Old MS Alerts

MS Security Bulletin Summary - June 2008

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-jun.mspx
June 10, 2008 - "This bulletin summary lists security bulletins released for June 2008...

Critical (3)

Microsoft Security Bulletin MS08-030
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
- http://www.microsoft.com/technet/security/bulletin/ms08-030.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)
- http://www.microsoft.com/technet/security/bulletin/ms08-031.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer...

Microsoft Security Bulletin MS08-033
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
- http://www.microsoft.com/technet/security/bulletin/ms08-033.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Important (3)

Microsoft Security Bulletin MS08-034
Vulnerability in WINS Could Allow Elevation of Privilege (948745)
- http://www.microsoft.com/technet/security/bulletin/ms08-034.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-035
Vulnerability in Active Directory Could Allow Denial of Service (953235)
- http://www.microsoft.com/technet/security/bulletin/ms08-035.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-036
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
- http://www.microsoft.com/technet/security/bulletin/ms08-036.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Microsoft Windows...

Moderate (1)

Microsoft Security Bulletin MS08-032
Cumulative Security Update of ActiveX Kill Bits (950760)
- http://www.microsoft.com/technet/security/bulletin/ms08-032.mspx
Maximum Severity Rating: Moderate
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...


• New, Revised, and Released Updates for Microsoft Products Other Than Microsoft Windows.
- http://technet.microsoft.com/en-us/wsus/bb466214.aspx

-------

ISC Analysis
- http://isc.sans.org/diary.html?storyid=4552
Last Updated: 2008-06-10 18:09:18 UTC

MS08-031 - MSIE - Details on attacking CVE-2008-1544 are publicly available

MS08-032 - ActiveX Kill Bits - Publicly discussed

------
Geez...

- http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx
Revisions
• V1.0 (June 10, 2008): Bulletin summary published.
• V1.1 (June 11, 2008): Corrected the Affected Software table for Windows XP, to clarify the entries for Windows XP Service Pack 2 and Windows XP Service Pack 3 for MS08-030, MS08-031, MS08-032, MS08-033, and MS08-036.

:fear:
 
Last edited:
FYI...

Microsoft Security Advisory (954474)
System Center Configuration Manager 2007 Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954474.mspx
June 13, 2008 - "Microsoft is investigating public reports of a non-security issue that affects environments with System Center Configuration Manager 2007 that deploy updates to Systems Management Services (SMS) 2003 clients. Microsoft is aware of reports from customers who are experiencing this issue. Upon completion of the investigation, Microsoft will take the appropriate action to resolve the problem within System Center Configuration Manager 2007.
Mitigating Factors:
• This issue impacts customers using System Center Configuration Manager 2007 servers to deploy updates to SMS 2003 clients..."

:fear:
 
FYI...

Microsoft Security Advisory (954474)
System Center Configuration Manager 2007 Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954474.mspx
Updated: June 17, 2008 - "... Microsoft has confirmed those reports and has released an update to correct this issue under Microsoft Knowledge Base Article 954474*. Microsoft encourages customers affected by this issue to review and install this update..."
* http://support.microsoft.com/kb/954474
Last Review: June 17, 2008
Revision: 2.1
 
MS08-030 - new patch, for XPSP2 & XPSP3

FYI...

MS08-030 - new patch, for XPSP2 & XPSP3
- http://isc.sans.org/diary.html?storyid=4600
Last Updated: 2008-06-20 01:20:41 UTC - "Microsoft issued a new patch, for XPSP2 & XPSP3, for MS08-030*: Vulnerability in Bluetooth stack could allow remote code execution. "Customers who are running Windows XP Service Pack 2 and Windows XP Service Pack 3 should download and deploy this new security update. Customers running Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 and all supported versions of Windows Vista who have already applied these original security updates do not need to take any further action"... The Technet Security Vulnerability Research & Defense blog** on the vulnerability was "MS08-030: All bark and no bite? The case of the Bluetooth update".
Related update- KB KB951376 Security Update for Windows XP:
http://support.microsoft.com/kb/951376/en-us ..."
Last Review: June 19, 2008
Revision: 2.0

* http://www.microsoft.com/technet/security/bulletin/ms08-030.mspx
Revisions:
• V1.0 (June 10, 2008): Bulletin published.
• V2.0 (June 19, 2008): Added "Why was this security update reoffered on June 19, 2008?" entry to the Update FAQ to advise customers running Windows XP Service Pack 2 and Windows XP Service Pack 3 that a revised version of the security update is available.
"...Customers who are running Windows XP Service Pack 2 and Windows XP Service Pack 3 should download and deploy this new security update..."

** http://preview.tinyurl.com/67t4uw
(blogs.technet.com)

:fear:
 
MSRT whacks 4 million + so far in June...

FYI...

- http://preview.tinyurl.com/4nhmfr
June 20, 2008 (blogs.technet.com) - "...After its first -day- in MSRT, Taterf components had been removed from over 700,000 machines! For comparison, Win32/Nuwar (aka ‘Storm worm’) was removed from less than half that in its first month... So how does one avoid being infected? Running an up-to-date anti-virus solution is a good start. Running an up-to-date, patched browser is another necessity – many of the Win32/Frethog trojans are installed via browser exploits (there have been instances in the past of links to malicious sites being posted to popular gaming forums – so be wary!). Enabling Automatic Updates helps a whole bunch too. Disabling the Explorer ‘autoplay’ feature is useful in helping to avoid these problems..."

(Charts of disinfections/country available at the URL above.)

:D:
 
SQL Injection Prevention...

FYI...

Microsoft Security Advisory (954462)
Rise in SQL Injection Attacks Exploiting Unverified User Data Input
- http://www.microsoft.com/technet/security/advisory/954462.mspx
June 24, 2008 - "Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. When a SQL injection attack succeeds, an attacker can compromise data stored in these databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded unknowingly to malicious sites that may install malware on the client machine.
Mitigating Factors:
This vulnerability is not exploitable in Web applications that follow generally accepted best practices for secure Web application development by verifying user data input...
(See) Suggested Actions..."
• Detection – HP Scrawlr - http://preview.tinyurl.com/4qkk6g ...
• Defense – UrlScan - http://learn.iis.net/page.aspx/473/using-urlscan
• Identifying - Source Code Analyzer for SQL Injection - http://support.microsoft.com/kb/954476
• Additional Info...

Microsoft SQL Injection Prevention Strategy
- http://isc.sans.org/diary.html?storyid=4621
Last Updated: 2008-06-24 22:17:41 UTC - "...Microsoft recommends three approaches to help mitigate SQL Injection.
• Runtime scanning...
• URLScan...
• Code Scanning..."

- http://atlas.arbor.net/briefs/index#361782669
June 25, 2008 - "Microsoft today released security tools to help customers deal with SQL Injection Attacks. UrlScan, Microsoft Source Code Analyzer for SQL Injection and Scrawlr can be used by customers to check for SQL Injection issues in their applications.
Analysis: The release of these tools comes in a time when SQL injection is increasingly exploited. UrlScan is used to restrict HTTP requests that IIS will process."
* http://preview.tinyurl.com/5t2sbh
(blogs.technet.com)

:fear:
 
Last edited:
Vista SP1 update...

FYI...

A reliability and performance update is available for Windows Vista SP1-based computers
- http://support.microsoft.com/kb/952709
Last Review: June 24, 2008
Revision: 1.0
"...This update includes the following improvements on a Windows Vista SP1-based computer:
• This update improves the stability of Windows Vista SP1-based computers by addressing some crashes that may occur when you try to check e-mail by using a POP3 e-mail client such as Windows Mail or Mozilla Thunderbird. The crashes may occur on a Windows Vista SP1-based computer in the following scenario:
• Incoming POP3 and outgoing SMTP traffic monitoring is enabled.
• Both a third-party antivirus application and an antispyware application are installed, such as the following applications:
• ZoneAlarm Internet Security Suite by Check Point Software Technologies Ltd.
• SpySweeper by Webroot Software, Inc.
• This update improves the reliability of the Windows Vista SP1 based-computers by addressing some problems that occur when you delete user accounts by using the User Accounts item in Control Panel. When this problem occurs, the system may stop responding (hang).
• This update improves the reliability of Windows Vista SP1-based computers that experience issues in which large applications cannot run after the computer is turned on for extended periods of time. For example, when you try to start Excel 2007 after the computer is turned on for extended periods of time, a user may receive an error message that resembles the following:
EXCEL.EXE is not a valid Win32 application
• This update improves the reliability of Windows Vista SP1-based computers by reducing the number of crashes that may be caused by the Apple QuickTime thumbnail preview in Windows Live Photo Gallery.
• This update improves the performance of Windows Vista SP1-based computers by reducing audio and video (AV) stuttering. Such AV stuttering may occur when the audio or video component is streaming high definition content from a Windows Vista SP1-based computer that has a NVIDIA network adapter nForce driver version 67.5.4.0 that is installed to a Windows Media Center Extender device..."

:fear::spider:
 
Xpsp3 -fix-

FYI...

Device Manager may not show any devices and Network Connections may not show any network connections after you install Windows XP Service Pack 3 (SP3)
- http://support.microsoft.com/?kbid=953979
Last Review: June 25, 2008
Revision: -4.2-
SYMPTOMS:
After you install Windows XP Service Pack 3 (SP3), Device Manager may not show any devices and Network Connections may not show any network connections.
This problem may occur when an antivirus application is running during the installation of Windows XP SP3.
CAUSE
This problem occurs when the Fixccs.exe process is called during the Windows XP SP3 installation. This process creates some intermediate registry subkeys, and it later deletes these subkeys. In some cases, some antivirus applications may not let the Fixccs.exe process delete these intermediate registry subkeys.
When this problem occurs, certain applications, such as Device Manager and Network Connections, may be unable to enumerate the device or the connection instances. These applications will report a blank status even though devices and connections still function as expected.
RESOLUTION
Hotfix information:
The following file is available for download from the Microsoft Download Center:
Download the Update for Windows XP (KB953979) package now:
- http://preview.tinyurl.com/3jgjap
File Name: WindowsXP-KB953979-x86-ENU.exe
Download Size: 64 KB...
Prerequisites:
To use this hotfix, you must have Windows XP Service Pack 3 installed on the computer...
Restart requirement:
To apply this hotfix, you must restart the computer in Safe Mode..."

Steps to take -before- you install Windows XP Service Pack 3
- http://support.microsoft.com/kb/950717/
Last Review: May 21, 2008 - Revision: 3.0 - "...Important
• If the configuration of your antivirus software prevents certain system files from being changed, the Windows XP SP3 installation may fail. Try temporarily disabling your antivirus software. To do this, right-click your antivirus program icon, and then click Disable. This icon typically appears in the lower right corner of the computer screen.
• If you disable your antivirus software before you install Windows XP SP3, make sure that you know the risks that are involved, and make sure that you enable the antivirus software after Windows XP SP3 is installed..."

:fear:
 
Last edited:
(WSUS) Blocked from Deploying Security Updates

FYI...

Microsoft Security Advisory (954960)
Microsoft Windows Server Update Services (WSUS) Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954960.mspx
June 30, 2008 - "Microsoft is investigating public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft is aware of reports from customers who are experiencing this issue. Upon completing the investigation, Microsoft will take appropriate action to resolve the issue within Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1.

Note: The issue affecting System Center Configuration Manager 2007 first described in Microsoft Security Advisory 954474, where System Center Configuration Manager 2007 systems were blocked from deploying security updates, is separate from the issue described in this advisory.
Mitigating Factors:
• This issue is limited to customers who deploy updates through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1, and have Microsoft Office 2003 installed in their environments..."

- http://preview.tinyurl.com/6xdp79
June 30, 2008 (MSRC blog)

:fear::spider:
 
MS Security Bulletin Advance Notification - July 2008

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx
July 3, 2008
This is an advance notification of security bulletins that Microsoft is intending to release on July 8, 2008...
[Total of 4]...

Important (4)

Bulletin Identifier: SQL Bulletin
Maximum Severity Rating:Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows, Microsoft SQL Server...

Bulletin Identifier: Windows Bulletin 1
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Bulletin Identifier: Windows Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Microsoft Windows...

Bulletin Identifier: Exchange Server Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Exchange Server...

- http://blogs.technet.com/msrc/archive/2008/07/03/july-2008-monthly-release.aspx
July 03, 2008
 
FYI...

Microsoft Security Advisory (955179)
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
- http://www.microsoft.com/TechNet/security/advisory/955179.mspx
July 7, 2008 - "Microsoft is investigating active, targeted attacks leveraging a potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003. The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer...
Suggested Actions / Workarounds:
Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, this is stated in the entry.
• Prevent COM objects from running in Internet Explorer
You can disable attempts to instantiate a COM object in Internet Explorer by setting the kill bit for the control in the registry..."

(Kill bit listings shown in the advisory at the URL above.)

:fear:
 
MS Security Bulletin Summary - July 2008

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx
July 8, 2008 - "This bulletin summary lists security bulletins released for July 2008...

Important (4)

Microsoft Security Bulletin MS08-040
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
- http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows, Microsoft SQL Server...

Microsoft Security Bulletin MS08-038
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
- http://www.microsoft.com/technet/security/bulletin/ms08-038.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-037
Vulnerabilities in DNS Could Allow Spoofing (953230)
- http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-039
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
- http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows...

-
ISC Analysis
- http://isc.sans.org/diary.html?storyid=4684
Last Updated: 2008-07-08 18:22:23 UTC
---

MS08-038 exploit/fix available
- http://isc.sans.org/diary.html?storyid=4684
Last Updated: 2008-07-08 18:22:23 UTC
"...MS08-038 - Multiple vulnerabilities in Windows explorer allow code execution with the rights of the logged on user... Publicly disclosed... CVE-2008-0951* is a well known vulnerability: CERT VU#889747** (march 2008)..."
- http://www.microsoft.com/technet/security/bulletin/ms08-038.mspx
July 8, 2008
* http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0951
Last revised: 3/25/2008
** http://www.kb.cert.org/vuls/id/889747
First Published 03/20/2008
---
Updated / CVE references:
- http://isc.sans.org/diary.html?storyid=4684
Last Updated: 2008-07-09 08:21:40 UTC ...(Version: 3)
MS08-037: Windows DNS
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1454
MS08-038: Windows explorer / Vista
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1435
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0951
MS08-039: Exchange server
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2247
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2248
MS08-040: SQL server
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0085
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0086
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0106
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0107

//

:fear:
 
Last edited:
Last edited:
XP SP3 goes "automatic"...

FYI...

- http://www.theinquirer.net/gb/inquirer/news/2008/07/09/windows-xp-sp3-automatic
9 July 2008 - "AS ANNOUNCED previously by Microsoft, automatic updates for Windows XP SP3 will be launched Wednesday, July 10 2008, starting at 10:00 am Pacific Time. For most Windows XP users who haven't already manually downloaded and applied SP3, the automatic update process should work properly. After all, Microsoft has had almost three months to test, tweak and polish it since it was first released. Microsoft's Automatic Updates process should know about and scan for configurations that are problematic, and prevent the Windows XP SP3 update installation process from proceeding if it detects a troublesome situation. However, if there's any hiccough in the automatic update process, your computer could become unusable. Therefore, certain technical advisors recommend using Microsoft's Automatic Updates facility only to provide notification that the update is available, then applying it manually. They caution that you should also take care to follow Microsoft's service pack pre-installation instructions, including:
* Disable antivirus programs,
* Make sure no other applications are running,
* Have your system plugged in during the update, that is, not on battery power, and
* Make sure that you have sufficient free space available on your system's hard disk.
You can make certain that the Windows Automatic Update facility doesn't attempt to, er... automatically update your system by using Microsoft's Windows Service Pack Blocker Tool Kit, and that's available here: http://preview.tinyurl.com/2tadkt
Should you find that Windows XP SP3 causes problems on your system, instructions on how to remove it are available here: http://www.iaps.com/blog/2008/07/how-to-remove-windows-xp-service-pack-3.html ..."

//
 
FYI...

Update 2: Microsoft Security Advisory (954960)
- http://blogs.technet.com/msrc/archive/2008/07/10/update-2-microsoft-security-advisory-954960.aspx
July 10, 2008 - "...customers running Windows Server Update Services 3.0 Service Pack 1 on Windows Server 2008 may experience an issue installing the update provided in Microsoft Knowledge Base Article 954960*. The update does not correctly elevate privileges, which are required for the installation to complete. In order to successfully install this update we have identified steps in Advisory 954960**. Additionally, the update does not place an entry in Add or Remove Programs, and cannot be uninstalled. Microsoft has identified the packaging inconsistencies in the current update and is investigating options to resolve them. We will continue to monitor the situation and post updates to the advisory and the MSRC blog as we become aware of any important new information..."
* http://support.microsoft.com/kb/954960
Last Review: July 11, 2008 -?-
Revision: 3.0

** http://www.microsoft.com/technet/security/advisory/954960.mspx
• July 10, 2008: Advisory updated to reflect specific installation and uninstallation procedures for the update for Windows Server Update Services running on Windows Server 2008.

//
 
FYI...

- http://blogs.technet.com/msrc/archive/2008/07/10/revision-for-ms08-037.aspx
July 10, 2008 (MSRC) - "...After the release of MS08-037, we became aware of reports of ZoneAlarm customers experiencing issues after applying the security updates. We started investigating these reports as soon as we heard about them and have been working to research this issue. We’re still working on this issue but we do have some information from our investigation so far, which we’ve put into the bulletin. Specifically, we’ve identified that customers who are running either ZoneAlarm or Check Point Endpoint Security (previously named Check Point Integrity) who apply MS08-037 may lose network connectivity after applying these updates. Our investigation so far has shown that no other customers are affected by this issue. We’re still investigating this issue but we encourage customers who are using ZoneAlarm to review the appropriate ZoneAlarm Web site** and Check Point Endpoint customers to review the appropriate Check Point Web site*** for the latest guidance or software updates and factor this information into your risk assessment, testing, and deployment planning..."

* http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx
• V2.0 (July 10, 2008): Bulletin revised to inform users of ZoneAlarm and Check Point Endpoint Security of an Internet connectivity issue detailed in the section, Frequently Asked Questions (FAQ) Related to this Security Update. The revision did -not- change the security update files in this bulletin, but users of ZoneAlarm and Check Point Endpoint Security should read the FAQ entries for guidance.

** http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html
Last Revised : 14 July 2008

*** https://supportcenter.checkpoint.com/supportcenter/index.jsp

//
 
Last edited:
MS Access ActiveX vuln - added to Neosploit...

FYI...

- http://www.symantec.com/security_response/threatconlearn.jsp
ThreatCon is currently at Level 2: Elevated.
Symantec honeypots have captured further exploitation of the Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability (BID 30114). Before this event, this exploit was known to be used only in isolated attacks. Further analysis of these honeypot compromises has revealed that the exploit has been added to a variant of the neosploit exploit kit, it will very likely reach a larger number of victims. This version will compromise vulnerable English versions of Microsoft Windows by downloading a malicious application into the Windows Startup folder. Computers that have Microsoft Access installed are potentially affected by this vulnerability. Customers are advised to manually set the kill bit on the following CLSIDs until a vendor update is available:
F0E42D50-368C-11D0-AD81-00A0C90DC8D9
F0E42D60-368C-11D0-AD81-00A0C90DC8D9
F2175210-368C-11D0-AD81-00A0C90DC8D9
...For information on setting the kill bit for CLSIDs, see the following: Microsoft Knowledge Base Article 240797 (Microsoft) Microsoft ( http://support.microsoft.com/kb/240797 ) For more information about the vulnerability, see the following: Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability ( http://www.securityfocus.com/bid/30114/references )"
[2008.07.11]

Ref: http://www.microsoft.com/TechNet/security/advisory/955179.mspx
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
July 7, 2008

:fear:
 
MS DirectX -critical- bulletins re-released

FYI...

- http://isc.sans.org/diary.html?storyid=4747
Last Updated: 2008-07-17 18:48:22 UTC - "Microsoft has issued a "Security Bulletin Major Revision" involving its DirectX products. These revisions include the following two previously released bulletins and particularly affect administrative users as the resulting compromise allows the attacker to gain user rights.

MS08-033* - Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) is rated as -critical- and states that DirectX 9.0 was added as affected software. This vulnerability can be exploited through a specially crafted media file.
* http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx
Updated: July 16, 2008 - Version: 2.0

MS07-064** - Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) is also rated -critical- and has been updated to reflect DirectX 9.0 and 9.0a as affected software. This vulnerability can be exploited through a specially crafted media file via streaming."
** http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx
Updated: July 16, 2008 - Version: 3.0

:fear:
 
Increased Threat for DNS Spoofing Vulnerability

FYI...

Microsoft Security Advisory (956187)
Increased Threat for DNS Spoofing Vulnerability
- http://www.microsoft.com/technet/security/advisory/956187.mspx
July 25, 2008 - "Microsoft released Microsoft Security Bulletin MS08-037* on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the Internet... attacks are likely imminent due to the publicly posted proof of concept..."
* http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
Updated: July 25, 2008
Version: 2.2

- http://support.microsoft.com/kb/953230
Last Review: July 25, 2008
Revision: 4.1

- http://securitylabs.websense.com/content/Alerts/3141.aspx
07.25.2008

//
 
You must log in or register to reply here.
Back
Top