Outlook 2007 update - released 11 Jan 2011
FYI...
Outlook 2007 - update released 11 Jan 2011
Ref: http://blogs.office.com/b/microsoft-...-released.aspx
13 Jan 2011 - "... Outlook 2007... update released on Tuesday, January 11..."
* http://support.microsoft.com/kb/2412171
Last Review: January 13, 2011 - Revision: 6.0
- http://support.microsoft.com/kb/2485531
Last Review: January 11, 2011 - Revision: 5.0 - "... To resolve this issue, install the -current- version of update 2412171* ..."
:scratch:
MS graphics advisory updated - 2011.01.19
FYI...
Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2490606.mspx
• V1.2 (January 19, 2011): Clarified that the Modify the Access Control List (ACL) on shimgvw.dll workaround only applies to Windows XP and Windows Server 2003 systems and added a new workaround, Disable viewing of thumbnails in Windows Explorer on Windows Vista and Windows Server 2008 systems.
"... Workarounds:
• Modify the Access Control List (ACL) on shimgvw.dll on Windows XP and Windows Server 2003 systems...
Impact of Workaround: Media files typically handled by the Graphics Rendering Engine will not be displayed properly...
• Disable viewing of thumbnails in Windows Explorer on Windows Vista and Windows Server 2008 systems...
Impact of Workaround: Windows Explorer will not display thumbnail images..."
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-3970
Original release date: 12/22/2010
Last revised: 01/19/2011
CVSS v2 Base Score: 9.3 (HIGH)
:lip:
MS Security Bulletin Advance Notification - February 2011
FYI...
- http://www.microsoft.com/technet/sec.../MS11-feb.mspx
February 03, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on February 8, 2011... (Total of -12-)
Critical -3-
Bulletin 1 - Critical - Remote Code Execution - Requires restart
Microsoft Windows, Internet Explorer
Bulletin 2 - Critical - Remote Code Execution - Requires restart
Microsoft Windows
Bulletin 3 - Critical - Remote Code Execution - Requires restart
Microsoft Windows
Important -9-
Bulletin 4 - Important - Remote Code Execution - May require restart
Microsoft Windows
Bulletin 5 - Important - Denial of Service - Requires restart
Microsoft Windows
Bulletin 6 - Important - Remote Code Execution - May require restart
Microsoft Office
Bulletin 7 - Important - Information Disclosure - May require restart
Microsoft Windows
Bulletin 8 - Important - Elevation of Privilege - Restart required
Microsoft Windows
Bulletin 9 - Important - Elevation of Privilege - Restart required
Microsoft Windows
Bulletin 10 - Important - Elevation of Privilege - Restart required
Microsoft Windows
Bulletin 11 - Important - Elevation of Privilege - Restart required
Microsoft Windows
Bulletin 12 - Important - Elevation of Privilege - Restart required
Microsoft Windows
___
- http://blogs.technet.com/b/msrc/arch...n-release.aspx
Feb. 3, 2011 - "... we'll be addressing issues related to two recent Security Advisories, 2490606 (a public vulnerability affecting the Windows Graphics Rendering Engine) and 2488013 (a public vulnerability affecting Internet Explorer). Additionally, we will be addressing an issue affecting FTP service in IIS 7.0 and 7.5..."
- http://isc.sans.edu/diary.html?storyid=10357
Last Updated: 2011-02-04 18:42:28 UTC
.
RE: MS Security Bulletin Advance Notification - February 2011...
FYI...
- http://www.computerworld.com/s/artic...look_2007_bugs
Feb 7, 2011 - "Microsoft will take yet another crack this month at fixing a December update for Outlook 2007... The company reissued the update on Jan. 11, saying it had solved the problems... Apparently not*..."
* http://msexchangeteam.com/archive/20...01/457903.aspx
Feb. 01, 2011 - "... we recommend that you test them in a non-production environment before deploying them in production..."
- http://www.theinquirer.net/inquirer/...-explorer-flaw
Feb 04 2011 - "... Microsoft will fix 22 vulnerabilities in next week's Patch Tuesday security fixes, although -not- the Windows Internet Explorer zero-day vulnerability that was discovered recently*... Qualys said it has seen limited exploits for these on the wild, so the update is highly recommended..."
* http://support.microsoft.com/kb/2501696#FixItForMe
Vuln in MHTML "FixIt" - January 28, 2011
:surrender:
MS Security Bulletin Summary - February 2011
FYI...
- http://www.microsoft.com/technet/sec.../MS11-feb.mspx
February 08, 2011 - "This bulletin summary lists security bulletins released for February 2011...
(Total of -12-)
Critical -3-
Microsoft Security Bulletin MS11-003 - Critical
Cumulative Security Update for Internet Explorer (2482017)
- http://www.microsoft.com/technet/sec.../MS11-003.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS11-006 - Critical
Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
- http://www.microsoft.com/technet/sec.../MS11-006.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS11-007 - Critical
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)
- http://www.microsoft.com/technet/sec.../MS11-007.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Important -9-
Microsoft Security Bulletin MS11-004 - Important
Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)
- http://www.microsoft.com/technet/sec.../ms11-004.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS11-005 - Important
Vulnerability in Active Directory Could Allow Denial of Service (2478953)
- http://www.microsoft.com/technet/sec.../MS11-005.mspx
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS11-008 - Important
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)
- http://www.microsoft.com/technet/sec.../ms11-008.mspx
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS11-009 - Important
Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792)
- http://www.microsoft.com/technet/sec.../MS11-009.mspx
Important - Information Disclosure - May require restart - Microsoft Windows
Microsoft Security Bulletin MS11-010 - Important
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)
- http://www.microsoft.com/technet/sec.../MS11-010.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS11-011 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)
- http://www.microsoft.com/technet/sec.../ms11-011.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS11-012 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628)
- http://www.microsoft.com/technet/sec.../ms11-012.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS11-013 - Important
Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)
- http://www.microsoft.com/technet/sec.../ms11-013.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS11-014 - Important
Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)
- http://www.microsoft.com/technet/sec.../MS11-014.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___
Deployment Priority
- http://blogs.technet.com/cfs-filesys...2D00_feb11.png
Severity and Exploitabilty Index
- http://blogs.technet.com/cfs-filesys...2D00_feb11.png
___
MSRT
- http://support.microsoft.com/?kbid=890830
February 8, 2011 - Revision: 84.0
(Recent additions)
- http://www.microsoft.com/security/ma.../families.aspx
... added this release...
• Cycbot
- http://blogs.technet.com/b/mmpc/arch...-for-msrt.aspx
9 Feb 2011
Download:
- http://www.microsoft.com/downloads/e...displaylang=en
File Name: windows-kb890830-v3.16.exe
To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/d...displaylang=en
File Name: windows-kb890830-x64-v3.16.exe
___
ISC Analysis
- http://isc.sans.edu/diary.html?storyid=10375
Last Updated: 2011-02-09 21:20:21 UTC (Version: 5)
Q&A: February 2011 Security Bulletin Release
- http://blogs.technet.com/b/msrc/p/fe...letin-q-a.aspx
February 9, 2011
.
MS Security advisory - Autorun ...
FYI...
Microsoft Security Advisory (967940)
Update for Windows Autorun
- http://www.microsoft.com/technet/sec...ry/967940.mspx
Published: February 24, 2009 | Updated: February 08, 2011 - "... availability of updates to the Autorun feature that help to restrict AutoPlay functionality to only CD and DVD media on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Restricting AutoPlay functionality to only CD and DVD media can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a USB flash drive, network shares, or other non-CD and non-DVD media containing a file system with an Autorun.inf file...
FAQS: ...After installing the initial update described in Microsoft Knowledge Base Article 967715, the default registry setting to disable Autorun on network drives is properly enforced. After installing the 971029 update*, customers may experience the following AutoPlay behavior:
• Many existing devices in market, and many upcoming devices, use the Autorun feature with the AutoPlay dialog box to present and install software when DVDs, CDs, and USB flash drives are inserted. The AutoPlay behavior with CD and DVD media is not affected by this update.
• Users who install this update will no longer receive a setup message that prompts them to install programs that are delivered by USB flash drives. Users will have to manually install the software. To do this, users click Open folder to view the files, browse to the software's setup program, and then double-click the setup program to run the program manually.
• Some USB flash drives have firmware that present these USB flash drives as CD drives when you insert them into computers. The AutoPlay behavior with these USB flash drives is not affected by this update..."
• V2.0 (February 8, 2011): Summary and update FAQ revised to notify users that the 971029 update to Autorun that restricts AutoPlay functionality to CD and DVD media will be offered via automatic updating.
- http://blogs.technet.com/b/msrc/arch...40-update.aspx
8 Feb 2011
* http://support.microsoft.com/kb/971029
Last Review: February 8, 2011 - Revision: 4.0
- http://support.microsoft.com/kb/967715
Last Review: September 9, 2010 - Revision: 6.2
Virus families using Autorun / MMPC charts - MSE detections
- http://www.microsoft.com/security/po...207_image1.jpg
MSRT - major virus families using Autorun
- http://www.microsoft.com/security/po...207_image2.jpg
Also see Table 1: Top Families, 2H 2010, by Number of Detections
- http://blogs.technet.com/b/mmpc/arch...d-autorun.aspx
8 Feb. 2011
(Optional MS update) Restrict USB Autorun: Update for Windows (KB971029)
- http://www.f-secure.com/weblog/archives/00002096.html
February 9, 2011
___
Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2490606.mspx
Updated: February 08, 2011 - "... We have issued MS11-006* to address this issue..."
* http://www.microsoft.com/technet/sec.../MS11-006.mspx
Microsoft Security Advisory (2488013)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2488013.mspx
Updated: February 08, 2011 - "... We have issued MS11-003** to address this issue..."
** http://www.microsoft.com/technet/sec.../MS11-003.mspx
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2269637.mspx
Published: August 23, 2010 | Updated: February 08, 2011 - Version: 5.0
... Update released on February 8, 2011
• Microsoft Security Bulletin MS11-003**, "Cumulative Security Update for Internet Explorer," provides support for a vulnerable component of Internet Explorer that is affected by the Insecure Library Loading class of vulnerabilities described in this advisory.
:fear:
Win7 SP1 release date - 2011.02.22
FYI...
Win7 SP1 release date - 2011.02.22
- http://blogs.technet.com/b/windowsse...ing-today.aspx
9 Feb 2011 - "... pleased to announce the Release to Manufacturing (RTM) of Windows Server 2008 R2 Service Pack 1 (SP1), along with Windows 7 SP1. SP1 will be made generally available for download on February 22... On February 22, both will be available to all customers through Windows Update..."
.
Autorun advisory updated - again.
FYI... Autorun advisory updated - again.
Microsoft Security Advisory (967940)
Update for Windows Autorun
- http://www.microsoft.com/technet/sec...ry/967940.mspx
Updated: February 22, 2011
Version: 2.1
• V2.1 (February 22, 2011): Summary revised to notify users of a change in the deployment logic for updates described in this advisory. This change is intended to minimize the user interaction required to install the updates on systems configured for automatic updating.
:blink: