MS Security Bulletin Advance Notification - November 2010
FYI...
MS Security Bulletin Advance Notification - November 2010
- http://www.microsoft.com/technet/sec.../MS10-nov.mspx
November 04, 2010 - "This is an advance notification of security bulletins that Microsoft is intending to release on November 9, 2010... (Total of -3-)
Bulletin 1 - Critical - Remote Code Execution - May require restart - Microsoft Office
Bulletin 2 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 3 - Important - Elevation of Privilege - May require restart - Microsoft Forefront Unified Access Gateway ...
- http://blogs.technet.com/b/msrc/arch...bulletins.aspx
4 Nov 2010 - "... three updates addressing 11 vulnerabilities..."
:fear:
IE 0-day in exploit kit...
FYI...
IE 0-day fix due out Dec. 14, 2010
- http://blogs.technet.com/b/mmpc/arch...d-warrior.aspx
9 Dec 2010 - "... the bulletin addressing this issue is planned to be released on Tuesday, Dec. 14 ..."
- http://www.microsoft.com/security/po...0-3962-geo.jpg
CVE-2010-3942 0-day - Attacks thru 12.8.2010 - MMPC charts
- http://www.microsoft.com/security/po...10-3962-OS.jpg
___
IE 0-day in exploit kit...
- http://thompson.blog.avg.com/2010/11...ploit-kit.html
November 07, 2010 - "... CVE-2010-3962* is in the Wild, but over the last couple of days, we've begun detecting it in the Eleonore Exploit Kit. This raises the stakes considerably..."
* http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3962
Last revised: 11/11/2010
CVSS v2 Base Score: 9.3 (HIGH) "... as exploited in the wild in November 2010..."
• Fix it solution for the user-defined CSS
- http://support.microsoft.com/kb/2458511#FixItForMe1
November 4, 2010 - Revision: 3.0
- http://www.microsoft.com/technet/sec...y/2458511.mspx
• V1.1 (November 3, 2010): Added the opening of HTML mail in the Restricted sites zone as a mitigating factor, the automated Microsoft Fix it solution to the CSS workaround, and a finder acknowledgment. Removed reading e-mail in plain text as a workaround. Also clarified content in the EMET, DEP, and CSS workarounds.
:fear::fear:
MS Security Bulletin Summary - November 2010
FYI...
- http://www.microsoft.com/technet/sec.../MS10-nov.mspx
November 9, 2010 - "This bulletin summary lists security bulletins released for November 2010... (Total of -3-)
Critical -1-
Microsoft Security Bulletin MS10-087 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
- http://www.microsoft.com/technet/sec.../MS10-087.mspx
Critical - Remote Code Execution - May require restart - Microsoft Office
• V1.1 (November 17, 2010): Corrected the severity table and vulnerability section to add CVE-2010-2573 as a vulnerability addressed by this update. This is an informational change only.
http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-2573
http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3333
http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3334
http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3335
http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3336
http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3337
CVSS v2 Base Score: 9.3 (HIGH)
Important -2-
Microsoft Security Bulletin MS10-088 - Important
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)
- http://www.microsoft.com/technet/sec.../MS10-088.mspx
Important - Remote Code Execution - May require restart - Microsoft Office
• V1.2 (November 17, 2010): Clarified that for Microsoft PowerPoint 2002 and Microsoft PowerPoint 2003, customers also need to install the Microsoft Office update provided in MS10-087 to be protected from the vulnerability described in CVE-2010-2573. This is an informational change only. Customers who have already successfully applied the MS10-087 and the MS10-088 updates do not need to take any action.
http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-2572
http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-2573
CVSS v2 Base Score: 9.3 (HIGH)
Microsoft Security Bulletin MS10-089 - Important
Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)
- http://www.microsoft.com/technet/sec.../MS10-089.mspx
Important - Elevation of Privilege - May require restart - Microsoft Forefront United Access Gateway
___
Deployment Priority
- http://blogs.technet.com/cfs-filesys...ment-slide.png
___
ISC Analysis
- http://isc.sans.edu/diary.html?storyid=9910
Last Updated: 2010-11-09 18:41:02 UTC
___
- http://www.securitytracker.com/id?1024705
- http://www.securitytracker.com/id?1024706
- http://www.securitytracker.com/id?1024707
Nov 9 2010
___
MSRT
- http://support.microsoft.com/?kbid=890830
November 9, 2010 - Revision: 81.0
(Recent additions)
- http://www.microsoft.com/security/ma.../families.aspx
... added this release...
• FakePAV
• Worm:Win32/Sality.AT
• Virus:Win32/Sality.AT
- http://blogs.technet.com/b/mmpc/arch...ssentials.aspx
Download:
- http://www.microsoft.com/downloads/d...displaylang=en
File Name: windows-kb890830-v3.13.exe
To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/d...displaylang=en
File Name: windows-kb890830-x64-v3.13.exe
___
Microsoft Security Advisory (2269637)
[DLL] Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2269637.mspx
• V2.0 (November 9, 2010) Added Microsoft Security Bulletin MS10-087, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution," to the Updates relating to Insecure Library Loading section.
.
MS Security Bulletin Advance Notification - December 2010
FYI...
- http://www.microsoft.com/technet/sec.../MS10-dec.mspx
December 9, 2010 - "This is an advance notification of security bulletins that Microsoft is intending to release on December 14, 2010... (Total of -17-)
Bulletin 1 - Critical - Remote Code Execution - Requires restart
Microsoft Windows, Internet Explorer
Bulletin 2 - Critical - Remote Code Execution - Requires restart
Microsoft Windows
Bulletin 3 - Important - Elevation of Privilege - Requires restart
Microsoft Windows
Bulletin 4 - Important - Remote Code Execution - May require restart
Microsoft Windows
Bulletin 5 - Important - Remote Code Execution - May require restart
Microsoft Windows
Bulletin 6 - Important - Remote Code Execution - Requires restart
Microsoft Windows
Bulletin 7 - Important - Remote Code Execution - May require restart
Microsoft Windows
Bulletin 8 - Important - Remote Code Execution - May require restart
Microsoft Windows
Bulletin 9 - Important - Elevation of Privilege - Requires restart
Microsoft Windows
Bulletin 10 - Important - Elevation of Privilege - Requires restart
Microsoft Windows
Bulletin 11 - Important - Elevation of Privilege - May require restart
Microsoft Windows
Bulletin 12 - Important - Denial of Service - Requires restart
Microsoft Windows
Bulletin 13 - Important - Denial of Service - Requires restart
Microsoft Windows
Bulletin 14 - Important - Remote Code Execution - May require restart
Microsoft Office
Bulletin 15 - Important - Remote Code Execution - May require restart
Microsoft SharePoint
Bulletin 16 - Important - Remote Code Execution - May require restart
Microsoft Office
Bulletin 17 - Moderate - Denial of Service - May require restart
Microsoft Exchange ...
- http://blogs.technet.com/b/msrc/arch...-released.aspx
9 Dec 2010 - "... 17 updates addressing 40 vulnerabilities in Microsoft Windows, Office, Internet Explorer, SharePoint and Exchange..."
- http://www.computerworld.com/s/artic..._Patch_Tuesday
December 9, 2010 - "... a record, beating the count from October 2010 by one... The total bulletin count for the year - 106 - was also a record, as was the number of vulnerabilities patched in those updates: 266..."
.
MS Security Bulletin Summary - December 2010
FYI...
- http://www.microsoft.com/technet/sec.../MS10-dec.mspx
December 14, 2010 - "This bulletin summary lists security bulletins released for December 2010...
Critical -2-
Microsoft Security Bulletin MS10-090 - Critical
Cumulative Security Update for Internet Explorer (2416400)
- http://www.microsoft.com/technet/sec.../MS10-090.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS10-091 - Critical
Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)
- http://www.microsoft.com/technet/sec.../MS10-091.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Important -14-
Microsoft Security Bulletin MS10-092 - Important
Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420)
- http://www.microsoft.com/technet/sec.../ms10-092.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS10-093 - Important
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434)
- http://www.microsoft.com/technet/sec.../MS10-093.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS10-094 - Important
Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961)
- http://www.microsoft.com/technet/sec.../MS10-094.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS10-095 - Important
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678)
- http://www.microsoft.com/technet/sec.../MS10-095.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS10-096 - Important
Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089)
- http://www.microsoft.com/technet/sec.../MS10-096.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS10-097 - Important
Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105)
- http://www.microsoft.com/technet/sec.../MS10-097.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS10-098 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673)
- http://www.microsoft.com/technet/sec.../ms10-098.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS10-099 - Important
Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591)
- http://www.microsoft.com/technet/sec.../ms10-099.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS10-100 - Important
Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962)
- http://www.microsoft.com/technet/sec.../MS10-100.mspx
Important - Elevation of Privilege - May require restart - Microsoft Windows
Microsoft Security Bulletin MS10-101 - Important
Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559)
- http://www.microsoft.com/technet/sec.../ms10-101.mspx
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS10-102 - Important
Vulnerability in Hyper-V Could Allow Denial of Service (2345316)
- http://www.microsoft.com/technet/sec.../ms10-102.mspx
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS10-103 - Important
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)
- http://www.microsoft.com/technet/sec.../ms10-103.mspx
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS10-104 - Important
Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005)
- http://www.microsoft.com/technet/sec.../MS10-104.mspx
Important - Remote Code Execution - May require restart - Microsoft SharePoint
Microsoft Security Bulletin MS10-105 - Important
Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
- http://www.microsoft.com/technet/sec.../ms10-105.mspx
Important - Remote Code Execution - May require restart - Microsoft Office
Moderate -1-
Microsoft Security Bulletin MS10-106 - Moderate
Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132)
- http://www.microsoft.com/technet/sec.../MS10-106.mspx
Moderate - Denial of Service - May require restart - Microsoft Exchange
___
Deployment Priority
- http://blogs.technet.com/cfs-filesys...deployment.png
Severity and Exploitabilty Index
- http://blogs.technet.com/cfs-filesys...everity-xi.png
___
ISC Analysis
- http://isc.sans.edu/diary.html?storyid=10081
Last Updated: 2010-12-14 18:52:39 UTC
___
- http://www.us-cert.gov/cas/techalerts/TA10-348A.html
December 14, 2010
Impact: A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
Solution: Apply updates ..."
___
MSRT
- http://support.microsoft.com/?kbid=890830
December 14, 2010 - Revision: 82.0
(Recent additions)
- http://www.microsoft.com/security/ma.../families.aspx
... added this release...
• Qakbot
Download:
- http://www.microsoft.com/downloads/d...displaylang=en
File Name: windows-kb890830-v3.14.exe
To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/d...displaylang=en
File Name: windows-kb890830-x64-v3.14.exe
.
MS Security Advisories updated
FYI...
Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft.com/technet/sec...ry/973811.mspx
• V1.8 (December 14, 2010): Updated the FAQ with information about a non-security update enabling Microsoft Outlook to opt in to Extended Protection for Authentication.
• V1.9 (December 17, 2010): Removed the FAQ entry, originally added December 14, 2010, about a non-security update enabling Microsoft Outlook to opt in to Extended Protection for Authentication.
Microsoft Security Advisory (2458511)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
12/14/2010 - "We have issued MS10-090* to address this issue..."
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
• V3.0 (December 14, 2010) Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section:
MS10-093*, "Vulnerability in Windows Movie Maker Could Allow Remote Code Execution;"
MS10-094*, "Vulnerability in Windows Media Encoder Could Allow Remote Code Execution;"
MS10-095*, "Vulnerability in Microsoft Windows Could Allow Remote Code Execution;"
MS10-096*, "Vulnerability in Windows Address Book Could Allow Remote Code Execution;" and
MS10-097*, "Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution."
