Old MS Alerts

[AplusWebMaster]

FYI...

Microsoft preps for SP1 for Windows 7?
- http://www.h-online.com/security/new...7-1168977.html
13 January 2011 - "An "important update", which may be a prerequisite for installing Service Pack 1, is now being offered to Windows 7 and Windows Server 2008 R2 users by Windows Update. Despite the publication date being given as '11.01.2011', it is not a new update – update number 976902* first put in an appearance back in October... The update is not yet being installed automatically. It may be that Update 976902 is required in order to install SP1 for Windows 7 and Windows Server 2008 R2 via Windows Update. This would not be unprecedented – when SP1 for Windows Vista was first released, it could only be installed via Windows Update if other patches, also distributed via Windows Update, had previously been installed. Service Pack 1 is scheduled for release shortly, indeed any day now. It contains a whole heap of patches and hot fixes. There is likely to be little new functionality, previously a standard feature of service packs. However, support for the Advanced Vector Extensions (AVX) instruction set extensions used by forthcoming generations of processors is set to be one new feature. Also new are RemoteFX (an extension to the existing Remote Desktop Services) and Dynamic Memory (intelligent allocation of main memory), both relevant only when running Server 2008 R2 on large networks. Users interested in trying out SP1 in advance can now download the release candidate, which, like all beta software, is not recommended for use in live environments."
* http://support.microsoft.com/kb/976902
January 11, 2011 Revision: 4.0 - "... This software update will be a prerequisite to install service packs. Additionally, this update improves reliability when you install or remove Windows 7 and Windows Server 2008 R2 updates and service packs..."


___

Microsoft Windows SDK for Windows 7 and .NET Framework 4 GraphEdit Insecure Library Loading Vulnerability
- http://secunia.com/advisories/41202/
Release Date: 2010-09-02
Criticality level: Highly critical
Solution Status: Unpatched

[AplusWebMaster]

FYI...

Outlook 2007 - update released 11 Jan 2011
Ref: http://blogs.office.com/b/microsoft-...-released.aspx
13 Jan 2011 - "... Outlook 2007... update released on Tuesday, January 11..."

* http://support.microsoft.com/kb/2412171
Last Review: January 13, 2011 - Revision: 6.0

- http://support.microsoft.com/kb/2485531
Last Review: January 11, 2011 - Revision: 5.0 - "... To resolve this issue, install the -current- version of update 2412171* ..."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2490606.mspx
• V1.2 (January 19, 2011): Clarified that the Modify the Access Control List (ACL) on shimgvw.dll workaround only applies to Windows XP and Windows Server 2003 systems and added a new workaround, Disable viewing of thumbnails in Windows Explorer on Windows Vista and Windows Server 2008 systems.
"... Workarounds:
• Modify the Access Control List (ACL) on shimgvw.dll on Windows XP and Windows Server 2003 systems...
Impact of Workaround: Media files typically handled by the Graphics Rendering Engine will not be displayed properly...
• Disable viewing of thumbnails in Windows Explorer on Windows Vista and Windows Server 2008 systems...
Impact of Workaround: Windows Explorer will not display thumbnail images..."

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3970
Original release date: 12/22/2010
Last revised: 01/19/2011
CVSS v2 Base Score: 9.3 (HIGH)

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2501696)
Vulnerability in MHTML Could Allow Information Disclosure
- http://www.microsoft.com/technet/sec...y/2501696.mspx
January 28, 2011 - "Microsoft is investigating new public reports of a vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities. Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability. At this time, Microsoft has not seen any indications of active exploitation of the vulnerability. The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user... we recommend that customers apply one or more of the client-side workarounds provided in the Suggested Actions section of this advisory to help block potential attack vectors regardless of the service...
CVE Reference: CVE-2011-0096
Suggested Actions:
• Enable the MHTML protocol lockdown ...
• Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones...
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone...
Additional Suggested Actions:
• Review the Microsoft Knowledge Base Article that is associated with this advisory - For more information about this issue, see Microsoft Knowledge Base Article: http://support.microsoft.com/kb/2501696#FixItForMe
January 28, 2011 - Revision: 1.0 - ...The fixit solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this fixit solution as a workaround option for some scenarios..."

- http://blogs.technet.com/b/srd/archi...erability.aspx
28 Jan 2011

- http://blogs.technet.com/b/msrc/arch...y-2501696.aspx
28 Jan 2011
___

- http://secunia.com/advisories/43093/
Release Date: 2011-01-29
Impact: Cross Site Scripting
Where: From remote ...
Solution: Enable MHTML protocol lockdown (either manually or using the available automated "Microsoft Fix it" solution). > http://support.microsoft.com/kb/2501696#FixItForMe
___

- http://isc.sans.edu/diary.html?storyid=10318
Last Updated: 2011-01-28 18:47:54 UTC

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../MS11-feb.mspx
February 03, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on February 8, 2011... (Total of -12-)

Critical -3-

Bulletin 1 - Critical - Remote Code Execution - Requires restart
Microsoft Windows, Internet Explorer

Bulletin 2 - Critical - Remote Code Execution - Requires restart
Microsoft Windows

Bulletin 3 - Critical - Remote Code Execution - Requires restart
Microsoft Windows

Important -9-

Bulletin 4 - Important - Remote Code Execution - May require restart
Microsoft Windows

Bulletin 5 - Important - Denial of Service - Requires restart
Microsoft Windows

Bulletin 6 - Important - Remote Code Execution - May require restart
Microsoft Office

Bulletin 7 - Important - Information Disclosure - May require restart
Microsoft Windows

Bulletin 8 - Important - Elevation of Privilege - Restart required
Microsoft Windows

Bulletin 9 - Important - Elevation of Privilege - Restart required
Microsoft Windows

Bulletin 10 - Important - Elevation of Privilege - Restart required
Microsoft Windows

Bulletin 11 - Important - Elevation of Privilege - Restart required
Microsoft Windows

Bulletin 12 - Important - Elevation of Privilege - Restart required
Microsoft Windows
___

- http://blogs.technet.com/b/msrc/arch...n-release.aspx
Feb. 3, 2011 - "... we'll be addressing issues related to two recent Security Advisories, 2490606 (a public vulnerability affecting the Windows Graphics Rendering Engine) and 2488013 (a public vulnerability affecting Internet Explorer). Additionally, we will be addressing an issue affecting FTP service in IIS 7.0 and 7.5..."

- http://isc.sans.edu/diary.html?storyid=10357
Last Updated: 2011-02-04 18:42:28 UTC
.

[AplusWebMaster]

FYI...

- http://www.computerworld.com/s/artic...look_2007_bugs
Feb 7, 2011 - "Microsoft will take yet another crack this month at fixing a December update for Outlook 2007... The company reissued the update on Jan. 11, saying it had solved the problems... Apparently not*..."
* http://msexchangeteam.com/archive/20...01/457903.aspx
Feb. 01, 2011 - "... we recommend that you test them in a non-production environment before deploying them in production..."

- http://www.theinquirer.net/inquirer/...-explorer-flaw
Feb 04 2011 - "... Microsoft will fix 22 vulnerabilities in next week's Patch Tuesday security fixes, although -not- the Windows Internet Explorer zero-day vulnerability that was discovered recently*... Qualys said it has seen limited exploits for these on the wild, so the update is highly recommended..."
* http://support.microsoft.com/kb/2501696#FixItForMe
Vuln in MHTML "FixIt" - January 28, 2011

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../MS11-feb.mspx
February 08, 2011 - "This bulletin summary lists security bulletins released for February 2011...
(Total of -12-)

Critical -3-

Microsoft Security Bulletin MS11-003 - Critical
Cumulative Security Update for Internet Explorer (2482017)
- http://www.microsoft.com/technet/sec.../MS11-003.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS11-006 - Critical
Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
- http://www.microsoft.com/technet/sec.../MS11-006.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-007 - Critical
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)
- http://www.microsoft.com/technet/sec.../MS11-007.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Important -9-

Microsoft Security Bulletin MS11-004 - Important
Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)
- http://www.microsoft.com/technet/sec.../ms11-004.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-005 - Important
Vulnerability in Active Directory Could Allow Denial of Service (2478953)
- http://www.microsoft.com/technet/sec.../MS11-005.mspx
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-008 - Important
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)
- http://www.microsoft.com/technet/sec.../ms11-008.mspx
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS11-009 - Important
Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792)
- http://www.microsoft.com/technet/sec.../MS11-009.mspx
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-010 - Important
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)
- http://www.microsoft.com/technet/sec.../MS11-010.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-011 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)
- http://www.microsoft.com/technet/sec.../ms11-011.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-012 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628)
- http://www.microsoft.com/technet/sec.../ms11-012.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-013 - Important
Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)
- http://www.microsoft.com/technet/sec.../ms11-013.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-014 - Important
Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)
- http://www.microsoft.com/technet/sec.../MS11-014.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

Deployment Priority
- http://blogs.technet.com/cfs-filesys...2D00_feb11.png

Severity and Exploitabilty Index
- http://blogs.technet.com/cfs-filesys...2D00_feb11.png
___

MSRT
- http://support.microsoft.com/?kbid=890830
February 8, 2011 - Revision: 84.0
(Recent additions)
- http://www.microsoft.com/security/ma.../families.aspx
... added this release...
• Cycbot

- http://blogs.technet.com/b/mmpc/arch...-for-msrt.aspx
9 Feb 2011

Download:
- http://www.microsoft.com/downloads/e...displaylang=en
File Name: windows-kb890830-v3.16.exe

To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/d...displaylang=en
File Name: windows-kb890830-x64-v3.16.exe
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=10375
Last Updated: 2011-02-09 21:20:21 UTC (Version: 5)

Q&A: February 2011 Security Bulletin Release
- http://blogs.technet.com/b/msrc/p/fe...letin-q-a.aspx
February 9, 2011

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (967940)
Update for Windows Autorun
- http://www.microsoft.com/technet/sec...ry/967940.mspx
Published: February 24, 2009 | Updated: February 08, 2011 - "... availability of updates to the Autorun feature that help to restrict AutoPlay functionality to only CD and DVD media on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Restricting AutoPlay functionality to only CD and DVD media can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a USB flash drive, network shares, or other non-CD and non-DVD media containing a file system with an Autorun.inf file...
FAQS: ...After installing the initial update described in Microsoft Knowledge Base Article 967715, the default registry setting to disable Autorun on network drives is properly enforced. After installing the 971029 update*, customers may experience the following AutoPlay behavior:
• Many existing devices in market, and many upcoming devices, use the Autorun feature with the AutoPlay dialog box to present and install software when DVDs, CDs, and USB flash drives are inserted. The AutoPlay behavior with CD and DVD media is not affected by this update.
• Users who install this update will no longer receive a setup message that prompts them to install programs that are delivered by USB flash drives. Users will have to manually install the software. To do this, users click Open folder to view the files, browse to the software's setup program, and then double-click the setup program to run the program manually.
• Some USB flash drives have firmware that present these USB flash drives as CD drives when you insert them into computers. The AutoPlay behavior with these USB flash drives is not affected by this update..."

• V2.0 (February 8, 2011): Summary and update FAQ revised to notify users that the 971029 update to Autorun that restricts AutoPlay functionality to CD and DVD media will be offered via automatic updating.

- http://blogs.technet.com/b/msrc/arch...40-update.aspx
8 Feb 2011

* http://support.microsoft.com/kb/971029
Last Review: February 8, 2011 - Revision: 4.0

- http://support.microsoft.com/kb/967715
Last Review: September 9, 2010 - Revision: 6.2

Virus families using Autorun / MMPC charts - MSE detections
- http://www.microsoft.com/security/po...207_image1.jpg
MSRT - major virus families using Autorun
- http://www.microsoft.com/security/po...207_image2.jpg
Also see Table 1: Top Families, 2H 2010, by Number of Detections
- http://blogs.technet.com/b/mmpc/arch...d-autorun.aspx
8 Feb. 2011

(Optional MS update) Restrict USB Autorun: Update for Windows (KB971029)
- http://www.f-secure.com/weblog/archives/00002096.html
February 9, 2011
___

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2490606.mspx
Updated: February 08, 2011 - "... We have issued MS11-006* to address this issue..."
* http://www.microsoft.com/technet/sec.../MS11-006.mspx

Microsoft Security Advisory (2488013)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2488013.mspx
Updated: February 08, 2011 - "... We have issued MS11-003** to address this issue..."
** http://www.microsoft.com/technet/sec.../MS11-003.mspx

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2269637.mspx
Published: August 23, 2010 | Updated: February 08, 2011 - Version: 5.0
... Update released on February 8, 2011
• Microsoft Security Bulletin MS11-003**, "Cumulative Security Update for Internet Explorer," provides support for a vulnerable component of Internet Explorer that is affected by the Insecure Library Loading class of vulnerabilities described in this advisory.

[AplusWebMaster]

FYI...

Win7 SP1 release date - 2011.02.22
- http://blogs.technet.com/b/windowsse...ing-today.aspx
9 Feb 2011 - "... pleased to announce the Release to Manufacturing (RTM) of Windows Server 2008 R2 Service Pack 1 (SP1), along with Windows 7 SP1. SP1 will be made generally available for download on February 22... On February 22, both will be available to all customers through Windows Update..."

.

[AplusWebMaster]

FYI... Autorun advisory updated - again.

Microsoft Security Advisory (967940)
Update for Windows Autorun
- http://www.microsoft.com/technet/sec...ry/967940.mspx
Updated: February 22, 2011
Version: 2.1
• V2.1 (February 22, 2011): Summary revised to notify users of a change in the deployment logic for updates described in this advisory. This change is intended to minimize the user interaction required to install the updates on systems configured for automatic updating.