Page 45 of 51 FirstFirst ... 35414243444546474849 ... LastLast
Results 441 to 450 of 501

Thread: Old MS Alerts

  1. #441
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb Patch Watch ...

    FYI... http://windowssecrets.com/category/patch-watch/

    ... Regularly updated problem-patch chart
    >> http://windowssecrets.com/category/patch-watch/
    2011-11-23 - "... table provides the status of problem Windows patches reported in previous Patch Watch columns. Patches listed... as safe to install will be removed from the next updated table...
    [ i.e.] Microsoft Security Bulletin MS11-069 - Moderate
    Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
    * https://technet.microsoft.com/en-us/...letin/ms11-069
    'Published: Tuesday, August 09, 2011 | Updated: Wednesday, October 26, 2011 ...
    Revisions:
    • V1.0 (August 9, 2011): Bulletin published.
    • V1.1 (August 23, 2011): Added an update FAQ to announce a detection change for KB2539636 that corrects an installation issue. This is a detection change only. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action.
    • V1.2 (October 26, 2011): Corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems...'

    Status recommendations: Skip* — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply..."

    Last edited by AplusWebMaster; 2012-11-18 at 23:21.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #442
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Duqu TrueType 0-day exploit - notes ...

    FYI... Duqu TrueType 0-day exploit - notes ..

    No Microsoft patch is available (yet)
    > http://windowssecrets.com/newsletter...pack-4/#inthe3
    2011-12-01 - "... The workaround** denies access to t2embed.dll, causing the Duqu exploit to fail. But the Duqu Fix it also has an odd characteristic: it prompts Windows XP users to download two older Microsoft patches, MS10-001 (KB 972270) and MS10-076 (KB 982132) — patches most XP users have presumably already installed..."
    ** http://support.microsoft.com/kb/2639658#FixItForMe

    Free Duqu detector from CrySyS
    > http://windowssecrets.com/newsletter...pack-4/#inthe2
    2011-12-01 - "... To see whether your system is vulnerable to Duqu, you can obtain a free Duqu detector from CrySyS*..."
    * http://www.crysys.hu/duqudetector.html

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #443
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MS Security Bulletin Advance Notification - December 2011

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms11-dec
    December 08, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on December 13, 2011...
    (Total of -14-)

    Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
    Bulletin 2 - Critical - Remote Code Execution - May require restart - Microsoft Windows
    Bulletin 3 - Critical - Remote Code Execution - May require restart - Microsoft Windows

    Bulletin 4 - Important - Information Disclosure - Requires restart - Microsoft Windows
    Bulletin 5 - Important - Information Disclosure - May require restart - Microsoft Office
    Bulletin 6 - Important - Information Disclosure - May require restart - Microsoft Office
    Bulletin 7 - Important - Information Disclosure - May require restart - Microsoft Windows
    Bulletin 8 - Important - Information Disclosure - May require restart - Microsoft Office
    Bulletin 9 - Important - Information Disclosure - Requires restart - Microsoft Windows
    Bulletin 10 -Important - Information Disclosure - May require restart - Microsoft Office

    Bulletin 11 -Important - Elevation of Privilege - Requires restart- Microsoft Windows
    Bulletin 12 -Important - Elevation of Privilege - Requires restart- Microsoft Windows
    Bulletin 13 -Important - Elevation of Privilege - Requires restart- Microsoft Windows, Internet Explorer
    Bulletin 14 -Important - Elevation of Privilege - May require restart - Microsoft Office
    ___

    - https://www.computerworld.com/s/arti...and_BEAST_bugs
    December 8, 2011 - "... Among the patches will be ones that plug the hole used by the Duqu intelligence-gathering Trojan, and fix the SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 bug popularized three months ago by the BEAST, for "Browser Exploit Against SSL/TLS," hacking tool..."

    TrueType: http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3402
    Last revised: 11/07/2011
    CVSS v2 Base Score: 9.3 (HIGH)
    SSL/TLS: http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3389
    Last revised: 11/24/2011
    CVSS v2 Base Score: 4.3 (MEDIUM)
    ___

    - https://isc.sans.edu/diary.html?storyid=12169
    Last Updated: 2011-12-08 21:43:23 UTC - "... gifts we will be presented with next week..."

    .
    Last edited by AplusWebMaster; 2011-12-09 at 17:29.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #444
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - December 2011

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms11-dec
    December 13, 2011 - "This bulletin summary lists security bulletins released for December 2011...
    (Total of -13- )

    Critical - 3

    Microsoft Security Bulletin MS11-087 - Critical
    Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
    - https://technet.microsoft.com/en-us/...letin/ms11-087
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS11-090 - Critical
    Cumulative Security Update of ActiveX Kill Bits (2618451)
    - https://technet.microsoft.com/en-us/...letin/ms11-090
    Critical - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS11-092 - Critical
    Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)
    - https://technet.microsoft.com/en-us/...letin/ms11-092
    Critical - Remote Code Execution - May require restart - Microsoft Office

    Important - 10

    Microsoft Security Bulletin MS11-088 - Important
    Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)
    - https://technet.microsoft.com/en-us/...letin/ms11-088
    Important - Elevation of Privilege - May require restart - Microsoft Office

    Microsoft Security Bulletin MS11-089 - Important
    Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
    - https://technet.microsoft.com/en-us/...letin/ms11-089
    Important - Remote Code Execution - May require restart - Microsoft Office

    Microsoft Security Bulletin MS11-091 - Important
    Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)
    - https://technet.microsoft.com/en-us/...letin/ms11-091
    Important - Remote Code Execution - May require restart - Microsoft Office

    Microsoft Security Bulletin MS11-093 - Important
    Vulnerability in OLE Could Allow Remote Code Execution (2624667)
    - https://technet.microsoft.com/en-us/...letin/ms11-093
    Important - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS11-094 - Important
    Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
    - https://technet.microsoft.com/en-us/...letin/ms11-094
    Important - Remote Code Execution - May require restart - Microsoft Office

    Microsoft Security Bulletin MS11-095 - Important
    Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
    - https://technet.microsoft.com/en-us/...letin/ms11-095
    Important - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS11-096 - Important
    Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
    - https://technet.microsoft.com/en-us/...letin/ms11-096
    Important - Remote Code Execution - May require restart - Microsoft Office

    Microsoft Security Bulletin MS11-097 - Important
    Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
    - https://technet.microsoft.com/en-us/...letin/ms11-097
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS11-098 - Important
    Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
    - https://technet.microsoft.com/en-us/...letin/ms11-098
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS11-099 - Important
    Cumulative Security Update for Internet Explorer (2618444)
    - https://technet.microsoft.com/en-us/...letin/ms11-099
    Important - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
    ___

    Deployment Priority
    - https://blogs.technet.com/cfs-filesy...D00_12-dep.png

    Severity and Exploitability Index
    - https://blogs.technet.com/cfs-filesy...D00_12-dep.png

    - https://blogs.technet.com/b/msrc/arc...edirected=true
    "... Why 13 bulletins and not 14, as we stated in the ANS announcement on Thursday? After that announcement, we discovered an apps-compatibility issue between one bulletin-candidate and a major third-party vendor... The issue addressed in that bulletin, which we have been monitoring and against which we have seen no active attacks in the wild, was discussed in Security Advisory 2588513*."
    * https://technet.microsoft.com/en-us/...visory/2588513

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3389
    Last revised: 12/13/2011
    CVSS v2 Base Score: 4.3 (MEDIUM)

    - https://www.computerworld.com/s/arti...fixes_Duqu_bug
    December 13, 2011 - "... scrubbed security update was to fix the SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 bug demonstrated in September 2011 by researchers who crafted a hacking tool dubbed BEAST... SAP... was the third-party vendor who reported compatibility problems...."
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=12193
    Last Updated: 2011-12-14 02:29:09 UTC
    ___

    Security Advisory updates:

    Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
    - https://technet.microsoft.com/en-us/...visory/2639658
    V2.0 (December 13, 2011): Advisory updated to reflect publication of security bulletin. MS11-087.

    Insecure Library Loading Could Allow Remote Code Execution
    - https://technet.microsoft.com/en-us/...visory/2269637
    V13.0 (December 13, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-099, "Cumulative Security Update for Internet Explorer;" and MS11-094, "Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution."
    ___

    Insecure library loading - verified Secunia List
    - https://secunia.com/community/adviso...brary_loading/
    Number of products affected: 293
    Number of vendors affected: 113
    Number of Secunia Advisories issued: 215
    Solution Status ...
    ___

    - https://secunia.com/advisories/46724/ - MS11-087
    - https://secunia.com/advisories/47062/ - MS11-088
    - https://secunia.com/advisories/47098/ - MS11-089
    - https://secunia.com/advisories/47099/ - MS11-090
    - https://secunia.com/advisories/47117/ - MS11-092
    - https://secunia.com/advisories/47207/ - MS11-093
    - https://secunia.com/advisories/47208/ - MS11-094
    - https://secunia.com/advisories/47213/ - MS11-094
    - https://secunia.com/advisories/47202/ - MS11-095
    - https://secunia.com/advisories/47203/ - MS11-096
    - https://secunia.com/advisories/47210/ - MS11-097
    - https://secunia.com/advisories/47204/ - MS11-098
    - https://secunia.com/advisories/47212/ - MS11-099
    ___

    MSRT
    - http://support.microsoft.com/?kbid=890830
    December 13, 2011 - Revision: 96.0
    (Recent additions)
    - http://www.microsoft.com/security/pc...-families.aspx
    ... added this release...
    • Helompy

    Download:
    - http://www.microsoft.com/download/en...ylang=en&id=16
    File Name: windows-kb890830-v4.3.exe - 14.5 MB
    - https://www.microsoft.com/download/e...s.aspx?id=9905
    x64 version of MSRT:
    File Name: windows-kb890830-x64-v4.3.exe - 14.8 MB

    - https://blogs.technet.com/b/mmpc/arc...edirected=true
    13 Dec 2011
    ___

    Dec. 2011 Security Bulletin Q&A:
    - https://blogs.technet.com/b/msrc/arc...edirected=true
    Dec. 14, 2011

    .
    Last edited by AplusWebMaster; 2012-01-26 at 13:42.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #445
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post RE: Win7 SP1

    FYI... Win7 SP1 goes "missing"...

    'You do not have the option of downloading Windows 7 SP1 when you use Windows Update to check for updates'
    - http://support.microsoft.com/kb/2498452
    Last Review: April 24, 2012 - Revision: 11.0
    "... To resolve this issue, follow the steps in the methods below..."
    (See the site)

    Last edited by AplusWebMaster; 2012-08-21 at 22:33.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #446
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Hash collision attacks ...

    FYI...

    - https://www.us-cert.gov/current/#mul...erable_to_hash
    Dec. 29, 2011

    - http://h-online.com/-1401863
    Dec. 29, 2011
    ___

    Microsoft Security Advisory (2659883)
    Vulnerability in ASP.NET Could Allow Denial of Service
    - https://technet.microsoft.com/en-us/...visory/2659883
    December 28, 2011 - "Microsoft is aware of detailed information that has been published describing a new method to exploit hash tables. Attacks targeting this type of vulnerability are generically known as hash collision attacks. Attacks such as these are not specific to Microsoft technologies and affect other web service software providers. This vulnerability affects all versions of Microsoft .NET Framework and could allow for an unauthenticated denial of service attack on servers that serve ASP.NET pages. Sites that only serve static content or disallow dynamic content types listed in the mitigation factors below are not vulnerable.
    The vulnerability exists due to the way that ASP.NET processes values in an ASP.NET form post causing a hash collision. It is possible for an attacker to send a small number of specially crafted posts to an ASP.NET server, causing performance to degrade significantly enough to cause a denial of service condition. Microsoft is aware of detailed information available publicly that could be used to exploit this vulnerability but is not aware of any active attacks.
    Details of a workaround to help protect sites against this vulnerability are provided in this article. Individual implementations for sites using ASP.NET will vary and Microsoft strongly suggests customers evaluate the impact of the workaround for applicability to their implementations...
    Workarounds - Configuration-based workaround
    The following workaround configures the limit of the maximum request size that ASP.NET will accept from a client. Decreasing the maximum request size will decrease the susceptibility of the ASP.NET server to a denial of service attack..."
    - http://support.microsoft.com/kb/2659883
    December 28, 2011 - Revision: 2.0

    - http://www.kb.cert.org/vuls/id/903934
    2011-12-28

    - https://isc.sans.edu/diary.html?storyid=12286
    Last Updated: 2011-12-28 23:02:14 UTC ...(Version: 2)
    ___

    - https://blogs.technet.com/b/srd/arch...edirected=true
    27 Dec 2011 10:29 PM - "...if your website does need to accept user uploads, this workaround is likely to block legitimate requests. In that case, you should not use this workaround and instead wait for the comprehensive security update*..."
    * Advanced Notification for out-of-band release to address Security Advisory 2659883
    - https://blogs.technet.com/b/msrc/arc...edirected=true
    28 Dec 2011 7:51 PM - "... The release is scheduled for December 29... The bulletin has a severity rating of Critical..."
    ___

    - http://www.securitytracker.com/id/1026469
    CVE Reference: CVE-2011-3414
    Date: Dec 28 2011
    Impact: Denial of service via network...

    - http://www.ocert.org/advisories/ocert-2011-003.html
    2011-12-28

    - https://secunia.com/advisories/47323/ | https://secunia.com/advisories/47404/
    - https://secunia.com/advisories/47405/ | https://secunia.com/advisories/47406/
    - https://secunia.com/advisories/47407/ | https://secunia.com/advisories/47408/
    - https://secunia.com/advisories/47411/ | https://secunia.com/advisories/47413/
    - https://secunia.com/advisories/47414/ | https://secunia.com/advisories/47415/
    Release Date: 2011-12-29

    Last edited by AplusWebMaster; 2011-12-29 at 23:04.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #447
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS11-100 - .NET Framework ...

    FYI...

    Microsoft Security Bulletin MS11-100 - Critical
    Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
    - https://technet.microsoft.com/en-us/.../ms11-100.mspx
    December 29, 2011 - "This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site... This security update is rated Critical for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on -all- supported editions of Microsoft Windows...
    Collisions in HashTable May Cause DoS Vulnerability
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3414 - 7.8 (HIGH)
    Insecure Redirect in .NET Form Authentication Vulnerability
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3415 - 6.8
    ASP.Net Forms Authentication Bypass Vulnerability
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3416 - 8.5 (HIGH)
    ASP.NET Forms Authentication Ticket Caching Vulnerability
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3417 - 9.3 (HIGH)
    12/30/2011
    Affected Software: Windows XP (all editions), Windows Server 2003 (all editions), Windows Vista (all editions), Windows Server 2008 (all editions), Windows 7 (all editions), Windows Server 2008 R2 (all editions) ..."
    • V1.1 (December 30, 2011): Added entry to the Update FAQ to address security-rated changes to functionality contained in this update and added mitigation for CVE-2011-3414.
    ___

    MSRC: https://blogs.technet.com/b/msrc/arc...edirected=true
    29 Dec 2011 - "... Consumers are -not- vulnerable unless they are running a Web server from their computer..."

    MS SRD: https://blogs.technet.com/b/srd/arch...edirected=true
    29 Dec 2011
    ___

    - https://secunia.com/advisories/47323/
    Last Update: 2012-01-02
    Criticality level: Moderately critical
    Impact: Security Bypass, Spoofing, DoS
    Where: From remote...
    Original Advisory: MS11-100 (KB2638420, KB2656351, KB2656352, KB2656353, KB2656355, KB2656356, KB2656358, KB2656362, KB2657424):
    http://technet.microsoft.com/en-us/s...letin/MS11-100

    - http://www.securitytracker.com/id/1026479
    Updated: Dec 30 2011

    Last edited by AplusWebMaster; 2012-01-02 at 16:12.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #448
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MS Security Bulletin Advance Notification - January 2012

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms12-jan
    January 05, 2012 - "This is an advance notification of security bulletins that Microsoft is intending to release on January 10, 2012...
    (Total of -7-)

    Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
    Bulletin 2 - Important - Security Feature Bypass - Requires restart - Microsoft Windows
    Bulletin 3 - Important - Remote Code Execution - May require restart - Microsoft Windows
    Bulletin 4 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
    Bulletin 5 - Important - Remote Code Execution - May require restart - Microsoft Windows
    Bulletin 6 - Important - Information Disclosure - Requires restart - Microsoft Windows
    Bulletin 7 - Important - Information Disclosure - May require restart - Microsoft Developer Tools and Software

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #449
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - January 2012

    FYI...

    - https://technet.microsoft.com/en-us/...letin/ms12-jan
    January 10, 2012 - "This bulletin summary lists security bulletins released for January 2012...
    (Total of -7-)

    Microsoft Security Bulletin MS12-004 - Critical
    Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
    - https://technet.microsoft.com/en-us/...letin/ms12-004
    Critical - Remote Code Execution - Requires restart- Microsoft Windows

    Microsoft Security Bulletin MS12-001 - Important
    Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
    - https://technet.microsoft.com/en-us/...letin/ms12-001
    Important - Security Feature Bypass - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-002 - Important
    Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
    - https://technet.microsoft.com/en-us/...letin/ms12-002
    Important - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS12-003 - Important
    Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
    - https://technet.microsoft.com/en-us/...letin/ms12-003
    Important - Elevation of Privilege - Requires restart- Microsoft Windows

    Microsoft Security Bulletin MS12-005 - Important
    Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
    - https://technet.microsoft.com/en-us/...letin/ms12-005
    Important - Remote Code Execution - May require restart - Microsoft Windows

    Microsoft Security Bulletin MS12-006 - Important
    Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
    - https://technet.microsoft.com/en-us/...letin/ms12-006
    Important - Information Disclosure - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-007 - Important
    Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)
    - https://technet.microsoft.com/en-us/...letin/ms12-007
    Important - Information Disclosure - May require restart - Microsoft Developer Tools and Software
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=12361
    Last Updated: 2012-01-10 18:38:36 UTC
    ___

    Deployment Priority
    - https://blogs.technet.com/cfs-filesy...0_Priority.PNG

    Severity and Exploitability Index
    - https://blogs.technet.com/cfs-filesy...nd_5F00_XI.PNG

    - https://blogs.technet.com/b/msrc/arc...edirected=true
    ___

    - https://secunia.com/advisories/47356/ - MS12-001
    - https://secunia.com/advisories/45189/ - MS12-002
    - https://secunia.com/advisories/47479/ - MS12-003
    - https://secunia.com/advisories/47485/ - MS12-004
    - https://secunia.com/advisories/47480/ - MS12-005
    - https://secunia.com/advisories/46168/ - MS12-006
    - https://secunia.com/advisories/47483/ - MS12-007
    - https://secunia.com/advisories/47516/ - MS12-007

    - http://www.securitytracker.com/id/1026498 - MS12-006
    ___

    MSRT
    - http://support.microsoft.com/?kbid=890830
    January 10, 2012 - Revision: 97.1
    (Recent additions)
    - http://www.microsoft.com/security/pc...-families.aspx
    ... added this release...
    • Sefnit*

    Download:
    - http://www.microsoft.com/download/en...ylang=en&id=16
    File Name: windows-kb890830-v4.4.exe - 13.8 MB
    - https://www.microsoft.com/download/e...s.aspx?id=9905
    x64 version of MSRT:
    File Name: windows-kb890830-x64-v4.4.exe - 14.2 MB

    * https://blogs.technet.com/b/mmpc/arc...edirected=true
    10 Jan 2012 - "... Sefnit... often installed by different exploit kits including such as "Blackhole" (detected as Blacole), or distributed on file sharing networks with enticing "keygen" or "crack" styled file names..."

    .
    Last edited by AplusWebMaster; 2012-01-11 at 14:45.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #450
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS SSL/TLS advisory updated

    FYI...

    Microsoft Security Advisory (2588513)
    Vulnerability in SSL/TLS Could Allow Information Disclosure
    - https://technet.microsoft.com/en-us/...visory/2588513
    Published: Monday, September 26, 2011 | Updated: Tuesday, January 10, 2012 - "We have issued MS12-006* to address this issue..."
    * https://technet.microsoft.com/en-us/...letin/ms12-006

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-3389

    * http://forums.spybot.info/showpost.p...9&postcount=33

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •