Page 46 of 51 FirstFirst ... 36424344454647484950 ... LastLast
Results 451 to 460 of 501

Thread: Old MS Alerts

  1. #451
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MS advisory updated...

    FYI...

    Microsoft Security Advisory (2641690)
    Fraudulent Digital Certificates Could Allow Spoofing
    - https://technet.microsoft.com/en-us/...visory/2641690
    • V3.0 (January 19, 2012): Revised to announce the release of an update for Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices.

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #452
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MS Security Bulletin Advance Notification - Feb 2012

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms12-feb
    February 09, 2012 - "This is an advance notification of security bulletins that Microsoft is intending to release on February 14, 2012...
    (Total of -9-)

    Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
    Bulletin 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
    Bulletin 3 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
    Bulletin 4 - Critical - Remote Code Execution - May require restart - Microsoft .NET Framework, Microsoft Silverlight
    Bulletin 5 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
    Bulletin 6 - Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
    Bulletin 7 - important - Remote Code Execution - May require restart - Microsoft Windows
    Bulletin 8 - Important - Remote Code Execution - May require restart - Microsoft Windows
    Bulletin 9 - Important - Remote Code Execution - May require restart - Microsoft Office
    ___

    - http://h-online.com/-1432804
    10 Feb 2012 - "... a total of 21 vulnerabilities in products including Windows, Office and Internet Explorer, as well as in the .NET Framework and Silverlight..."

    .
    Last edited by AplusWebMaster; 2012-02-10 at 23:51.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #453
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - February 2012

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms12-feb
    February 14, 2012 - "This bulletin summary lists security bulletins released for February 2012...
    (Total of -9-)

    Critical -4-

    Microsoft Security Bulletin MS12-008 - Critical
    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)
    - https://technet.microsoft.com/en-us/...letin/ms12-008
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-010 - Critical
    Cumulative Security Update for Internet Explorer (2647516)
    - https://technet.microsoft.com/en-us/...letin/ms12-010
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

    Microsoft Security Bulletin MS12-013 - Critical
    Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)
    - https://technet.microsoft.com/en-us/...letin/ms12-013
    Critical - Remote Code Execution - Requires restart - Microsoft Windows
    - https://blogs.technet.com/b/srd/arch...edirected=true

    Microsoft Security Bulletin MS12-016 - Critical
    Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)
    - https://technet.microsoft.com/en-us/...letin/ms12-016
    Critical - Remote Code Execution - May require restart - Microsoft .NET Framework, Microsoft Silverlight
    ___

    Reliability Update 2 for the .NET Framework 4
    - http://support.microsoft.com/kb/2600217
    Last Review: Feb 18, 2012 - Revision: 3.0 - Reliability Update 2 for the Microsoft .NET Framework 4 is available to fix some stability, reliability, and performance issues..
    ___

    Important -5-

    Microsoft Security Bulletin MS12-009 - Important
    Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)
    - https://technet.microsoft.com/en-us/...letin/ms12-009
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-011 - Important
    Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)
    - https://technet.microsoft.com/en-us/...letin/ms12-011
    Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software

    Microsoft Security Bulletin MS12-012 - Important
    Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
    - https://technet.microsoft.com/en-us/...letin/MS12-012
    Important - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS12-014 - Important
    Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)
    - https://technet.microsoft.com/en-us/...letin/ms12-014
    Important - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS12-015 - Important
    Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)
    - https://technet.microsoft.com/en-us/...letin/ms12-015
    Important - Remote Code Execution - May require restart - Microsoft Office
    ___

    Bulletin Deployment Priority
    - https://blogs.technet.com/cfs-file.a...Deployment.png

    Severity and Exploitability Index
    - https://blogs.technet.com/cfs-file.a...ry-2012-XI.png

    - https://blogs.technet.com/b/msrc/arc...edirected=true
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=12586
    Last Updated: 2012-02-14 20:41:30 UTC
    ___

    - https://secunia.com/advisories/47237/ - MS12-008
    - https://secunia.com/advisories/47911/ - MS12-009
    - https://secunia.com/advisories/48028/ - MS12-010
    - https://secunia.com/advisories/48031/ - MS12-010
    - https://secunia.com/advisories/48029/ - MS12-011
    - https://secunia.com/advisories/41874/ - MS12-012
    - https://secunia.com/advisories/47949/ - MS12-013
    - https://secunia.com/advisories/41114/ - MS12-014
    - https://secunia.com/advisories/47946/ - MS12-015
    - https://secunia.com/advisories/48030/ - MS12-016
    ___

    MSRT
    - http://support.microsoft.com/?kbid=890830
    February 14, 2012 - Revision: 99.0
    (Recent additions)
    - http://www.microsoft.com/security/pc...-families.aspx
    ... added this release...
    • Fareit
    • Pramro

    Download:
    - http://www.microsoft.com/download/en...ylang=en&id=16
    File Name: windows-kb890830-v4.5.exe - 14.2 MB
    - https://www.microsoft.com/download/e...s.aspx?id=9905
    x64 version of MSRT:
    File Name: windows-kb890830-x64-v4.5.exe - 14.7 MB
    ___

    MS Exchange 2010 SP2 - Update Rollup 1
    - https://blogs.technet.com/b/exchange...edirected=true
    13 Feb 2012 - "Earlier today the Exchange CXP team released Update Rollup 1 for Exchange Server 2010 SP2 to the Download Center*.
    * http://www.microsoft.com/download/en....aspx?id=28809
    This update contains a number of customer-reported and internally found issues since the release of RU1. See KB 2645995**: Description of Update Rollup 1 for Exchange Server 2010 Service Pack 2' for more details.
    ** http://support.microsoft.com/kb/2645995

    .
    Last edited by AplusWebMaster; 2012-03-06 at 02:38.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #454
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MS Security Bulletin Advance Notification - March 2012

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms12-mar
    March 08, 2012 - "This is an advance notification of security bulletins that Microsoft is intending to release on March 13, 2012.
    (Total of -6-)

    Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
    Bulletin 2 - Important - Denial of Service - Requires restart - Microsoft Windows
    Bulletin 3 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
    Bulletin 4 - Important - Elevation of Privilege - May require restart - Microsoft Visual Studio
    Bulletin 5 - Important - Remote Code Execution - May require restart - Microsoft Expression Design
    Bulletin 6 - Moderate - Denial of Service - May require restart - Microsoft Windows

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #455
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - March 2012

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms12-mar
    March 13, 2012 - "This bulletin summary lists security bulletins released for March 2012...
    (Total of -6-)

    Critical -1-

    Microsoft Security Bulletin MS12-020 - Critical
    Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
    - https://technet.microsoft.com/en-us/...letin/ms12-020
    Critical - Remote Code Execution - Requires restart - Microsoft Windows
    > http://support.microsoft.com/kb/2671387
    See: "Known issues and additional information about this security update..."

    Important -4-

    Microsoft Security Bulletin MS12-017 - Important
    Vulnerability in DNS Server Could Allow Denial of Service (2647170)
    - https://technet.microsoft.com/en-us/...letin/ms12-017
    Important - Denial of Service - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-018 - Important
    Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)
    - https://technet.microsoft.com/en-us/...letin/ms12-018
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-021 - Important
    Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)
    - https://technet.microsoft.com/en-us/...letin/ms12-021
    Important - Elevation of Privilege - May require restart - Microsoft Visual Studio

    Microsoft Security Bulletin MS12-022 - Important
    Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)
    - https://technet.microsoft.com/en-us/...letin/ms12-022
    Important - Remote Code Execution - May require restart - Microsoft Expression Design
    > http://support.microsoft.com/kb/2651018
    See: "Known issues with this security update..."

    Moderate -1-

    Microsoft Security Bulletin MS12-019 - Moderate
    Vulnerability in DirectWrite Could Allow Denial of Service (2665364)
    - https://technet.microsoft.com/en-us/...letin/ms12-019
    Moderate - Denial of Service - May require restart - Microsoft Windows
    ___

    Bulletin Deployment Priority
    - https://blogs.technet.com/cfs-file.a...ployment-2.png

    Severity and Exploitability Index
    - https://blogs.technet.com/cfs-file.a..._2D00_XI-1.png

    - https://blogs.technet.com/b/msrc/arc...edirected=true
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=12775
    Last Updated: 2012-03-13 17:29:20 UTC
    ___

    MSRT
    - http://support.microsoft.com/?kbid=890830
    March 13, 2012 - Revision: 100.0
    (Recent additions)
    - http://www.microsoft.com/security/pc...-families.aspx
    ... added this release...
    • Dorkbot
    • Hioles
    • Yeltminky
    • Pluzoks.A

    - https://blogs.technet.com/b/mmpc/arc...edirected=true
    13 Mar 2012

    Download:
    - http://www.microsoft.com/download/en...ylang=en&id=16
    File Name: windows-kb890830-v4.6.exe - 14.8 MB
    - https://www.microsoft.com/download/e...s.aspx?id=9905
    x64 version of MSRT:
    File Name: windows-kb890830-x64-v4.6.exe - 15.4 MB

    .
    Last edited by AplusWebMaster; 2012-03-16 at 18:48.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #456
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS advisories updated - 2012.03.13 ...

    FYI...

    Microsoft Security Advisory (2647518)
    Update Rollup for ActiveX Kill Bits
    - https://technet.microsoft.com/en-us/...visory/2647518
    March 13, 2012

    Microsoft Security Advisory (2269637)
    Insecure Library Loading Could Allow Remote Code Execution
    - https://technet.microsoft.com/en-us/...visory/2269637
    • V15.0 (March 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-022*, "Vulnerability in Expression Design Could Allow Remote Code Execution."
    * https://technet.microsoft.com/en-us/...letin/ms12-022

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #457
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation RE: MS12-020 - Critical...

    FYI... RE: MS12-020 - Critical...

    - https://blogs.technet.com/b/srd/archive/201...Redirected=true
    13 Mar 2012 - "... we anticipate that an exploit for code execution will be developed in the next 30 days... Remote Desktop Protocol is disabled by default, so a majority of workstations are unaffected by this issue. However, we highly encourage you to apply the update right away on any systems where you have enabled Remote Desktop... Enabling NLA* will prevent older clients (including Windows XP and Windows Server 2003) from connecting, by default..."
    * See the URL above for MS Fixit's...
    > http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2012-0002
    Last revised: 03/14/2012 - "... Note that on Windows XP and Windows Server 2003, Remote Assistance can enable RDP..."
    CVSS v2 Base Score: 9.3 (HIGH)

    - http://www.symantec.com/security_res...atconlearn.jsp
    "... The Microsoft Remote Desktop Protocol (RDP) patch is especially critical. Although RDP is not enabled by default, when it is enabled many RDP servers are placed directly on the Internet. If RDP is being used, ensure it is patched as soon as possible. RDP should -not- be placed directly on the Internet. RDP should be remotely accessible only by trusted clients by way of a VPN or similar solution..."

    - http://h-online.com/-1471581
    14 March 2012 - "... some customers "need time to evaluate and test all bulletins before applying them", Microsoft has also provided a workaround and a no-reboot "Fix it" tool that enables Network-Level Authentication (NLA) to mitigate the problem..."

    Last edited by AplusWebMaster; 2012-03-14 at 16:20.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #458
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Ms12-020 - ms rdp ...

    FYI...

    MS12-020 - MS RDP ...
    - https://isc.sans.edu/diary.html?storyid=12805
    Last Updated: 2012-03-16 15:26:16 UTC - "... proof-of-concept is out..."

    - https://isc.sans.edu/diary.html?storyid=12808
    Last Updated: 2012-03-17 00:18:07 UTC

    - http://atlas.arbor.net/briefs/index#-700023003
    Severity: Extreme Severity
    March 16, 2012 01:36

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0002
    Last revised: 03/15/2012
    CVSS v2 Base Score: 9.3 (HIGH)

    > https://technet.microsoft.com/en-us/...letin/ms12-020

    Last edited by AplusWebMaster; 2012-03-17 at 09:15.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #459
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation RDP exploit watch: 5M RDP endpoints found on the Web

    FYI...

    RDP exploit watch: 5M RDP endpoints found on the Web
    - http://atlas.arbor.net/briefs/index#-1324643596
    Elevated Severity
    March 19, 2012 22:10
    "Research suggests that approximately five million remote desktop endpoints exist on the Internet.
    Analysis: Every Internet connected organization should carefully assess the need for Remote Desktop and evaluate exposure to include patch status and strength of credentials. While convenient for users, remote access tools increase the attack surface and additional layers of security such as requiring VPN access, robust network ACL's, requiring stronger authentication and extensive host hardening should be considered. Additionally, it is important to institute proper monitoring to detect attacks and unauthorized access."
    Source: https://www.zdnet.com/blog/security/...internet/10937
    "... Dan Kaminsky has identified approximately five million internet-accessible RDP endpoints that are potentially sitting ducks for a network worm exploiting the MS12-020 vulnerability..."

    - http://dankaminsky.com/2012/03/18/rdp/
    March 18, 2012
    ___

    - http://www.kb.cert.org/vuls/id/624051
    Last Updated: 2012-03-19

    Last edited by AplusWebMaster; 2012-03-21 at 16:25.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #460
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Exploit for MS12-020 RDP bug moves to Metasploit

    FYI...

    Exploit for MS12-020 RDP bug moves to Metasploit
    - http://atlas.arbor.net/briefs/index#1373529066
    Elevated Severity
    March 21, 2012
    "A Denial of Service exploit for the Microsoft Remote Desktop security hole is now included in the Metasploit Framework, a popular penetration testing toolkit. This DoS exploit was already in the wild.
    Analysis: Hopefully the increased press on this issue has encouraged robust patching and system hardening which will reduce the impact of this issue when a remote code execution exploit does become public. istherdpexploitoutyet.com is a website tracking the progress on this issue and offering links to research information. Be aware that this site does not offer any guarantees, and dangerous fake exploits for this bug have already appeared that will cause harm to those attempting to run them. Organizations that are exploited by this Denial of Service condition will see a "blue screen of death" involving RDPWD.SYS, as seen in the blog: http://community.websense.com/blogs/...-the-wild.aspx
    Source: http://threatpost.com/en_us/blogs/ex...asploit-032012 "

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •