Old MS Alerts

[AplusWebMaster]

Protect Your Network from Conficker

FYI...

Protect Your Network from Conficker
- http://technet.microsoft.com/en-us/security/dd452420.aspx
February 6, 2009 - "This page aims to help customers by providing consolidated information about Conficker that customers can use to protect their systems and with which to recover systems that have been infected..."

("Related Links" also available at the URL above.)

:fear:

 

[AplusWebMaster]

OpenDNS - Conficker tracking - blocking

FYI...

OpenDNS to roll out Conficker tracking - blocking
- http://www.theregister.co.uk/2009/02/07/opendns_conficker_protection/
7 February 2009 21:32 GMT - "With an estimated 10 million PCs infected by the stealthy worm known as Conficker, it's a good bet that plenty of administrators are blissfully unaware that their networks are playing host to the pest. Now, a free service called OpenDNS* is offering a new feature designed to alert administrators to the damage and help them contain it.
The company on Monday plans to introduce an addition to its offerings that makes it easy for admins to know if even a single machine has been infected by Conficker. The service will also automatically protect infected machines by preventing them from connecting to rogue servers controlled by the malware authors... Without the service, admins would have to manually block 1,750 domains each week, or 91,250 each year. The service will also help network admins to quickly pinpoint any infected machines by checking their OpenDNS Dashboard. Starting Monday, any networks with PCs that try to connect to the Conficker addresses will be flagged on an admin's private statistics page. The service is available for free to both businesses and home users... The service is first offered under a new botnet protection service being rolled out by OpenDNS... The list of blocked domains is being provided by anti-virus provider Kaspersky, which reverse-engineered Conficker so it could preemptively predict the new sites that will be used each day."
* https://www.opendns.com/homenetwork/start/

- http://blog.opendns.com/2009/02/09/stats-are-back-and-conficker/
Feb 9, 2009

- http://www.shadowserver.org/wiki/pmwiki.php?n=Stats.Sinkholes
February 16, 2009

:bigthumb:

 

[AplusWebMaster]

MS Security Bulletin Summary - February 2009

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms09-feb.mspx
February 10, 2009 - "This bulletin summary lists security bulletins released for February 2009... (-4-)

Critical -2-

Microsoft Security Bulletin MS09-002
Cumulative Security Update for Internet Explorer (961260)
- http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS09-003
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
- http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Exchange Server

Important -2-

Microsoft Security Bulletin MS09-004
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
- http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft SQL Server
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5416
Last revised:02/12/2009
CVSS v2 Base Score: 9.0 (HIGH)

Microsoft Security Bulletin MS09-005
Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
- http://www.microsoft.com/technet/security/bulletin/ms09-005.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office
___

ISC Analysis
- http://isc.sans.org/diary.html?storyid=5836
Last Updated: 2009-02-10 18:59:20 UTC

.

 

[AplusWebMaster]

MS Security Bulletin MS08-070 - updated

FYI...

MS Security Bulletin MS08-070 - Critical
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
- http://www.microsoft.com/technet/security/Bulletin/ms08-070.mspx
Updated: February 10, 2009 - This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. These vulnerabilities could allow remote code execution if a user browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights...

...Further details can be found in the security release issued by Akamai:
- http://www.akamai.com/html/support/security.html

...Further details can be found in the security release issued by RIM:
- http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB16248

• V1.2 (February 10, 2009): Clarified the class IDs for two ActiveX controls.
First, listed a second class ID in the workaround, "Prevent Windows Common AVI ActiveX Control from running in Internet Explorer," for CVE-2008-4255.
Second, listed in the section, Frequently asked questions (FAQ) related to this security update, the class ID for the Winsock Control for which the kill bit is being set as a security-related change to functionality in this update. This is an informational change only. There were no changes to the security update files in this bulletin.

//

Microsoft Security Advisory (960715)
Update Rollup for ActiveX Kill Bits
- http://www.microsoft.com/technet/security/advisory/960715.mspx
Published: February 10, 2009 - "Microsoft is releasing a new set of ActiveX kill bits with this advisory. The update includes kill bits for previously published Microsoft security bulletins:
• MS08-070 - Critical
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
- http://www.microsoft.com/technet/security/Bulletin/ms08-070.mspx
For more information about installing this update, see:
Update Rollup for ActiveX Kill Bits
- http://support.microsoft.com/kb/960715
February 10, 2009

:fear:

 

[AplusWebMaster]

MSRT February 2009 - Win32/Srizbi

FYI...

MSRT February 2009 - Win32/Srizbi
- http://preview.tinyurl.com/d59enk
February 10, 2009 Microsoft Malware Protection Center - "This month's MSRT takes on one of the largest botnets currently active worldwide – Win32/Srizbi. The Srizbi family of malware consists of trojan droppers and rootkits that often spread through spam e-mails containing download links to the malware. Much like its alleged close cousin Win32/Rustock (which is removed by the MSRT since Oct 2008), the Srizbi family of malware was developed mainly for the purpose of spam-for-hire operations. The Srizbi malware authors offer the botnet as an efficient method of sending spam e-mails for any organization who would stoop low enough to utilize this mechanism for advertising their intent..."
> http://www.microsoft.com/security/malwareremove/default.mspx

:fear: :bigthumb:

 

[AplusWebMaster]

MS09-002 exploit in-the-wild...

FYI...

- http://blog.trendmicro.com/another-exploit-targets-ie7-bug/
Feb. 17, 2009 - "Cybercriminals are actively exploiting a critical vulnerability in Internet Explorer 7, which arises from the browser’s improper handling of errors when attempting to access deleted objects. This vulnerability allows remote attackers to execute arbitrary codes on a vulnerable machine. The threat starts with a spammed malicious .DOC file detected as XML_DLOADR.A. This file has a very limited distribution script, suggesting it may be a targeted attack. It contains an ActiveX object that automatically accesses a site rigged with a malicious HTML detected by the Trend Micro Smart Protection Network as HTML_DLOADER.AS. HTML_DLOADER.AS exploits the CVE-2009-0075* vulnerability, which is already addressed by the MS09-002** security patch released last week. On an unpatched system though, successful exploitation by HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS. This backdoor further installs a .DLL file that has information stealing capabilities. It sends its stolen information to another URL via port 443... Our engineers are still working on the details of this threat. We will post updates as soon as more information becomes available..."
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0075
Last revised: 02/17/2009

** http://www.microsoft.com/technet/security/Bulletin/MS09-002.mspx

- http://isc.sans.org/diary.html?storyid=5884
Last Updated: 2009-02-17 19:55:10 UTC - "...there is absolutely nothing preventing attackers from using the exploit in a drive-by attack (and we can, unfortunately, expect that this will happen very soon)..."

- http://www.us-cert.gov/current/#malware_exploiting_microsoft_internet_explorer
February 17, 2009

:fear: :spider: :fear:

 

[AplusWebMaster]

MS09-002 exploit in-the-wild continued...

FYI...

- http://vrt-sourcefire.blogspot.com/2009/02/ms09-002-in-wild.html
February 18, 2009 - "Yesterday we came across a website taking advantage of a programming error in Internet Explorer that allows a remote attacker to execute code on a vulnerable system. Microsoft issued an advisory (MS09-002) on February 10, 2009 and released a patched on the same day to mitigate the problem. We released same-day coverage for this and other vulnerabilities*... Upon visiting the compromised page with Internet Explorer 7 on a vulnerable machine, a malicious script is executed, which in turn downloads an executable on the system before crashing the web browser...
UPDATE: As of 11AM EST on Feb 19, 2009, another Chinese website is leveraging MS09-002 to push malware to victims..."
* http://www.snort.org/vrt/advisories/vrt-rules-2009-02-10.html
'Better known as "Drive-by malware"...
________________________________________

Cumulative Security Update for Internet Explorer - Extreme Severity
- http://atlas.arbor.net/briefs/
February 23, 2009 - "...key issues to address for -all- users of IE7. We have seen this used in targeted attacks and now exploit kits that target indiscriminately."
* http://www.microsoft.com/technet/security/bulletin/ms09-002.mspx

:fear:

 

[AplusWebMaster]

Vuln in Excel...

FYI...

Microsoft Security Advisory (968272)
Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/968272.mspx
February 24, 2009 - "Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability...
• Users who have installed and are using the Office Document Open Confirmation Tool* for Office 2000 will be prompted with Open, Save, or Cancel before opening a document.
* http://www.microsoft.com/downloads/details.aspx?familyid=8B5762D2-077F-4031-9EE6-C9538E9F2A2F

- http://www.securityfocus.com/bid/33870/exploit
"Symantec has detected active in-the-wild exploit attempts. This issue is detected as 'Trojan.Mdropper.AC'**

Trojan.Mdropper.AC
** http://preview.tinyurl.com/dbz42c
Updated: February 24, 2009 - "Systems Affected: Windows Vista, Windows XP
When the Trojan executes, it may exploit the Microsoft Excel Unspecified Remote Code Execution Vulnerability (BID 33870).
It then drops the following file: %Temp%\rundll.exe (a copy of Downloader)
The Trojan may then attempt to download more files on to the compromised computer from the following locations:
* [http://]61. 59.24.55 /sb.php?id=[19 RANDOM ASCII CHARACTERS]
* [http://]61. 59.24.45 /sb.php?id=[19 RANDOM ASCII CHARACTERS]
* [http://]61. 221.40.63 /sb.php?id=[19 RANDOM ASCII CHARACTERS] ..."

:fear::fear:

 

[AplusWebMaster]

MS AutoRun fix for XP, W2K, W2K3 released...

FYI...

MS AutoRun fix for XP, W2K, W2K3 released...
- http://preview.tinyurl.com/cqtxcd
February 24, 2009 Computerworld - "Microsoft is pushing out a software update to some Windows users that fixes a bug in the Windows AutoRun software, used to automatically launch programs when DVDs or USB devices are introduced to the PC... the widespread Conficker worm uses AutoRun to spread from USB devices to PCs... (MS) had also pushed out a July update that fixed the problem for Vista and Server 2008*; but this fix** was -not- automatically updated for Windows 2000, XP and Server 2003 users..."

* http://www.microsoft.com/technet/security/Bulletin/MS08-038.mspx

How to correct "disable Autorun registry key" enforcement in Windows
** http://support.microsoft.com/kb/967715
February 24, 2009

- http://isc.sans.org/diary.html?storyid=5938
Last Updated: 2009-02-26 20:46:47 UTC ...(Version: 2)
"...XP home can't run gpedit.msc. XP home users need to follow the "How to selectively disable specific autorun features" steps. I recommend you modify the NoDriveTypeAutoRun value to 0xFF. That should disable autorun on ALL drives."

:fear::fear:

 

[AplusWebMaster]

Update for Windows Autorun

FYI...

Microsoft Security Advisory (967940)
Update for Windows Autorun
- http://www.microsoft.com/technet/security/advisory/967940.mspx
02/24/2009 - "Microsoft is announcing the availability of an update that corrects a functionality feature that can help customers in keeping their systems protected. The update corrects an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected. When functioning as expected, the NoDriveTypeAutoRun registry key can be used to selectively disable Autorun functionality (e.g. AutoPlay, double click, and contextual menu features associated with Autorun) for drives on a user's system and network. Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file. We encourage Windows customers to review and install this update. This update is available through automatic updating and from the download center. For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 967715*."
* http://support.microsoft.com/kb/967715

:fear::fear:

 

[AplusWebMaster]

MS Security Bulletin Advance Notification - March 2009

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-mar.mspx
March 5, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on March 10, 2009...
(Total of -3-)

Critical (1)

Windows 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Important (2)

Windows 2
Maximum Severity Rating: Important
Vulnerability Impact: Spoofing
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Windows 3
Maximum Severity Rating: Important
Vulnerability Impact: Spoofing
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Other Information
Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center...

- http://blogs.technet.com/msrc/archive/2009/03/05/march-2009-advanced-notification.aspx
___

- http://www.informationweek.com/shared/printableArticle.jhtm?articleID=215800831
March 5, 2009 - "The vulnerability that Microsoft warned about just over a week ago affects files that use the old .xls binary format but not the newer .xlsx format... Conspicuously absent is a fix for the Excel security flaw..."
// Excel 0-day - http://www.microsoft.com/technet/security/advisory/968272.mspx

- http://atlas.arbor.net/briefs/index#-1301369182
Severity: High Severity
Published: Thursday, March 05, 2009 14:00
At least one, possibly two, new and previously undisclosed vulnerabilities have been discovered and are being actively exploited in targeted, selective attacks. The document drops an EXE that downloads more components from three websites: 61.59.24.55, 61.59.24.45, and 61.221.40.63. At least two of these websites appear to be disabled at this point. We do not know when this vulnerability will be fixed by Microsoft.
Analysis: This is a targeted, very selective attack at this point focusing on US government and specific agencies and third-parties at this point. We do not have any additional information to share at this time, we recommend concerned parties contact Microsoft, CERT/CC or US-CERT for additional details as needed.
- http://www.securityfocus.com/brief/914

SecureWorks
- http://preview.tinyurl.com/99wgn9

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0238

:fear:

 

[AplusWebMaster]

MS Security Bulletin Summary - March 2009

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-mar.mspx
March 10, 2009 - "This bulletin summary lists security bulletins released for March 2009...

Critical -1-

Microsoft Security Bulletin MS09-006 – Critical
Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
- http://www.microsoft.com/technet/security/bulletin/MS09-006.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...
Executive Summary: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008...
CVE-2009-0081, CVE-2009-0082, CVE-2009-0083

Important -2-

Microsoft Security Bulletin MS09-007 - Important
Vulnerability in SChannel Could Allow Spoofing (960225)
- http://www.microsoft.com/technet/security/bulletin/MS09-007.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...
Executive Summary: This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means. This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008...
CVE-2009-0085

Microsoft Security Bulletin MS09-008 – Important
Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
- http://www.microsoft.com/technet/security/bulletin/MS09-008.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...
Executive Summary: This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS server and Windows WINS server. These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008...
CVE-2009-0093, CVE-2009-0094, CVE-2009-0233, CVE-2009-0234
___

Malicious Software Removal Tool
- http://www.microsoft.com/security/malwareremove/default.mspx
File Name: windows-kb890830-v2.8.exe
Version: 2.8
Knowledge Base (KB) Articles: http://support.microsoft.com/?kbid=890830
Date Published: 3/10/2009
___

ISC Analysis
- http://isc.sans.org/diary.html?storyid=5995
Last Updated: 2009-03-10 17:48:31 UTC

 

[AplusWebMaster]

Microsoft Security Bulletin MS08-052 – V4.0

Revised...

Microsoft Security Bulletin MS08-052 – Critical
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
- http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
Updated: March 10, 2009
• V4.0 (March 10, 2009): Added entry in the Frequently Asked Questions (FAQ) Related to this Security Update section to communicate the rerelease of the update packages for Windows XP Service Pack 3 and Windows Server 2003 Service Pack 2 to fix an installation issue. Customers who have already successfully installed the original updates for Windows XP Service Pack 3 or Windows Server 2003 Service Pack 2 do not need to reinstall the new updates.

:fear:

 

[AplusWebMaster]

FYI...

- http://isc.sans.org/diary.html?storyid=6010
Last Updated: 2009-03-13 03:07:43 UTC - "...Microsoft should really fix this vulnerability and pay more attention to local privilege escalation vulnerabilities. While MS released an advisory with suggested workarounds (available at http://www.microsoft.com/technet/security/advisory/951306.mspx *), I don’t think enough people know about this..."
* Microsoft Security Advisory (951306)
Vulnerability in Windows Could Allow Elevation of Privilege...
Revisions:
• April 17, 2008: Advisory published
• April 23, 2008: Added clarification to impact of workaround for IIS 6.0
• August 27, 2008: Added Windows XP Professional Service Pack 3 as affected software.
• October 9, 2008: Added information regarding the public availability of exploit code.

:fear::fear:

 

[AplusWebMaster]

Microsoft Security Advisory (969136) - PowerPoint

FYI...

Microsoft Security Advisory (969136)
Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/969136.mspx
April 2, 2009 - "Microsoft is investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability... Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."

- http://secunia.com/advisories/34572/
Release Date: 2009-04-03
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...

- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0556

:fear:

 

[AplusWebMaster]

New exploit of MS08-067

FYI...

New exploit of MS08-067
- http://blogs.technet.com/mmpc/archive/2009/04/03/a-new-exploit-of-ms08-067-has-been-identified.aspx
April 03, 2009 - "... We have found a new exploit of MS08-067 other than Conficker. We also discovered that we already detected and protected users against this new malware... Neeris is a worm that has been active for a few years. Some of its variants used to exploit MS06-040 which addressed a vulnerability in the same Server service as MS08-067. However it looks like the authors of Neeris have been taking notes from Conficker. A new variant of the Neeris worm has been launched this week. It has some interesting similarities to Conficker:
• The new variant of Neeris has been updated to exploit MS08-067. Also, after the successful exploitation, the victim machine downloads a copy of the worm from the attacking machine using HTTP.
• Neeris spreads via autorun. The new Neeris variant even adds the same ‘Open folder to view files’ AutoPlay option that Conficker does.
• Neeris uses a driver to patch the TCP/IP layer of the system in order to remove the outgoing connection limits from XPSP2 ...
The file names that this malware uses are deceptive. Most commonly we saw it using the name “Netmon.exe” but it sometimes masquerades itself as a SCR file with names that follow the pattern <two digits.scr>. It also drops a copy of itself using the file name smartkey.exe. Even its image time stamp is bogus: 6/19/1992 10:22:17 PM. The malware adds itself to start every time Windows starts and even adds itself to the Safe Boot configuration.
Due to the similarities to Conficker, most of the mitigations that were mentioned also apply here: make sure to install MS08-067 if you haven’t done so yet and be careful to use only AutoPlay options you’re familiar with or consider disabling the Autorun altogether. Other mitigations and information are available in our write up at Worm:Win32/Neeris.gen!C *..."
* http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Neeris.gen!C

:fear::fear:

 

[AplusWebMaster]

MS Security Bulletin Advance Notification - April 2009

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-apr.mspx?pf=true
April 9, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on April 14, 2009... (Total of -

Critical (5)

Windows 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Microsoft Office...

Windows 2
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Windows 3
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows...

IE
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Internet Explorer...

Excel
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

Important (2)

Windows 4
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

ISA
Maximum Severity Rating: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Forefront Edge Security...

Moderate (1)

Windows 5
Maximum Severity Rating: Moderate
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

//

 

[AplusWebMaster]

April 14: MS Support ends for...

FYI...

- http://www.wservernews.com/
Apr. 10, 2009 - "Next Tuesday (14-Apr-2009), Redmond will no longer offer mainstream support for a bunch of Service Packs flavors, WinXP (Service Pack 0) and W2K3 SP1 among them. They said they will continue to provide free security fixes for XP until 2014. Windows XP still accounts for about 63 percent of all Internet-connected computers, according to March 2009 statistics from Hitslink, while Windows Vista makes up about 24 percent. Here are the Hitslink market share numbers:
http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=10
Support for WinXP Service Pack 2 is until July 13, 2010. Existing XP users are encouraged to upgrade to the latest SP3. More about this at the "Windows Service Pack Road Map" at Microsoft:
- http://www.microsoft.com/windows/lifecycle/servicepacks.mspx ...
... list of products and versions where the support will end on April 14, 2009...
- http://preview.tinyurl.com/s870 ..."

:lip:

 

[AplusWebMaster]

IEv8 set for automatic roll-out

FYI...

- http://preview.tinyurl.com/cj5b73
April 10, 2009 IEBlog - "... Starting on or about the third week of April, users still running IE6 or IE7 on Windows XP, Windows Vista, Windows Server 2003, or Windows Server 2008 will get will get a notification through Automatic Update about IE8. This rollout will start with a narrow audience and expand over time to the entire user base. On Windows XP and Server 2003, the update will be High-Priority. On Windows Vista and Server 2008 it will be Important. IE8 will not automatically install on machines. Users must opt-in to install IE8. Users will see a Welcome screen that offers choices: Ask later, install now, or don’t install. Users who decline the automatic update can still download it from http://www.microsoft.com/ie8 or from Windows Update as an optional update... If an organization uses Automatic Update to keep Windows up-to-date but wants to manage its own deployment of IE8, a free Blocker Toolkit* is available that will block automatic delivery of IE8. This blocker toolkit was released in January 2009 and has no expiration date..."
* http://preview.tinyurl.com/9yjpqw

:spider::buried:

 

[AplusWebMaster]

MS Security Bulletin Summary - April 2009

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-apr.mspx?pf=true
April 14, 2009 - "This bulletin summary lists security bulletins released for April 2009... (Total of -8- )

Critical (5)

Microsoft Security Bulletin MS09-009
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
- http://www.microsoft.com/technet/security/bulletin/MS09-009.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS09-010
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
- http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Microsoft Office...

Microsoft Security Bulletin MS09-011
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
- http://www.microsoft.com/technet/security/bulletin/MS09-011.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-013
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
- http://www.microsoft.com/technet/security/bulletin/MS09-013.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-014
Cumulative Security Update for Internet Explorer (963027)
- http://www.microsoft.com/technet/security/bulletin/MS09-014.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Internet Explorer...

Important (2)

Microsoft Security Bulletin MS09-012
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
- http://www.microsoft.com/technet/security/bulletin/MS09-012.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-016
Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
- http://www.microsoft.com/technet/security/bulletin/MS09-016.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Forefront Edge Security...

Moderate (1)

Microsoft Security Bulletin MS09-015
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
- http://www.microsoft.com/technet/security/bulletin/MS09-015.mspx
Maximum Severity Rating: Moderate
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

- http://blogs.technet.com/msrc/archive/2009/04/14/april-2009-monthly-bulletin-release.aspx
April 14, 2009
___

MSRT - April 2009
- http://support.microsoft.com/?kbid=890830
April 14, 2009 - Revision: 58.0
(Recent adds)
Win32/Conficker - January 2009 (V 2.6) High
Win32/Srizbi - February 2009 (V 2.7) Moderate
Win32/Koobface - March 2009 (V 2.8) Moderate
Win32/Waledac - April 2009 (V 2.9) Moderate
Download: http://preview.tinyurl.com/6bb67
___

ISC Analysis (includes CVE links)
- http://isc.sans.org/diary.html?storyid=6193
Last Updated: 2009-04-15 02:14:16 UTC ...
___

- http://preview.tinyurl.com/cnylhb
April 14, 2009 (Computerworld) - 10 of the 23 vulnerabilities have already been exploited or are public...

.