Old MS Alerts

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2524375)
Fraudulent Digital Certificates Could Allow Spoofing
- http://www.microsoft.com/technet/sec...y/2524375.mspx
March 23, 2011 - "Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against -all- Web browser users including users of Internet Explorer... Comodo has revoked these certificates, and they are listed in Comodo’s current Certificate Revocation List (CRL). In addition, browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used. An update is available for all supported versions of Windows to help address this issue. For more information about this update, see Microsoft Knowledge Base Article 2524375*..."
* http://support.microsoft.com/kb/2524375
March 23, 2011 - Revision: 1.0

- http://www.securitytracker.com/id/1025248
Mar 23 2011

- http://isc.sans.edu/diary.html?storyid=10603
Last Updated: 2011-03-23 18:11:20 UTC
___

- http://www.secureworks.com/research/...rsacompromise/
March 18, 2011

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../MS11-mar.mspx
• V1.1 (March 16, 2011): Removed an erroneous reference to Windows XP Home Edition SP3 and Windows XP Tablet PC Edition SP3 as not affected in the notes for MS11-015 under Affected Software and Download Locations. This is an informational change only. There were no changes to the security update files or detection logic. For customers who are running these editions of Windows XP and who have not already applied this update, Microsoft recommends applying the update immediately. Customers who have already applied the update do not need to take any action.

Microsoft Security Bulletin MS11-015 - Critical
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
- http://www.microsoft.com/technet/sec.../ms11-015.mspx
Remote Code Execution - May require restart - Microsoft Windows

[AplusWebMaster]

FYI...

- https://www.computerworld.com/s/arti...l_fix_64_flaws
April 7, 2011 - "... will patch a record 64 vulnerabilities in Windows, Office, Internet Explorer, Windows graphics framework, and other software next week..."

- http://www.microsoft.com/technet/sec.../ms11-apr.mspx
April 07, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on April 12, 2011... (Total of -17-)

Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Bulletin 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows

Bulletin 3 - Critical - Remote Code Execution - Requires restart - Microsoft Windows

Bulletin 4 - Critical - Remote Code Execution - May require restart - Microsoft Windows

Bulletin 5 - Critical - Remote Code Execution - May require restart - Microsoft Windows

Bulletin 6 - Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office

Bulletin 7 - Critical - Remote Code Execution - Requires restart - Microsoft Windows

Bulletin 8 - Critical - Remote Code Execution - May require restart - Microsoft Windows

Bulletin 9 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
___

Bulletin 10 - Important - Remote Code Execution - May require restart - Microsoft Office

Bulletin 11 - Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software

Bulletin 12 - Important - Remote Code Execution - May require restart - Microsoft Office

Bulletin 13 - Important - Remote Code Execution - May require restart - Microsoft Windows

Bulletin 14 - Important - Remote Code Execution - May require restart - Microsoft Developer Tools and Software

Bulletin 15 - Important - Information Disclosure - Requires restart - Microsoft Windows

Bulletin 16 - Important - Remote Code Execution - May require restart - Microsoft Windows

Bulletin 17 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/arch...n-release.aspx

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../MS11-apr.mspx
April 12, 2011 - "This bulletin summary lists security bulletins released for April 2011...(Total of -17-)

Critical

Microsoft Security Bulletin MS11-018 - Critical
Cumulative Security Update for Internet Explorer (2497640)
- http://www.microsoft.com/technet/sec.../MS11-018.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS11-019 - Critical
Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
- http://www.microsoft.com/technet/sec.../MS11-019.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-020 - Critical
Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
- http://www.microsoft.com/technet/sec.../MS11-020.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-027 - Critical
Cumulative Security Update of ActiveX Kill Bits (2508272)
- http://www.microsoft.com/technet/sec.../MS11-027.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-028 - Critical
Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)
- http://www.microsoft.com/technet/sec.../MS11-028.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-029 - Critical
Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
- http://www.microsoft.com/technet/sec.../MS11-029.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-030 - Critical
Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
- http://www.microsoft.com/technet/sec.../ms11-030.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-031 - Critical
Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
- http://www.microsoft.com/technet/sec.../MS11-031.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-032 - Critical
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)
- http://www.microsoft.com/technet/sec.../MS11-032.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Important

Microsoft Security Bulletin MS11-021 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
- http://www.microsoft.com/technet/sec.../ms11-021.mspx
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS10-022 - Important
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
- http://www.microsoft.com/technet/sec.../MS10-022.mspx
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS11-023 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
- http://www.microsoft.com/technet/sec.../MS11-023.mspx
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS11-024 - Important
Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)
- http://www.microsoft.com/technet/sec.../MS11-024.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-025 - Important
Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
- http://www.microsoft.com/technet/sec.../MS11-025.mspx
Important - Remote Code Execution - May require restart - Microsoft Developer Tools and Software

Microsoft Security Bulletin MS11-026 - Important
Vulnerability in MHTML Could Allow Information Disclosure (2503658)
- http://www.microsoft.com/technet/sec.../ms11-026.mspx
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-033 - Important
Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)
- http://www.microsoft.com/technet/sec.../MS11-033.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-034 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)
- http://www.microsoft.com/technet/sec.../ms11-034.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

Deployment Priority
- http://blogs.technet.com/cfs-filesys...t-Priority.png

Severity and Exploitability index
- http://blogs.technet.com/cfs-filesys...lity-Index.png
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=10693
Last Updated: 2011-04-13 00:13:23 UTC ...(Version: 3)
___

- http://www.securitytracker.com/id/1025327 - MS11-018
- http://www.securitytracker.com/id/1025328 - MS11-019
- http://www.securitytracker.com/id/1025329 - MS11-020
- http://www.securitytracker.com/id/1025337 - MS11-021
- http://www.securitytracker.com/id/1025340 - MS11-022

- http://www.securitytracker.com/id/1025343 - MS11-023
- http://www.securitytracker.com/id/1025347 - MS11-024
- http://www.securitytracker.com/id/1025346 - MS11-025
- http://www.securitytracker.com/id/1025330 - MS11-027
- http://www.securitytracker.com/id/1025331 - MS11-028

- http://www.securitytracker.com/id/1025335 - MS11-029
- http://www.securitytracker.com/id/1025332 - MS11-030
- http://www.securitytracker.com/id/1025333 - MS11-031
- http://www.securitytracker.com/id/1025334 - MS11-032
- http://www.securitytracker.com/id/1025344 - MS11-033
- http://www.securitytracker.com/id/1025345 - MS11-034
___

MSRT
- http://support.microsoft.com/?kbid=890830
April 12, 2011 - Revision: 86.0
(Recent additions)
- http://www.microsoft.com/security/pc...-families.aspx
... added this release...
• Afcore:
- http://blogs.technet.com/b/mmpc/arch...32-afcore.aspx
13 Apr 2011 - "... added the Win32/Afcore family of trojans to its detections. This malware is -aka- Coreflood* ..."
* http://forums.spybot.info/showpost.p...2&postcount=13

Download:
- http://www.microsoft.com/downloads/e...displaylang=en
File Name: windows-kb890830-v3.18.exe - 12.2MB

To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/d...displaylang=en
File Name: windows-kb890830-x64-v3.18.exe - 12.6MB

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft.com/technet/sec...ry/973811.mspx
• V1.12 (April 12, 2011): Updated the FAQ with information about a non-security update enabling Microsoft Outlook to opt in to Extended Protection for Authentication.

Microsoft Security Advisory (2506014)
Update for the Windows Operating System Loader
- http://www.microsoft.com/technet/sec...y/2506014.mspx
4/12/2011 - "Microsoft is announcing the availability of an update to winload.exe to address an issue in driver signing enforcement... this update addresses a method by which unsigned drivers could be loaded by winload.exe. This technique is often utilized by malware to stay resident on a system after the initial infection. The issue affects, and the update is available for, x64-based editions* of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2..."
* http://support.microsoft.com/kb/2506014

Microsoft Security Advisory (2501696)
Vulnerability in MHTML Could Allow Information Disclosure
- http://www.microsoft.com/technet/sec...y/2501696.mspx
Published: January 28, 2011 | Updated: April 12, 2011 - "We have issued MS11-026* to address this issue..."
* http://www.microsoft.com/technet/sec.../ms11-026.mspx

Microsoft Security Advisory (2501584)
Release of Microsoft Office File Validation for Microsoft Office
- http://www.microsoft.com/technet/sec...y/2501584.mspx
Last Updated: 4/12/2011 - "Microsoft is announcing the availability of the Office File Validation feature for supported editions of Microsoft Office 2003 and Microsoft Office 2007. The feature, previously only available for supported editions of Microsoft Office 2010, is designed to make it easier for customers to protect themselves from Office files that may contain malformed data, such as unsolicited Office files received from unknown or known sources, by scanning and validating files before they are opened... known issues* that customers may experience when utilizing the Office File Validation feature..."
* http://support.microsoft.com/kb/2501584

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2269637.mspx
• V7.0 (April 12, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-023, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution;" and MS11-025, "Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution."

.

[AplusWebMaster]

FYI...

TDL rootkit vuln/fix...
- http://sunbeltblog.blogspot.com/2011...-in-patch.html
April 14, 2011 - "... It appears that at least part of this vulnerability has been patched. From the Technet blog:
- http://blogs.technet.com/b/srd/archi...y-updates.aspx
12 Apr 2011 - "... The second advisory, KB 2506014*, hardens Windows against kernel-mode rootkits. This specifically breaks the hiding mechanism used by the current Alureon/TDL4 rootkit family..."
[MS11-034 - "30 of this month’s 64 vulnerabilities being addressed in this bulletin..."]
Update April 13: Corrected the MS11-028 bulletin severity and affected products. Also moved this bulletin up higher in priority due to this correction.
*Update April 15: Corrected the MS11-032 bulletin exploitability due to a rating error. Also moved MS11-032 higher in priority order.
* http://www.microsoft.com/technet/sec...y/2506014.mspx

> http://support.microsoft.com/kb/2506014
April 12, 2011 - Revision: 3.0
___

- http://blog.trendmicro.com/stalking-...he-hard-drive/
April 15, 2011 - "... patch specifically breaks the hiding mechanism used by the current Alureon/TDL4 rootkit family. More information can be found in the security bulletin for MS11-034*..."

* http://www.microsoft.com/technet/sec.../ms11-034.mspx
Acknowledgments...
• Tarjei Mandt of Norman for reporting the Vulnerability Type 1: Win32k Use After Free Vulnerability
CVE-2011-0662, CVE-2011-0665, CVE-2011-0666, CVE-2011-0667, CVE-2011-0670, CVE-2011-0671, CVE-2011-0672, CVE-2011-0674, CVE-2011-0675, CVE-2011-1234, CVE-2011-1235, CVE-2011-1236, CVE-2011-1237, CVE-2011-1238, CVE-2011-1239, CVE-2011-1240, CVE-2011-1241, CVE-2011-1242
[ALL] ...CVSS Severity: 7.2 (HIGH)
• Tarjei Mandt of Norman for reporting the Vulnerability Type 2: Win32k Null Pointer De-reference Vulnerability
CVE-2011-0673, CVE-2011-0676, CVE-2011-0677, CVE-2011-1225, CVE-2011-1226, CVE-2011-1227, CVE-2011-1228, CVE-2011-1229, CVE-2011-1230, CVE-2011-1231, CVE-2011-1232, CVE-2011-1233
[ALL] ...CVSS Severity: 7.2 (HIGH)

[AplusWebMaster]

FYI...

MS11-020 - PATCH NOW
- http://isc.sans.edu/diary.html?storyid=10714
Last Updated: 2011-04-15 12:22:18 UTC - "Based on notifications received from Microsoft... The Remote Code Exploit is possible -without- authentication, so this presents a serious risk to internal networks. Think Downadup/Conficker, or think lateral movement if that will help motivate patching. Also note that this patch requires a reboot of your system..."
- http://isc.sans.edu/diary.html?storyid=10693
Last Updated: 2011-04-15 12:10:35 UTC ... (Version: -4-)

- http://www.microsoft.com/technet/sec.../MS11-020.mspx
April 12, 2011
- http://support.microsoft.com/kb/2508429
April 12, 2011

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-0661
Last revised: 04/14/2011
CVSS v2 Base Score: 10.0 (HIGH)

[AplusWebMaster]

FYI...

MS11-022 - Known issues...
- http://support.microsoft.com/kb/2464588
Last Review: April 14, 2011
• Presentations that contain layouts with a background images may cause an error when opened in PowerPoint 2003. A dialog will notify you that some contents (text, images or objects) have corrupted; the specific content lost will be what is specified in the layout, not the actual slide content itself. Items that were removed will display a blank box or a box containing “cleansed”.
Workarounds for this issue:
Remove background images from layouts in presentations that have to be accessed and edited from PowerPoint 2003.
After the error message is displayed, save a copy of the presentation and perform edits on the copy.
Microsoft is researching this problem and will post more information in this article when the information becomes available..."

- http://support.microsoft.com/kb/2464588
Last Review: April 19, 2011 - Revision: 3.0
"... Removal information
To remove this security update, use the Add or Remove Programs item or use the Programs and Features item in Control Panel.
Note: When you remove this security update, you may be prompted to insert the disc that contains Microsoft Office PowerPoint 2003. Additionally, you may not have the option to uninstall this security update from the Add or Remove Programs item or the Programs and Features item in Control Panel. There are several possible causes for this issue.
For more information about the removal, click the following article number to view the article in the Microsoft Knowledge Base:
- http://support.microsoft.com/kb/903771
903771 Information about the ability to uninstall Office updates ..."

[AplusWebMaster]

FYI...

PowerPoint 2003 hotfix package
- http://support.microsoft.com/kb/2543241/en-us
Last Review: April 26, 2011 - Revision: 3.0 -
"Issues that this hotfix package fixes:
When you open presentations that contain layouts with background images in PowerPoint 2003, an error may occur. When the error occurs, you receive a message that states that some contents (text, images, or objects) have corrupted. You can determine what content has been lost by viewing the layout, but not by viewing the slide content. Items that were removed will display a blank box or a box that contains "cleansed"... this hotfix is intended to correct only the problems that are described in this article. Apply this hotfix -only- to systems that are experiencing the problems described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix...
Prerequisites: You -must- have Microsoft Office 2003 Service Pack 3 installed to apply this hotfix package...
This hotfix replaces security update 2464588, which is described in bulletin MS11-022*..."
* http://www.microsoft.com/technet/sec.../MS11-022.mspx

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../MS11-may.mspx
May 5, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on May 10, 2011... (Total of -2-)

Bulletin 1 - Critical - Remote Code Execution - May require restart - Microsoft Windows

Bulletin 2 - Important - Remote Code Execution - May require restart - Microsoft Office

.