerability in WebDAV Mini-Redirector allows Remote Code Execution

MS08-010... IE - Exploit publicly available... PATCH NOW
Cumulative Security Update for Internet Explorer

MS08-011... Works - Exploit publicly available... Critical
Multiple vulnerabilities in Microsoft Works File Converter allow Remote Code Execution ..."

> http://forums.spybot.info/showpost.php?p=163889&postcount=33

:fear:

AplusWebMaster

2008-02-15, 06:18

FYI...

- http://isc.sans.org/diary.html?storyid=3973
Last Updated: 2008-02-15 01:51:27 UTC ...(Version: 4)

MS08-006 - IIS - Detailed discussion and DoS exploit made public - Important
Vulnerability in IIS Handling of HTML-encoded ASP Web Pages allows Remote Code Execution

> http://forums.spybot.info/showpost.php?p=163889&postcount=33

:fear:

AplusWebMaster

2008-02-20, 00:53

FYI...

- http://isc.sans.org/diary.html?storyid=3998
Last Updated: 2008-02-19 21:13:32 UTC - "We received information in regards to Microsoft Vista getting into a reboot loop after running the Windows Update..."

(Details at the URL above.)

:fear:

AplusWebMaster

2008-02-20, 17:46

FYI...

Vista SP1 pre-req "temporarily suspended"
- http://preview.tinyurl.com/yqvvoa
February 19, 2008 (Windows Vista blog) - "We've heard a few reports about problems customers may be experiencing as a result of KB937287*, the servicing stack update I blogged about last week, and I wanted to provide a quick update for you. Immediately after receiving reports of this error, we made the decision to temporarily suspend automatic distribution of the update to avoid further customer impact while we investigate possible causes... Customers who may be experiencing this issue can use system restore to correct it or contact 1-866-PC-Safety for help troubleshooting..."
* http://support.microsoft.com/kb/937287

:lip:

AplusWebMaster

2008-02-21, 18:29

FYI...

Dual-booting XP deletes Vista restore points
- http://windowssecrets.com/comp/080221#known0
2008-02-21 - "... booting to XP on a dual-boot system has the negative side-effect of deleting any Vista restore points, in addition to all but its latest backup file, and a Registry workaround* is required to prevent this..."
* http://support.microsoft.com/kb/926185

:sad::fear::buried:

AplusWebMaster

2008-02-23, 13:17

FYI...

- http://preview.tinyurl.com/yqvvoa
February 19, 2008 (Windows Vista blog) - "We've heard a few reports about problems customers may be experiencing as a result of KB937287*..."
* http://support.microsoft.com/kb/937287

The update is not installed successfully, you receive a message, and the computer restarts when you try to install an update in Windows Vista
> http://support.microsoft.com/kb/949358/en-us
Last Review: February 22, 2008
Revision: 1.0
"...To avoid this problem, install update 937287 separately from all other updates. Install the update that applies to your version of Windows Vista to enable future updates to be installed successfully..."

:lip:

AplusWebMaster

2008-02-23, 20:50

- http://blog.washingtonpost.com/securityfix/2008/02/hackers_exploiting_facebook_my.html
February 23, 2008 - "If you use Internet Explorer (versions 6 or 7) to browse the Web, listen up: Criminals are starting to exploit security holes in several widely installed IE plug-ins to plant invasive software when users are coerced or tricked into visiting one of several Web sites. In an alert posted Friday evening, security software vendor Symantec said it is seeing malicious Web sites popping up trying to exploit vulnerabilities in a set of ActiveX controls produced by Aurigma, a technology company whose image transfer browser plug-in is licensed and distributed by a number of major Web sites to help IE users upload pictures. Currently, Facebook.com and MySpace.com are among the biggest distributors of this ActiveX plug-in, but they are hardly the only ones... The malicious Web sites identified by Symantec actually redirects visitors to a fake MySpace.com login page in an attempt to steal MySpace credentials, all while trying the various plug-in exploits quietly in the background... The sites all download a series of executable programs, including some that Symantec said appear to be placeholders for whatever nasties the bad guys want to stuff in there later. The company said it is still in the process of analyzing the programs to see what they do, but it's doubtful they will turn out to be harmless... If you haven't checked out the free, easy-to-use fixit tool* released by incident handlers at the SANS Internet Storm Center, please do so now. The simple, graphical program sets a marker in the Windows registry so that if the vulnerable ActiveX components are installed, then the operating system will not let anyone or anything make use or activate those components... If you ever want to -undo- any part of what (the tool does), run the tool again and uncheck the relevant boxes and hit "set."
* http://isc.sans.org/diary.html?storyid=3931
Last Updated: 2008-02-05 19:48:41 UTC ...(Version: 3)
(Direct link for tool - http://handlers.sans.org/tliston/KillBitGui-Feb08.exe )

:fear:

AplusWebMaster

2008-03-06, 20:41

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-mar.mspx
March 6, 2008 - "...This is an advance notification of -four- security bulletins that Microsoft is intending to release on March 11, 2008..."

Critical (4)

Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin 2
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office....

Microsoft Security Bulletin 3
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin 4
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office Web Components...

Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft is planning to release -two- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft is planning to release -three- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.

Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."

AplusWebMaster

2008-03-06, 23:43

FYI...

- http://preview.tinyurl.com/ypjaam
March 6, 2008 (AvertLabs blog) - "Microsoft’s OneCare team issued an update on January 31, 2008 that resulted in SiteAdvisor users receiving a Microsoft warning message recommending that SiteAdvisor be removed due to interference with OneCare... as a general rule, Microsoft recommends running only one security application at a time because of potential performance and “PC stability” issues. We explained to Microsoft that SiteAdvisor functionality is totally unrelated to OneCare. They agreed... there is no need to disable SiteAdvisor or OneCare. The two products co-exist nicely (aside from the pop-up!). Because OneCare doesn’t allow white listing of applications, affected consumers have limited options until all installations of OneCare are patched."

:thud::spider::sick:

AplusWebMaster

2008-03-11, 13:55

FYI...

- http://isc.sans.org/diary.html?storyid=4117
Last Updated: 2008-03-10 23:52:52 UTC - "...We can confirm these attacks and have been tracking several exploits over the last few days. It should be noted that the incidents we are aware of have been limited to a very specific targeted attack and were not widespread. In total, we established approximately 21 reports of attacks using only 8 different files, from within the same two communities, so far... some of the signatures we know of that catch iterations of these attacks. Note that some are relatively generic and catch multiple other exploits as well... Trojan-Dropper.MSExcel.Agent ...We are aware that some of the samples connect back to update-microsoft.kmip.net (221.130.180.87) on port 80, to retrieve the IP address of the actual control server."

> http://www.us-cert.gov/current/#trojan_exploiting_microsoft_excel_vulnerability

- http://blog.trendmicro.com/olympic-fans-may-fall-for-unpatched-ms-excel-vuln/
March 9, 2008 - "XLS files specially designed to exploit a currently unpatched vulnerability in Microsoft Excel (identified as CVE-2008-0081) are reportedly being sent as email attachments in the wild. The attachments, which arrive either as OLYMPIC.XLS or SCHEDULE.XLS are capable of dropping and executing Windows binary executables. This Trojan also drops a non-malicious Excel file and opens it upon execution to trick the user that it is the attached Excel file... Both OLYMPIC.XLS and SCHEDULE.XLS are observed to use similar exploit templates and even allow malware writers to customize the exploit to perform other routines... malware authors are using this window of opportunity to infect a large number of computers. More information on this exploit can be found on this Microsoft Security Advisory*. Trend Micro advises users to be wary of opening unsolicited email messages, much more of files attached to them..."
(Screenshots available at the URL above.)

* http://www.microsoft.com/technet/security/advisory/947563.mspx
January 16, 2008

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0081
Last revised: 1/17/2008

:fear::spider::fear:

AplusWebMaster

2008-03-11, 19:58

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-mar.mspx
March 11, 2008
"...The security bulletins for this month are as follows, in order of severity:

Critical (4)

Microsoft Security Bulletin MS08-014
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
- http://www.microsoft.com/technet/security/bulletin/MS08-014.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-015
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
- http://www.microsoft.com/technet/security/bulletin/MS08-015.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-016
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
- http://www.microsoft.com/technet/security/bulletin/MS08-016.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-017
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
- http://www.microsoft.com/technet/security/bulletin/MS08-017.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office Web Components...

Other Information -
Microsoft Windows Malicious Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft has released -two- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft has released -three- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.

Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
--------------------------------------------------------------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=4124
Last Updated: 2008-03-11 18:33:40 UTC
--------------------------------------------------------------

Microsoft Security Advisory (947563)
Vulnerability in Microsoft Excel Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/947563.mspx
Published: January 15, 2008 | Updated: March 11, 2008 - "...We have issued MS08-014* to address this issue..."
* http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx

AplusWebMaster

2008-03-12, 13:22

FYI...

- http://isc.sans.org/diary.html?storyid=4126
Last Updated: 2008-03-11 20:57:53 UTC - "The many out there still using older versions of MSIE (such as Internet Explorer 5 or 6) might well be interested in two new vulnerabilities discovered and made public today on full disclosure. It looks somewhat like a Cross Site Request Forgery (CSRF) attack: A malicious URL you (somehow) hit. It can be unintentional on the user's part through e.g. an injected iframe on a forum. The URL tells the client to contact another server and does some bad things there that the user never intended, but had the authorization to do. The twist in this case is that the second hit doing damage can also be a FTP request, not just a HTTP request. Still normally you can only log in and download (GET) files using a URL, and if the FTP server is requiring authentication, the user or the URL should enter the login/password, tipping them off something strange is going on or the attacker already knowing the credential. That's true, till you see the duo of bugs in IE:
* Apparently IE5 and IE6 allow other commands too, such as deleting files by constructing a URL with %-encoded line-breaks.
* Similarly IE 5 and IE6 allow the URL to be constructed in such a manner as to try to re-authenticate with cached credentials.
IE7 is claimed not to suffer from this, so if you need a bit more incentive to (be allowed to) upgrade, this might just be it."
--------------------------------

- http://preview.tinyurl.com/2at5ub
March 12, 2008 (ComputerWorld) - "A flaw in the way Microsoft's Internet Explorer browser processes FTP commands could let attackers steal or erase data from a victim's FTP site. The bug, which affects users of IE 6 and the unsupported IE 5 browser, gives an attacker a way of hijacking the victim's FTP sessions... "The attack seems viable, but the stars have to be aligned just right for the attack to work," said Craig Schmugar, a researcher with McAfee's Avert Labs..."

('Maybe -not- so difficult...)
- http://www.finjan.com/Content.aspx?id=1367
("Malicious Page of the Month" Feb. 2008 synopsis) - "...deployment of ready-made Crimeware toolkits has gained momentum... When examining a server hosting the latest version of this Crimeware toolkit, we also found an almost unnoticeable standalone application, especially designed to abuse and trade stolen FTP account credentials of legitimate companies around the world. More than 8,700 FTP servers’ credentials of highly respected organizations and enterprises were thus stolen, including valid user names and passwords."
--------------------------------

- http://secunia.com/advisories/29346/
Release Date: 2008-03-12
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched
Software: MS IE 5.01, MS IE 6.x
...The vulnerability is confirmed in version 6.0.2900.2180 and also reported in version 5. Other versions may also be affected.
Solution: Upgrade to Internet Explorer 7. Do not browse untrusted websites...
--------------------------------

- http://www.securityfocus.com/bid/28208/discuss
"...This issue affects Internet Explorer 5 and 6; prior versions may also be affected..."
- http://www.securityfocus.com/bid/28208/solution
Solution:
Reports indicate that the vendor intends to release a patch that will address this issue...
- http://www.rapid7.com/advisories/R7-0032.jsp
"...Solution
The vendor plans to release a patch for this issue in an upcoming security bulletin. If possible, upgrade to Internet Explorer 7..."

:fear:

AplusWebMaster

2008-03-18, 14:25

FYI...

- http://www.us-cert.gov/current/#microsoft_updates_march_security_bulletin
updated March 17, 2008 - " Microsoft has made revisions to all of the March Security Bulletins. These revisions:
* Clarify why a non-vulnerable version of Office was offered during this update.
* Correct the registry key for verifying the update for ISA Server.
* Remove MS07-015 as a replaced bulletin for Microsoft Office XP Service Pack 3.
* Update vulnerability FAQs
* Update file information tables for Outlook 2000 and 2003.
Microsoft has also re-released MS08-014 to include additional information about issues relating to users of Excel 2003 Service Pack 2 or Service Pack 3..."

:fear:

AplusWebMaster

2008-03-19, 19:46

FYI...

Vista SP1
- http://isc.sans.org/diary.html?storyid=4160
Last Updated: 2008-03-19 17:04:57 UTC ...(Version: 3)
"The first service pack from Microsoft for Vista is out. Please let us know your experiences downloading and applying the 434.5 MB Windows Vista Service Pack 1 Five Language Standalone (KB936330):

MS downloads:
- http://preview.tinyurl.com/ywb4al
"...IF YOU ARE UPDATING JUST ONE COMPUTER: A smaller, more appropriate download is available on Windows Update..."

Update 1: If Vista SP1 will not install, or is not being offered as a option you should read the following article. You may have to update drivers first or other issues...
Windows Vista Service Pack 1 is not available for installation from Windows Update and is not offered by Automatic Updates: http://support.microsoft.com/?kbid=948343

Update 2: Before you install the final release of Windows Vista SP1, you must uninstall any previous releases... http://support.microsoft.com/kb/936330

Windows Service Pack Blocker Tool
- http://technet.microsoft.com/en-us/windowsvista/bb927794.aspx

.

AplusWebMaster

2008-03-20, 01:39

FYI...

- http://blogs.technet.com/msrc/archive/2008/03/19/march-2008-ms08-014-re-release.aspx
March 19, 2008 - "...we've just re-released MS08-014 for Microsoft Office Excel 2003 Service Pack 2 and Service Pack 3 only... The original version released on March 11, 2008 did fully protect against the security issues discussed in the bulletin. However, after release we discovered that the security update caused a calculation error in Microsoft Excel 2003 when a Real Time Data source was used in a user-created Visual Basic for Applications solution (in other words a custom-built VBA function). For additional details, please refer to KB950340*. If you're -not- running Microsoft Excel 2003, this re-release doesn't apply to you and you don't need to take any action. If you are running Microsoft Excel 2003 Service Pack 2 or Service Pack 3, you should use the guidance provided in Knowledge Base article KB950340* to deploy the new update."
* http://support.microsoft.com/kb/950340

:lip:

AplusWebMaster

2008-03-22, 12:47

FYI...

Microsoft Security Advisory (950627)
Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/950627.mspx
March 21, 2008 - "Microsoft is investigating new public reports of very limited, targeted attacks using a vulnerability in the Microsoft Jet Database Engine that can be exploited through Microsoft Word.
Customers running Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not vulnerable to the buffer overrun being attacked, as they include a version of the Microsoft Jet Database Engine that is not vulnerable to this issue.
Customers using Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1 are vulnerable to these attacks.
Microsoft is investigating the public reports and customer impact. We are also investigating whether the vulnerability can be exploited through additional applications. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."

- http://secunia.com/advisories/14896/
Last Update: 2008-03-24
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched...
...affects versions of msjet40.dll prior to 4.0.9505.0...

:fear:

AplusWebMaster

2008-03-23, 00:19

FYI...

- http://www.symantec.com/avcenter/threatcon/learnabout.html
(03.22.2008) - "...On March 21, 2008 a public exploit was released for the Microsoft Excel Header Parsing Remote Code Execution Vulnerability (BID 27305). This vulnerability was originally published on January 15, 2008 as an unidentified issue due to reports of targeted exploitation occuring in the wild. It was later patched as part of MS08-014 on March 11, 2008, which addressed a number of different Excel issues.
Microsoft Excel Header Parsing Remote Code Execution Vulnerability
( http://www.securityfocus.com/bid/27305 )
MS08-014 ( http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx ) This is the first of the issues addressed by MS08-014 to have a public exploit available and therefore will likely see public exploitation in the future. The vulnerability specifically involves an uninitialized stack variable issue which was explained by Microsoft in a recent blog posting:
MS08-014: The Case of the Uninitialized Stack Variable Vulnerability
( http://preview.tinyurl.com/2lw6c6 ) [blogs.technet.com/swi]
At the time of writing we are not aware of any public exploitation incidents involving this exploit, however we are anticipating attacks to occur in the near future. Users are advised to apply the updates available in the MS08-014 bulletin immediately. Those unable to do so are advised to review the workarounds listed in the bulletin and avoid opening Excel documents where possible."

:fear:

AplusWebMaster

2008-03-25, 13:30

RE: http://www.microsoft.com/technet/security/advisory/950627.mspx

- http://isc.sans.org/diary.html?storyid=4192
Last Updated: 2008-03-25 00:41:39 UTC - "...A few minutes ago Microsoft has posted more details about this issue on the MSRC blog*. Summarizing:
- The Jet Database Engine vulnerability is well-known since March 2005. The main issue now is that it can be exploited through a new attack vector, Microsoft Word (specifically two DOC files), avoiding the mitigations enforced by Outlook and Exchange over this unsafe file type (MDB).
- Microsoft is currently working on the fixes, evaluating if an update may prevent Word from opening MDB files, and checking how to apply the fixed msjet40.dll currently available for Windows Server 2003 SP2, Windows Vista, and beta versions of Windows XP SP3 in other OS versions.
- In the meantime, apart from the general recommendation of not opening untrusted MS Word files, you can follow the two workarounds detailed on the initial advisory:
o Computer-based workaround: Restrict the Microsoft Jet Database Engine from running through the "cacls" command, used to modify the access control lists (ACLs) of files. Applications requiring the Jet Database Engine will not function.
o Infrastructure-based workaround: Block specific files at your mail gateway based on string signatures (if it provides file inspection capabilities). The associated strings plus implementation details for specific mail gateways are detailed on the advisory..."
* http://preview.tinyurl.com/2lvatz

AplusWebMaster

2008-03-25, 15:52

FYI...

- http://www.techarp.com/showarticle.aspx?artno=521&pgno=0
20-03-2008 - "...Due to the changes in language releases and Windows XP SP3 RTM's release, here's the updated schedule.

1. Chinese (Simplified), English, French, German, Japanese, Korean, and Spanish...
Second half of April 2008

2. Arabic, Chinese (Hong Kong), Chinese (Traditional), Czech, Danish, Dutch, Finnish, Greek, Hebrew, Hungarian, Italian, Norwegian, Polish, Portuguese (Brazilian), Portuguese (Portugal), Russian, Swedish, and Turkish...
Approximately 21 days after Wave 1 RTM

With the exception of Windows XP Media Center Edition and Windows XP Tablet Edition, Windows XP Service Pack 3 will be released in both standalone and integrated formats. It will be available in both CD and DVD formats, except for the Japanese language version which will only be in DVD format..."

:blink:

AplusWebMaster

2008-03-26, 19:49

FYI...

- http://www.symantec.com/avcenter/threatcon/learnabout.html
(2008.03.26) - "...This issue is now being exploited by a website in the wild. The attack vector that is used differs from what is typically observed for this type of vulnerability. Normally, an attacker will spam Excel files to potential victims so as to leverage the vulnerability. In this case, the exploit is hosted on a site, and the victim is silently redirected to the exploit in a similar strategy to how ActiveX client-side vulnerabilities are exploited. Specifically, the exploit XLS document is hosted in the domain 'lntop.info'. Victims are then redirected to this site through an IFRAME that is embedded in another site... Symantec AntiVirus detects the malicious XLS file as Trojan.Mdropper.AA. Customers are advised to:
- Ensure that antivirus software is up to date.
- Block access to the domain 'lntop.info'.
- Install the updates in the Microsoft Security Bulletin MS08-014."

> http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx

:fear::spider::fear:

AplusWebMaster

2008-04-01, 22:20

FYI...

- http://preview.tinyurl.com/2szypl
March 31, 2008 (Computerworld) - "...The exploit, which was posted yesterday to the Milw0rm.com Web site, takes advantage of one of two flaws fixed by Microsoft in its MS08-016* security update. Microsoft issued the update on March 11 as part of a four-bulletin batch... "The exploit that is currently available uses a PowerPoint file to leverage the vulnerability on Office XP SP3," said Symantec Corp. analyst Anthony Roe in an alert to customers of the company's DeepSight threat network. "The payload is designed to execute the 'calc.exe' calculator program on Windows. However, it will not be difficult to modify this exploit to add a malicious payload"..."
* http://www.microsoft.com/technet/security/bulletin/ms08-016.mspx?
Revisions:
• V1.0 (March 11, 2008): Bulletin published.
• V1.1 (March 12, 2008): Bulletin updated. FAQ added to clarify the reason why a non-vulnerable version of Office will be offered this update. Also removed MS07-015 as a replaced bulletin for Microsoft Office XP Service Pack 3.
• V1.2 (March 26, 2008): Bulletin updated. Added MS07-025 as a replaced bulletin for Microsoft Office 2003 Service Pack 2.

:fear:

AplusWebMaster

2008-04-03, 23:53

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx
April 3, 2008 - "This is an advance notification of -eight- security bulletins that Microsoft is intending to release on April 8, 2008...

Critical (5)

Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin 2
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin 3
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin 4
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer...

Microsoft Security Bulletin 5
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
...The update requires a restart.
Affected Software: Microsoft Windows, Internet Explorer...

Important (3)

Microsoft Security Bulletin 6
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing
...The update requires a restart.
Affected Software: Microsoft Windows...

Microsoft Security Bulletin 7
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
...The update requires a restart.
Affected Software: Microsoft Windows...

Microsoft Security Bulletin 8
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution
...The update does -not- require a restart.
Affected Software: Microsoft Office...

---

Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS
For information about non-security releases on Windows Update and Microsoft update, please see:

Description of Software Update Services and Windows Server Update Services changes in content for 2008. Includes all Windows content.
- http://support.microsoft.com/kb/894199/en-us

New, Revised, and Released Updates for Microsoft Products Other Than Microsoft Windows.
- http://technet.microsoft.com/en-us/wsus/bb466214.aspx ...

AplusWebMaster

2008-04-08, 01:09

FYI...

- http://preview.tinyurl.com/5omupm
April 7, 2008 (Computerworld) - " Hackers are using a new multiple-attack package composed of seven ActiveX exploits, many of them never seen in the wild before, said a security company on Friday... The attack framework probes Windows PCs for vulnerable ActiveX controls from software vendors Microsoft, Citrix Systems and Macrovision, as well as hardware makers D-Link Corp., Hewlett-Packard, Gateway and Sony... said Symantec researcher Patrick Jungles, who wrote an analysis of the multistrike package for customers of the company's DeepSight threat service. According to Jungles, visitors to compromised Web sites are redirected by a rogue IFRAME to a malicious site serving the package. The attack pack tests the victim's PC for each ActiveX control, detects whether a vulnerable version of a control is installed, and then launches an attack when it finds one... The seven exploited in the package outlined by Jungles are a mix of old and brand-new flaws... Four of the seven ActiveX flaws - those in the D-Link, Gateway, Sony, and Macrovision products - have not been patched, said Jungles... Jungles' report recommended that users apply patches, when they're available, and set the "kill bit" on those ActiveX controls which have not yet been updated by their makers."

:fear::fear:

AplusWebMaster

2008-04-08, 14:33

FYI...

- http://preview.tinyurl.com/3gnxtp
April 07, 2008 (MS Vista blog) - "... The Microsoft Update Blog* contains some important information about updates to the SP1 prerequisite distribution plan. Starting tomorrow, we are resuming the automatic update and installation of the Servicing Stack Update. In mid-April, we will begin distributing SP1 (in the first 5 languages) using the Automatic Update system. We have a lot of Windows users, so not everyone will get it on the same day. In fact, it will go to a small percentage of Windows Vista users each day..."
* http://preview.tinyurl.com/3fdyu2
April 07, 2008 6:12 PM by Microsoft Update Team Blog - "...you may have read that a few customers experienced an endless reboot cycle while installing one of the prerequisites: KB937287**, the Servicing Stack Update (SSU), which contains the Service Pack 1 installation program. As posted last month on the Windows Vista blog, we suspended automatic distribution of the SSU while we investigated the problem. Over the past few weeks, we’ve learned a lot more about the problem and have taken steps to address the issue. Today, we’d like to let you know that we are resuming automatic distribution of the SSU tomorrow and provide more clarity on what happened.
To clear up any concerns for those of you who have already installed the update: There is no problem with the files that make up the Servicing Stack Update (KB937287**); the problem some customers encountered was with the installation process for the update. That means if you already have the update installed, you do not need to uninstall it or install the rereleased version of the update.
- So what caused the problem? Well, the SSU has special code to check whether there are any pending reboots or other updates to install. If it sees either of these circumstances, it prevents the install from starting. During our investigation, we discovered that there were a few unknown and rare events during the middle of the installation of the update that could cause the update to think it needed a reboot to complete the installation. If this happened, the system entered a repeating reboot loop.
To address this problem for people who have not already installed the SSU, we are releasing a fix tomorrow which will install prior to the SP1 Servicing Stack Update. This pre-SSU update helps to ensure a smooth install of the SSU by working to prevent the system from rebooting during the SP1 SSU installation. We also made additional changes to the SSU installer code, so that it checks for and requires the pre-SSU (KB949939) before it will install. These two updates should now install seamlessly through Windows Update, in the proper order, so those of you with WU set to “install updates automatically” who haven’t already installed the SSU don’t have to take any further action..."
** http://support.microsoft.com/kb/937287

.

AplusWebMaster

2008-04-08, 21:30

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-apr.mspx
April 8, 2008 - "This bulletin summary lists security bulletins released for April 2008...

Critical (5)

Microsoft Security Bulletin MS08-018
Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)
- http://www.microsoft.com/technet/security/Bulletin/MS08-018.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-021
Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
- http://www.microsoft.com/technet/security/Bulletin/MS08-021.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-022
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
- http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-023
Security Update of ActiveX Kill Bits (948881)
- http://www.microsoft.com/technet/security/Bulletin/MS08-023.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows. Internet Explorer...

Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)
- http://www.microsoft.com/technet/security/Bulletin/MS08-024.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows. Internet Explorer...

Important (3)

Microsoft Security Bulletin MS08-020
Vulnerability in DNS Client Could Allow Spoofing (945553)
- http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-025
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
- http://www.microsoft.com/technet/security/Bulletin/MS08-025.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-019
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
- http://www.microsoft.com/technet/security/Bulletin/MS08-019.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

---------------------------------------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=4264
Last Updated: 2008-04-08 17:42:25 UTC

AplusWebMaster

2008-04-11, 01:02

FYI...

- http://isc.sans.org/diary.html?storyid=4274
Last Updated: 2008-04-10 21:20:25 UTC - "It appears that Symantec has raised the Threatcon to Level 2 this afternoon...
- http://www.symantec.com/security_response/threatcon/index.jsp
'...The DeepSight honeynet has observed in-the-wild exploit attempts targeting a GDI vulnerability patched by Microsoft on April 8, 2008. The malicious image appears to target the Microsoft Windows GDI Stack Overflow Vulnerability (BID 28570). At least three different sites are hosting the images; two different malicious binaries are associated with the attacks. Analysis of the images has shown that although they appear to be malicious, they do not contain enough data in the associated image property to sufficiently trigger the vulnerability. We are still investigating as to why this may be the case. Users are advised to apply the MS08-021* patches immediately. These attack attempts highlight the severity of this issue -- it is only a matter of time before new images that successfully trigger the issue are observed in the wild... some of the associated malware that is delivered with the attack is not detected...'
* http://www.microsoft.com/technet/security/Bulletin/MS08-021.mspx
(Microsoft Security Bulletin MS08-021 – Critical
Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
Published: April 8, 2008 ...)
...If you haven't already patched do so now and don't forget to remind your users not to open image files."
---------------------------------------------------

Exploiting Latest GDI Vulnerability Found in the Wild
- http://preview.tinyurl.com/4nkzn8
April 10, 2008 (Symantec Security Response Weblog) - "...It is possible that these exploits either have been leaked and are "in-work" copies, or that they are functional on some platform that we have not tested. However, the exploit (named "top.jpg") does contain functional payload, which downloads a secondary file (word.gif). Word.gif is really an executable that would be run following a successful infection. Its main function would be to use iexplore.exe to contact a few hosts in China, presumably to download additional malicious code..."

:fear::fear:

AplusWebMaster

2008-04-11, 18:47

FYI...

April 2008 - Black Tuesday Overview
- http://isc.sans.org/diary.html?storyid=4264
Last Updated: 2008-04-11 13:59:44 UTC
"...
MS08-021 ...Symantec has reported non-working exploits in the wild...
- http://www.symantec.com/security_response/threatcon/index.jsp
"...Users are advised to apply the MS08-021 patches immediately. These attack attempts highlight the severity of this issue -- it is only a matter of time before new images that successfully trigger the issue are observed in the wild..."

MS08-023 ...PoC exploits were posted on the internet...
( 3rd party killbit for Yahoo! Music Jukebox activeX control )

:fear:

AplusWebMaster

2008-04-12, 14:55

FYI...

Elevated ATLAS Threat Index - GDI Exploits in the Wild
- http://asert.arbornetworks.com/2008/04/elevated-atlas-threat-index-gdi-exploits-in-the-wild/
April 11, 2008 - "The ATLAS Threat Index is used to track global security issues as a barometer, and we’re raising the index (something we don’t do very often). We are doing so because see evidence that the GDI vulnerability - MS08-021 - is being exploited in the wild. We have not yet seen widespread attacks, but we anticipate that this attack vector will grow in popularity in the coming days, similar to the WMF and ANI attack vectors in the past couple of years..."

- http://www.us-cert.gov/current/#active_exploitation_of_gdi_vulnerabilities
April 11, 2008 - "US-CERT is following public reports indicating that attackers are attempting to exploit vulnerabilities in GDI. These vulnerabilities are due to buffer overflow conditions that exist in the processing of EMF and WMF image files. By convincing a user to open a specially crafted EMF or WMF file, a remote attacker may be able to execute arbitrary code. These vulnerabilities were addressed in Microsoft Security Bulletin MS08-021. Users who have not applied this patch are vulnerable..."

:fear:

AplusWebMaster

2008-04-16, 05:32

FYI...

- http://isc.sans.org/diary.html?storyid=4264
Last Updated: 2008-04-16 01:23:53 UTC ...(Version: 5)

Overview of the April 2008 Microsoft patches and their status...

MS08-020 - DNS client - Update: well published problem

MS08-021 - GDI - Update: April 11th: Arbor networks reporting exploits in the wild

MS08-022 - Scripting engines - Update: PoC available in for pay program

MS08-023 - ActiveX - PoC exploits were posted on the internet

MS08-025 - Windows kernel - Proof of concept available in a for pay program

:fear::spider::fear:

AplusWebMaster

2008-04-17, 19:58

FYI...

- http://www.theregister.co.uk/2008/04/16/vista_defender_sp1/
16 April 2008 - "Microsoft has admitted it is investigating reports that a recent Windows Vista security update causes havoc with some USB devices, but the software giant is yet to provide a fix for the cock-up. The Windows Defender update was released last week, but some unfortunate Vista customers have claimed that their USB mice and keyboards among other devices refuse to work after the update is installed on their computers... the automatic version of the (SP1) download remains missing in action. Redmond had chalked mid-April as the date when SP1 would start downloading onto computers across the world..."

:sad:

AplusWebMaster

2008-04-18, 15:04

FYI...

Microsoft Security Advisory (951306)
Vulnerability in Windows Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/951306.mspx
April 17, 2008 - "Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability. Currently, Microsoft is not aware of any attacks attempting to exploit the potential vulnerability. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers..."

AplusWebMaster

2008-04-19, 13:52

FYI...

...Vista SP1 is not available for installation from WU and is not offered by Automatic Updates
- http://support.microsoft.com/?kbid=948343
Last Review: April 18, 2008 <<<
Revision: 6.0...

:lip:

AplusWebMaster

2008-04-22, 02:56

FYI...

(Another tale of "Windows Genuine Annoyance" - an Office nag)
- http://preview.tinyurl.com/4wona3
April 19, 2008 (Computerworld) - "... By early Wednesday, administrators in the U.S., the U.K., New Zealand and elsewhere were posting messages on Microsoft support newsgroups, asking why their WSUS systems had received the Office nag. In some cases, administrators reported that the update had fingered large numbers of desktop PCs as running counterfeit copies of Office. "Update KB949810 arrived via WSUS yesterday, and now all my XP workstations running Word 2002 are telling me it needs activating," said a user... in the U.K. "The only problem is that the software is genuine and was activated three years ago"... "There is nothing more frustrating as a Microsoft shareholder to constantly see Microsoft shoot themselves in the foot by treating legal customers in this manner.*"..."
* http://forums.microsoft.com/Genuine/ShowPost.aspx?PostID=3188048&SiteID=25

:lip:

AplusWebMaster

2008-04-22, 04:28

FYI...

- http://preview.tinyurl.com/3nkl3q
April 21, 2008 (Computerworld) - "Microsoft Corp. today finally slapped a "Done" sticker on Windows XP Service Pack 3 and pushed it out the door. The designation of SP3 as RTM, short for "release to manufacturing"..."
(Many "Q&A's" at the URL above.)

Overview of Windows XP SP3 - link to .pdf file here
- http://preview.tinyurl.com/35uwdq
428 K
Windows XP SP3 forum
- http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=2010&SiteID=17

- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207401041
April 21, 2008 - "...the third and final service pack for its Windows XP operating system and that the update will be available for public download on April 29... The service pack should offer a number of enhancements over the current version of the OS. It includes all updates issued since Windows XP Service Pack 2 was released in 2004, and some new elements. Among them: A feature called Network Access Protection that's borrowed from the newer Windows Vista operating system. NAP automatically validates a computer's health, ensuring that it's free of bugs and viruses before allowing it access to a network. Windows XP SP3 also includes improved "black hole" router detection -- a feature that automatically detects routers that are silently discarding packets. In XP SP3, the feature is turned on by default, according to Microsoft..."

AplusWebMaster

2008-04-30, 00:58

FYI...

MS delays release of XPSP3
- http://preview.tinyurl.com/56vprz
April 29, 2008 (Infoworld) - "Microsoft has delayed the release of a third service pack for Windows XP, blaming a "compatibility issue" between the software and a retail-chain-management application... incompatibilities discovered in the past several days between an application called Microsoft Dynamics RMS and -both- Windows XP SP3 and Windows Vista Service Pack 1 will force the company to hold off on releasing the software. Dynamics RMS is a retail-chain-management software for SMBs. Microsoft said it is putting filtering in place to prevent its Windows Update service from offering both service packs to systems running Microsoft Dynamics RMS. Once that filtering is in place, Microsoft will release Windows XP SP3 to Windows Update and Download Center for users not running the application causing the problem.
The company on Tuesday did not say how long putting in filters would take. Microsoft is recommending that Microsoft Dynamics RMS customers not install Windows XP SP3 or Windows Vista SP1. For more information, those customers should contact Microsoft Customer Support Services, the company said. A fix to the Dynamics RMS problem is being tested and "will be available as soon as that process is complete," Microsoft said. The company did not provide a time frame for completion of the testing..."

AplusWebMaster

2008-04-30, 23:20

FYI...

- http://www.milw0rm.com/exploits/5518
2008-04-28 - "[Windows XP SP2 (win32k.sys)] This exploit takes advantage of one of the vulnerabilities patched in the Microsoft Security bulletin MS08-25
http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx ..."
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)

:fear:

AplusWebMaster

2008-05-04, 03:29

FYI...

Vista Audio Driver...
- http://isc.sans.org/diary.html?storyid=4376
Last Updated: 2008-05-03 23:26:07 UTC - "...a recent update offered for a driver update for IDT (Formerly Sigmatel)'s high definition sound is causing problems for -Dell- users that have installed it. "Should you see this update appear, *do not* install it," warned 'Chris B', a Dell Digital Life Liason, in a Thursday forum post. The update is called IDT High Def Codec and was reported to be one of the drivers that held up the release of SP1 for Vista back in February. If you have a Dell computer and have not yet installed Vista SP1, you may want to take a look at the full article.
- http://www.crn.com/software/207500472 "

:sad:

AplusWebMaster

2008-05-05, 20:51

Good grief...

Vista Service Pack 1 is not available...
- http://support.microsoft.com/?kbid=948343
Article ID: 948343
Last Review: May 5, 2008
Revision: 9.0...

:sad:

AplusWebMaster

2008-05-08, 20:52

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-may.mspx
May 8, 2008
"This is an advance notification of security bulletins that Microsoft is intending to release on May 13, 2008...

Critical (3)

Word Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Publisher Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Jet Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Moderate (1)

Security Software Bulletin
Maximum Severity Rating: Moderate
Impact of Vulnerability: Denial of Service...
Affected Software: Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, Microsoft Forefront Security...

AplusWebMaster

2008-05-13, 20:57

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-may.mspx
May 13, 2008
"This bulletin summary lists security bulletins released for May 2008...

Critical (3)

Microsoft Security Bulletin MS08-026
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
- http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-027
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
- http://www.microsoft.com/technet/security/bulletin/ms08-027.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-028
Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)
- http://www.microsoft.com/technet/security/bulletin/ms08-028.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Moderate (1)

Microsoft Security Bulletin MS08-029
Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)
- http://www.microsoft.com/technet/security/bulletin/ms08-029.mspx
Maximum Severity Rating: Moderate
Impact of Vulnerability: Denial of Service...
Affected Software: Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, Microsoft Forefront Security...

New, Revised, and Rereleased Updates for Microsoft Products Other Than Microsoft Windows
- http://technet.microsoft.com/en-us/wsus/bb466214.aspx

ISC Analysis
- http://isc.sans.org/diary.html?storyid=4411
Last Updated: 2008-05-13 17:59:16 UTC

AplusWebMaster

2008-05-17, 04:51

FYI...

Microsoft Security Advisory (950627)
Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/950627.mspx
Updated: May 13, 2008 - "...We have issued Microsoft Security Bulletin MS08-028 to address this issue. For more information about this issue, including download links for an available security update, please review MS08-028*... In addition to immediately installing the update in Microsoft Security Bulletin MS08-028, we recommend that customers with Microsoft Word also immediately install the update in Microsoft Security Bulletin MS08-026**: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207), for the most up-to-date protection against the attack vector for these types of attacks..."

* http://go.microsoft.com/fwlink/?LinkId=114750

** http://go.microsoft.com/fwlink/?LinkId=117295

:fear:

AplusWebMaster

2008-05-22, 14:55

FYI...

XP SP3 triggers false positives in security apps
- http://windowssecrets.com/comp/080522#story1
2008-05-22 - "Installing Windows XP Service Pack 3 can cause your anti-malware programs to report the presence of Trojans and keyloggers that aren't there. The false positives have blocked important system files in some cases, and in others they have misled users into reinstalling XP... Comments on a PC Tools forum* confirm customer reports that the company's Spyware Doctor program generates a false positive on systems with Windows XP SP3. Similarly, at least one site claims that Symantec's Norton Internet Security software identifies a common system file as a keylogger. ReviewSaurus reports** that XP SP3 causes Norton Internet Security to identify ctfmon.exe as a keylogger (a kind of malware that records your keystrokes to capture passwords and other important data). In reality, the ctfmon.exe file in your Windows\System32 folder is a Microsoft system file that enables alternative input methods such as speech, tablet, or on-screen keyboard. A spokesperson for Symantec was not immediately available for comment..."

* http://www.pctools.com/forum/showthread.php?t=51766&page=3

** http://www.reviewsaurus.com/tips-tricks/windows-xp-sp3-service-pack-3-install-problems/

.

AplusWebMaster

2008-05-31, 09:00

FYI...

Microsoft Security Advisory (953818)
Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform
- http://www.microsoft.com/technet/security/advisory/953818.mspx
Published: May 30, 2008 - "Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory.
At the present time, Microsoft is unaware of any attacks attempting to exploit this blended threat. Upon completion of this investigation, Microsoft will take the appropriate measures to protect our customers. This may include providing a solution through a service pack, the monthly update process, or an out-of-cycle security update, depending on customers needs.
Mitigating Factors:
• Customers who have changed the default location where Safari downloads content to the local drive are -not- affected by this blended threat."
- http://blogs.technet.com/msrc/archive/2008/05/30/security-advisory-953818-posted.aspx
May 30, 2008

- http://secunia.com/advisories/30467/
Release Date: 2008-06-02
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
OS: Microsoft Windows Vista, Microsoft Windows XP Home Edition, Microsoft Windows XP Professional
Software: Safari for Windows 3.x
...The vulnerability is reported in Safari running on Windows XP or Vista.
Solution: Set the download location in Safari to a location other than "Desktop"...
Original Advisory: http://www.microsoft.com/technet/security/advisory/953818.mspx

AplusWebMaster

2008-06-02, 23:18

FYI...

XPSP3 replaced the up-to-date flash.ocx...
- http://isc.sans.org/diary.html?storyid=4513
Last Updated: 2008-06-02 19:18:05 UTC - "It appears that XPSP3 installs an older vulnerable version of the flash player...
http://www.microsoft.com/technet/security/Bulletin/MS06-069.mspx
Why was this Bulletin revised on May 13, 2008?
This bulletin was revised to add Windows XP Service Pack 3 as affected software..."
> Latest v9,0,124,0 - http://www.adobe.com/go/getflashplayer

Other references noting the problem:

- http://preview.tinyurl.com/5cz4wt
June 01, 2008 9:38 PM (Donna's SecurityFlash)

Ref: http://www.dozleng.com/updates/index.php?showtopic=18354&st=0&p=80908&#entry80908

:spider::oops::rolleyes:

AplusWebMaster

2008-06-06, 14:50

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx
June 5, 2008 - "...This is an advance notification of security bulletins that Microsoft is intending to release on June 10, 2008..."
(Total of -7-)

Critical (3)

Bulletin Identifier: Bluetooth Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Bulletin Identifier: Internet Explorer Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer...

Bulletin Identifier: DirectX Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Important (3)

Bulletin Identifier: WINS Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows...

Bulletin Identifier: Active Directory Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Microsoft Windows...

Bulletin Identifier: PGM Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Microsoft Windows...

Moderate (1)

Bulletin Identifier: Kill Bit Bulletin
Maximum Severity Rating: Moderate
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

This advance notification provides the software subject as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release...

AplusWebMaster

2008-06-08, 13:13

FYI...

Microsoft Security Advisory (953818)
Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform
- http://www.microsoft.com/technet/security/advisory/953818.mspx
Revisions:
• May 30, 2008: Advisory published.
• June 6, 2008: Modified the steps in the workaround and added acknowledgment.

:fear:

AplusWebMaster

2008-06-10, 20:59

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-jun.mspx
June 10, 2008 - "This bulletin summary lists security bulletins released for June 2008...

Critical (3)

Microsoft Security Bulletin MS08-030
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
- http://www.microsoft.com/technet/security/bulletin/ms08-030.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)
- http://www.microsoft.com/technet/security/bulletin/ms08-031.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer...

Microsoft Security Bulletin MS08-033
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
- http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Important (3)

Microsoft Security Bulletin MS08-034
Vulnerability in WINS Could Allow Elevation of Privilege (948745)
- http://www.microsoft.com/technet/security/bulletin/ms08-034.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-035
Vulnerability in Active Directory Could Allow Denial of Service (953235)
- http://www.microsoft.com/technet/security/bulletin/ms08-035.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-036
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
- http://www.microsoft.com/technet/security/bulletin/ms08-036.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Microsoft Windows...

Moderate (1)

Microsoft Security Bulletin MS08-032
Cumulative Security Update of ActiveX Kill Bits (950760)
- http://www.microsoft.com/technet/security/bulletin/ms08-032.mspx
Maximum Severity Rating: Moderate
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

• New, Revised, and Released Updates for Microsoft Products Other Than Microsoft Windows.
- http://technet.microsoft.com/en-us/wsus/bb466214.aspx

-------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=4552
Last Updated: 2008-06-10 18:09:18 UTC

MS08-031 - MSIE - Details on attacking CVE-2008-1544 are publicly available

MS08-032 - ActiveX Kill Bits - Publicly discussed

------
Geez...

- http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx
Revisions
• V1.0 (June 10, 2008): Bulletin summary published.
• V1.1 (June 11, 2008): Corrected the Affected Software table for Windows XP, to clarify the entries for Windows XP Service Pack 2 and Windows XP Service Pack 3 for MS08-030, MS08-031, MS08-032, MS08-033, and MS08-036.

:fear:

patflgn

2008-06-12, 20:51

Windows XP SP3 is crashing BiPAC 5200 series modem/routers. The problem lies with the routers, however, and there is a patch available.

It does not appear that these routers are sold in the US, though.

http://www.billion.com/notice-200805.html

AplusWebMaster

2008-06-16, 15:21

FYI...

Microsoft Security Advisory (954474)
System Center Configuration Manager 2007 Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954474.mspx
June 13, 2008 - "Microsoft is investigating public reports of a non-security issue that affects environments with System Center Configuration Manager 2007 that deploy updates to Systems Management Services (SMS) 2003 clients. Microsoft is aware of reports from customers who are experiencing this issue. Upon completion of the investigation, Microsoft will take the appropriate action to resolve the problem within System Center Configuration Manager 2007.
Mitigating Factors:
• This issue impacts customers using System Center Configuration Manager 2007 servers to deploy updates to SMS 2003 clients..."

:fear:

AplusWebMaster

2008-06-18, 14:01

FYI...

Microsoft Security Advisory (954474)
System Center Configuration Manager 2007 Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954474.mspx
Updated: June 17, 2008 - "... Microsoft has confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954474*. Microsoft encourages customers affected by this issue to review and install this update..."
* http://support.microsoft.com/kb/954474
Last Review: June 17, 2008
Revision: 2.1

AplusWebMaster

2008-06-23, 20:55

FYI...

- http://preview.tinyurl.com/4nhmfr
June 20, 2008 (blogs.technet.com) - "...After its first -day- in MSRT, Taterf components had been removed from over 700,000 machines! For comparison, Win32/Nuwar (aka ‘Storm worm’) was removed from less than half that in its first month... So how does one avoid being infected? Running an up-to-date anti-virus solution is a good start. Running an up-to-date, patched browser is another necessity – many of the Win32/Frethog trojans are installed via browser exploits (there have been instances in the past of links to malicious sites being posted to popular gaming forums – so be wary!). Enabling Automatic Updates helps a whole bunch too. Disabling the Explorer ‘autoplay’ feature is useful in helping to avoid these problems..."

(Charts of disinfections/country available at the URL above.)

:D:

AplusWebMaster

2008-06-26, 13:24

FYI...

A reliability and performance update is available for Windows Vista SP1-based computers
- http://support.microsoft.com/kb/952709
Last Review: June 24, 2008
Revision: 1.0
"...This update includes the following improvements on a Windows Vista SP1-based computer:
• This update improves the stability of Windows Vista SP1-based computers by addressing some crashes that may occur when you try to check e-mail by using a POP3 e-mail client such as Windows Mail or Mozilla Thunderbird. The crashes may occur on a Windows Vista SP1-based computer in the following scenario:
• Incoming POP3 and outgoing SMTP traffic monitoring is enabled.
• Both a third-party antivirus application and an antispyware application are installed, such as the following applications:
• ZoneAlarm Internet Security Suite by Check Point Software Technologies Ltd.
• SpySweeper by Webroot Software, Inc.
• This update improves the reliability of the Windows Vista SP1 based-computers by addressing some problems that occur when you delete user accounts by using the User Accounts item in Control Panel. When this problem occurs, the system may stop responding (hang).
• This update improves the reliability of Windows Vista SP1-based computers that experience issues in which large applications cannot run after the computer is turned on for extended periods of time. For example, when you try to start Excel 2007 after the computer is turned on for extended periods of time, a user may receive an error message that resembles the following:
EXCEL.EXE is not a valid Win32 application
• This update improves the reliability of Windows Vista SP1-based computers by reducing the number of crashes that may be caused by the Apple QuickTime thumbnail preview in Windows Live Photo Gallery.
• This update improves the performance of Windows Vista SP1-based computers by reducing audio and video (AV) stuttering. Such AV stuttering may occur when the audio or video component is streaming high definition content from a Windows Vista SP1-based computer that has a NVIDIA network adapter nForce driver version 67.5.4.0 that is installed to a Windows Media Center Extender device..."

:fear::spider:

AplusWebMaster

2008-07-04, 14:41

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx
July 3, 2008
This is an advance notification of security bulletins that Microsoft is intending to release on July 8, 2008...
[Total of 4]...

Important (4)

Bulletin Identifier: SQL Bulletin
Maximum Severity Rating:Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows, Microsoft SQL Server...

Bulletin Identifier: Windows Bulletin 1
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Bulletin Identifier: Windows Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Microsoft Windows...

Bulletin Identifier: Exchange Server Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Exchange Server...

- http://blogs.technet.com/msrc/archive/2008/07/03/july-2008-monthly-release.aspx
July 03, 2008

AplusWebMaster

2008-07-11, 05:51

FYI...

Update 2: Microsoft Security Advisory (954960)
- http://blogs.technet.com/msrc/archive/2008/07/10/update-2-microsoft-security-advisory-954960.aspx
July 10, 2008 - "...customers running Windows Server Update Services 3.0 Service Pack 1 on Windows Server 2008 may experience an issue installing the update provided in Microsoft Knowledge Base Article 954960*. The update does not correctly elevate privileges, which are required for the installation to complete. In order to successfully install this update we have identified steps in Advisory 954960**. Additionally, the update does not place an entry in Add or Remove Programs, and cannot be uninstalled. Microsoft has identified the packaging inconsistencies in the current update and is investigating options to resolve them. We will continue to monitor the situation and post updates to the advisory and the MSRC blog as we become aware of any important new information..."
* http://support.microsoft.com/kb/954960
Last Review: July 11, 2008 -?-
Revision: 3.0

** http://www.microsoft.com/technet/security/advisory/954960.mspx
• July 10, 2008: Advisory updated to reflect specific installation and uninstallation procedures for the update for Windows Server Update Services running on Windows Server 2008.

//

AplusWebMaster

2008-07-11, 17:12

FYI...

- http://www.symantec.com/security_response/threatconlearn.jsp
ThreatCon is currently at Level 2: Elevated.
Symantec honeypots have captured further exploitation of the Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability (BID 30114). Before this event, this exploit was known to be used only in isolated attacks. Further analysis of these honeypot compromises has revealed that the exploit has been added to a variant of the neosploit exploit kit, it will very likely reach a larger number of victims. This version will compromise vulnerable English versions of Microsoft Windows by downloading a malicious application into the Windows Startup folder. Computers that have Microsoft Access installed are potentially affected by this vulnerability. Customers are advised to manually set the kill bit on the following CLSIDs until a vendor update is available:
F0E42D50-368C-11D0-AD81-00A0C90DC8D9
F0E42D60-368C-11D0-AD81-00A0C90DC8D9
F2175210-368C-11D0-AD81-00A0C90DC8D9
...For information on setting the kill bit for CLSIDs, see the following: Microsoft Knowledge Base Article 240797 (Microsoft) Microsoft ( http://support.microsoft.com/kb/240797 ) For more information about the vulnerability, see the following: Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability ( http://www.securityfocus.com/bid/30114/references )"
[2008.07.11]

Ref: http://www.microsoft.com/TechNet/security/advisory/955179.mspx
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
July 7, 2008

:fear:

AplusWebMaster

2008-07-17, 22:59

FYI...

- http://isc.sans.org/diary.html?storyid=4747
Last Updated: 2008-07-17 18:48:22 UTC - "Microsoft has issued a "Security Bulletin Major Revision" involving its DirectX products. These revisions include the following two previously released bulletins and particularly affect administrative users as the resulting compromise allows the attacker to gain user rights.

MS08-033* - Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) is rated as -critical- and states that DirectX 9.0 was added as affected software. This vulnerability can be exploited through a specially crafted media file.
* http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx
Updated: July 16, 2008 - Version: 2.0

MS07-064** - Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) is also rated -critical- and has been updated to reflect DirectX 9.0 and 9.0a as affected software. This vulnerability can be exploited through a specially crafted media file via streaming."
** http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx
Updated: July 16, 2008 - Version: 3.0

:fear:

AplusWebMaster

2008-07-26, 12:43

FYI...

Microsoft Security Advisory (956187)
Increased Threat for DNS Spoofing Vulnerability
- http://www.microsoft.com/technet/security/advisory/956187.mspx
July 25, 2008 - "Microsoft released Microsoft Security Bulletin MS08-037* on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the Internet... attacks are likely imminent due to the publicly posted proof of concept..."
* http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
Updated: July 25, 2008
Version: 2.2

- http://support.microsoft.com/kb/953230
Last Review: July 25, 2008
Revision: 4.1

- http://securitylabs.websense.com/content/Alerts/3141.aspx
07.25.2008

//

AplusWebMaster

2008-08-02, 19:40

FYI...

Microsoft Security Advisory (954960)
...WSUS Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954960.mspx
Updated: August 12, 2008

Some computers do not receive updates from the WSUS server
* http://support.microsoft.com/kb/954960
Last Review: August 12, 2008
Revision: 5.0

:fear:

AplusWebMaster

2008-08-08, 11:52

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx
August 7, 2008 - "This is an advance notification of security bulletins that Microsoft is intending to release on August 12, 2008... (Total of 12)

Critical (7)

Windows 1 Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

IE Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer...

Media Player Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Access Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Excel Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

PowerPoint Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Office Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

---

Important (5)

Windows 2 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows...

Windows 3 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

OE Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows, Outlook Express, Windows Mail...

Messenger Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows, Windows Messenger...

Word Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution
Affected Software: Microsoft Office...

- http://blogs.technet.com/msrc/archive/2008/08/07/august-2008-advance-notification.aspx
August 07, 2008 - "...we are planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). You can get additional information, in the “Other Information” section of the Advanced Notification..."

//

AplusWebMaster

2008-09-05, 01:37

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-sep.mspx
September 4, 2008 - "...This is an advance notification of security bulletins that Microsoft is intending to release on September 9, 2008 (Total of -4-)...

Critical (4)

Windows Media Player Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows.

Windows Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer, .NET Framework, Messenger, Office, SQL Server, Visual Studio.

Windows Media Encoder Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows.

Office Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

AplusWebMaster

2008-10-10, 00:59

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-oct.mspx
October 9, 2008 - "This is an advance notification of security bulletins that Microsoft is intending to release on October 14, 2008... (Total of -11-)

Critical (4)

AD Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

IE Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer...

HIS Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Host Integration Server...

Excel Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Important (6)

Windows 1 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows...

Windows 2 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows...

Windows 3 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Windows 4 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Windows 5 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows...

Windows 6 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Moderate (1)

Office Bulletin
Maximum Severity Rating: Moderate
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Office...

//

AplusWebMaster

2008-10-23, 15:48

FYI...

MS out-of-band patch - Critical
- http://isc.sans.org/diary.html?storyid=5227
Last Updated: 2008-10-23 12:16:16 UTC - "Microsoft has just released an advance notification* of an out-of-band update to be released on 23rd of October. They will hold a special webcast on the 23rd at 1:00 pm PT to discuss the release. The patch will be released at 10.00 am. The information in the bulletin mentions a remote code exploit, but no further details are provided, however a restart will be required. Microsoft rates the issue as -critical- for 2000/XP/2003 and important for vista/2008. If we get more information we'll update this diary."
* http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx
Critical (1)
Microsoft Security Bulletin to be issued: October 23, 2008
Windows Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

>>> http://forums.spybot.info/showthread.php?p=246351#post246351

:fear:

AplusWebMaster

2008-11-06, 20:58

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-nov.mspx
November 6, 2008 - "This is an advance notification of security bulletins that Microsoft is intending to release on November 11, 2008... (Total of -2-)

Critical (1)

Windows Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Microsoft Office...

Important (1)

Windows Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows..."

AplusWebMaster

2008-12-05, 07:07

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx
December 4, 2008
"This is an advance notification of security bulletins that Microsoft is intending to release on December 9, 2008... (Total of - 8 -)

Bulletin ID - Maximum Severity Rating and Vulnerability Impact - Restart Requirement - Affected Software

(Critical - 6)
Windows 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Windows 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
IE - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
VB - Critical - Remote Code Execution - Requires restart - Microsoft Developer Tools and Software, Microsoft Office
Word - Critical - Remote Code Execution - Does not require restart - Microsoft Office
Excel - Critical - Remote Code Execution - Does not require restart - Microsoft Office
____

(Important- 2)
SharePoint- Important- Elevation of Privilege- Does not require restart - Microsoft Office, Microsoft Server Software
WMC - Important- Remote Code Execution - May require restart - Microsoft Windows
...

- http://www.us-cert.gov/current/#microsoft_releases_advanced_notification_for2
December 5, 2008 at 09:53 am - "... the December release cycle will contain eight bulletins, six of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Internet Explorer, and Office. There will also be two Important bulletins for Microsoft Windows and Office.."

AplusWebMaster

2008-12-16, 22:55

FYI...

- http://isc.sans.org/diary.html?storyid=5497
Last Updated: 2008-12-16 20:23:07 UTC - "Microsoft has announced that they will be releasing an out of cycle security bulletin tomorrow for the IE zero day*..."
* http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx
December 16, 2008 - "...This bulletin advance notification will be replaced with the revised December bulletin summary on December 17, 2008. The revised bulletin summary will include the out-of-band security bulletin...
Bulletin Identifier: IE ...
Aggregate Severity Rating: Critical ..."

:fear:

AplusWebMaster

2009-01-09, 04:56

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms09-jan.mspx
January 8, 2009 - "This is an advance notification of (a) security bulletin that Microsoft is intending to release on January 13, 2009... (1)

Windows Bulletin
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software:
Microsoft Windows 2000 SP4, XPSP2, XPSP3, Server 2003 - Critical
Vista SP1, Server 2008 - Moderate

.

AplusWebMaster

2009-01-22, 14:28

FYI...

Inauguration Themed Waledac - New Tactics & New Domains
- http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090119
January 19, 2009 - "...the Inauguration of Barack Obama and the Waledac trojan has been in full swing attempting to take advantage of the event. Since late last week the trojan has been blasting its way across the Internet with e-mails attempting to bring unwitting users to a page that looks a lot like the official Barack Obama website. The page is updated each day to appear to have a new blog entry... As always do NOT visit these domains as they are malicious and hosting exploit code... Click here* for a full listing of Waledac domains that we are aware of - this link will be updated as we get them. Your best bet is to block these domains or otherwise avoid them..."
* http://www.shadowserver.org/wiki/uploads/Calendar/waledac_domains.txt

:fear:

AplusWebMaster

2009-02-06, 02:24

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms09-feb.mspx
February 5, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on February 10, 2009...
(Total of -4-)

Internet Explorer
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Internet Explorer

Microsoft Exchange Server
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Does not require restart

Microsoft SQL Server
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart

Microsoft Office - Visio
Restart Requirement: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart

:spider:

AplusWebMaster

2009-03-06, 09:46

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-mar.mspx
March 5, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on March 10, 2009...
(Total of -3-)

Critical (1)

Windows 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Important (2)

Windows 2
Maximum Severity Rating: Important
Vulnerability Impact: Spoofing
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Windows 3
Maximum Severity Rating: Important
Vulnerability Impact: Spoofing
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Other Information
Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center...

- http://blogs.technet.com/msrc/archive/2009/03/05/march-2009-advanced-notification.aspx
___

- http://www.informationweek.com/shared/printableArticle.jhtm?articleID=215800831
March 5, 2009 - "The vulnerability that Microsoft warned about just over a week ago affects files that use the old .xls binary format but not the newer .xlsx format... Conspicuously absent is a fix for the Excel security flaw..."
// Excel 0-day - http://www.microsoft.com/technet/security/advisory/968272.mspx

- http://atlas.arbor.net/briefs/index#-1301369182
Severity: High Severity
Published: Thursday, March 05, 2009 14:00
At least one, possibly two, new and previously undisclosed vulnerabilities have been discovered and are being actively exploited in targeted, selective attacks. The document drops an EXE that downloads more components from three websites: 61.59.24.55, 61.59.24.45, and 61.221.40.63. At least two of these websites appear to be disabled at this point. We do not know when this vulnerability will be fixed by Microsoft.
Analysis: This is a targeted, very selective attack at this point focusing on US government and specific agencies and third-parties at this point. We do not have any additional information to share at this time, we recommend concerned parties contact Microsoft, CERT/CC or US-CERT for additional details as needed.
- http://www.securityfocus.com/brief/914

SecureWorks
- http://preview.tinyurl.com/99wgn9

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0238

:fear:

AplusWebMaster

2009-04-10, 14:49

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-apr.mspx?pf=true
April 9, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on April 14, 2009... (Total of -8-)

Critical (5)

Windows 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Microsoft Office...

Windows 2
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Windows 3
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows...

IE
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Internet Explorer...

Excel
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

Important (2)

Windows 4
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

ISA
Maximum Severity Rating: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Forefront Edge Security...

Moderate (1)

Windows 5
Maximum Severity Rating: Moderate
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

//

AplusWebMaster

2009-05-08, 04:21

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-may.mspx
May 7, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on May 12, 2009..."
(Total of -1-)

Critical (1)

PowerPoint
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

- http://www.us-cert.gov/current/index.html#microsoft_releases_advance_notification_for21
May 7, 2009

.

AplusWebMaster

2009-06-05, 02:13

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-jun.mspx
June 4, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on June 9, 2009...
(Total of -10-)

Critical -6-

Windows 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Windows 2
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

IE
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Internet Explorer...

Word
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

Excel
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

Office
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

Important -3-

Windows 3
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Windows 4
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Windows 5
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Moderate -1-

Windows 6
Maximum Severity Rating: Moderate
Vulnerability Impact: Information Disclosure
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

- http://blogs.technet.com/msrc/archive/2009/06/04/june-2009-advance-notification.aspx
June 04, 2009

.

AplusWebMaster

2009-07-10, 00:05

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx
July 09, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on July 14, 2009... (Total of -6-)

Critical -3-

Windows 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Windows 2
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows...

Windows 3
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows...

Important -3-

VPC/VS
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Virtual PC, Virtual Server...

ISA
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft ISA Server...

Publisher
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

AplusWebMaster

2009-07-25, 10:14

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx
July 24, 2009 - "This is an advance notification of two out-of-band security bulletins that Microsoft is intending to release on July 28, 2009. One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications. The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical...

Internet Explorer
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Internet Explorer...

Visual Studio
Maximum Severity Rating: Moderate
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Visual Studio...

AplusWebMaster

2009-09-04, 00:29

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-sep.mspx
September 03, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on September 8, 2009... (Total of 5)

Critical -5-

Bulletin 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows

Bulletin 2
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Vulnerability Impact: Microsoft Windows

Bulletin 3
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows

Bulletin 4
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Vulnerability Impact: Microsoft Windows

Bulletin 5
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows

AplusWebMaster

2009-10-09, 00:20

FYI...

- http://www.theregister.co.uk/2009/10/09/patch_tues_oct_pre_alert/
9 October 2009 - "... biggest ever Patch Tuesday update... 13 bulletins collectively address 34 security flaws..."

- http://www.microsoft.com/technet/security/Bulletin/MS09-oct.mspx
October 8, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on October 13, 2009... (Total of -13-)

Critical -8-

Bulletin 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Vulnerability Impact: Microsoft Windows

Bulletin 2
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows

Bulletin 3
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows

Bulletin 5
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Vulnerability Impact: Microsoft Windows, Internet Explorer

Bulletin 6
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows

Bulletin 11
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Office

Bulletin 12
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows, Microsoft Silverlight

Bulletin 13
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows, Microsoft Office, Microsoft SQL Server, Microsoft Developer Tools, Microsoft Forefront

Important -5-

Bulletin 4
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows

Bulletin 7
Maximum Severity Rating: Important
Vulnerability Impact: Spoofing
Restart Requirement: Requires restart
Vulnerability Impact: Microsoft Windows

Bulletin 8
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows

Bulletin 9
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows

Bulletin 10
Maximum Severity Rating: Important
Vulnerability Impact: Denial of Service
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows
___

October 2009 Bulletin Release Advance Notification
- http://blogs.technet.com/msrc/archive/2009/10/08/october-2009-bulletin-release.aspx
October 08, 2009 - "... Among the updates this month, we are closing out two current security advisories:
• Vulnerabilities in SMB Could Allow Remote Code Execution (975497)
http://www.microsoft.com/technet/security/advisory/975497.mspx
• Vulnerabilities in the FTP Service in Internet Information Services (975191)
http://www.microsoft.com/technet/security/advisory/975191.mspx
Usually we do not go into this level of detail in the advance notification but we felt that it is important guidance so customers can plan accordingly and deploy these updates as soon as possible..."

.