View Full Version : The missing Microsoft patches

2007-03-25, 01:51

- http://isc.sans.org/diary.html?storyid=1940
Last Updated: 2007-03-24 20:16:16 UTC ...(Version: 32)

Added today:
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1658
Original release date: 3/24/2007
Source: US-CERT/NIST ...
Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe)..."


2007-03-27, 21:52

- http://isc.sans.org/diary.html?storyid=1940
Last Updated: 2007-03-26 23:23:31 UTC ...(Version: 34)
"...Some mitigating steps are in KB934864: Setup wpad TXT records in all DNS domains and have the wpad name reserved on all WINS servers..."

- http://support.microsoft.com/kb/934864
Article ID: 934864
Last Review: March 27, 2007
Revision: 2.1
"...Network administrators who have not already registered legitimate WPAD entries in DNS or in WINS, and network administrators who have not correctly implemented WPAD through DHCP and Option 252, must reserve static WPAD DNS host names and WPAD WINS name records. By doing this, network administrators help prevent possible malicious registrations..."

- http://www.us-cert.gov/current/#WPAD
added March 27, 2007


2007-03-30, 00:36
Updated (new addition):

- http://isc.sans.org/diary.html?storyid=1940
Last Updated: 2007-03-29 18:02:23 UTC ...(Version: 35)
"Windows Animated Cursor
Microsoft advisory 935423 ( http://www.microsoft.com/technet/security/advisory/935423.mspx )
Workaround: Limit "*.ani" files from reaching web browsers and email clients such as IE and Outlook."

- http://isc.sans.org/diary.html?storyid=2539
Last Updated: 2007-03-30 10:40:08 UTC ~ "A short overview of how the different email clients (in the supported list of Microsoft) are reacting to the animated cursor vulnerability depending on the actions and settings of the email client. The surprising element is that read in plain text mode makes some of the clients more vulnerable and actually only offers real added value for Outlook 2003..."
(Chart available at the URL above.)

- http://www.us-cert.gov/current/#WINANI
added March 29, 2007
IE: "US-CERT is aware of a new, unpatched vulnerability in Microsoft Windows that could allow an attacker to execute arbitrary code. This vulnerability is caused by Windows failing to properly handle specially crafted animated cursor (ANI) files. According to public reports, this vulnerability is actively being exploited via Internet Explorer. Specifically, the reports claim that browsing to a specially crafted web page with Microsoft Internet Explorer results in exploitation...
Outlook Express: "Configuring Outlook Express to read email in plaintext will not protect against this vulnerability. Outlook Express in plaintext mode will download and parse a malicious .ANI file referenced in the email message without prompting..."


2007-04-11, 01:06

- http://isc.sans.org/diary.html?storyid=1940
Last Updated: 2007-04-10 18:04:11 UTC ...(Version: 39)

Also see patches released today:
- http://forums.spybot.info/showpost.php?p=79219&postcount=30


2007-04-15, 02:07

- http://isc.sans.org/diary.html?storyid=1940
Last Updated: 2007-04-14 16:19:27 UTC ...(Version: 41)