* http://forums.spybot.info/showpost.p...1&postcount=73
.
Patch issues w/Outlook 2007 ...
FYI...
Patch issues with Outlook 2007
- http://isc.sans.edu/diary.html?storyid=10117
Last Updated: 2010-12-20 14:47:33 UTC - "Last week on December 14, Microsoft released an update (KB 2412171) for Microsoft Outlook 2007, and several of our readers wrote in indicating it caused problems with Outlook after applying the update. On December 16, Microsoft removed the update from Microsoft Update. Microsoft identified 3 issues with this update. If you are experiencing similar issues with the patch like those listed in this Microsoft Blog and you are using Windows XP, Vista and 7, Microsoft listed the steps to remove the patch here*."
* http://blogs.msdn.com/b/outlook/arch...look-2007.aspx
___
> http://support.microsoft.com/kb/2485531
Last Review: December 21, 2010 - Revision: 4.0
___
- http://support.microsoft.com/kb/2412171
Last Review: December 18, 2010 - Revision: 3.1
___
[Symptoms related to Outlook 2007 bug injected by bad M$ Update KB 2412171]
- http://www.us-cert.gov/current/#micr...ntry_regarding
December 20, 2010
• Outlook fails to connect if Secure Password Authentication (SPA) is configured for an account and the mail server does not support SPA.
• Noticeable performance issues when switching between folders if a Microsoft Exchange Server account is not configured in Outlook.
• AutoArchive cannot be configured for IMAP, POP3, or Outlook Live Connector accounts if there is no Exchange Server account configured in the same Outlook provide...
> http://blogs.msdn.com/b/outlook/arch...look-2007.aspx
:sad::fear:
MS WMI Admin Tool ActiveX vuln
FYI...
MS WMI Admin Tool ActiveX vuln
- http://www.us-cert.gov/current/#micr...e_tool_activex
December 22, 2010 - "... vulnerability affecting the WBEMSingleView.ocx ActiveX control. This control is part of the Microsoft WMI Administrative Tools package. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to set the kill bit for CLSID 2745E5F5-D234-11D0-847A00C04FD7BB08 to help mitigate the risks until a fix is available from the vendor... Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#725596* ..."
* http://www.kb.cert.org/vuls/id/725596
Last Updated: 2010-12-22
- http://secunia.com/advisories/42693/
Last Update: 2010-12-23
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft WMI Administrative Tools 1.x, Microsoft WMI Object Viewer ActiveX Control 1.x...
Solution: Set the kill-bit for the affected ActiveX control...
:fear::fear:
0-Day IIS 7.5 DoS - processing FTP requests
FYI...
- http://blogs.technet.com/b/srd/archi...erability.aspx
swiblog / 22 Dec 2010 6:58 PM - "... the IIS FTP Service is not installed by default, and even after installation, it is not enabled by default..."
0-Day IIS 7.5 DoS (processing FTP requests)
- http://isc.sans.edu/diary.html?storyid=10126
Last Updated: 2010-12-22 22:05:34 UTC - "A 0-day exploit has been published at exploit-db (see US-Cert advisory*) that takes advantage of a memory corruption vulnerability in IIS 7.5's FTP service. This bug will work pre-authentication.
From the looks of it, it is a pure remote exploit that's chief use would be denial of service. As with any memory corruption bugs, it is theoretically possible to use this to gain access to the server with the permissions of the user that is running IIS... Some defenses would be limiting FTP services that are internet-facing (especially if IIS), using firewalls to limit access to the server and configuring perimeter devices to check for memory attacks..."
* http://www.kb.cert.org/vuls/id/842372
- http://secunia.com/advisories/42713
Last Update: 2010-12-23
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Information Services (IIS) 7.x
Solution: Restrict traffic to the FTP service.
- http://www.securitytracker.com/id?1024921
Updated: Dec 23 2010
:sad::fear: