MS advisory - Browser fraud threat...
FYI...
Microsoft Security Advisory (2524375)
Fraudulent Digital Certificates Could Allow Spoofing
- http://www.microsoft.com/technet/sec...y/2524375.mspx
March 23, 2011 - "Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against -all- Web browser users including users of Internet Explorer... Comodo has revoked these certificates, and they are listed in Comodo’s current Certificate Revocation List (CRL). In addition, browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used. An update is available for all supported versions of Windows to help address this issue. For more information about this update, see Microsoft Knowledge Base Article 2524375*..."
* http://support.microsoft.com/kb/2524375
March 23, 2011 - Revision: 1.0
- http://www.securitytracker.com/id/1025248
Mar 23 2011
- http://isc.sans.edu/diary.html?storyid=10603
Last Updated: 2011-03-23 18:11:20 UTC
___
- http://www.secureworks.com/research/...rsacompromise/
March 18, 2011
:fear:
MS Security Bulletin Advance Notification - April 2011
FYI...
- https://www.computerworld.com/s/arti...l_fix_64_flaws
April 7, 2011 - "... will patch a record 64 vulnerabilities in Windows, Office, Internet Explorer, Windows graphics framework, and other software next week..."
- http://www.microsoft.com/technet/sec.../ms11-apr.mspx
April 07, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on April 12, 2011... (Total of -17-)
Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 3 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 4 - Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 5 - Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 6 - Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office
Bulletin 7 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 8 - Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 9 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
___
Bulletin 10 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 11 - Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
Bulletin 12 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 13 - Important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 14 - Important - Remote Code Execution - May require restart - Microsoft Developer Tools and Software
Bulletin 15 - Important - Information Disclosure - Requires restart - Microsoft Windows
Bulletin 16 - Important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 17 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
___
- http://blogs.technet.com/b/msrc/arch...n-release.aspx
:sad:
MS Security Bulletin Summary - April 2011
FYI...
- http://www.microsoft.com/technet/sec.../MS11-apr.mspx
April 12, 2011 - "This bulletin summary lists security bulletins released for April 2011...(Total of -17-)
Critical
Microsoft Security Bulletin MS11-018 - Critical
Cumulative Security Update for Internet Explorer (2497640)
- http://www.microsoft.com/technet/sec.../MS11-018.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS11-019 - Critical
Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
- http://www.microsoft.com/technet/sec.../MS11-019.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS11-020 - Critical
Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
- http://www.microsoft.com/technet/sec.../MS11-020.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS11-027 - Critical
Cumulative Security Update of ActiveX Kill Bits (2508272)
- http://www.microsoft.com/technet/sec.../MS11-027.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS11-028 - Critical
Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)
- http://www.microsoft.com/technet/sec.../MS11-028.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS11-029 - Critical
Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
- http://www.microsoft.com/technet/sec.../MS11-029.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS11-030 - Critical
Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
- http://www.microsoft.com/technet/sec.../ms11-030.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS11-031 - Critical
Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
- http://www.microsoft.com/technet/sec.../MS11-031.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS11-032 - Critical
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)
- http://www.microsoft.com/technet/sec.../MS11-032.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Important
Microsoft Security Bulletin MS11-021 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
- http://www.microsoft.com/technet/sec.../ms11-021.mspx
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS10-022 - Important
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
- http://www.microsoft.com/technet/sec.../MS10-022.mspx
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS11-023 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
- http://www.microsoft.com/technet/sec.../MS11-023.mspx
Important - Remote Code Execution - May require restart - Microsoft Office
Microsoft Security Bulletin MS11-024 - Important
Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)
- http://www.microsoft.com/technet/sec.../MS11-024.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS11-025 - Important
Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
- http://www.microsoft.com/technet/sec.../MS11-025.mspx
Important - Remote Code Execution - May require restart - Microsoft Developer Tools and Software
Microsoft Security Bulletin MS11-026 - Important
Vulnerability in MHTML Could Allow Information Disclosure (2503658)
- http://www.microsoft.com/technet/sec.../ms11-026.mspx
Important - Information Disclosure - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS11-033 - Important
Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)
- http://www.microsoft.com/technet/sec.../MS11-033.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS11-034 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)
- http://www.microsoft.com/technet/sec.../ms11-034.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___
Deployment Priority
- http://blogs.technet.com/cfs-filesys...t-Priority.png
Severity and Exploitability index
- http://blogs.technet.com/cfs-filesys...lity-Index.png
___
ISC Analysis
- http://isc.sans.edu/diary.html?storyid=10693
Last Updated: 2011-04-13 00:13:23 UTC ...(Version: 3)
___
- http://www.securitytracker.com/id/1025327 - MS11-018
- http://www.securitytracker.com/id/1025328 - MS11-019
- http://www.securitytracker.com/id/1025329 - MS11-020
- http://www.securitytracker.com/id/1025337 - MS11-021
- http://www.securitytracker.com/id/1025340 - MS11-022
- http://www.securitytracker.com/id/1025343 - MS11-023
- http://www.securitytracker.com/id/1025347 - MS11-024
- http://www.securitytracker.com/id/1025346 - MS11-025
- http://www.securitytracker.com/id/1025330 - MS11-027
- http://www.securitytracker.com/id/1025331 - MS11-028
- http://www.securitytracker.com/id/1025335 - MS11-029
- http://www.securitytracker.com/id/1025332 - MS11-030
- http://www.securitytracker.com/id/1025333 - MS11-031
- http://www.securitytracker.com/id/1025334 - MS11-032
- http://www.securitytracker.com/id/1025344 - MS11-033
- http://www.securitytracker.com/id/1025345 - MS11-034
___
MSRT
- http://support.microsoft.com/?kbid=890830
April 12, 2011 - Revision: 86.0
(Recent additions)
- http://www.microsoft.com/security/pc...-families.aspx
... added this release...
• Afcore:
- http://blogs.technet.com/b/mmpc/arch...32-afcore.aspx
13 Apr 2011 - "... added the Win32/Afcore family of trojans to its detections. This malware is -aka- Coreflood* ..."
* http://forums.spybot.info/showpost.p...2&postcount=13
Download:
- http://www.microsoft.com/downloads/e...displaylang=en
File Name: windows-kb890830-v3.18.exe - 12.2MB
To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/d...displaylang=en
File Name: windows-kb890830-x64-v3.18.exe - 12.6MB
.
MS Security Advisories - 4.12.2011 ...
FYI...
Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft.com/technet/sec...ry/973811.mspx
• V1.12 (April 12, 2011): Updated the FAQ with information about a non-security update enabling Microsoft Outlook to opt in to Extended Protection for Authentication.
Microsoft Security Advisory (2506014)
Update for the Windows Operating System Loader
- http://www.microsoft.com/technet/sec...y/2506014.mspx
4/12/2011 - "Microsoft is announcing the availability of an update to winload.exe to address an issue in driver signing enforcement... this update addresses a method by which unsigned drivers could be loaded by winload.exe. This technique is often utilized by malware to stay resident on a system after the initial infection. The issue affects, and the update is available for, x64-based editions* of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2..."
* http://support.microsoft.com/kb/2506014
Microsoft Security Advisory (2501696)
Vulnerability in MHTML Could Allow Information Disclosure
- http://www.microsoft.com/technet/sec...y/2501696.mspx
Published: January 28, 2011 | Updated: April 12, 2011 - "We have issued MS11-026* to address this issue..."
* http://www.microsoft.com/technet/sec.../ms11-026.mspx
Microsoft Security Advisory (2501584)
Release of Microsoft Office File Validation for Microsoft Office
- http://www.microsoft.com/technet/sec...y/2501584.mspx
Last Updated: 4/12/2011 - "Microsoft is announcing the availability of the Office File Validation feature for supported editions of Microsoft Office 2003 and Microsoft Office 2007. The feature, previously only available for supported editions of Microsoft Office 2010, is designed to make it easier for customers to protect themselves from Office files that may contain malformed data, such as unsolicited Office files received from unknown or known sources, by scanning and validating files before they are opened... known issues* that customers may experience when utilizing the Office File Validation feature..."
* http://support.microsoft.com/kb/2501584
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2269637.mspx
• V7.0 (April 12, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-023, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution;" and MS11-025, "Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution."
.
MS11-022 - Known issues...
FYI...
MS11-022 - Known issues...
- http://support.microsoft.com/kb/2464588
Last Review: April 14, 2011
• Presentations that contain layouts with a background images may cause an error when opened in PowerPoint 2003. A dialog will notify you that some contents (text, images or objects) have corrupted; the specific content lost will be what is specified in the layout, not the actual slide content itself. Items that were removed will display a blank box or a box containing “cleansed”.
Workarounds for this issue:
Remove background images from layouts in presentations that have to be accessed and edited from PowerPoint 2003.
After the error message is displayed, save a copy of the presentation and perform edits on the copy.
Microsoft is researching this problem and will post more information in this article when the information becomes available..."
- http://support.microsoft.com/kb/2464588
Last Review: April 19, 2011 - Revision: 3.0
"... Removal information
To remove this security update, use the Add or Remove Programs item or use the Programs and Features item in Control Panel.
Note: When you remove this security update, you may be prompted to insert the disc that contains Microsoft Office PowerPoint 2003. Additionally, you may not have the option to uninstall this security update from the Add or Remove Programs item or the Programs and Features item in Control Panel. There are several possible causes for this issue.
For more information about the removal, click the following article number to view the article in the Microsoft Knowledge Base:
- http://support.microsoft.com/kb/903771
903771 Information about the ability to uninstall Office updates ..."
:fear:
PowerPoint 2003 hotfix package
FYI...
PowerPoint 2003 hotfix package
- http://support.microsoft.com/kb/2543241/en-us
Last Review: April 26, 2011 - Revision: 3.0 -
"Issues that this hotfix package fixes:
When you open presentations that contain layouts with background images in PowerPoint 2003, an error may occur. When the error occurs, you receive a message that states that some contents (text, images, or objects) have corrupted. You can determine what content has been lost by viewing the layout, but not by viewing the slide content. Items that were removed will display a blank box or a box that contains "cleansed"... this hotfix is intended to correct only the problems that are described in this article. Apply this hotfix -only- to systems that are experiencing the problems described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix...
Prerequisites: You -must- have Microsoft Office 2003 Service Pack 3 installed to apply this hotfix package...
This hotfix replaces security update 2464588, which is described in bulletin MS11-022*..."
* http://www.microsoft.com/technet/sec.../MS11-022.mspx
:fear:
MS Security Bulletin Advance Notification - May 2011
FYI...
- http://www.microsoft.com/technet/sec.../MS11-may.mspx
May 5, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on May 10, 2011... (Total of -2-)
Bulletin 1 - Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 2 - Important - Remote Code Execution - May require restart - Microsoft Office
.