Page 43 of 51 FirstFirst ... 33394041424344454647 ... LastLast
Results 421 to 430 of 501

Thread: Old MS Alerts

  1. #421
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory 2607712... updated

    FYI...

    - http://news.yahoo.com/second-firm-wa...215940770.html
    Sep. 6, 2011 AMSTERDAM (AP) — "A company that sells certificates guaranteeing the security of websites, GlobalSign, says it is temporarily halting the issuance of new certificates over concerns it may have been targeted by hackers. GlobalSign, the Belgian-based subsidiary of Japan's GMO Internet Inc., is one of the oldest and largest such companies globally. It said in a statement Tuesday it does not know whether it has actually been hacked, but is taking threats by an anonymous hacker seriously in the wake of an attack on a smaller Dutch firm, DigiNotar, that came to light last week. The DigiNotar attack is believed to have allowed the Iranian government to spy on thousands of Iranian citizens' communications with Google email during the month of August."
    > http://www.globalsign.com/company/pr...-response.html
    ___

    Microsoft Security Advisory (2607712)... updated
    Fraudulent Digital Certificates Could Allow Spoofing
    - https://www.microsoft.com/technet/se...y/2607712.mspx
    Updated: September 06, 2011 - "Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar... For supported releases of Microsoft Windows, typically no action is required of customers to install this update, because the majority of customers have automatic updating enabled and this update will be downloaded and installed automatically...
    Suggested Actions... Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information on how to manually apply the update, see Microsoft Knowledge Base Article 2607712*..."

    Fraudulent digital certificates could allow spoofing
    * http://www.microsoft.com/technet/sec...y/2607712.mspx
    September 6, 2011

    - https://blogs.technet.com/b/msrc/arc...y-2607712.aspx
    6 Sep 2011

    Last edited by AplusWebMaster; 2011-09-07 at 08:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #422
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb MS Security Bulletin Advance Notification - September 2011

    FYI...

    MS Security Bulletin Advance Notification - September 2011
    - https://technet.microsoft.com/en-us/...letin/ms11-sep
    September 08, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on September 13, 2011..." (Total of -5-)

    Bulletin 1 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
    Bulletin 2 - Important - Remote Code Execution - May require restart - Microsoft Windows
    Bulletin 3 - Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
    Bulletin 4 - Important - Remote Code Execution - May require restart - Microsoft Office
    Bulletin 5 - Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
    ___

    - https://www.computerworld.com/s/arti...fice_next_week
    September 8, 2011 - "... patch 15 vulnerabilities in Windows, Excel, SharePoint Server and Groove..."

    .
    Last edited by AplusWebMaster; 2011-09-09 at 16:55.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #423
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - September 2011

    FYI...

    MS Security Bulletin Summary - September 2011
    - https://technet.microsoft.com/en-us/...letin/ms11-sep
    September 13, 2011 - "This bulletin summary lists security bulletins released for September 2011..." (Total of -5-)

    Microsoft Security Bulletin MS11-070 - Important
    Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
    - https://technet.microsoft.com/en-us/...letin/ms11-070
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS11-071 - Important
    Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
    - https://technet.microsoft.com/en-us/...letin/ms11-071
    Important - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS11-072 - Important
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
    - https://technet.microsoft.com/en-us/...letin/ms11-072
    Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software

    Microsoft Security Bulletin MS11-073 - Important
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
    - https://technet.microsoft.com/en-us/...letin/ms11-073
    Important - Remote Code Execution - May require restart - Microsoft Office

    Microsoft Security Bulletin MS11-074 - Important
    Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
    - https://technet.microsoft.com/en-us/...letin/ms11-074
    Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
    ___

    Microsoft Security Advisory (2607712)... updated
    Fraudulent Digital Certificates Could Allow Spoofing
    - https://technet.microsoft.com/en-us/...visory/2607712
    Updated: Tuesday, September 13, 2011 - Version: 4.0
    • V4.0 (September 13, 2011): Revised to announce the release of the 2616676 update that addresses the issue described in this advisory.
    > http://support.microsoft.com/kb/2616676
    September 13, 2011
    ___

    Deployment Priority
    - https://blogs.technet.com/cfs-filesy...deployment.png

    Severity and Exploitability Index
    - https://blogs.technet.com/cfs-filesy...ty_2D00_xi.png

    > https://blogs.technet.com/b/msrc/arc...bulletins.aspx
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=11551
    Last Updated: 2011-09-13 20:02:31 UTC
    ___

    - http://www.securitytracker.com/id/1026037 - MS11-070
    - http://www.securitytracker.com/id/1026041 - MS11-071
    - http://www.securitytracker.com/id/1026038 - MS11-072
    - http://www.securitytracker.com/id/1026039 - MS11-073
    - http://www.securitytracker.com/id/1026040 - MS11-074
    Sep 13 2011

    .
    Last edited by AplusWebMaster; 2011-09-16 at 09:06.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #424
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory updates...

