PDA

View Full Version : Alerts - Q4-2006-Q1-2007



AplusWebMaster
2006-06-10, 03:39
FYI...

- http://isc.sans.org/diary.php?storyid=1394
Last Updated: 2006-06-09 20:28:44 UTC
"Microsoft announced that they will not provide a patch for Windows 98 and ME for MS06-015 "Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)". The choice appears to be related to the amount of effort needed to patch the problem and the fact that those Operating systems reach the end of their lifecycle on June 11th.
The suggested workaround is blocking incoming traffic to TCP port 139 on any unpatched systems. This should at best be a temporary step; unsupported operating systems are a greater liability than supported ones...
More details can be found at:
http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx
http://blogs.technet.com/msrc/archive/2006/06/09/434300.aspx "

:(

AplusWebMaster
2006-12-15, 17:49
FYI...

- http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9006118&source=rss_topic85
December 14, 2006
"...Microsoft released a patch for Internet Explorer 7 (IE7) that will boost the brand-new browser's performance on some Web sites. Some users had reported that the new phishing filter had been slowing down the PC's performance as IE evaluated the security of Web pages that contained a lot of frames. Microsoft introduced the filter in IE7, released in mid-October, as a way of warning Web surfers when they might be visiting untrustworthy Web sites. The new performance patches are for Windows XP and Windows Server 2003 versions of IE7, but -not- for users running the browser on Windows Vista..."

The computer may respond very slowly as the Phishing Filter evaluates Web page contents in IE7
> http://support.microsoft.com/kb/928089/
Last Review: December 12, 2006
Revision: 1.0

- http://blogs.msdn.com/ie/archive/2006/12/12/ie-december-2006-security-update-is-now-available.aspx
December 13, 2006 11:34 AM
"...not offered via WU/MU/AU yet..."
================================

- http://www.networkcomputing.com/channels/security/showArticle.jhtml?articleID=196700242
Dec 15, 2006
"...IE 7 users may see their PCs bog down as the filter evaluates multi-frame pages for fraud indicators. On pages with a large number of frames, or when the user browses several frames in a short time, IE 7's processor appetite spikes. "When you use Windows Internet Explorer 7 to visit a Web page, the computer may respond very slowly as the Phishing Filter evaluates Web page contents," Microsoft said in a support document* it posted Tuesday..."
* http://support.microsoft.com/default.aspx/kb/928089
================================

Updated...
- http://support.microsoft.com/kb/928089/
Last Review: January 29, 2007
Revision: 2.1
Update for Windows Vista, 32-bit versions
Update for Windows Vista, 64-bit versions
Update for Windows XP with Service Pack 2, 32-bit versions
Update for Windows XP Professional, 64-bit versions
Update for Windows Server 2003 with Service Pack 1, 32-bit versions
Update for Windows Server 2003 with Service Pack 1, 64-bit x64-based versions
Update for Windows Server 2003 with Service Pack 1, 64-bit Itanium-based versions ...

:spider:

AplusWebMaster
2007-01-04, 20:20
FYI...

- http://www.microsoft.com/technet/security/bulletin/advance.mspx
January 4, 2007
"...On 9 January 2007 Microsoft is planning to release:

Security Updates
• -Three- Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.
• -One- Microsoft Security Bulletins affecting Microsoft Windows and Microsoft Visual Studio. The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates will require a restart.
• -One- Microsoft Security Bulletins affecting Microsoft Windows and Microsoft Office. The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
• -Three- Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

Microsoft Windows Malicious Software Removal Tool
• Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS
• Microsoft will release no NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
• Microsoft will release -two- NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released..."
==================================================

- http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007438&source=rss_topic85
January 06, 2007
"Microsoft Corp. has eliminated four of eight previously announced security patches scheduled to be available to system administrators next Tuesday... Microsoft said it still plans to release the remaining four patches. Three of them affect Office and one affects Windows; each is rated "critical"... Asked for an explanation of the sudden change, a company spokesman only said, "There are many factors that impact the release of a security update, and every vulnerability presents its own unique challenges"..."

* http://www.microsoft.com/technet/security/bulletin/advance.mspx
Updated: January 5, 2007
"...On 9 January 2007 Microsoft is planning to release:
Security Updates
• -One- Microsoft Security Bulletin affecting Microsoft Windows...
• -Three- Microsoft Security Bulletins affecting Microsoft Office..."

:rolleyes:

AplusWebMaster
2007-01-09, 20:24
FYI...

- http://www.microsoft.com/technet/security/bulletin/ms07-jan.mspx
January 9, 2007
"...Summary
Included in this advisory are updates for newly discovered vulnerabilities. These vulnerabilities, broken down by severity are:

Critical (3)

Microsoft Security Bulletin MS07-002
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)
- http://www.microsoft.com/technet/security/bulletin/ms07-002.mspx
This update resolves vulnerabilities in Excel that could allow remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...

Microsoft Security Bulletin MS07-003
Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)
- http://www.microsoft.com/technet/security/bulletin/ms07-003.mspx
This update resolves vulnerabilities in Outlook that could allow remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...

Microsoft Security Bulletin MS07-004
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)
- http://www.microsoft.com/technet/security/bulletin/ms07-004.mspx
This update resolves vulnerabilities in Internet Explorer that could allow remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...

Important (1)

Microsoft Security Bulletin MS07-001
Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585)
- http://www.microsoft.com/technet/security/bulletin/ms07-001.mspx
This update resolves a vulnerability in Office that could allow remote code execution. User interaction is required for an attacker to exploit these vulnerabilities.
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...

--------------------
Revisions:
• V1.0 (January 09, 2007): Bulletin published.

==================================

ISC Anaylsis
- http://isc.sans.org/diary.html?storyid=2034
Last Updated: 2007-01-09 18:13:05 UTC
==================================

- http://blog.washingtonpost.com/securityfix/2007/01/microsoft_plugs_ten_security_h.html
January 9, 2007
"...Plug at least 10 security holes in its Windows operating system and other software... Patches fix at least nine vulnerabilities in different versions of Office, but they are most serious for users of Office 2000. While users of newer versions of Office can also get Office updates from the Microsoft Update site, Office 2000 users will need to fire up Internet Explorer and pay a visit to the Office Update site* and let the site scan their system for any missing patches..."

* http://office.microsoft.com/en-us/officeupdate/default.aspx
.

AplusWebMaster
2007-01-17, 00:23
FYI...

- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=196900546
Jan. 12, 2007 ~ "A company that specializes in creating attacks for penetration testing came up with a working exploit of a critical Microsoft patch within just hours of the fix hitting the street Tuesday. Immunity, a security and consulting firm, said earlier this week that it had published a working exploit for the VML (Vector Markup Language) vulnerability within three hours of Microsoft announcing the bug and issuing a patch. The VML flaw, which was outlined in the MS07-004 security bulletin, affects Windows 2000- and Windows XP-powered PCs running Internet Explorer 5.01, 6.0, and 7. It is similar, researchers have said, to a VML vulnerability that was patched out of cycle in September. Some security researchers put the VML bug at their top of their patch-now lists, and said that because there were active exploits already in circulation, users and enterprises should deploy this fix before any others issued Tuesday. Hackers could use the vulnerability to hijack PCs; all they need do is lure users to a malicious Web site. Simply viewing the malformed page could result in losing control of the PC..."

> http://www.immunitysec.com/news-latest.shtml
"...Immunity releases MS07_004 Exploit Immunity, Inc. publishes working exploit for MS07_004 into Immunity Partners' program..."

:fear:

AplusWebMaster
2007-01-27, 00:59
FYI...

Microsoft Security Advisory (932114)
Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/932114.mspx
January 26, 2007
"Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000. In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker. As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources... Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs..."

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0515

MSRC blog:
- http://blogs.technet.com/msrc/archive/2007/01/26/microsoft-security-advisory-932114-posted.aspx
January 26, 2007 ~ "...We are currently investigating a report of a posting of proof of concept code which could allow an attacker to execute code on a user’s machine in their security context by convincing them to open a specially-crafted Word document..."

:spider: :fear: