Old MS Alerts

[AplusWebMaster]

FYI...

- http://community.websense.com/blogs/...-explorer.aspx
23 Dec 2010 - "... Two different new zero-day exploits were published on December 22...
1) ... The use of built-in protections of DEP and ASLR on the Windows platform and Internet Explorer doesn't guarantee to stop the exploit. It stems from the fact that the affected DLL mscorie.dll used by Internet Explorer wasn't compiled to support ASLR - this fact allows an attacker to also bypass DEP by using ROP (return to oriented programming) and successfully exploit the system...
2) ... The second vulnerability takes advantage of the Microsoft WMI Administrative Tools ActiveX Control. Internet Explorer is vulnerable only if Microsoft WMI administrative tools is installed..."

[AplusWebMaster]

FYI...

Targeted attacks against MS Office vuln (CVE-2010-3333/MS10-087)
- http://blogs.technet.com/b/mmpc/arch...-ms10-087.aspx
29 Dec 2010 - "... A few days before Christmas, we received a new sample (sha1: cc47a73118c51b0d32fd88d48863afb1af7b2578) that reliably exploits this vulnerability and is able to execute malicious shellcode which downloads other malware. The vulnerability can be triggered by utilizing a specially crafted RTF file with a size parameter that is bigger than the expected one. The vulnerability is present in Microsoft Word. It attempts to copy RTF data to the stack memory without validating the size, which will lead to overwriting the stack... We recommend customers that have not yet installed the security update MS10-087* to do so at their earliest convenience..."
* http://www.microsoft.com/technet/sec.../MS10-087.mspx
Updated: December 15, 2010
Version: 2.0

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3333
Last revised: 12/21/2010
CVSS v2 Base Score: 9.3 (HIGH)

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2490606.mspx
January 04, 2011 - "Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time... Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs..."
[Impact of Workaround: Media files typically handled by the Graphics Rendering Engine will not be displayed properly...]
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3970
Last revised: 12/23/2010
CVSS v2 Base Score: 10.0 (HIGH)

- http://secunia.com/advisories/42779/
Release Date: 2011-01-05
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Solution: The vendor recommends restricting access to shimgvw.dll...
Original Advisory: Microsoft:
http://www.microsoft.com/technet/sec...y/2490606.mspx
Metasploit: http://www.metasploit.com/redmine/pr...ddibsection.rb

- http://www.securitytracker.com/id?1024932
Jan 4 2011

- http://blogs.technet.com/b/msrc/arch...y-2490606.aspx
4 Jan 2011 - "... Microsoft is actively working to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability... we are working to develop a security update to address this vulnerability. The circumstances around the issue do not currently meet the criteria for an out-of-band release; however, we are monitoring the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog..."

- http://isc.sans.edu/diary.html?storyid=10201
Last Updated: 2011-01-04 19:26:17 UTC- "... it is possible to modify the access control list on shimgvw.dll to prevent rendering of thumbnails (this would affect all thumbnails, not just malicious ones). See the Microsoft advisory for details... This particular vulnerability was disclosed in December 2010 by Moti and Xu Hao at the "Power of Community" conference. The conference presentation outlines in some detail how to create a file to exploit this vulnerability. The thumbnail itself is stored in the file as a bitmap. The vulnerability is exploited by setting the number of color indexes in the color table to a negative number (biClrUsed). The published slides do provide hints on how to exploit this vulnerability including bypassing SafeSEH* and DEP ..."
(Might help...) ... f/ Vista SP1, Win7, Server2008 and Server2008R2
* http://support.microsoft.com/kb/956607#fixit4me
November 24, 2009 Revision: 3.0 - "... it helps protect applications regardless of whether they have been compiled with the latest improvements, such as the /SAFESEH option. We recommend that Windows users who are running any of the above operating systems enable this feature to improve the security profile of their systems...
• This wizard only applies to Vista SP1 and Server2008...
By default, SEHOP is enabled in Windows Server 2008 R2 and in Windows Server 2008.
By default, SEHOP is disabled in Windows 7 and in Windows Vista..."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2490606.mspx
• V1.1 (January 5, 2011): Added a link* to the automated Microsoft Fix it solution for the Modify the Access Control List (ACL) on shimgvw.dll workaround.
* http://support.microsoft.com/kb/2490606#FixItForMe
January 19, 2011 - Revision: 3.0

[Impact of Workaround: Media files typically handled by the Graphics Rendering Engine will not be displayed properly...]
___

Current unpatched Windows/IE vulns
- http://isc.sans.edu/diary.html?storyid=10216
Last Updated: 2011-01-05 20:49:56 UTC

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../MS11-jan.mspx
January 11, 2011 - "This bulletin summary lists security bulletins released for January 2011... (Total of -2-)

Critical -1-

Microsoft Security Bulletin MS11-002 - Critical
Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910)
- http://www.microsoft.com/technet/sec.../MS11-002.mspx
Critical - Remote Code Execution- May require restart - Microsoft Windows
CVE-2011-0026, CVE-2011-0027

Important -1-

Microsoft Security Bulletin MS11-001 - Important
Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935)
- http://www.microsoft.com/technet/sec.../MS11-001.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3145
Last revised: 08/30/2010
CVSS v2 Base Score: 9.3 (HIGH)
___

Deployment Priority
- http://blogs.technet.com/cfs-filesys..._2D00_1101.png

Severity and Exploitabilty Index
- http://blogs.technet.com/cfs-filesys..._2D00_1101.png
___

- http://www.us-cert.gov/cas/techalerts/TA11-011A.html
January 11, 2011
Impact: A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
Solution: Apply updates ...
References: http://www.microsoft.com/technet/sec.../ms11-jan.mspx
___

- http://secunia.com/advisories/41122/
Release Date: 2010-08-26
Last Update: 2011-01-11
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Original Advisory: MS11-001 (KB2478935):
http://www.microsoft.com/technet/sec.../MS11-001.mspx

- http://secunia.com/advisories/42804/
Release Date: 2011-01-11
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Original Advisory: MS11-002 (KB2419632, KB2419635, KB2419640, KB2451910):
http://www.microsoft.com/technet/sec.../MS11-002.mspx
______

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=10252
Last Updated: 2011-01-11 18:26:51 UTC - "... Exploit(s) available..."
___

MSRT
- http://support.microsoft.com/?kbid=890830
January 11, 2011 - Revision: 83.0
(Recent additions)
- http://www.microsoft.com/security/ma.../families.aspx
... added this release...
• Lethic

Download:
- http://www.microsoft.com/downloads/d...displaylang=en
File Name: windows-kb890830-v3.15.exe

To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/d...displaylang=en
File Name: windows-kb890830-x64-v3.15.exe

.