    FYI...

    Microsoft Security Advisory (2269637)
    Insecure Library Loading Could Allow Remote Code Execution
    - https://technet.microsoft.com/en-us/...visory/2269637
    • V10.0 (September 13, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-071, "Vulnerability in Windows Components Could Allow Remote Code Execution;" and MS11-073, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution."
    - https://technet.microsoft.com/en-us/...letin/ms11-071
    - https://technet.microsoft.com/en-us/...letin/ms11-073

    Microsoft Security Advisory (2607712)
    Fraudulent Digital Certificates Could Allow Spoofing
    - https://technet.microsoft.com/en-us/...visory/2607712
    • V4.0 (September 13, 2011): Revised to announce the release of the KB2616676 update that addresses the issue described in this advisory.
    • V4.1 (September 13, 2011): Revised to announce the availability of the KB2616676 update for the Windows Developer Preview release. See the Update FAQ in this advisory for more information.
    • V5.0 (September 19, 2011): Revised to announce the re-release of the KB2616676 update. See the Update FAQ in this advisory for more information.
    - http://support.microsoft.com/kb/2616676
    September 19, 2011 - Revision: 4.0

    - https://blogs.technet.com/b/msrc/arc...tificates.aspx
    19 Sep 2011
    ___

    - https://www.computerworld.com/s/arti...switch_blooper
    September 19, 2011 - "... the update (MS) shipped to Windows XP and Server 2003 users last Tuesday was flawed..."

    Last edited by AplusWebMaster; 2011-09-20 at 17:40.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #425
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MS Security Advisory 2588513

    FYI...

    Microsoft Security Advisory (2588513)
    Vulnerability in SSL/TLS Could Allow Information Disclosure
    - https://technet.microsoft.com/en-us/...visory/2588513
    September 26, 2011 - "Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not specific to the Windows operating system. This is an information disclosure vulnerability that allows the decryption of encrypted SSL/TLS traffic. This vulnerability primarily impacts HTTPS traffic, since the browser is the primary attack vector, and all web traffic served via HTTPS or mixed content HTTP/HTTPS is affected. We are not aware of a way to exploit this vulnerability in other protocols or components and we are not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
    Mitigating Factors:
    The attack must make several hundred HTTPS requests before the attack could be successful.
    TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected..."
    (More detail at the URL above.)

    - http://blogs.technet.com/b/srd/archi...y-2588513.aspx
    26 Sep 2011
    ___

    - http://www.secureworks.com/research/...-and-ssl-cert/
    Sep 9, 2011
    ___

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3389
    Last revised: 10/03/2011
    CVSS v2 Base Score: 4.3 (MEDIUM)

    - https://www.kb.cert.org/vuls/id/864643
    Date Last Updated: 2011-09-29

    Last edited by AplusWebMaster; 2011-10-04 at 02:31.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #426
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MS Security Bulletin Advance Notification - October 2011

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms11-oct
    October 06, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on October 11, 2011..."
    (Total of -8-)

    Bulletin 1 - Critical - Remote Code Execution - May require restart - Microsoft .NET Framework, Microsoft Silverlight
    Bulletin 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
    Bulletin 3 - Important - Remote Code Execution - Requires restart - Microsoft Windows
    Bulletin 4 - Important - Remote Code Execution - May require restart - Microsoft Windows
    Bulletin 5 - Important - Remote Code Execution - Requires restart - Microsoft Windows
    Bulletin 6 - Important - Remote Code Execution - May require restart - Microsoft Forefront Unified Access Gateway
    Bulletin 7 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
    Bulletin 8 - Important - Denial of Service - May require restart - Microsoft Host Integration Server ...

    - https://blogs.technet.com/b/msrc/arc...n-release.aspx
    6 Oct 2011 - "... eight security bulletins, two Critical and six Important, to address 23 vulnerabilities across Internet Explorer, .NET Framework & Silverlight, Microsoft Windows, Microsoft Forefront UAG, and Microsoft Host Integration Server..."

    .
    Last edited by AplusWebMaster; 2011-10-07 at 16:10.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #427
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MS SIRv11 available

    Last edited by AplusWebMaster; 2011-10-13 at 17:35.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #428
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - October 2011

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms11-oct
    October 11, 2011 - "This bulletin summary lists security bulletins released for October 2011..." (Total of -8-)

    Critical -2-

    Microsoft Security Bulletin MS11-078 - Critical
    Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
    - https://technet.microsoft.com/en-us/...letin/ms11-078
    Critical - Remote Code Execution - May require restart - Microsoft .NET Framework, Microsoft Silverlight

    Microsoft Security Bulletin MS11-081 - Critical
    Cumulative Security Update for Internet Explorer (2586448)
    - https://technet.microsoft.com/en-us/...letin/ms11-081
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

    Important -6-

    Microsoft Security Bulletin MS11-075 - Important
    Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
    - https://technet.microsoft.com/en-us/...letin/ms11-075
    Important - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS11-076 - Important
    Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
    - https://technet.microsoft.com/en-us/...letin/ms11-076
    Important - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS11-077 - Important
    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
    - https://technet.microsoft.com/en-us/...letin/ms11-077
    Important - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS11-079 - Important
    Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
    - https://technet.microsoft.com/en-us/...letin/ms11-079
    Important - Remote Code Execution- May require restart - Microsoft Forefront United Access Gateway

    Microsoft Security Bulletin MS11-080 - Important
    Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
    - https://technet.microsoft.com/en-us/...letin/ms11-080
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS11-082 - Important
    Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)
    - https://technet.microsoft.com/en-us/...letin/ms11-082
    Important - Denial of Service - May require restart - Microsoft Host Integration Server
    ___

    Deployment Priority
    - https://blogs.technet.com/cfs-filesy...Deployment.jpg

    Severity and Exploitability Index
    - https://blogs.technet.com/cfs-filesy..._-Severity.png
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=11779
    Last Updated: 2011-10-11 18:17:17 UTC... (Version: 2)
    ___

    - https://secunia.com/advisories/46403/ - MS11-075
    - https://secunia.com/advisories/46404/ - MS11-076
    - https://secunia.com/advisories/46405/ - MS11-077
    - https://secunia.com/advisories/46406/ - MS11-078
    - https://secunia.com/advisories/46402/ - MS11-079
    - https://secunia.com/advisories/46401/ - MS11-080
    - https://secunia.com/advisories/46400/ - MS11-081 - IE
    Updated 2011-10-17 - CVE Reference(s): CVE-2011-1993, CVE-2011-1995, CVE-2011-1996, CVE-2011-1997, CVE-2011-1998, CVE-2011-1999, CVE-2011-2000, CVE-2011-2001
    CVSS v2 Base Score: 9.3 (HIGH)
    - https://secunia.com/advisories/46399/ - MS11-082
    ___

    MSRT
    - http://support.microsoft.com/?kbid=890830
    October 11, 2011 - Revision: 94.0
    (Recent additions)
    - http://www.microsoft.com/security/pc...-families.aspx
    ... added this release...
    • EyeStye (aka 'SpyEye')
    • Poison

    Download:
    - http://www.microsoft.com/download/en...ylang=en&id=16
    File Name: windows-kb890830-v4.1.exe
    - https://www.microsoft.com/download/e...s.aspx?id=9905
    x64 version of MSRT:
    File Name: windows-kb890830-x64-v4.1.exe

    .
    Last edited by AplusWebMaster; 2011-10-18 at 12:06.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #429
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory updated...

    FYI...

    Microsoft Security Advisory (2269637)
    Insecure Library Loading Could Allow Remote Code Execution
    - https://technet.microsoft.com/en-us/...visory/2269637
    Updated: Tuesday, October 11, 2011
    • V11.0: Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-075, "Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution;" and MS11-076, "Vulnerability in Windows Media Center Could Allow Remote Code Execution."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #430
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Updates - October 2011 revisited ...

    FYI... NOW available thru MS Updates:

    MS Updates - October 2011 revisited ...

    A Compatibility View list update is available for Windows IE8
    - http://support.microsoft.com/kb/2598845
    October 26, 2011 - Revision: 2.1 - "An update is available for the Internet Explorer 8 Compatibility View list. This update is dated October 25, 2011. This Compatibility View list update makes websites that are designed for older browsers look better in Internet Explorer 8..."

    A Jump List that contains more than 999 items is not displayed in Windows 7 or in Windows Server 2008 R2
    - http://support.microsoft.com/kb/2607576
    October 25, 2011 - Revision: 1.0

    The values of the 32-bit versions of two registry entries are incorrect in 64-bit versions of Windows 7 or of Windows Server 2008 R2
    - http://support.microsoft.com/kb/2603229
    October 25, 2011 - Revision: 1.0

    MS08-069: Security update for XML Core Services 4.0
    - http://support.microsoft.com/kb/954430
    October 3, 2011 - Revision: 6.0

    Microsoft XML Core Services 4.0 SP2
    - http://support.microsoft.com/kb/973688
    January 19, 2011 - Revision: 4.0

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •