-
Old MS Alerts
FYI...good reason to be "selective" when doing "Windows Updates"...
- http://support.microsoft.com/?kbid=890830
Last Review: November 24, 2005
Revision: 15.2
"...Known issues in the November 8, 2005 release
When you run the November 8, 2005 release of the Windows Malicious Software Removal Tool from Windows Update, from Automatic Update, or from the Download Center, the tool may appear to stop responding. Additionally, you may experience one of the following symptoms:
• When you run the tool from Windows Update or from Automatic Update, Windows Task Manager shows that the Iexplore.exe process has high CPU usage.
• When you run the tool from the Download Center, Windows Task Manager shows that the Mrt.exe process has high CPU usage.
To resolve this issue, install the updated version of the Windows Malicious Software Removal Tool that is now available from Windows Update, from Microsoft Update, from Automatic Updates, or from the Download Center. An updated version of the Windows Malicious Software Removal Tool was released on November 11, 2005.
>>> http://tinyurl.com/83c52
:(
-
Old MS Alerts
FYI...
- http://www.microsoft.com/technet/sec.../ms07-jul.mspx
Published: July 5, 2007
...This is an advance notification of -six- security bulletins that Microsoft is intending to release on July 10, 2007...
Critical (3)
Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution ...
Affected Software: Office, Excel...
Microsoft Security Bulletin 4
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution ...
Affected Software: Windows...
Microsoft Security Bulletin 5
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution ...
Affected Software: .NET Framework...
Important (2)
Microsoft Security Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution ...
Affected Software: Office, Publisher...
Microsoft Security Bulletin 6
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution ...
Affected Software: Windows XP Professional...
Moderate (1)
Microsoft Security Bulletin 3
Maximum Severity Rating: Moderate
Impact of Vulnerability: Information Disclosure ...
Affected Software: Windows Vista..."
.
-
MS Bulletin Advance Notification - August 2007
FYI...
- http://www.microsoft.com/technet/sec.../ms07-aug.mspx
Published: August 9, 2007
"...This is an advance notification of -nine- security bulletins that Microsoft is intending to release on August 14, 2007...
Critical (6)
Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, XML Core Services...
Microsoft Security Bulletin 2
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Visual Basic, Office for Mac...
Microsoft Security Bulletin 3
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...
Microsoft Security Bulletin 4
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...
Microsoft Security Bulletin 5
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Microsoft Security Bulletin 9
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...
Important (3)
Microsoft Security Bulletin 6
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Microsoft Security Bulletin 7
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows Vista...
Microsoft Security Bulletin 8
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Virtual PC, Virtual Server...
.
-
MS Security Bulletin Advance Notification - September 2007
FYI...
- http://www.microsoft.com/technet/sec.../ms07-sep.mspx
Published: September 6, 2007
"This is an advance notification of five security bulletins that Microsoft is intending to release on September 11, 2007...
Critical (1)
Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows.
Important (4)
Microsoft Security Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Visual Studio.
Microsoft Security Bulletin 3
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows Services for UNIX, Subsystem for UNIX-based Applications.
Microsoft Security Bulletin 4
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: MSN Messenger, Windows Live Messenger.
Microsoft Security Bulletin 5
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows, SharePoint Server.
-----------------------------------------------
- http://www.microsoft.com/technet/sec.../ms07-sep.mspx
Revisions:
• September 7, 2007: Bulletin Advance Notification updated. Microsoft plans to release four security bulletins, and no longer plans to release Microsoft Security Bulletin 5 affecting Windows and SharePoint Server, on Tuesday, September 11, 2007.
.
-
MS Security Bulletin Advance Notification - October 2007
FYI...
- http://www.microsoft.com/technet/sec.../ms07-oct.mspx
October 4, 2007
"...This bulletin advance notification will be replaced with the October bulletin summary on October 9, 2007...
Critical (4)
Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Microsoft Security Bulletin 2
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Outlook Express, Windows Mail...
Microsoft Security Bulletin 3
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...
Microsoft Security Bulletin 6
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Office...
Important (3)
Microsoft Security Bulletin 4
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service...
Affected Software: Windows...
Microsoft Security Bulletin 5
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Windows...
Microsoft Security Bulletin 7
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows, Office..."
.
-
2007-Q4-MS Alerts
FYI...
- http://www.microsoft.com/technet/sec.../ms07-oct.mspx
Published: October 9, 2007
"This bulletin summary lists security bulletins released for October 2007...
Critical (4)
Microsoft Security Bulletin MS07-055
Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)
- http://www.microsoft.com/technet/sec.../ms07-055.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Windows...
Microsoft Security Bulletin MS07-056
Security Update for Outlook Express and Windows Mail (941202)
- http://www.microsoft.com/technet/sec.../ms07-056.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Windows, Outlook Express, Windows Mail...
Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)
- http://www.microsoft.com/technet/sec.../ms07-057.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Windows, Internet Explorer...
Microsoft Security Bulletin MS07-060
Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)
- http://www.microsoft.com/technet/sec.../ms07-060.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Affected Software: Office...
Important (2)
Microsoft Security Bulletin MS07-058
Vulnerability in RPC Could Allow Denial of Service (933729)
- http://www.microsoft.com/technet/sec.../ms07-058.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Denial of Service
Affected Software: Windows...
Microsoft Security Bulletin MS07-059
Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)
- http://www.microsoft.com/technet/sec.../ms07-059.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Windows, Office...
------------------------------------------------------
ISC Analysis
- http://isc.sans.org/diary.html?storyid=3480
==========================================
- http://blogs.technet.com/msrc/archiv...y-release.aspx
"...Microsoft also re-released bulletin MS05-004*. This re-release updates detection includes Server 2003 Service Pack 2 and Vista as affected platforms. There were no changes to the update binaries, so if you have already successfully installed this update, you do not need to reinstall it..."
Microsoft Security Bulletin MS05-004
ASP.NET Path Validation Vulnerability (887219)
* http://www.microsoft.com/technet/sec.../MS05-004.mspx
Revisions:
• V1.0 (February 8, 2005): Bulletin published
• V1.1 (February 15, 2005): Bulletin updated to include Knowledge Base Article numbers for each individual download under Affected Products.
• V1.2 (March 16, 2005): Bulletin “Caveats” section has been updated to document known issues that customers may experience when installing the available security updates.
• V2.0 (June 14, 2005): Bulletin updated to announce the availability of an updated package for .NET Framework 1.0 Service Pack 3 for the following operating system versions: (887998) Windows XP Tablet PC Edition and Windows XP Media Center Edition.
• V3.0 (August 8, 2006): Bulletin updated to reflect the addition of Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 x64 Edition for .NET Framework 1.1 Service Pack 1 under “Affected Software” for “Microsoft .NET Framework 1.1”.
• V4.0 (October 9, 2007): Bulletin updated as Windows Server 2003 Service Pack 2 and Windows Vista have been added to the “Affected Software” sections for .NET Framework 1.0 Service Pack 3 KB886906 and .NET Framework 1.1 Service Pack 1 KB886903.
.
-
MS Alerts - 2007-Q4
FYI...
Microsoft Security Advisory (943521)
URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...ry/943521.mspx
Published: October 10, 2007
"Microsoft is investigating public reports of a remote code execution vulnerability in supported editions of Windows XP and Windows Server 2003 with Windows Internet Explorer 7 installed. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. Microsoft is investigating the public reports.
• This vulnerability does not affect Windows Vista or any supported editions of Windows where Internet Explorer 7 is not installed..."
MSRC blog
> http://preview.tinyurl.com/yoadp8
October 10, 2007
--------------------
> http://www.microsoft.com/technet/sec...ry/943521.mspx
Updated: November 13, 2007 - "...We have issued MS07-061* to address this issue..."
* http://www.microsoft.com/technet/sec.../MS07-061.mspx
.
-
(MS07-060) Word exploit loose
FYI...
- http://preview.tinyurl.com/2q4xop
October 11, 2007 (Computerworld) - Security researchers spotted an attack yesterday that exploits a vulnerability in Microsoft Word patched just the day before. On Wednesday, Symantec Corp. reported it had obtained a suspicious Word document that crashed every version of the application except the newest, Word 2007, when opened. After it examined the document, Symantec found that the document included shell code and three pieces of malware. Among its more surprising findings: Symantec found that the document had been created with the edition of Word included with Office for Mac 2004. On Tuesday, Microsoft Corp. issued a patch that closed a critical vulnerability in multiple editions of the popular word processor, including Word 2000, Word XP and Word for the Mac. Symantec put the two together. "Taking a closer look at that vulnerability, we confirmed that this document was in fact exploiting the same vulnerability"... Updates to the Windows versions of Word can be obtained via Microsoft Update or Office Update..."
- http://preview.tinyurl.com/2saysc
October 10, 2007 (Symantec Security Response Weblog)
> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3899
> http://cwe.mitre.org/data/definitions/94.html
:fear:
-
Stealth Windows Updates (cont'd)
FYI...
- http://preview.tinyurl.com/27znt2
October 16, 2007 (Computerworld) - "For the second time in a month, Microsoft Corp. has had to defend Windows Update against charges that it upgraded machines without users' permission. So far, it has no explanation for the newest instance of unauthorized updating..."
- https://windowssecrets.com/2007/10/2...-be-MS-OneCare
October 25, 2007 - "...My finding is that Windows Live OneCare silently changes the AU settings. This explains at least some of the complaints that have been reported so far. Users could have installed OneCare — even a free-trial version — at any time in the recent past and been unaware of any changes until Automatic Updates forced a reboot in the wee hours..."
- http://support.microsoft.com/kb/943144/en-us
Last Review: October 26, 2007
Revision: 2.2
-
FYI...
URL Update to IE URL Handling Vuln
- http://isc.sans.org/diary.php?storyid=3547
Last Updated: 2007-10-26 02:05:06 UTC - "Earlier this month, Microsoft published KB943521. This article acknowledged that third party software had to validate URLs before passing them to Internet Explorer, as Internet Explorer will not validate them. Today, Microsoft published an update to the advisory, suggesting limited exploitation of this vulnerability.
Microsoft does not appear to plan to fix the issue in Internet Explorer. Instead, it asks vendors releasing tools that pass URLs to Internet Explorer to validate them...
Links:
http://www.microsoft.com/technet/sec...ry/943521.mspx
Revisions:
• October 10, 2007: Advisory published
• October 25, 2007: Advisory updated to reflect increased threat level
http://blogs.technet.com/msrc/archiv...ry-943521.aspx "
.
-
MS07-055 exploit code public
FYI...
- http://preview.tinyurl.com/ysz6so
October 29, 2007 - (Infoworld) "A hacker has released attack code that could be used to exploit a critical bug in some versions of the Windows operating system. Microsoft patched the flaw, which affects older versions of Windows, on Oct. 9. When the Image Viewer tries to open a maliciously encoded TIFF file, it can be tricked into running unauthorized software on the PC. A sample of the exploit was posted Monday to the Milw0rm Web site. The code has not yet been used in online attacks, according to Symantec, which issued an alert Monday. Symantec recommends that Windows users install the MS07-055 update* as quickly as possible. Microsoft took the unusual step of issuing its own security update for Kodak's software, because the image viewer (formerly known as the Wang Image Viewer) had shipped in Windows 2000 systems by default. Still, many Windows users are not affected by the problem. Windows XP and Windows Server 2003 users should not have the software installed on their PCs, unless they downloaded it directly or upgraded from Windows 2000. Windows Vista users are not affected by the bug. Also, users would have to open the TIFF file using the Kodak Image Viewer for the attack to work..."
* http://forums.spybot.info/showpost.p...6&postcount=17
:fear:
-
MS Alerts - 2007-Q4-2
FYI...
Microsoft Security Advisory (944653)
Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/sec...ry/944653.mspx
November 5, 2007 - "Microsoft is working with Macrovision, investigating new public reports of a vulnerability in the Macrovision secdrv.sys driver on supported editions of Windows Server 2003 and Windows XP. This vulnerability does not affect Windows Vista. We are aware of limited attacks that try to use the reported vulnerability. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This will include providing a security update through our monthly release process..."
> http://www.macrovision.com/promolanding/7352.htm
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5587
:fear:
FYI...
Follow-up on Macrovision Secdrv exploit
- http://www.symantec.com/enterprise/s...on_secdrv.html
November 6, 2007 - "...Microsoft posted Microsoft Security Advisory (944653) about this issue. With the release of this advisory, I’d like to answer a few follow-up questions for blog readers:
Q: I don’t play games and I don’t use Macrovision software, so am I safe?
A: No. The vulnerable component affected by the bug is the Macrovision driver SECDRV.SYS, which is shipped by default with Windows systems. It is usually installed under the %System%\drivers folder.
Q: Is Windows Vista affected by this vulnerability?
A: Vista is not affected. Only SECDRV versions shipped with Windows XP and 2003 are. Instead the version shipped with Vista is a completely different driver, reworked and not vulnerable to this attack.All users should keep in mind that, in a multi-layered defense perspective, it is possible that malware dropped on the system via some other exploit (e.g. browser vulnerability or the recent PDF exploit) could potentially take advantage of the SECDRV bug to take further control of the computer and bypass other layers of protection.
Q: Where is the patch?
A: Macrovision released a version of the driver today (almost identical to the one shipped with Vista) that fixes this problem. The update is available here:
http://www.macrovision.com/promolanding/7352.htm
It’s not clear at the moment if Microsoft will distribute this update with the next cycle of Windows Update."
- http://www.microsoft.com/technet/sec...ry/944653.mspx
Revisions:
• November 05, 2007: Advisory published
• November 07, 2007: Advisory revised to include indentified workarounds for this vulnerability and additional information on what is secdrv.sys.
:fear:
FYI...
- http://www.microsoft.com/technet/sec.../ms07-nov.mspx
November 13, 2007
"...The security bulletins for this month are as follows, in order of severity:
Critical (1)
Microsoft Security Bulletin MS07-061
Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)
- http://www.microsoft.com/technet/sec.../MS07-061.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Important (1)
Microsoft Security Bulletin MS07-062
Vulnerability in DNS Could Allow Spoofing (941672)
- http://www.microsoft.com/technet/sec.../MS07-062.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Windows...
------------------------------------
ISC Analysis
- http://isc.sans.org/diary.html?storyid=3642
Last Updated: 2007-11-13 18:47:44 UTC
.
FYI...
- http://www.eweek.com/article2/0,1759...119TX1K0000594
November 18, 2007 - "An MSN Messenger Trojan is growing a botnet by hundreds of infected PCs per hour, adding VMs to the mix as well... The malware is being introduced by MSN Messenger files posing as pictures, mostly seeming to come from known acquaintances. The files are a new type of Trojan that has snared several thousand PCs for a bot network within hours of its launch earlier on Nov. 18 and is being used to discover virtual PCs as a means of increasing its growth vector. The eSafe CSRT (Content Security Response Team) at Aladdin — a security company — detected the new threat propagating around noon EST on Nov. 18. At 18:00 UTC (Coordinated Universal Time), eSafe had detected 1 operator and more than 500 on-command bots in the network. Less than three hours later, or by 2:30 EST, when eWEEK spoke with Roei Lichtman, eSafe director of product management, the number had soared to several thousand PCs and was growing by several hundred systems per hour. eSafe is monitoring the IRC channel used to control the botnet. The only inhabitants of the network besides the operator are in fact infected PCs. The Trojan is an IRC bot that's spreading through MSN Messenger by sending itself in a .zip file with two names. One of the names includes the word "pics" as a double extension executable — a name generally used by scanners and digital cameras: for example, DSC00432.jpg.exe. The Trojan is also contained in a .zip file with the name "images" as a .pif executable—for example, IMG34814.pif... Given the familiar social engineering aspect of the attack, individuals are being urged to not open files sent unexpectedly from either friends or strangers..."
- http://www.us-cert.gov/current/#msn_messenger_trojan
November 19, 2007 - "...The Trojan arrives as a chat message that appears to contain an image file, that when opened, downloads and installs a Internet Relay Chat Bot. These messages may appear to come from a known contact..."
:fear:
FYI...
- http://preview.tinyurl.com/2sezx7
November 21, 2007 (Computerworld) - "Windows XP, Microsoft Corp.'s most popular operating system, sports the same encryption flaws that Israeli researchers recently disclosed in Windows 2000, Microsoft officials confirmed late Tuesday... As recently as last Friday, Microsoft hedged in answering questions about whether XP and Vista could be attacked in the same way, saying only that later versions of Windows "contain various changes and enhancements to the random number generator." Yesterday, however, Microsoft responded to further questions and acknowledged that Windows XP is vulnerable to the complex attack that Pinkas, Gutterman and Dorrendorf laid out in their paper, which was published earlier this month. Windows Vista, Windows Server 2003 and the not-yet-released Windows Server 2008, however, apparently use a modified or different random number generator; Microsoft said they were immune to the attack strategy. In addition, Microsoft said Windows XP Service Pack 3 (SP3), a major update expected sometime in the first half of 2008, includes fixes that address the random number generator problem... Because the company has determined that the PRNG problem is not a security vulnerability, it is unlikely to provide a patch."
:fear:
FYI...
Microsoft Security Advisory (945713)
Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure
- http://www.microsoft.com/technet/sec...ry/945713.mspx
December 3, 2007 - "Microsoft is investigating new public reports of a vulnerability in the way Windows resolves hostnames that do not include a fully-qualified domain name (FQDN). The technology that the vulnerability affects is Web Proxy Auto-Discovery (WPAD). Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers, and Microsoft is not aware of any customer impact at this time. Microsoft is aggressively investigating the public reports. Customers whose domain name begins in a third-level or deeper domain, such as “contoso.co.us”, or for whom the following mitigating factors do not apply, are at risk from this vulnerability. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers...
Mitigating Factors:
• Customers who do not have a primary DNS suffix configured on their system are not affected by this vulnerability. In most cases, home users that are not members of a domain have no primary DNS suffix configured. Connection-specific DNS suffixes may be provided by some Internet Service Providers (ISPs), and these configurations are not affected by this vulnerability.
• Customers whose DNS domain name is registered as a second-level domain (SLD) below a top-level domain (TLD) are not affected by this vulnerability. Customers whose DNS suffixes reflect this registration would not be affected by this vulnerability. An example of a customer who is not affected is contoso.com or fabrikam.gov, where “contoso” and “fabrikam” are customer registered SLDs under their respective “.com” and “.gov” TLDs.
• Customers who have specified a proxy server via DHCP server settings or DNS are not affected by this vulnerability.
• Customers who have a trusted WPAD server in their organization are not affected by this vulnerability. (See the Workaround section for specific steps in creating a WPAD.DAT file on a WPAD server.)
• Customers who have manually specified a proxy server in Internet Explorer are not at risk from this vulnerability when using Internet Explorer.
• Customers who have disabled 'Automatically Detect Settings' in Internet Explorer are not at risk from this vulnerability when using Internet Explorer..."
- http://secunia.com/advisories/27901/
"...WPAD feature resolves "wpad" hostnames up to the second-level domain, which is potentially untrusted. This can be exploited to conduct man-in-the-middle attacks against third-level or deeper domains..."
:fear:
FYI...
- http://www.microsoft.com/technet/sec.../ms07-dec.mspx
Published: December 11, 2007
Version: 1.0
"This bulletin summary lists security bulletins released for December 2007..."
Critical (3)
Microsoft Security Bulletin MS07-064
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
- http://www.microsoft.com/technet/sec.../MS07-064.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, DirectX, DirectShow...
Microsoft Security Bulletin MS07-068
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
- http://www.microsoft.com/technet/sec.../MS07-068.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Windows Media Format Runtime...
Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)
- http://www.microsoft.com/technet/sec.../MS07-069.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...
Important (4)
Microsoft Security Bulletin MS07-063
Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
- http://www.microsoft.com/technet/sec.../MS07-063.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Microsoft Security Bulletin MS07-065
Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)
- http://www.microsoft.com/technet/sec.../MS07-065.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Microsoft Security Bulletin MS07-066
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)
- http://www.microsoft.com/technet/sec.../MS07-066.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows...
Microsoft Security Bulletin MS07-067
Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)
- http://www.microsoft.com/technet/sec.../MS07-067.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Local Elevation of Privilege...
Affected Software: Windows..."
===================================
ISC Analysis
- http://isc.sans.org/diary.html?storyid=3735
Last Updated: 2007-12-11 19:14:09 UTC
===================================
- http://blog.washingtonpost.com/secur...ndows_sec.html
December 11, 2007 - "...December's seven update bundles includes fixes for four separate security holes in Internet Explorer 6 and IE7, vulnerabilities that are considered critical for Windows 2000, Windows XP and Windows Vista users. Microsoft rates a flaw "critical" if it can be exploited to break into vulnerable systems with little or no help from the user, save perhaps for browsing a Web site or by clicking on a malicious link in an e-mail or instant message. The IE patch is probably the most important update Redmond issued this month, as the vulnerabilities it corrects have the potential to affect the largest number of people. Microsoft said that criminals already exploited one of the IE flaws to remotely compromise IE users. Microsoft also issued critical updates to fix at least two different problems with the way Windows handles the processing and display of various video and audio files..."
:santa:
-
MS Security Bulletin Advance Notification - November 2007
FYI...
- http://www.microsoft.com/technet/sec.../ms07-nov.mspx
Published: November 8, 2007
"This is an advance notification of two security bulletins that Microsoft is intending to release on November 13, 2007...
Critical (1)
Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Important (1)
Microsoft Security Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Windows...
Other Information:
Microsoft Windows Malicious Software Removal Tool
- Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft is planning to release three non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft is planning to release zero non-security, high-priority updates for Windows on Windows Update (WU).
Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
-
MS Alerts - 2008-Q1-Q3
FYI...
- http://www.us-cert.gov/current/#fals...ls_circulating
November 15, 2007 - " US-CERT is aware of false Microsoft Update email messages being publicly circulated. These messages contain multiple links that may direct a user to a malicious web site. The impact of following these links is currently unknown, more information will be provided as it becomes available. US-CERT encourages users to take the following measures to protect themselves:
> Do not follow unsolicited web links in email messages
> Follow the Microsoft guidelines* for recognizing fraudulent email messages ..."
* http://www.microsoft.com/protect/you...g/msemail.mspx
- http://atlas.arbor.net/briefs/index#-1494625952
Microsoft MS07-055 Trojan Emails
Severity: Elevated Severity
"...The message states that users should install the Kodak Image Viewer patch for advisory MS07-055. The user is directed to a website not owned by Microsoft and told to download a patch. The binary includes the real MS07-055 Windows XP patch, together with a Bandok Trojan. We are working with vendors and security companies to address this issue.
Analysis: This is a potentially serious problem due to the fact that the original Trojan binary is not recognized by any AV tools. Once unpacked, however, the Bandok Trojan is properly recognized by many AV tools. We are working on site takedown."
:fear:
-
New MS KB (Help) for IEv7
FYI...
A blank Web page is displayed when you start Internet Explorer 7
- http://support.microsoft.com/default.aspx/kb/945385
Last Review: December 4, 2007
Revision: 1.0
Internet Explorer stops responding, stops working, or restarts
Self-help steps for a beginning to an intermediate computer user
- http://support.microsoft.com/gp/pc_ie_intro
(Found at Sandi Hardmeier's "Spyware Sucks" site - thanks Sandi!)
> http://msmvps.com/blogs/spywaresucks/
:cool:
-
MS Security Bulletin Advance Notification - December 2007
FYI...
- http://www.microsoft.com/technet/sec.../ms07-dec.mspx
Published: December 6, 2007
"...This is an advance notification of -seven- security bulletins that Microsoft is intending to release on December 11, 2007...
Critical (3)
Microsoft Security Bulletin 2
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, DirectX, DirectShow...
Microsoft Security Bulletin 6
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Windows Media Format Runtime...
Microsoft Security Bulletin 7
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows, Internet Explorer...
Important (4)
Microsoft Security Bulletin 1
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Microsoft Security Bulletin 3
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Microsoft Security Bulletin 4
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Windows...
Microsoft Security Bulletin 5
Maximum Severity Rating: Important
Impact of Vulnerability: Local Elevation of Privilege...
Affected Software: Windows...
---
Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft is planning to release -six- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft is planning to release -one- non-security, high-priority update for Windows on Windows Update (WU).
Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
-
Vista Security updates...
FYI...
- http://preview.tinyurl.com/2rtbmz
December 11, 2007 (Symantec Security Response Weblog) - "...Microsoft released seven bulletins this month, covering a total of eleven vulnerabilities. Nine of the vulnerabilities affect Microsoft Vista either directly or through applications running on that operating system..."
> http://forums.spybot.info/showpost.p...1&postcount=31
:fear:
-
MS Office 2007 SP1 released
FYI...
- http://www.microsoft.com/presspass/f...ce2007SP1.mspx
Dec 11, 2007 - "...Customers can download SP1 immediately from http://office.microsoft.com/en-us/do...s/default.aspx . They can also place an order for a CD at http://office.microsoft.com/en-us/default.aspx . At a later date, we also will provide SP1 through automatic update..."
=====================================
Office 2007 SP1 auto-installs confuse Vista, XP users
- http://preview.tinyurl.com/2aysx4
December 13, 2007 (Infoworld) - "Some users have gotten the massive Office 2007 SP1 update automatically, even though Microsoft said it would not use Windows' AU (Automatic Updates) to push out the large upgrade for several months, the company confirmed Thursday. Anyone running a preview copy of Windows Vista Service Pack 1 (SP1), which was made available to all comers only Wednesday, will receive the Office 2007 upgrade automatically. Users of other in-beta Microsoft products, including Windows XP SP3, which is still in limited testing, will also be hit by the Office update, which weighs in at almost 220MB. "As noted to beta customers, if [they] are running Vista SP1 beta software, as part of the beta program, Office 2007 SP1 on pre-release Windows Vista SP1 will automatically install as planned for this beta program," said Bobbie Harder, a senior program manager with the WSUS (Windows Server Update Services) group... even if users of Vista SP1, Windows XP SP3, or WSUS 3.0 SP3 manually installed Office 2007 SP1, AU later automatically installs -- actually re-installs -- the service pack... The next time Windows Update runs, however, Office 2007 SP1 reappears, again checked by default. To strike it off the list, users must right-click the item in the list and choose "hide update."
:fear:
-
FYI...
Microsoft Security Advisory (944653)
Vulnerability in Macrovision SECDRV.SYS Driver on Windows Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/sec...ry/944653.mspx
Updated: December 11, 2007 - "...We have issued MS07-067* to address this issue..."
* http://www.microsoft.com/technet/sec.../MS07-067.mspx
:fear:
-
FYI... (Windows Genuine Annoyance)
- http://support.microsoft.com/kb/892130/en-us
Last Review: December 5, 2007
Revision: 3.8
"...you may be prompted to complete the Windows Genuine Advantage (WGA) validation check process. On the Download Center Web site, you may be prompted to install an ActiveX control when you select a download that is marked with the WGA icon. On the Windows Update Web site, the ActiveX control is a mandatory update..."
.
-
MS07-069 (IE update)... Post Install Issue
FYI...
MS07-069 (IE update)... Post Install Issue
- http://preview.tinyurl.com/252f8d
December 18, 2007 (MSRC) - "...We have been investigating public reports of possible problems on systems that have installed the Cumulative Security Update for Internet Explorer (942615),
http://www.microsoft.com/technet/sec.../ms07-069.mspx
released earlier this month. We have some information to share with you regarding the results of our investigation into these reports. First, I want to note the security update does protect against the vulnerabilities noted in the bulletin. If you are not experiencing issues noted in the below referenced Knowledge Base article, no action is needed. We have been working with a small number of customers that reported issues related to the installation of MS07-069. Specifically, on a Windows XP Service Pack 2 (SP2)-based computer, Internet Explorer 6 may stop responding when you try to a visit a web site. We’ve made an update to the Knowledge Base article for MS07-069, KB942615, which highlights the known issue.
http://support.microsoft.com/kb/942615
We have also added the following known issue Knowledge Base article KB946627. Because this occurs in a customized installation, this isn’t a widespread issue.
http://support.microsoft.com/kb/946627
Customers who believe they are affected can contact Customer Support Services at no charge using the PC Safety line at 1-866-PCSAFETY (North America). All customers, including those outside the U.S., can visit http://support.microsoft.com/security for assistance."
-----------------------------
- http://secunia.com/advisories/28036/
"...NOTE: This vulnerability is reportedly being actively exploited.
Successful exploitation of the vulnerabilities allows execution of arbitrary code when a user e.g. visits a malicious website..."
> http://www.microsoft.com/technet/sec.../MS07-069.mspx
• V1.2 (December 18, 2007): Bulletin updated to reflect a known issue; a change to the Removal Information text in the Windows Vista Reference Table in the Security Update Information section; and, a change to the File Information text in the Reference Table within the Security Update Information section for all affected operating systems...
:fear:
-
XPSP2 w/IE6 registry edit fix for MS07-069
What?
XPSP2 w/IE6 registry edit fix for MS07-069
- http://support.microsoft.com/kb/946627
Last Review: December 19, 2007
Revision: 1.0
"...WORKAROUND
Warning: Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk..."
- http://blogs.msdn.com/ie/archive/200...2.aspx#6806843
December 19, 2007 - "...can Microsoft be serious that the solution is to edit each registry? Is this some sort of joke? It would be easier to have each user install Mozilla Firefox and stop using IE completely."
:sad:
-
IE 6 crashes after you install (MS07-069)
FYI...
- http://www.microsoft.com/technet/sec.../MS07-069.mspx
• V1.3 (December 20, 2007): Bulletin revised to reflect a new Security Update FAQ entry for a known issue documented in KB946627.
IE 6 crashes after you install (MS07-069) security update 942615 on a computer that is running Windows XPSP2
- http://support.microsoft.com/kb/946627/
Last Review: December 21, 2007
Revision: 2.0
:fear:
-
MS Office2003 SP3 disables older file formats
FYI...
MS Office2003 SP3 disables older file formats
- http://it.slashdot.org/it/08/01/01/137257.shtml
January 02, 2008 - "In Service Pack 3 for Office 2003, Microsoft disabled support for many older file formats. If you have old Word, Excel, 1-2-3, Quattro, or Corel Draw documents, watch out! They did this because the old formats are 'less secure', which actually makes some sense, but only if you got the files from some untrustworthy source. Naturally, they did this by default, and then documented a mind-bogglingly complex workaround (KB 938810*) rather than providing a user interface for adjusting it, or even a set of awkward 'Do you really want to do this?' dialog boxes to click through. And of course because these are, after all, old file formats ... many users will encounter the problem only months or years after the software change, while groping around in dusty and now-inaccessible archives."
* http://support.microsoft.com/kb/938810/en-us
Last Review: December 6, 2007
Revision: 2.0
:nono::crazy:
------------------------------
- http://preview.tinyurl.com/2h5md8
January 05, 2008 (Computerworld) - "Microsoft Corp. apologized to a software rival yesterday for saying its file format posed a security risk and issued new tools to let users of Office 2003 SP3 unblock a host of barred file types. In a posting to his own blog*, David LeBlanc, a senior software development engineer with the Microsoft Office team, admitted the company's mistake in blaming insecure file formats, including the one used by CorelDraw... The revised support document** lists four downloads that users can run to unblock Word, Excel, PowerPoint and Corel files... "We'll try harder to make enabling older formats much more user-friendly in the future," he said."
* http://blogs.msdn.com/david_leblanc/...e-formats.aspx
"...The .reg files you can use to change the security settings can be downloaded here..."
** http://support.microsoft.com/kb/938810/en-us
Last Review: January 4, 2008
Revision: 3.0
------------------------------
- http://preview.tinyurl.com/2gkwxt
January 10, 2008 (Computerworld) - "Microsoft Corp. will not post new tools that would allow users of Office 2007 to access blocked file formats, as it has done for customers running Office 2003 Service Pack 3 (SP3). It cited a lack of interest in such tools and said existing work-arounds accomplish the same thing... the Office Web site* explains how to set up a "trusted location," a special folder on a local or network drive. Files in a trusted folder aren't checked by Office 2007's security tools before opening, and thus the older file formats open normally..."
* http://office.microsoft.com/en-us/he...319991033.aspx
:clown:
-
MS Security Bulletin Advance Notification - January 2008
FYI...
- http://www.microsoft.com/technet/sec.../ms08-jan.mspx
January 3, 2008
"...This is an advance notification of -two- security bulletins that Microsoft is intending to release on January 8, 2008... The security bulletins for this month are as follows, in order of severity:
Critical (1)
Microsoft Security Bulletin 1
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Windows...
Important (1)
Microsoft Security Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Local Elevation of Privilege...
Affected Software: Windows...
Other...
Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Non-Security, High-Priority Updates on MU, WU, and WSUS
For this month:
• Microsoft is planning to release -five- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft is planning to release -two- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.
Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
-
MS Security Bulletin Summary - January 2008
FYI...
- http://www.microsoft.com/technet/sec.../ms08-jan.mspx
January 8, 2008
"This bulletin summary lists security bulletins released for January 2008...
Critical (1)
Microsoft Security Bulletin MS08-001
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
- http://www.microsoft.com/technet/sec.../ms08-001.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Important (1)
Microsoft Security Bulletin MS08-002
Vulnerability in LSASS Could Allow Local Elevation of Privilege (943485)
- http://www.microsoft.com/technet/sec.../ms08-002.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Local Elevation of Privilege...
Other...
Microsoft Windows Malicious Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Non-Security, High-Priority Updates on MU, WU, and WSUS
• Microsoft has released -five- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
• Microsoft has released -two- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.
Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
---------------------
ISC Analysis
- http://isc.sans.org/diary.html?storyid=3819
Last Updated: 2008-01-08 18:25:59 UTC
-
Microsoft Security Advisory (943411) - Vista
FYI...
Microsoft Security Advisory (943411)
Update to Improve Windows Sidebar Protection
- http://www.microsoft.com/technet/sec...ry/943411.mspx
January 8, 2008 - "An update is available for currently supported editions of the Windows Vista operating system. The update to improve Windows Sidebar Protection enables Windows Sidebar to help block gadgets from running in Sidebar. For more information about installing this update, see Microsoft Knowledge Base Article 943411*. For more information about how Windows Sidebar Protection helps block installed gadgets from running in Windows Sidebar, see Microsoft Knowledge Base Article 941411**..."
* http://support.microsoft.com/kb/943411
** http://support.microsoft.com/kb/941411
-
Security Bulletins MS07-064 & MS07-057 revisions, MS07-042 re-released
The following bulletins have undergone a -minor- revision increment.
* MS07-064 - Critical
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
- http://www.microsoft.com/technet/sec.../ms07-064.mspx
- Reason for Revision: Bulletin updated to remove known issues notation. This update does not have any known issues.
- Originally posted: December 11, 2007
- Updated: January 9, 2008
- Bulletin Severity Rating: Critical
- Version: 1.3
* MS07-057 - Critical
Cumulative security update for Internet Explorer
- http://www.microsoft.com/technet/sec.../ms07-057.mspx
- Reason for Revision: Revised to add a known issue.
(Known issues since original release of the bulletin:
• KB904710*: WinINet ignores the policies that you set when you create a custom administrative template file in Windows XP with Service Pack 2 - * http://support.microsoft.com/kb/904710 )
- Originally posted: October 9, 2007
- Updated: January 9, 2008
- Bulletin Severity Rating: Critical
- Version: 1.2
The following bulletins have undergone a -major- revision increment.
* MS07-042 - Critical
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
- http://www.microsoft.com/technet/sec.../ms07-042.mspx
- Reason for Revision: Bulletin updated: Added Microsoft Word Viewer 2003 as an affected product. Also added an Update FAQ clarifying the kill bit for Microsoft XML Parser 2.6 and its applicability to this security update.
- Originally posted: August 14, 2007
- Updated: January 9, 2008
- Bulletin Severity Rating: Critical
- Version: 3.0
.
-
FYI...
Microsoft Security Advisory (945713)
Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure
- http://www.microsoft.com/technet/sec...ry/945713.mspx
Updated: January 9, 2008
Revisions:
• December 3, 2007: Advisory published.
• January 9, 2008: Advisory updated: The registry key for the Configure a Domain Suffix Search List workaround has been corrected to the proper key of SearchList.
.
-
ThreatCon Level is 2
FYI... ThreatCon Level is 2
- http://www.symantec.com/avcenter/thr...earnabout.html
"The ThreatCon is currently at Level 2 in response to the disclosure of a critical remote vulnerability affecting the default configurations of Windows XP and Windows Vista. Nondefault configurations of Windows 2003 are also affected... The MS08-001 bulletin also addresses a remote kernel-based denial-of-service issue affecting nondefault configurations of Windows 2000, XP, and 2003. IBM Internet Security Systems, the team that discovered these kernel-based flaws, has recently released an official advisory* suggesting that the ICMP-based flaw, which Microsoft has considered a low-severity, denial-of-service issue, may in fact be exploitable to execute code. However, we have not confirmed this. Windows 2000 users who are not affected by the critical vulnerability may want to reevaluate their stance on patching the lower-severity issue in light of this new information. Multiple (3) Microsoft Windows TCP/IP Remote Code Execution and DoS Vulnerabilities
( * http://iss.net/threats/282.html ) The MS08-002 bulletin was also released to address a local privilege-escalation vulnerability affecting LSASS. Users are advised to review the Microsoft Security Bulletins and to apply the patches as soon as possible..."
* "...An attacker does not need to invoke any kind of user interaction to exploit this vulnerability. The lack of user interaction, widespread availability of the protocols, and the possibility of complete compromise of targeted systems means that administrators should treat this vulnerability as highly critical. The lack of user interaction makes this exploit a probable target for botnets, such as the Storm Worm. Administrators should monitor the signatures listed in the ISS Coverage section for any attempted worm or botnet activity. Administrators should also keep in mind that multicast traffic is usually received by multiple destinations, so a single stream of attack traffic would likely affect more than one target..."
:fear:
-
FYI...
Windows Vista Application Compatibility Update
- http://support.microsoft.com/kb/943302
Last Review: January 11, 2008
Revision: 2.0
.
-
Microsoft Security Advisory (947563)
FYI...
Microsoft Security Advisory (947563)
Vulnerability in Microsoft Excel Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...ry/947563.mspx
January 15, 2008 - "Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac. At this time, our initial investigation indicates that customers who are using Microsoft Office Excel 2007 or Microsoft Excel 2008 for Mac, or who have installed Microsoft Office Excel 2003 Service Pack 3 are not affected by this vulnerability. Microsoft is investigating the public reports and customer impact. Upon completion of this investigation, Microsoft will take the appropriate action... At this time, we are aware only of targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited...
Note: There are no known workarounds for Microsoft Office Excel 2002 or Microsoft Office Excel 2000 at this time..."
- http://isc.sans.org/diary.html?storyid=3854
Last Updated: 2008-01-16 02:54:29 UTC - "... The vulnerability is, according to the blog*, already actively exploited by targeted attacks. Excel 2003SP3 and Excel 2007 are not affected, but most other versions are."
* http://blogs.technet.com/msrc/archiv...ry-947563.aspx
- http://secunia.com/advisories/28506/
Release Date: 2008-01-16
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched...
:fear:
-
MS08-001 exploit released
FYI...
- http://preview.tinyurl.com/364gvn
January 17, 2008 (Infoworld) - "...The code is not available to the general public (Ed. note: "Yet"). It was released Thursday to security professionals who use Immunity's Canvas computer security testing software. It causes the Windows system to crash but does not let the attacker run malicious software on the victim's system... The bug is particularly troublesome for two reasons. First, it affects a widely used Windows component that is turned on by default. Worse, no user interaction is required to trigger the flaw, meaning that it could be exploited in a self-copying worm attack. MS patched the flaw in its MS08-001 update**, released last week, but it takes time for enterprise users to test and install Microsoft's patches..."
* http://seclists.org/dailydave/2008/q1/0017.html
17 Jan 2008
** http://www.microsoft.com/technet/sec.../ms08-001.mspx
January 8, 2008 - Critical
- http://atlas.arbor.net/briefs/index#1659842965
January 17, 2008 - "...Analysis: Like we anticipated, an exploit is now available in limited release. However, this issue should not affect too many networks, as the attackers need subnet access to send the traffic to the victim..."
:fear:
-
MS08-001 – bulletin updated to include W2K3 SBS server
FYI...
Microsoft Security Bulletin MS08-001 – Critical
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
- http://www.microsoft.com/technet/sec.../MS08-001.mspx
• V2.0 (January 23, 2008): Bulletin updated to add Windows Small Business Server 2003 Service Pack 2 as an affected product. Also added an FAQ to clarify that current Microsoft detection and deployment tools already correctly offer the update to Windows Small Business Server 2003 Service Pack 2 customers.
:fear:
-
Microsoft Security Bulletin Re-Releases and Revisions
FYI... Microsoft Security Bulletin Re-Releases and Revisions
Microsoft Security Bulletin MS07-057 - Critical
Cumulative Security Update for Internet Explorer (939653)
- http://www.microsoft.com/technet/sec.../ms07-057.mspx
• V1.0 (October 9, 2007): Bulletin published.
• V1.1 (October 10, 2007): Bulletin revised to correct the "What does the update do?" section for CVE-2007-3893.
• V1.2 (January 09, 2008): Bulletin revised to add a known issue.
• V1.3 (January 23, 2008): Bulletin revised to address rendering issues.
Microsoft Security Bulletin MS07-064 – Critical
Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
- http://www.microsoft.com/technet/sec.../ms07-064.mspx
• V1.0 (December 11, 2007): Bulletin published.
• V1.1 (December 12, 2007): Bulletin updated to reflect that DirectX that ships on Windows 2000 is not supported by SMS 2.0 unless the Extended Security Update Inventory Tool (ESUIT) is used.
• V1.2 (December 19, 2007): Bulletin updated to reflect a change to the Removal Information text in the Windows Vista Reference Table portion of the Security Update Information section. Also removed the web-based mitigation from vulnerability CVE-2007-3901.
• V1.3 (January 9, 2008): Bulletin updated to remove known issues notation. This update does not have any known issues.
• V2.0 (January 23, 2008): Bulletin updated to reflect that the update for DirectX 9.0 also applies to DirectX 9.0b and DirectX 9.0c.
Microsoft Security Bulletin MS07-068 - Critical
Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
- http://www.microsoft.com/technet/sec.../ms07-068.mspx
• V1.0 (December 11, 2007): Bulletin published...
• V1.2 (January 23, 2008): Bulletin updated to add an FAQ regarding installing the updates for Windows Media Format Runtime 9.5 on Windows XP Professional x64 Edition.
Microsoft Security Bulletin MS08-001 – Critical
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
- http://www.microsoft.com/technet/sec.../ms08-001.mspx
• V1.0 (January 8, 2008): Bulletin published.
• V2.0 (January 23, 2008): Bulletin updated to add Windows Small Business Server 2003 Service Pack 2 as an affected product. Also added an FAQ to clarify that current Microsoft detection and deployment tools already correctly offer the update to Windows Small Business Server 2003 Service Pack 2 customers.
-
Microsoft Security Bulletin MS08-001 – Critical (V3!)
FYI...
Microsoft Security Bulletin MS08-001 – Critical
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)
- http://www.microsoft.com/technet/sec.../ms08-001.mspx
• V3.0 (January 25 2008): This bulletin was revised to clarify the impact of Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability (CVE-2007-0069*) on supported editions of Windows Small Business Server 2003 and Windows Home Server. Also included is an explanation and clarification that current Microsoft detection and deployment tools already correctly offer the update to systems running Windows Small Business Server 2003 and Windows Home Server.
* http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0069
:fear::lip:
-
Microsoft Security Bulletin MS08-001 ...ongoing
FYI...
- http://preview.tinyurl.com/26fx8c
January 30, 2008 (Computerworld) - "... On Tuesday, Immunity Inc. updated a working exploit for the TCP/IP flaw spelled out Jan. 8 in Microsoft's MS08-001 security bulletin, and posted a Flash demonstration of the attack on its Web site. The exploit, which was released to customers of its CANVAS penetration testing software - but is not available to the public - was a revised version of code first issued two weeks ago... Other security companies reacted to the revamped attack code and Flash proof by issuing new alerts. Symantec Corp., for instance, sent a new warning to customers of its DeepSight threat network... It urged users who have not already deployed the patches Microsoft issued Jan. 8 to do (so) immediately..."
:fear:
-
MS bids $44.6 billion for Yahoo
FYI...
- http://news.yahoo.com/s/ap/20080201/...rosoft_yahoo_9
Feb. 1, 2008 - REDMOND, Wash. - "Microsoft Corp. is offering $44.6 billion in cash and stock for search engine operator Yahoo Inc. in a move to boost its competitive edge in the online services market. The unexpected announcement Friday comes as Microsoft, the world's biggest software company, seeks new ways to compete more efrfectively against the search and online advertising powerhouse Google Inc. In a letter to Yahoo's board of directors, Microsoft Chief Executive Steve Ballmer said the company will bid $31 per share, representing a 62 percent premium to Yahoo's closing stock price Thursday..."
- http://www.reuters.com/article/techn...080201?sp=true
Feb. 1, 2008 - "...Skeptics say Microsoft and Yahoo have very different corporate cultures and worry about a clash such as the one that marred AOL's $182 billion purchase of Time Warner in 2001, which is seen as the worst merger in recent history...."
:lip:
-
Multiple ActiveX vulnerabilities alert
FYI...
- http://secunia.com/advisories/28715
Last Update: 2008-02-05
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: MySpace Uploader Control 1.x
...The vulnerability is confirmed in MySpaceUploader.ocx version 1.0.0.5 and reported in version 1.0.0.4. Other versions may also be affected.
Solution: Update to version 1.0.0.6. <<<
- http://secunia.com/advisories/28713/
Release Date: 2008-02-04
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Facebook Photo Uploader 4.x
...The vulnerability is confirmed in version 4.5.57.0. Other versions may also be affected.
Solution: Update to version 4.5.57.1. <<<
- http://secunia.com/advisories/28757/
Last Update: 2008-02-07
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Yahoo! Music Jukebox 2.x...
NOTE: Working exploit code is publicly available.
The vulnerabilities are confirmed in Yahoo! Music Jukebox version 2.2.2.056. Other versions may also be affected...
Solution: Set the kill-bit for the affected ActiveX controls. <<<
Other References:
US-CERT VU#101676: http://www.kb.cert.org/vuls/id/101676
US-CERT VU#340860: http://www.kb.cert.org/vuls/id/340860
---------------------
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0623
release date: 2/6/2008 - YMP Datagrid ActiveX control (datagrid.dll)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0624
release date: 2/6/2008 - YMP Datagrid ActiveX control (datagrid.dll)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0625
release date: 2/6/2008 - MediaGrid ActiveX control (mediagrid.dll)
:fear:
-
IEv7 push ...Corporate world using WSUS
FYI...
- http://isc.sans.org/diary.html?storyid=3946
Last Updated: 2008-02-07 02:13:00 UTC - "Just a quick reminder to those in the corporate world and using WSUS. From a technet update email Volume 10, Issue 3: February 6, 2008
"...On February 12, 2008 Microsoft will release the Windows Internet Explorer 7 Installation and Availability update to Windows Server Update Services (WSUS). Windows Internet Explorer 7 Installation and Availability Update is a complete installation package that will upgrade machines running Internet Explorer 6 to Windows Internet Explorer 7. Customers who have configured WSUS to "auto-approve" Update Rollup packages will automatically upgrade machines running Internet Explorer 6 to Windows Internet Explorer 7 after February 12, 2008 and consequently, may want to read Knowledge Base article 946202 [links to http://go.microsoft.com/?linkid=8250930 ] to manage how and when this update is installed. For more on the Windows Internet Explorer 7 Installation and Availability Update, read Knowledge Base article 940767 [links to http://go.microsoft.com/?linkid=8250931 ]..."
There are still many organisations that use IE6 because of internal applications that may not work with IE 7 or alternate browsers. So if you use WSUS and have a need to stay with IE6, you should check out the knowledge base articles. Otherwise the 13th is not going to be a happy day for you."