Old MS Alerts

[AplusWebMaster]

FYI...

- https://technet.microsoft.com/en-us/...letin/ms12-mar
March 13, 2012 - "This bulletin summary lists security bulletins released for March 2012...
(Total of -6-)

Critical -1-

Microsoft Security Bulletin MS12-020 - Critical
Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
- https://technet.microsoft.com/en-us/...letin/ms12-020
Critical - Remote Code Execution - Requires restart - Microsoft Windows
> http://support.microsoft.com/kb/2671387
See: "Known issues and additional information about this security update..."

Important -4-

Microsoft Security Bulletin MS12-017 - Important
Vulnerability in DNS Server Could Allow Denial of Service (2647170)
- https://technet.microsoft.com/en-us/...letin/ms12-017
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-018 - Important
Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)
- https://technet.microsoft.com/en-us/...letin/ms12-018
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-021 - Important
Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)
- https://technet.microsoft.com/en-us/...letin/ms12-021
Important - Elevation of Privilege - May require restart - Microsoft Visual Studio

Microsoft Security Bulletin MS12-022 - Important
Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)
- https://technet.microsoft.com/en-us/...letin/ms12-022
Important - Remote Code Execution - May require restart - Microsoft Expression Design
> http://support.microsoft.com/kb/2651018
See: "Known issues with this security update..."

Moderate -1-

Microsoft Security Bulletin MS12-019 - Moderate
Vulnerability in DirectWrite Could Allow Denial of Service (2665364)
- https://technet.microsoft.com/en-us/...letin/ms12-019
Moderate - Denial of Service - May require restart - Microsoft Windows
___

Bulletin Deployment Priority
- https://blogs.technet.com/cfs-file.a...ployment-2.png

Severity and Exploitability Index
- https://blogs.technet.com/cfs-file.a..._2D00_XI-1.png

- https://blogs.technet.com/b/msrc/arc...edirected=true
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=12775
Last Updated: 2012-03-13 17:29:20 UTC
___

MSRT
- http://support.microsoft.com/?kbid=890830
March 13, 2012 - Revision: 100.0
(Recent additions)
- http://www.microsoft.com/security/pc...-families.aspx
... added this release...
• Dorkbot
• Hioles
• Yeltminky
• Pluzoks.A

- https://blogs.technet.com/b/mmpc/arc...edirected=true
13 Mar 2012

Download:
- http://www.microsoft.com/download/en...ylang=en&id=16
File Name: windows-kb890830-v4.6.exe - 14.8 MB
- https://www.microsoft.com/download/e...s.aspx?id=9905
x64 version of MSRT:
File Name: windows-kb890830-x64-v4.6.exe - 15.4 MB

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2647518)
Update Rollup for ActiveX Kill Bits
- https://technet.microsoft.com/en-us/...visory/2647518
March 13, 2012

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...visory/2269637
• V15.0 (March 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-022*, "Vulnerability in Expression Design Could Allow Remote Code Execution."
* https://technet.microsoft.com/en-us/...letin/ms12-022

.

[AplusWebMaster]

FYI... RE: MS12-020 - Critical...

- https://blogs.technet.com/b/srd/archive/201...Redirected=true
13 Mar 2012 - "... we anticipate that an exploit for code execution will be developed in the next 30 days... Remote Desktop Protocol is disabled by default, so a majority of workstations are unaffected by this issue. However, we highly encourage you to apply the update right away on any systems where you have enabled Remote Desktop... Enabling NLA* will prevent older clients (including Windows XP and Windows Server 2003) from connecting, by default..."
* See the URL above for MS Fixit's...
> http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2012-0002
Last revised: 03/14/2012 - "... Note that on Windows XP and Windows Server 2003, Remote Assistance can enable RDP..."
CVSS v2 Base Score: 9.3 (HIGH)

- http://www.symantec.com/security_res...atconlearn.jsp
"... The Microsoft Remote Desktop Protocol (RDP) patch is especially critical. Although RDP is not enabled by default, when it is enabled many RDP servers are placed directly on the Internet. If RDP is being used, ensure it is patched as soon as possible. RDP should -not- be placed directly on the Internet. RDP should be remotely accessible only by trusted clients by way of a VPN or similar solution..."

- http://h-online.com/-1471581
14 March 2012 - "... some customers "need time to evaluate and test all bulletins before applying them", Microsoft has also provided a workaround and a no-reboot "Fix it" tool that enables Network-Level Authentication (NLA) to mitigate the problem..."

[AplusWebMaster]

FYI...

MS12-020 - MS RDP ...
- https://isc.sans.edu/diary.html?storyid=12805
Last Updated: 2012-03-16 15:26:16 UTC - "... proof-of-concept is out..."

- https://isc.sans.edu/diary.html?storyid=12808
Last Updated: 2012-03-17 00:18:07 UTC

- http://atlas.arbor.net/briefs/index#-700023003
Severity: Extreme Severity
March 16, 2012 01:36

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-0002
Last revised: 03/15/2012
CVSS v2 Base Score: 9.3 (HIGH)

> https://technet.microsoft.com/en-us/...letin/ms12-020

[AplusWebMaster]

FYI...

RDP exploit watch: 5M RDP endpoints found on the Web
- http://atlas.arbor.net/briefs/index#-1324643596
Elevated Severity
March 19, 2012 22:10
"Research suggests that approximately five million remote desktop endpoints exist on the Internet.
Analysis: Every Internet connected organization should carefully assess the need for Remote Desktop and evaluate exposure to include patch status and strength of credentials. While convenient for users, remote access tools increase the attack surface and additional layers of security such as requiring VPN access, robust network ACL's, requiring stronger authentication and extensive host hardening should be considered. Additionally, it is important to institute proper monitoring to detect attacks and unauthorized access."
Source: https://www.zdnet.com/blog/security/...internet/10937
"... Dan Kaminsky has identified approximately five million internet-accessible RDP endpoints that are potentially sitting ducks for a network worm exploiting the MS12-020 vulnerability..."

- http://dankaminsky.com/2012/03/18/rdp/
March 18, 2012
___

- http://www.kb.cert.org/vuls/id/624051
Last Updated: 2012-03-19

[AplusWebMaster]

FYI...

Exploit for MS12-020 RDP bug moves to Metasploit
- http://atlas.arbor.net/briefs/index#1373529066
Elevated Severity
March 21, 2012
"A Denial of Service exploit for the Microsoft Remote Desktop security hole is now included in the Metasploit Framework, a popular penetration testing toolkit. This DoS exploit was already in the wild.
Analysis: Hopefully the increased press on this issue has encouraged robust patching and system hardening which will reduce the impact of this issue when a remote code execution exploit does become public. istherdpexploitoutyet.com is a website tracking the progress on this issue and offering links to research information. Be aware that this site does not offer any guarantees, and dangerous fake exploits for this bug have already appeared that will cause harm to those attempting to run them. Organizations that are exploited by this Denial of Service condition will see a "blue screen of death" involving RDPWD.SYS, as seen in the blog: http://community.websense.com/blogs/...-the-wild.aspx
Source: http://threatpost.com/en_us/blogs/ex...asploit-032012 "