MS Malware Protection Engine advisory...
FYI...
Microsoft Security Advisory (2491888)
Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/sec...y/2491888.mspx
February 23, 2011 - "... an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users. Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the update to the Microsoft Malware Protection Engine is installed along with the updated malware definitions for the affected products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly. Typically, no action is required of enterprise administrators or end users to install this update, because the built-in mechanism for the automatic detection and deployment of this update will apply the update within the next 48 hours. The exact time frame depends on the software used, Internet connection, and infrastructure configuration..."
- http://support.microsoft.com/kb/2510781
February 23, 2011 - "... how to verify that the updates have been installed... This update requires Windows Live OneCare..."
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-0037
Last revised: 02/28/2011 - CVSS v2 Base Score: 7.2 (HIGH) - "... before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare..."
___
- http://secunia.com/advisories/43468/
Release Date: 2011-02-24
Solution Status: Partial Fix
...The vulnerability is reported in version 1.1.6502.0 and prior of Microsoft Malware Protection Engine.
Solution: Ensure that systems are running version 1.1.6603.0 or later of Microsoft Malware Protection Engine. Typically, malware definitions and updates for Microsoft Malware Protection Engine are applied automatically...
- http://www.h-online.com/security/new...m-1196731.html
24 February 2011 - "... such updates are usually installed within 48 hours, but that users can also initiate the process manually..."
:fear:
MS Autorun update v2.1 now "automatic" from Windows Update
FYI...
MS Autorun update v2.1 now "automatic" from Windows Update
- http://isc.sans.edu/diary.html?storyid=10468
Last Updated: 2011-03-02 06:27:56 UTC - "Microsoft has moved their Windows Autorun V2.1 [1] (967940) update patch from optional updates to automatic updates. This is the same patch that was released in last month’s patch Tuesday. When Windows update is next run, this patch will automatically be selected to apply to your machine. This is more likely to affect home users, as companies should be using group policies to control how USB autorun settings operate. Expect one or two calls... why their favorite autorun USB stick application has stopped working."
[1] http://www.microsoft.com/technet/sec...ry/967940.mspx
:sad:
MS Security Bulletin Advance Notification - March 2011
FYI...
MS Security Bulletin Advance Notification - March 2011
- http://www.microsoft.com/technet/sec.../MS11-mar.mspx
March 03, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on March 8, 2011..."
(Total of -3-)
Bulletin 1
Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 2
Important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 3
Important - Remote Code Execution - May require restart - Microsoft Office
.
MS Security Bulletin Summary - March 2011
FYI...
- http://www.microsoft.com/technet/sec.../MS11-mar.mspx
March 08, 2011 - "This bulletin summary lists security bulletins released for March 2011... (Total of -3-)
Microsoft Security Bulletin MS11-015 - Critical
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
- http://www.microsoft.com/technet/sec.../ms11-015.mspx
Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS11-017 - Important
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)
- http://www.microsoft.com/technet/sec.../MS11-017.mspx
Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS11-016 - Important
Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)
- http://www.microsoft.com/technet/sec.../MS11-016.mspx
Remote Code Execution - May require restart - Microsoft Office
___
MS11-015: http://secunia.com/advisories/43626/
Highly critical - System access - From remote
MS11-016: http://secunia.com/advisories/41104/
Highly critical - System access - From remote
MS11-017: http://secunia.com/advisories/43628/
Highly critical - System access - From remote
MS11-015:
- http://www.securitytracker.com/id/1025169
- http://www.securitytracker.com/id/1025170
MS11-016:
- http://www.securitytracker.com/id/1025171
MS11-017:
- http://www.securitytracker.com/id/1025172
___
- http://blogs.technet.com/b/msrc/arch...n-release.aspx
"8 Mar 2011
MS11-015. This bulletin resolves one Critical-level and one Important-level vulnerability affecting certain media files in all versions of Microsoft Windows. It has an Exploitability Index rating of 1 ...
MS11-016 is a DLL-preloading issue affecting Microsoft Groove 2007 Service Pack 2, which makes this an Office bulletin. Versions 2007 and 2010 of Groove are unaffected, as is Microsoft SharePoint Workspace 2010.
MS11-017 is also a DLL-preloading issue, in this instance in Microsoft Windows Remote Client Desktop. This security update is rated Important for Remote Desktop Connection 5.2 Client, Remote Desktop Connection 6.0 Client, Remote Desktop Connection 6.1 Client, and Remote Desktop Connection 7.0 Client..."
Deployment Priority
- http://blogs.technet.com/cfs-filesys...deployment.png
Severity and Exploitability
- http://blogs.technet.com/cfs-filesys...ty_2D00_xi.png
___
MSRT
- http://support.microsoft.com/?kbid=890830
March 8, 2011 - Revision: 85.0
(Recent additions)
- http://www.microsoft.com/security/pc...-families.aspx
... added this release...
• Renocide
- http://blogs.technet.com/b/mmpc/arch...-renocide.aspx
9 Mar 2011
Download:
- http://www.microsoft.com/downloads/e...displaylang=en
File Name: windows-kb890830-v3.17.exe
To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/d...displaylang=en
File Name: windows-kb890830-x64-v3.17.exe
___
ISC Analysis
- http://isc.sans.edu/diary.html?storyid=10510
Last Updated: 2011-03-08 18:17:20 UTC
.
MS Security Advisories updated
FYI...
Microsoft Security Advisory (2491888)
Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/sec...y/2491888.mspx
• V1.1 (March 8, 2011): Revised advisory FAQ to announce updated version of the MSRT...
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-0037
Last revised: 02/28/2011
CVSS v2 Base Score: 7.2 (HIGH)
"... before 1.1.6603.0..."
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2269637.mspx
• V6.0 (March 8, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-015, "Vulnerabilities in Windows Media Could Allow Remote Code Execution;" MS11-016, "Vulnerability in Microsoft Groove Could Allow Remote Code Execution;" and MS11-017, "Vulnerability in Remote Desktop Client Could Allow Remote Code Execution."
:fear:
Forefront update fails - KB2508823
FYI...
Forefront update fails - KB2508823
- http://isc.sans.edu/diary.html?storyid=10522
Last Updated: 2011-03-09 23:13:29 UTC - "Included in this Patch Tuesday is a Forefront update KB2508823[1] (Client Version: 1.5.1996.0). We have received a number of reports that the KB2508823 update fails during the install. Once the update fails, the existing Forefront client is also removed. This leaves the machine without any anti-malware protection. We recommend you hold off deploying the update until confirmation from Microsoft. Microsoft have posted a similar warning here:
- http://blogs.technet.com/b/clientsec...11-update.aspx
"Update 9 March 2011... you may want to hold off approving this update for the moment..."
___
- http://blogs.technet.com/b/clientsec...11-update.aspx
"Update 10 March 2011... We have received reports of an installation issue with our March update of Forefront Client Security when the option of “install updates and shutdown” is used. We wanted to be clear on the issue and exactly what steps we are taking to rectify it.
Symptom: A computer attempts to use the install updates and shutdown Windows feature to update to the latest version of FCSv1. After restart, the computer does not have the Antimalware agent installed, but will still have the Security State Assessment(SSA) and Microsoft Operation Manager components installed.
The problem: This issue only occurs on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. It does not occur on Windows XP, Windows Server 2003 or Windows 2000. This issue was not introduced in the March Update. It is caused by a previously undetected problem in the October 2010 update. Please review the steps below for what options you should take. For the bug to occur, the system must have either the policy setting changing the default shutdown behavior or the user clicks on “Apply updates at Shutdown”. If the update is deployed or manually installed in other ways, this bug does not occur..."
(MS recommended steps to take at the URL above.)
[1] http://support.microsoft.com/kb/2508823
:eek:
MS advisory - escalation ...
FYI...
MS advisory - updated (2501696)
Vulnerability in MHTML Could Allow Information Disclosure
* http://www.microsoft.com/technet/sec...y/2501696.mspx
• V1.1 (March 11, 2011): Revised Executive Summary to reflect investigation of limited, targeted attacks.
- https://www.computerworld.com/s/arti...icrosoft_warns
March 12, 2011 - "An Internet Explorer flaw made public by a Google security researcher two months ago is now being used in online attacks. The flaw, which has not yet been patched, has been used in "limited, targeted attacks," Microsoft said Friday*... The attack is triggered when the victim is tricked into visiting a maliciously encoded Web page - what's known as a Web drive-by attack... Microsoft has released a Fixit tool** that users can download to repair the problem, but has not said when, or even if, it plans to push out a comprehensive security update to all users..."
** http://support.microsoft.com/kb/2501696#FixItForMe
- http://www.theregister.co.uk/2011/03..._google_users/
12 March 2011
- http://www.pcmag.com/article2/0,2817,2381881,00.asp
PCmag.com - "... Firefox and Chrome are not affected in their default configuration, as they do not support MHTML without the installation of specific add-on modules..."
:fear::mad: