MS Security Bulletin Advance Notification - Feb 2012
FYI...
- https://technet.microsoft.com/en-us/...letin/ms12-feb
February 09, 2012 - "This is an advance notification of security bulletins that Microsoft is intending to release on February 14, 2012...
(Total of -9-)
Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 3 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 4 - Critical - Remote Code Execution - May require restart - Microsoft .NET Framework, Microsoft Silverlight
Bulletin 5 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 6 - Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
Bulletin 7 - important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 8 - Important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 9 - Important - Remote Code Execution - May require restart - Microsoft Office
___
- http://h-online.com/-1432804
10 Feb 2012 - "... a total of 21 vulnerabilities in products including Windows, Office and Internet Explorer, as well as in the .NET Framework and Silverlight..."
.
MS Security Bulletin Summary - February 2012
FYI...
- https://technet.microsoft.com/en-us/...letin/ms12-feb
February 14, 2012 - "This bulletin summary lists security bulletins released for February 2012...
(Total of -9-)
Critical -4-
Microsoft Security Bulletin MS12-008 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)
- https://technet.microsoft.com/en-us/...letin/ms12-008
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-010 - Critical
Cumulative Security Update for Internet Explorer (2647516)
- https://technet.microsoft.com/en-us/...letin/ms12-010
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS12-013 - Critical
Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)
- https://technet.microsoft.com/en-us/...letin/ms12-013
Critical - Remote Code Execution - Requires restart - Microsoft Windows
- https://blogs.technet.com/b/srd/arch...edirected=true
Microsoft Security Bulletin MS12-016 - Critical
Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)
- https://technet.microsoft.com/en-us/...letin/ms12-016
Critical - Remote Code Execution - May require restart - Microsoft .NET Framework, Microsoft Silverlight
___
Reliability Update 2 for the .NET Framework 4
- http://support.microsoft.com/kb/2600217
Last Review: Feb 18, 2012 - Revision: 3.0 - Reliability Update 2 for the Microsoft .NET Framework 4 is available to fix some stability, reliability, and performance issues..
___
Important -5-
Microsoft Security Bulletin MS12-009 - Important
Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)
- https://technet.microsoft.com/en-us/...letin/ms12-009
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-011 - Important
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)
- https://technet.microsoft.com/en-us/...letin/ms12-011
Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS12-012 - Important
Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
- https://technet.microsoft.com/en-us/...letin/MS12-012
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS12-014 - Important
Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)
- https://technet.microsoft.com/en-us/...letin/ms12-014
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS12-015 - Important
Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)
- https://technet.microsoft.com/en-us/...letin/ms12-015
Important - Remote Code Execution - May require restart - Microsoft Office
___
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-file.a...Deployment.png
Severity and Exploitability Index
- https://blogs.technet.com/cfs-file.a...ry-2012-XI.png
- https://blogs.technet.com/b/msrc/arc...edirected=true
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=12586
Last Updated: 2012-02-14 20:41:30 UTC
___
- https://secunia.com/advisories/47237/ - MS12-008
- https://secunia.com/advisories/47911/ - MS12-009
- https://secunia.com/advisories/48028/ - MS12-010
- https://secunia.com/advisories/48031/ - MS12-010
- https://secunia.com/advisories/48029/ - MS12-011
- https://secunia.com/advisories/41874/ - MS12-012
- https://secunia.com/advisories/47949/ - MS12-013
- https://secunia.com/advisories/41114/ - MS12-014
- https://secunia.com/advisories/47946/ - MS12-015
- https://secunia.com/advisories/48030/ - MS12-016
___
MSRT
- http://support.microsoft.com/?kbid=890830
February 14, 2012 - Revision: 99.0
(Recent additions)
- http://www.microsoft.com/security/pc...-families.aspx
... added this release...
• Fareit
• Pramro
Download:
- http://www.microsoft.com/download/en...ylang=en&id=16
File Name: windows-kb890830-v4.5.exe - 14.2 MB
- https://www.microsoft.com/download/e...s.aspx?id=9905
x64 version of MSRT:
File Name: windows-kb890830-x64-v4.5.exe - 14.7 MB
___
MS Exchange 2010 SP2 - Update Rollup 1
- https://blogs.technet.com/b/exchange...edirected=true
13 Feb 2012 - "Earlier today the Exchange CXP team released Update Rollup 1 for Exchange Server 2010 SP2 to the Download Center*.
* http://www.microsoft.com/download/en....aspx?id=28809
This update contains a number of customer-reported and internally found issues since the release of RU1. See KB 2645995**: Description of Update Rollup 1 for Exchange Server 2010 Service Pack 2' for more details.
** http://support.microsoft.com/kb/2645995
.
MS Security Bulletin Advance Notification - March 2012
FYI...
- https://technet.microsoft.com/en-us/...letin/ms12-mar
March 08, 2012 - "This is an advance notification of security bulletins that Microsoft is intending to release on March 13, 2012.
(Total of -6-)
Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 2 - Important - Denial of Service - Requires restart - Microsoft Windows
Bulletin 3 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 4 - Important - Elevation of Privilege - May require restart - Microsoft Visual Studio
Bulletin 5 - Important - Remote Code Execution - May require restart - Microsoft Expression Design
Bulletin 6 - Moderate - Denial of Service - May require restart - Microsoft Windows
.
MS Security Bulletin Summary - March 2012
FYI...
- https://technet.microsoft.com/en-us/...letin/ms12-mar
March 13, 2012 - "This bulletin summary lists security bulletins released for March 2012...
(Total of -6-)
Critical -1-
Microsoft Security Bulletin MS12-020 - Critical
Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
- https://technet.microsoft.com/en-us/...letin/ms12-020
Critical - Remote Code Execution - Requires restart - Microsoft Windows
> http://support.microsoft.com/kb/2671387
See: "Known issues and additional information about this security update..."
Important -4-
Microsoft Security Bulletin MS12-017 - Important
Vulnerability in DNS Server Could Allow Denial of Service (2647170)
- https://technet.microsoft.com/en-us/...letin/ms12-017
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-018 - Important
Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)
- https://technet.microsoft.com/en-us/...letin/ms12-018
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-021 - Important
Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)
- https://technet.microsoft.com/en-us/...letin/ms12-021
Important - Elevation of Privilege - May require restart - Microsoft Visual Studio
Microsoft Security Bulletin MS12-022 - Important
Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)
- https://technet.microsoft.com/en-us/...letin/ms12-022
Important - Remote Code Execution - May require restart - Microsoft Expression Design
> http://support.microsoft.com/kb/2651018
See: "Known issues with this security update..."
Moderate -1-
Microsoft Security Bulletin MS12-019 - Moderate
Vulnerability in DirectWrite Could Allow Denial of Service (2665364)
- https://technet.microsoft.com/en-us/...letin/ms12-019
Moderate - Denial of Service - May require restart - Microsoft Windows
___
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-file.a...ployment-2.png
Severity and Exploitability Index
- https://blogs.technet.com/cfs-file.a..._2D00_XI-1.png
- https://blogs.technet.com/b/msrc/arc...edirected=true
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=12775
Last Updated: 2012-03-13 17:29:20 UTC
___
MSRT
- http://support.microsoft.com/?kbid=890830
March 13, 2012 - Revision: 100.0
(Recent additions)
- http://www.microsoft.com/security/pc...-families.aspx
... added this release...
• Dorkbot
• Hioles
• Yeltminky
• Pluzoks.A
- https://blogs.technet.com/b/mmpc/arc...edirected=true
13 Mar 2012
Download:
- http://www.microsoft.com/download/en...ylang=en&id=16
File Name: windows-kb890830-v4.6.exe - 14.8 MB
- https://www.microsoft.com/download/e...s.aspx?id=9905
x64 version of MSRT:
File Name: windows-kb890830-x64-v4.6.exe - 15.4 MB
.
MS advisories updated - 2012.03.13 ...
FYI...
Microsoft Security Advisory (2647518)
Update Rollup for ActiveX Kill Bits
- https://technet.microsoft.com/en-us/...visory/2647518
March 13, 2012
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...visory/2269637
• V15.0 (March 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-022*, "Vulnerability in Expression Design Could Allow Remote Code Execution."
* https://technet.microsoft.com/en-us/...letin/ms12-022
.
RE: MS12-020 - Critical...
FYI... RE: MS12-020 - Critical...
- https://blogs.technet.com/b/srd/archive/201...Redirected=true
13 Mar 2012 - "... we anticipate that an exploit for code execution will be developed in the next 30 days... Remote Desktop Protocol is disabled by default, so a majority of workstations are unaffected by this issue. However, we highly encourage you to apply the update right away on any systems where you have enabled Remote Desktop... Enabling NLA* will prevent older clients (including Windows XP and Windows Server 2003) from connecting, by default..."
* See the URL above for MS Fixit's...
> http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2012-0002
Last revised: 03/14/2012 - "... Note that on Windows XP and Windows Server 2003, Remote Assistance can enable RDP..."
CVSS v2 Base Score: 9.3 (HIGH)
- http://www.symantec.com/security_res...atconlearn.jsp
"... The Microsoft Remote Desktop Protocol (RDP) patch is especially critical. Although RDP is not enabled by default, when it is enabled many RDP servers are placed directly on the Internet. If RDP is being used, ensure it is patched as soon as possible. RDP should -not- be placed directly on the Internet. RDP should be remotely accessible only by trusted clients by way of a VPN or similar solution..."
- http://h-online.com/-1471581
14 March 2012 - "... some customers "need time to evaluate and test all bulletins before applying them", Microsoft has also provided a workaround and a no-reboot "Fix it" tool that enables Network-Level Authentication (NLA) to mitigate the problem..."
:fear::fear:
RDP exploit watch: 5M RDP endpoints found on the Web
FYI...
RDP exploit watch: 5M RDP endpoints found on the Web
- http://atlas.arbor.net/briefs/index#-1324643596
Elevated Severity
March 19, 2012 22:10
"Research suggests that approximately five million remote desktop endpoints exist on the Internet.
Analysis: Every Internet connected organization should carefully assess the need for Remote Desktop and evaluate exposure to include patch status and strength of credentials. While convenient for users, remote access tools increase the attack surface and additional layers of security such as requiring VPN access, robust network ACL's, requiring stronger authentication and extensive host hardening should be considered. Additionally, it is important to institute proper monitoring to detect attacks and unauthorized access."
Source: https://www.zdnet.com/blog/security/...internet/10937
"... Dan Kaminsky has identified approximately five million internet-accessible RDP endpoints that are potentially sitting ducks for a network worm exploiting the MS12-020 vulnerability..."
- http://dankaminsky.com/2012/03/18/rdp/
March 18, 2012
___
- http://www.kb.cert.org/vuls/id/624051
Last Updated: 2012-03-19
:fear::fear:
Exploit for MS12-020 RDP bug moves to Metasploit
FYI...
Exploit for MS12-020 RDP bug moves to Metasploit
- http://atlas.arbor.net/briefs/index#1373529066
Elevated Severity
March 21, 2012
"A Denial of Service exploit for the Microsoft Remote Desktop security hole is now included in the Metasploit Framework, a popular penetration testing toolkit. This DoS exploit was already in the wild.
Analysis: Hopefully the increased press on this issue has encouraged robust patching and system hardening which will reduce the impact of this issue when a remote code execution exploit does become public. istherdpexploitoutyet.com is a website tracking the progress on this issue and offering links to research information. Be aware that this site does not offer any guarantees, and dangerous fake exploits for this bug have already appeared that will cause harm to those attempting to run them. Organizations that are exploited by this Denial of Service condition will see a "blue screen of death" involving RDPWD.SYS, as seen in the blog: http://community.websense.com/blogs/...-the-wild.aspx
Source: http://threatpost.com/en_us/blogs/ex...asploit-032012 "
:fear::fear: