Skype v6.3.0.105 released
FYI...
Skype v6.3.0.105 released
- https://secunia.com/advisories/52867/
Release Date: 2013-04-02
Criticality level: Moderately critical
Impact: Unknown
Where: From remote
... vulnerabilities are reported in versions prior to 6.3.0.105.
Solution: Update to version 6.3.0.105.
Original Advisory: http://blogs.skype.com/2013/03/14/sk...3-for-windows/
___
Skypemageddon by bitcoining
- https://www.securelist.com/en/blog/2..._by_bitcoining
April 04 2013 - "... malware connects to its C2 server located in Germany... 213.165.68.138
- https://www.virustotal.com/en/file/4...c037/analysis/
File name: skype-img-04_04-2013-exe.exe
Detection ratio: 32/46
Analysis date: 2013-04-08
:fear::fear:
MS Security Bulletin Advance Notification - April 2013
FYI...
- https://technet.microsoft.com/en-us/...letin/ms13-apr
April 04, 2013 - "This is an advance notification of security bulletins that Microsoft is intending to release on April 9, 2013...
(Total of -9-)
Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 2 - Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 3 - Important - Information Disclosure - May require restart - Microsoft Office, Microsoft Server Software
Bulletin 4 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 5 - Important - Denial of Service - Requires restart - Microsoft Windows
Bulletin 6 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 7 - Important - Elevation of Privilege - Requires restart - Microsoft Security Software
Bulletin 8 - Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
Bulletin 9 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
.
MS - End of Support dates ...
FYI...
MS - End of Support ...
- https://blogs.technet.com/b/rmilne/a...edirected=true
8 Apr 2013 - "...
Outlook 2003 will transition out of extended support on 8th of April 2014
Exchange Server 2003 will transition out of extended support on 8th of April 2014
Windows XP will transition out of extended support on 8th of April 2014
Exchange 2010 SP2 will transition out of support on 8th April 2014
And as non Exchange specific item, please also note Windows 2003:
Windows Server 2003 will transition out of extended support on 14th of July 2015 ..."
:fear:
MS Security Bulletin Summary - April 2013
FYI...
- https://technet.microsoft.com/en-us/...letin/ms13-apr
April 09, 2013 - "This bulletin summary lists security bulletins released for April 2013...
(Total of -9-)
Microsoft Security Bulletin MS13-028 - Critical
Cumulative Security Update for Internet Explorer (2817183)
- https://technet.microsoft.com/en-us/...letin/ms13-028
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Microsoft Security Bulletin MS13-029 - Critical
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)
- https://technet.microsoft.com/en-us/...letin/ms13-029
Critical - Remote Code Execution - May require restart - Microsoft Windows
Microsoft Security Bulletin MS13-030 - Important
Vulnerability in SharePoint Could Allow Information Disclosure (2827663)
- https://technet.microsoft.com/en-us/...letin/ms13-030
Important - Information Disclosure - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS13-031 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170)
- https://technet.microsoft.com/en-us/...letin/ms13-031
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-032 - Important
Vulnerability in Active Directory Could Lead to Denial of Service (2830914)
- https://technet.microsoft.com/en-us/...letin/ms13-032
Important - Denial of Service - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-033 - Important
Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)
- https://technet.microsoft.com/en-us/...letin/ms13-033
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Microsoft Security Bulletin MS13-034 - Important
Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)
- http://technet.microsoft.com/en-us/s...letin/ms13-034
Important - Elevation of Privilege - Requires restart - Microsoft Security Software
Microsoft Security Bulletin MS13-035 - Important
Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)
- https://technet.microsoft.com/en-us/...letin/ms13-035
Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
Microsoft Security Bulletin MS13-036 - Important
Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)
- https://technet.microsoft.com/en-us/...letin/ms13-036
Important - Elevation of Privilege - Requires restart - Microsoft Windows
V2.0 (April 11, 2013): Added links to Microsoft Knowledge Base Article 2823324 and Microsoft Knowledge Base Article 2839011 under Known Issues. Removed Download Center links for Microsoft security update 2823324. Microsoft recommends that customers uninstall this update. See the Update FAQ for details.
MS13-036: Description of the security update for the Windows file system kernel-mode driver (ntfs.sys):
* http://support.microsoft.com/kb/2823324/en-us
Last Review: April 11, 2013 - Revision: 2.1 - See: "Known issues with this security update... Microsoft recommends that customers -uninstall- this update..."
MS13-036: Description of the security update for the Windows kernel-mode driver (win32k.sys)
- http://support.microsoft.com/default...;en-us;2808735
Last Review: April 9, 2013 - Revision: 1.0 - "Known issues with this security update: After you install this security update, certain Multiple Master fonts cannot be installed..."
___
Bulletin Deployment Priority
- https://blogs.technet.com/cfs-filesy...D00_Slide2.PNG
Severity and Exploitability Index
- https://blogs.technet.com/cfs-filesy...D00_Slide1.PNG
- http://blogs.technet.com/b/msrc/arch...edirected=true
- http://blogs.technet.com/b/srd/archi...edirected=true
9 Apr 2013 - "... nine security bulletins addressing 13 CVE’s..."
___
ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15577
Last Updated: 2013-04-09 17:59:33 UTC
___
- https://secunia.com/advisories/52874/ - MS13-028
- https://secunia.com/advisories/52911/ - MS13-029
- https://secunia.com/advisories/52914/ - MS13-030
- https://secunia.com/advisories/52916/ - MS13-031
- https://secunia.com/advisories/52917/ - MS13-032
- https://secunia.com/advisories/52919/ - MS13-033
- https://secunia.com/advisories/52921/ - MS13-034
- https://secunia.com/advisories/52928/ - MS13-035
- https://secunia.com/advisories/52930/ - MS13-036
___
MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: April 9, 2013 - Revision: 121.0
- http://www.microsoft.com/security/pc...-families.aspx
"... added in this release...
• Babonock
• Redyms
• Vesenlosow..."
- https://blogs.technet.com/b/mmpc/arc...edirected=true
Download:
- https://www.microsoft.com/download/e...ylang=en&id=16
File Name: Windows-KB890830-V4.19.exe - 18.7 MB
- https://www.microsoft.com/download/e...s.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.19.exe - 19.4 MB
.
MS Repair Disk for KB2823324
FYI...
Repair Disk for KB2823324 and KB2782476 (KB2840165)
To help customers who are experiencing difficulties restarting their systems after installation of security update 2823324
- https://www.microsoft.com/en-us/down....aspx?id=38435
4/17/2013
Thanks to Susan Bradley for posting it @ patchmanagement.org
:fear:
IEv8 vuln attacks in-the-wild
FYI...
Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/s...visory/2847140
May 03, 2013 - "Microsoft is investigating public reports of a vulnerability in IEv8. Microsoft is aware of attacks that attempt to exploit this vulnerability. Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.
This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
- https://blogs.technet.com/b/msrc/arc...edirected=true
3 May 2013 - "... impacts Internet Explorer 8... This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message..."
___
- http://arstechnica.com/security/2013...s-researchers/
May 4, 2013
- http://www.invincea.com/2013/05/part...-ie8-zero-day/
May 3, 2013 - "... driveby download exploit of IE8... to install the Poison Ivy backdoor Trojan..."
- https://www.virustotal.com/en/file/e...77fb/analysis/
File name: stub.EXE
Detection ratio: 26/46
Analysis date: 2013-05-02
- http://www.securitytracker.com/id/1028514
CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-1347
May 4 2013
Vendor Confirmed: Yes
Version(s): 8
Versions 6, 7, 9, and 10 are not affected.
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: No solution was available at the time of this entry.
The vendor's advisory is available at:
http://technet.microsoft.com/en-us/s...visory/2847140
:mad:
IEv8 FixIt available for CVE-2013-1347
FYI...
Fix it for IEv8 available
- http://support.microsoft.com/kb/2847140#FixItForMe
Last Review: May 9, 2013 - Revision: 2.0 - "... CVE-2013-1347 MSHTML Shim Workaround... To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard..." Microsoft Fix it 50992
- https://blogs.technet.com/b/msrc/arc...edirected=true
8 May 2013 - "... applying the Fix it does not require a reboot. We encourage all customers using Internet Explorer 8 to apply this Fix it to help protect their systems..."
- http://technet.microsoft.com/en-us/s...visory/2847140
• V1.1 (May 8, 2013): Added link to Microsoft Fix it solution, "CVE-2013-1347 MSHTML Shim Workaround," that prevents exploitation of this issue.
- http://www.securitytracker.com/id/1028514
"... This is currently being actively exploited in targeted attacks. Solution: ... As a workaround apply the Microsoft Fix it solution "CVE-2013-1347 MSHTML Shim Workaround" to mitigate the vulnerability..."
:fear: