WSUS and Windows update hardening
FYI...
WSUS and Windows update hardening
- http://blogs.technet.com/b/wsus/arch...available.aspx
8 Jun 2012
- http://blogs.technet.com/b/mu/archiv...this-week.aspx
June 8, 2012 - Revision: 2.2
- http://blogs.technet.com/b/configmgr...available.aspx
8 Jun 2012
... and:
- http://support.microsoft.com/kb/2720211
Last Review: June 8, 2012 - Revision: 2.2
- http://support.microsoft.com/kb/894199
Last Review: June 8, 2012 - Revision: 131.0
___
An update for Windows Server Update Services 3.0 Service Pack 2 is available
- http://support.microsoft.com/kb/2720211
Last Review: June 11, 2012 - Revision: 5.0
:fear: :fear: :spider:
MS Security Bulletin Summary - June 2012
FYI...
Ref: http://technet.microsoft.com/en-us/security/bulletin
- https://technet.microsoft.com/en-us/...letin/ms12-jun
June 12, 2012 - "This bulletin summary lists security bulletins released for June 2012...
(Total of -7-)
Critical -3-
Microsoft Security Bulletin MS12-036 - Critical
Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
- https://technet.microsoft.com/en-us/...letin/MS12-036
Critical - Remote Code Execution - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-037 - Critical
Cumulative Security Update for Internet Explorer (2699988)
- https://technet.microsoft.com/en-us/...letin/ms12-037
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS12-038 - Critical
Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
- https://technet.microsoft.com/en-us/...letin/ms12-038
Critical - Remote Code Execution - May require restart Microsoft Windows, Microsoft .NET Framework
Important -4-
Microsoft Security Bulletin MS12-039 - Important
Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
- https://technet.microsoft.com/en-us/...letin/MS12-039
Important - Remote Code Execution - May require restart - Microsoft Lync
Microsoft Security Bulletin MS12-040 - Important
Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
- https://technet.microsoft.com/en-us/...letin/ms12-040
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-041 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
- https://technet.microsoft.com/en-us/...letin/ms12-041
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS12-042 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
- https://technet.microsoft.com/en-us/...letin/MS12-042
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___
Certificate Trust List update...
- https://blogs.technet.com/b/msrc/arc...edirected=true
12 Jun 2012
RSA keys under 1024 bits are blocked
- https://blogs.technet.com/b/pki/arch...edirected=true
11 Jun 2012
Bulletin deployment priority
- https://blogs.technet.com/cfs-filesy...2-Priority.png
Severity and exploitability index
- https://blogs.technet.com/cfs-filesy...2-Severity.png
___
Microsoft Security Advisory (2719615)
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...visory/2719615
June 12, 2012
0-day... CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1889 - 9.3 (HIGH)
> http://support.microsoft.com/kb/2719615#FixItForMe
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...visory/2269637
• V16.0 (June 12, 2012) - "... Updates relating to Insecure Library Loading section: MS12-039..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=13453
Last Updated: 2012-06-12 17:45:41 UTC
___
MSRT
- http://support.microsoft.com/?kbid=890830
June 12, 2012 - Revision: 103.0
(Recent additions)
- http://www.microsoft.com/security/pc...-families.aspx
... added this release...
• Cleaman
• Kuluoz
Download:
- http://www.microsoft.com/download/en...ylang=en&id=16
File Name: Windows-KB890830-V4.9.exe - 15.5 MB
- https://www.microsoft.com/download/e...s.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.9.exe - 16.1 MB
.
MS Security Advisories 2012.06.12
FYI...
Microsoft Security Advisory (2719615)
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...visory/2719615
June 12, 2012
0-day... CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1889 - 9.3 (HIGH)
> http://support.microsoft.com/kb/2719615#FixItForMe
- https://secunia.com/advisories/49456/
Release Date: 2012-06-12
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
... vulnerability is reportedly being actively exploited.
Solution: Apply Microsoft Fix it solution.
Reported as a 0-day.
Original Advisory: Microsoft:
http://technet.microsoft.com/en-us/s...visory/2719615
- http://googleonlinesecurity.blogspot...ity-under.html
June 12, 2012 - "... attacks are being distributed both via malicious web pages intended for Internet Explorer users and through Office documents. Users running Windows XP up to and including Windows 7 are known to be vulnerable..."
___
Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/...visory/2269637
• V16.0 (June 12, 2012) - "... Updates relating to Insecure Library Loading section: MS12-039..."
___
An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
- http://support.microsoft.com/kb/2677070
Last Review: June 13, 2012 - Revision: 2.0
> https://blogs.technet.com/b/pki/arch...edirected=true
___
> http://forums.spybot.info/showpost.p...8&postcount=25
:fear::fear:
MS Security Advisory updates 2012.06.13...
FYI...
Further insight into Security Advisory 2719615
- https://blogs.technet.com/b/msrc/arc...edirected=true
13 Jun 2012 - "During our regular Update Tuesday bulletin cycle this week, we released Security Advisory 2719615*, which provides guidance concerning a remote code execution issue affecting MSXML Code Services. As part of that Advisory, we've built a Fix it workaround that blocks the potential attack vector in Internet Explorer. Fix its are a labor-saving mechanism that helps protect customers from a specific issue in advance of a comprehensive security update. We encourage customers to read more about SA2716915's one-click, no-reboot-required Fix it in an in-depth post on the SRD blog**."
* http://technet.microsoft.com/en-us/s...visory/2719615
** http://blogs.technet.com/b/srd/archi...fixing-it.aspx
Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/en-us/...visory/2718704
"... update revokes the trust of the following intermediate CA certificates:
Microsoft Enforced Licensing Intermediate PCA (2 certificates)
Microsoft Enforced Licensing Registration Authority CA (SHA1) ..."
• V1.1 (June 13, 2012): Advisory revised to notify customers that Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices are not affected by the issue.
:fear::fear:
FixIt NOW - 0-day XML Core Services...
FYI...
FixIt NOW - 0-day XML Core Services...
> https://isc.sans.edu/diary.html?storyid=13489
Last Updated: 2012-06-16 15:58:47 UTC - "... metasploit module (public release) for this vulnerability. Users are encouraged to patch*..."
* http://support.microsoft.com/kb/2719615#FixItForMe
June 12, 2012 - Revision: 3.0
> http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1889 - 9.3 (HIGH)
- https://secunia.com/advisories/49456/
Last Update: 2012-06-22
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
... vulnerability is currently being actively exploited...
- http://h-online.com/-1619732
18 June 2012
- https://www.us-cert.gov/current/#mic..._advisory_for5
updated June 25, 2012
- http://nakedsecurity.sophos.com/2012...e-exploit-kit/
June 29, 2012 - "... CVE-2012-1889 exploiting code very similar to that published to Metasploit was seen within the landing page of a Blackhole exploit kit..."
:fear::fear: :sad:
MS12-037 exploit in-the-wild
FYI...
MS12-037 exploit in-the-wild
- http://nakedsecurity.sophos.com/2012...d-in-the-wild/
June 19, 2012 - "A critical Internet Explorer vulnerability, announced and patched by Microsoft in June's Patch Tuesday, is being exploited in the wild. The vulnerability is CVE-2012-1875*... patched in MS12-037**... Cunningly-crafted JavaScript code - which can be embedded in a web page to foist the exploit on unsuspecting vistors - is circulating freely on the internet. Also, the Metasploit exploitation framework now has a plug-in module which will generate malicious JavaScript for you on-the-fly to help you automate an attack... response is easy: if you haven't patched already, do so right away..."
* http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1875 - 9.3 (HIGH)
Cumulative Security Update for Internet Explorer (2699988) - Critical
** https://technet.microsoft.com/en-us/...letin/ms12-037
June 12, 2012
- http://www.symantec.com/connect/blog...r-gets-stumped
19 Jun 2012
- http://atlas.arbor.net/briefs/index#-1257954642
Severity: Elevated Severity
Source: http://www.symantec.com/connect/blog...t-1-trojannaid
18 Jun 2012
___
- https://www.us-cert.gov/cas/techalerts/TA12-174A.html
June 22, 2012
> http://support.microsoft.com/kb/2686...xItForMeAlways
:mad::sad:
WSUS KB 272011: Common issues encountered and how to fix them
FYI...
WSUS KB 272011: Common issues encountered and how to fix them
- https://blogs.technet.com/b/sus/arch...edirected=true
20 Jun 2012
An update for Windows Server Update Services 3.0 SP2 is available
- http://support.microsoft.com/kb/2720211
Last Review: June 18, 2012 - Revision: 6.0
Thanks to Susan Bradley!
:fear:
IE9 may stop responding ...
FYI...
IE9 may stop responding if DFX Audio Enhancer is installed
- http://support.microsoft.com/kb/2727797/
Last Review: June 22, 2012 - Revision: 2.0 ...
"Consider the following scenario:
You are running Windows Internet Explorer 9.
DFX Audio Enhancer version 10 is installed on the computer.
The following security update is installed on the computer:
2699988 MS12-037: Cumulative Security Update for Internet Explorer: June 12, 2012
In this scenario, Windows Internet Explorer 9 may stop responding, or "hang."
CAUSE: This issue occurs because of an incompatibility with an earlier version of DFX Audio Enhancer...
For more information about how to obtain the latest version of DFX, go to the following third-party webpage:
- http://www.fxsound.com/dfx/index.php ..."
:fear: :sad: