Page 44 of 51 FirstFirst ... 34404142434445464748 ... LastLast
Results 431 to 440 of 501

Thread: Old MS Alerts

  1. #431
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb Update on Zbot - MSRT removals

    FYI...

    Update on Zbot / MSRT removals
    - https://blogs.technet.com/b/mmpc/arc...zbot-spot.aspx
    31 Oct 2011 - "... prior to the September 2011 release, MSRT consistently detected about -90%- of PWS:Win32/Zbot variants in the wild. For the month of September 2011, we detected and removed PWS:Win32/Zbot from around 185,000 distinct Windows computers, a stark increase to the months beforehand... For October so far, we've removed Zbot from over 88,000 computers and we expect that number to grow to around 100,000... These increased numbers are also likely a result of new functionality we've seen in Zbot recently. It seems that some variants now automatically spread via the Windows autorun functionality; something that is very common with other prolific malware families, so it's not very surprising we're seeing it now - but is surprising we hadn't seen it before now. Regarding autorun, Microsoft released a security update in February of 2011* that changed its default behavior - the result was an overall decline in threats utilizing autorun as a spreading mechanism. There is a Microsoft Knowledge Base article that discusses how to disable autorun in Windows, here** ..."

    * http://support.microsoft.com/kb/971029

    ** http://support.microsoft.com/kb/967715

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #432
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb MSRT report 2011.11.01 ...

    FYI...

    MSRT: Poison and EyeStye*, by the numbers (*aka SpyEye)
    - https://blogs.technet.com/b/mmpc/arc...e-numbers.aspx
    1 Nov 2011 - "The latest MSRT release included coverage for two more malware families, one being Win32/EyeStye... the other being Win32/Poison... As of October 25, the MSRT has removed Win32/Poison from a little over 16,000 computers... we have disinfected EyeStye from more than half a million unique machines... (605,825 at the time of writing)...
    Top 10 Families in MSRT:
    - http://www.microsoft.com/security/po...BID047-003.png
    ... most of the computers found to be infected with EyeStye were located in western Europe, with the largest number of detections found in Germany:
    Geographical distribution of EyeStye:
    - http://www.microsoft.com/security/po...BID047-004.png ..."

    - https://www.microsoft.com/download/e...ng=en&id=27871
    PDF report Win32/Poison - 19 pgs.

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #433
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS11-081 updated for IE7 hotfix...

    FYI...

    Microsoft Security Bulletin MS11-081 - Critical
    Cumulative Security Update for Internet Explorer (2586448)
    - https://technet.microsoft.com/en-us/...letin/ms11-081
    Updated: Wednesday, November 02, 2011 - Version: 1.2
    • V1.2 (November 2, 2011): Announced the release of a hotfix to resolve a known issue affecting IE7 customers after the KB2586448 security update is installed. See the Update FAQ for details.

    > http://support.microsoft.com/kb/2586448
    November 2, 2011 - Revision: 2.0

    Some drop-down lists and combo boxes do not appear in IE7 after you install security update 2586448
    >> http://support.microsoft.com/kb/2628724
    November 2, 2011 - Revision: 6.2
    "... If you cannot upgrade to a newer version of Internet Explorer, a supported hotfix is now available from Microsoft for Internet Explorer 7. However, it is intended to correct -only- the problem that is described in this article. Apply it only to systems that are experiencing this specific problem..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #434
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MS Security Bulletin Advance Notification - November 2011

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms11-nov
    November 03, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on November 8, 2011... (Total of -4-)

    Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
    Bulletin 2 - Important - Remote Code Execution - May require restart - Microsoft Windows
    Bulletin 3 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
    Bulletin 4 - Moderate - Denial of Service - Requires restart - Microsoft Windows ..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #435
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Advisory for vuln related to Duqu malware

    FYI...

    Microsoft Security Advisory (2639658)
    Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
    - https://technet.microsoft.com/en-us/...visory/2639658
    • V1.0 (November 3, 2011): Advisory published.
    • V1.1 (November 3, 2011): Added localization notation to the Workarounds section.
    • V1.2 (November 4, 2011): Revised the workaround, Deny access to T2EMBED.DLL, to improve support for non-English versions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Customers with non-English versions of Microsoft Windows should reevaluate the applicability of the revised workaround for their environment.
    • V1.3 (November 8, 2011): Added link to MAPP Partners with Updated Protections in the Executive Summary.

    November 03, 2011 - "Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs...
    Workarounds: Deny access to T2EMBED.DLL
    Note: See Microsoft Knowledge Base Article 2639658* to use the automated Microsoft Fix it solution to enable or disable this workaround to deny access to t2embed.dll..."
    - http://support.microsoft.com/kb/2639658#FixItForMe
    November 3, 2011 - Revision: 1.0
    Impact of Workaround. Applications that rely on embedded font technology will fail to display properly.

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3402
    Last revised: 11/07/2011
    CVSS v2 Base Score: 9.3 (HIGH)
    ___

    - https://www.computerworld.com/s/arti...osoft_confirms
    November 4, 2011 - "... the Windows kernel vulnerability exploited by the Duqu Trojan is within the TrueType parsing engine, the same component it last patched just last month... So far during 2011, Microsoft has patched 56 different kernel vulnerabilities with updates issued in February, April, June, July, August and October. In April alone, the company fixed 30 bugs, then quashed 15 more in July..."
    ___

    - https://secunia.com/advisories/46724/
    Release Date: 2011-11-07
    Criticality level: Extremely critical
    Impact: System access
    Where: From remote...
    CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3402
    ... Reported as a 0-day.
    Solution: Apply the Microsoft Fix it.*...
    * http://support.microsoft.com/kb/2639658#FixItForMe

    - http://www.securitytracker.com/id/1026271
    Updated: Nov 4 2011
    Impact: Execution of arbitrary code via network, User access via network
    Vendor Confirmed: Yes
    Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs...
    ... A remote user can create a specially crafted document that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with kernel level privileges. The vulnerability resides in the Win32k.sys kernel driver in the parsing of TrueType fonts...

    NOTE: "... The vulnerability cannot be exploited automatically via email unless the user opens an attachment sent in an email message..."
    Per: https://isc.sans.edu/diary.html?storyid=11950

    U.S.CERT: Critical alert
    - https://www.us-cert.gov/control_syst...11-291-01E.pdf
    November 1, 2011

    Last edited by AplusWebMaster; 2011-11-09 at 19:35.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #436
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - November 2011

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms11-nov
    November 08, 2011 - "This bulletin summary lists security bulletins released for November 2011...
    (Total of -4-)

    Microsoft Security Bulletin MS11-083 - Critical
    Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
    - https://technet.microsoft.com/en-us/...letin/ms11-083
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS11-085 - Important
    Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution
    - https://technet.microsoft.com/en-us/...letin/ms11-085
    Important - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS11-086 - Important
    Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)
    - https://technet.microsoft.com/en-us/...letin/ms11-086
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS11-084 - Moderate
    Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)
    - https://technet.microsoft.com/en-us/...letin/ms11-084
    Moderate - Denial of Service - Requires restart - Microsoft Windows
    ___

    Bulletin Deployment priority
    - https://blogs.technet.com/cfs-filesy...nt-Graphic.png

    Severity and exploitability index
    - https://blogs.technet.com/cfs-filesy...ty-Graphic.png
    ___

    - http://www.securitytracker.com/id/1026290 - MS11-083
    - http://www.securitytracker.com/id/1026291 - MS11-084
    - http://www.securitytracker.com/id/1026292 - MS11-085
    - http://www.securitytracker.com/id/1026293 - MS11-085
    - http://www.securitytracker.com/id/1026294 - MS11-086
    Nov 8 2011
    - https://secunia.com/advisories/46731/ - MS11-083
    - https://secunia.com/advisories/46751/ - MS11-084
    - https://secunia.com/advisories/46752/ - MS11-085
    - https://secunia.com/advisories/46755/ - MS11-086
    Nov 8 2011
    ___

    Office updates...
    - http://support.microsoft.com/kb/2639798
    November 8, 2011 - "... -security- and nonsecurity updates. All the following are included in the November 8, 2011 update.
    2553455 Description of the Office 2010 update
    - http://support.microsoft.com/kb/2553455
    2553310 Description of the Office 2010 update
    - http://support.microsoft.com/kb/2553310
    2553181 Description of the Office 2010 update
    - http://support.microsoft.com/kb/2553181
    2553290 Description of the OneNote 2010 update
    - http://support.microsoft.com/kb/2553290
    2553323 Description of the Outlook 2010 update
    - http://support.microsoft.com/kb/2553323
    982726 Description of the Outlook 2010 Junk Email Filter update
    - http://support.microsoft.com/kb/982726
    2596972 Description of the Outlook 2003 Junk Email Filter update...
    - http://support.microsoft.com/kb/2596972
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=11971
    Last Updated: 2011-11-08 22:18:48 UTC - Version: 2

    Re-released: Microsoft Security Bulletin MS11-037 - Important
    Vulnerability in MHTML Could Allow Information Disclosure (2544893)
    - https://technet.microsoft.com/en-us/...letin/ms11-037
    Published: Tuesday, June 14, 2011 | Updated: Tuesday, November 08, 2011
    Version: 2.0 - FAQs: "... The new offering of this update provides systems running Windows XP or Windows Server 2003 with the same cumulative protection that is provided by this update for all other affected operating systems..."
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1894
    Last revised: 09/07/2011
    Overview: "The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka 'MHTML Mime-Formatted Request Vulnerability'..."
    CVSS v2 Base Score: 4.3 (MEDIUM)
    ___

    MSRT
    - http://support.microsoft.com/?kbid=890830
    November 8, 2011 - Revision: 95.0
    (Recent additions)
    - http://www.microsoft.com/security/pc...-families.aspx
    ... added this release...
    • Carberp
    • Cridex
    • Dofoil

    Download:
    - http://www.microsoft.com/download/en...ylang=en&id=16
    File Name: windows-kb890830-v4.2.exe - 14.0 MB
    - https://www.microsoft.com/download/e...s.aspx?id=9905
    x64 version of MSRT:
    File Name: windows-kb890830-x64-v4.2.exe - 14.0 MB

    - https://blogs.technet.com/themes/blo...erp&GroupKeys=
    8 Nov 2011

    .
    Last edited by AplusWebMaster; 2011-11-11 at 13:29.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #437
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Advisory updates - TrueType Font Parsing + Insecure Lib Load

    FYI...

    Microsoft Security Advisory (2269637)
    Insecure Library Loading Could Allow Remote Code Execution
    - https://technet.microsoft.com/en-us/...visory/2269637
    • V12.0 (November 8, 2011): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS11-085*, "Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution."
    * https://technet.microsoft.com/en-us/...letin/ms11-085

    Microsoft Security Advisory (2639658)
    Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
    - https://technet.microsoft.com/en-us/...visory/2639658
    • V1.4 (November 11, 2011): Revised impact statement for the workaround, Deny access to T2EMBED.DLL, to address applications that rely on T2EMBED.DLL for functionality.
    "... vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability..."
    > http://support.microsoft.com/kb/2639658#FixItForMe

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3402
    Last revised: 11/07/2011
    CVSS v2 Base Score: 9.3 (HIGH)

    - http://labs.m86security.com/2011/11/...ero-day-event/
    November 8th, 2011
    ___

    A simple test of the Duqu workaround...
    - http://blogs.computerworld.com/19256...und_is_working
    November 12, 2011

    Last edited by AplusWebMaster; 2011-11-15 at 14:11.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #438
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Advisory - digital certificates

    FYI...

    Microsoft Security Advisory (2641690)
    Fraudulent Digital Certificates Could Allow Spoofing
    * http://technet.microsoft.com/security/advisory/2641690
    November 10, 2011 - "... The majority of customers have automatic updating enabled and will not need to take any action because the KB2641690 update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually..."

    - http://support.microsoft.com/kb/2641690
    November 10, 2011 Rev 1.0 - "Microsoft has released a Microsoft security advisory about this issue for IT professionals. This update is released for all supported versions of Microsoft Windows. This update revokes the trust of the following DigiCert Sdn. Bhd intermediate certificates by putting them in the Microsoft Untrusted Certificate Store:
    Digisign Server ID – (Enrich) issued by Entrust.net Certification Authority (2048)
    Digisign Server ID (Enrich) issued by GTE CyberTrust Global Root
    The security advisory* contains additional security-related information..."

    - https://blogs.technet.com/themes/blo...ore&GroupKeys=
    10 Nov 2011
    ___

    - https://www.us-cert.gov/current/#fra...es_could_allow
    November 10, 2011

    Last edited by AplusWebMaster; 2011-11-11 at 14:07.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #439
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS re-release - KB 2641690

    FYI...

    Microsoft Security Advisory (2641690)
    Fraudulent Digital Certificates Could Allow Spoofing
    - https://technet.microsoft.com/en-us/...visory/2641690
    • V2.0 (November 16, 2011): Revised to announce the re-release of the KB261690 update. See the Update FAQ in this advisory for more information. Also, added link to Microsoft Knowledge Base Article 2641690* under Known Issues in the Executive Summary.
    * http://support.microsoft.com/kb/2641690
    November 16, 2011 - Revision: 5.1
    "... Before November 16, 2011, Microsoft Windows Server Update Services (WSUS) server customers experienced problems with the versions of update 2641690 for Windows XP x64 and for Windows Server 2003. On November 16, 2011, we re-released update 2641690 to address this issue for Windows XP x64 and for all editions of Windows Server 2003. Most systems have automatic updating enabled. If you do have automatic updating enabled, you do not have to take any action because update 2641690 will be installed automatically. All releases of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2 are not affected by this issue..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #440
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MSRT November - Dofoil

    FYI...

    MSRT November: Dofoil
    - https://blogs.technet.com/themes/blo...oil&GroupKeys=
    22 Nov 2011 - "... one of the three families added to the November release of the Microsoft Malicious Software Removal Tool is Win32/Dofoil. TrojanDownloader:Win32/Dofoil is a configurable downloader. Dofoil will attempt to receive control instructions from a remote server. The response contains encrypted configuration data containing download URLs and execution options... often seen as an attachment as part of a spam campaign, the MMPC has observed Win32/Dofoil distributed and installed via other mechanisms such as by exploit. In the wild Win32/Dofoil variants are employed to download rogue security software such as Trojan:Win32/FakeSysdef and spam capable malware such as Trojan:Win32/Danmec.L. Among observed spam campaigns, here is a small selection of spam lures employed during the last two months:
    'IRS
    From: pay.damages @irs.gov
    Subject: IRS Notification ...'
    'iTunes
    From: account.sn.5890 @itunes.apple.com
    Subject: Your iTunes Gift Certificate ...'
    'Xerox
    Subject: Fwd: Scan from a Xerox W. Pro #16389356 ...'
    ... reported variants of Win23/Dofoil on 13,488 unique machines this month. Forty-seven percent of these machines were running Windows XP, whilst approximately twenty-nine percent were running Windows 7. Looking at the geographic distribution* of the machines which reported a Win32/Dofoil detection...
    * http://www.microsoft.com/security/po...ID54-GRAPH.png
    ... most prevalent in the United States, the MMPC observed those attempting to distribute Win32/Dofoil employing the use of localized lures targeting recipients in Germany, France Italy and Australia..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •