MS Security Bulletin Summary for January, 2006
FYI...
- http://www.microsoft.com/technet/sec.../ms06-jan.mspx
Revisions:
• V2.0 (January 10, 2006): Updated to include additional Microsoft Security Bulletins
Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
- http://www.microsoft.com/technet/sec.../MS06-001.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution
Microsoft Security Bulletin MS06-002
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
- http://www.microsoft.com/technet/sec.../MS06-002.mspx
A vulnerability exists when viewing Embedded Web Fonts that could lead to remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Microsoft Security Bulletin MS06-003
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
- http://www.microsoft.com/technet/sec.../MS06-003.mspx
A vulnerability exists in TNEF messages that could allow remote code execution.
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
-------------------------------------------------
ISC Analysis
- http://isc.sans.org/diary.php?storyid=1032
Last Updated: 2006-01-10 20:46:39 UTC
.
Windows Vista security patch (already?)
FYI...
- http://isc.sans.org/diary.php?storyid=1045
Last Updated: 2006-01-16 01:31:48 UTC
"Microsoft has released a security update for the in-testing Windows Vista. The update addresses the WMF vulnerability covered earlier this month for released windows versions..."
>>> http://tinyurl.com/dxfd2
:confused: :rolleyes:
MS Security Advisory (914457)
FYI...
MS Security Advisory (914457)
Possible Vulnerability in Windows Service ACLs
- http://www.microsoft.com/technet/sec...ry/914457.mspx
Published: February 7, 2006
Microsoft is aware of published information and proof-of-concept code that attempts to exploit overly permissive access controls on third-party (i.e., non-Microsoft) application services. This code also attempts to exploit default services of Windows XP Service Pack 1 and Windows Server 2003. If these attempts were successful, a user who has low user privileges could gain privilege escalation.
Microsoft has investigated these reports and the findings are summarized in the chart below. Microsoft has confirmed that customers who run Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 are not vulnerable to these issues because security-related changes were made to these service packs as part of our ongoing security improvement process. Users who run Windows XP Service Pack 1 and Windows Server 2003 Gold may be at risk, but the risk to Windows Server 2003 users is reduced.
Users are encouraged to contact their third-party software vendors whose products require services installation to determine if any non-default Windows services are affected.
Microsoft is not aware of any attacks attempting to use the reported vulnerabilities or of customer impact at this time. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.
Mitigating Factors:
The latest Microsoft operating systems, including Windows XP Service Pack2 and Windows Server 2003 Service Pack 1 are not vulnerable to these issues.
A malicious user who launches an attack based on the finders report would require at least authenticated user access to the affected operating systems
Two of the four services identified in the paper (NetBT and SCardSvr) require an attacker to already be running in a privileged security context. Additionally, the two services that do allow an authenticated user to attack are vulnerable only on Windows XP Service Pack 1.
Firewall best practices and standard default firewall configurations can help protect from attacks that originate outside the enterprise perimeter. Best practices also recommend that personal firewalls be used within a network and that systems connected to the Internet have a minimal number of ports exposed..."
.
MS Security Advisory (913333)
FYI...
MS Security Advisory (913333)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...ry/913333.mspx
Published: February 7, 2006
"Microsoft is investigating new public reports of a vulnerability in older versions of Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user. The attacker could do this by one or more of the following actions:
By hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site;
By convincing a user to open a specially crafted e-mail attachment;
By convincing a user to click on a link in an e-mail message that takes the user to a malicious Web site; or
By sending a specially crafted e-mail message to Outlook Express users, which they view in the preview pane.
>>> Note This is not the same issue as the one addressed by Microsoft Security Bulletin MS06-001 (912919).
The vulnerability exists in:
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium.
The vulnerability does not exist in:
Internet Explorer for Microsoft Windows XP Service Pack 1 and Windows XP Service Pack 2
Internet Explorer for Microsoft Windows XP Professional x64 Edition
Internet Explorer for Microsoft Windows Server 2003 and Windows Server 2003 Service Pack 1
Internet Explorer for Windows Server 2003 for Itanium-based Systems
Internet Explorer for Windows Server 2003 with Service Pack 1 for Itanium-based Systems
Internet Explorer for Windows Server 2003 x64 Edition
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98 Second Edition
Internet Explorer 6 Service Pack 1 on Windows Millennium Edition
Microsoft has determined that an attacker who exploits this vulnerability would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems. In an e-mail based attack, customers would have to click a link to the malicious Web site, preview a malicious e-mail message, or open an attachment that exploited the vulnerability. In both Web-based and e-mail based attacks, the code would execute in the security context of the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft will continue to investigate these reports and provide additional guidance depending on customer needs..."
.
MS Security Bulletin Advance Notification - February 2006
FYI...
- http://www.microsoft.com/technet/sec...n/advance.mspx
Updated: February 9, 2006
"...On 14 February 2006 Microsoft is planning to release:
Security Updates
One Microsoft Security Bulletin affecting Microsoft Windows Media Player. The highest Maximum Severity rating for this is Critical. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scanning Tool.
Four Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. Some of these updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
One Microsoft Security Bulletin affecting Microsoft Windows and Microsoft Office. The highest Maximum Severity rating for these is Important. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
One Microsoft Security Bulletin affecting Microsoft Office. The highest Maximum Severity rating for this is Important. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
Microsoft will not release any NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
Microsoft will release one NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released..."
- http://isc.sans.org/diary.php?storyid=1109
Last Updated: 2006-02-09 23:46:02 UTC
"...There are 7 total updates, with 5 of them being labeled as critical (1 for Windows Media Player, 4 for Windows itself). Also, they'll be releasing an update of their Malicious Software Removal Tool. Looks like it will be an eventful Black Tuesday."
:buried:
MS Security Bulletin Summary for February, 2006
FYI...
- http://www.microsoft.com/technet/sec.../ms06-feb.mspx
Published: February 14, 2006
Version: 1.0...
Critical (2):
Microsoft Security Bulletin MS06-004
Cumulative Security Update for Internet Explorer (910620)
- http://www.microsoft.com/technet/sec.../MS06-004.mspx
Microsoft Security Bulletin MS06-005
Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)
- http://www.microsoft.com/technet/sec.../MS06-005.mspx
Important (5):
Microsoft Security Bulletin MS06-006
Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
- http://www.microsoft.com/technet/sec.../MS06-006.mspx
Microsoft Security Bulletin MS06-007
Vulnerability in TCP/IP Could Allow Denial of Service (913446)
- http://www.microsoft.com/technet/sec.../ms06-007.mspx
Microsoft Security Bulletin MS06-008
Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)
- http://www.microsoft.com/technet/sec.../ms06-008.mspx
Microsoft Security Bulletin MS06-009
Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)
- http://www.microsoft.com/technet/sec.../ms06-009.mspx
Microsoft Security Bulletin MS06-010
Vulnerability in PowerPoint 2000 Could Allow Information Disclosure (889167)
- http://www.microsoft.com/technet/sec.../MS06-010.mspx
...Revisions:
V1.0 (February 14, 2006): Bulletin published.
--------------------------
ISC Analysis:
- http://isc.sans.org/diary.php?storyid=1120
Happy Valentines Day and Black Tuesday
Last Updated: 2006-02-14 23:51:14 UTC
Problems with MS patch KB913446 (for the IGMP issue, MS06-007)
- http://isc.sans.org/diary.php?storyid=1121
Last Updated: 2006-02-14 19:58:30 UTC
"A number of our readers have written in (and some of the handlers have duplicated the issue) to report that when using Microsoft Update or autoupdate the patch (KB913446) downloads, but fails to install with Error Code: 0x80242006. The version located here*, however, does not appear to have this issue. Until Microsoft fixes the former, you may want to install that one patch manually..."
* http://www.microsoft.com/downloads/d...displaylang=en
.
MS Security Advisory (906267)
FYI...
Microsoft Security Advisory (906267)
A COM Object (Msdds.dll) Could Cause Internet Explorer to Unexpectedly Exit
- http://www.microsoft.com/technet/sec...ry/906267.mspx
Updated: February 21, 2006
"Microsoft has completed the investigation into a public report of a vulnerability affecting Internet Explorer. We have issued a security bulletin to address this issue*..."
* http://www.microsoft.com/technet/sec.../MS05-052.mspx
.
Microsoft Security Advisory (914457)
FYI...
Microsoft Security Advisory (914457)
Vulnerability in Windows Service ACLs
- http://www.microsoft.com/technet/sec...ry/914457.mspx
Updated: February 22, 2006
"...Revisions:
February 7, 2006: Advisory published
February 7, 2006: Added line breaks to Group Policy workaround security template for Windows XP Service Pack 1
February 8, 2006: Added additional FAQ information for affected platforms and service start-up type properties
February 14, 2006: Additional services identified, Windows XP Service Pack 2 and Windows 2000 clarification
February 22, 2006: Added Microsoft Knowledge Base Article 914392* "
Best practices and guidance for writers of service discretionary access control lists
* http://support.microsoft.com/kb/914392
.