Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: 2006 MS Alerts - Q1

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    Microsoft Security Advisory (912920)
    Systems that are infected with Win32/Sober.Z@mm may download and run malicious files from certain Web domains beginning on January 6, 2006
    - http://www.microsoft.com/technet/sec...ry/912920.mspx
    Published: January 3, 2006
    "Microsoft is aware of the Sober mass mailer worm variant named Win32/Sober.Z@mm. The worm tries to entice users through social engineering efforts into opening an attached file or executable in e-mail. If the recipient opens the file or executable, the worm sends itself to all the contacts that are contained in the system’s address book. Customers who are using the most recent and updated antivirus software are at a reduced risk from infection by the Win32/Sober.Z@mm worm. On systems that are infected by Win32/Sober.Z@mm, the malware is programmed to download and run malicious files from certain Web domains beginning on January 6, 2006. Beginning approximately every two weeks thereafter, the worm is set to begin downloading and running malicious files from additional sites on the same Web domains. As with all currently known variants of the Sober worm, the worm does not appear to target a security vulnerability, but rather relies on the user opening an infected attachment...
    Suggested Actions
    • Check for and remove the Sober infection.
    Use the Microsoft Windows Malicious Software Removal Tool, Safety.live.com, or Windows OneCare to search for and remove the Sober worm and its variants from infected systems.
    • Monitor outbound network connections to targeted Web sites.
    • Because the Win32/Sober.Z@mm worm may download and run malicious files from certain Web domains beginning on January 6, 2006, attempted connections to the following Web sites should be monitored for signs of an infected host on local networks.
    Targeted Web sites
    people.freenet.de
    scifi.pages.at
    home.pages.at
    free.pages.at
    home.arcor.de ..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary for January, 2006

    FYI...

    - http://www.microsoft.com/technet/sec.../ms06-jan.mspx
    Revisions:
    • V2.0 (January 10, 2006): Updated to include additional Microsoft Security Bulletins

    Microsoft Security Bulletin MS06-001
    Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
    - http://www.microsoft.com/technet/sec.../MS06-001.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution

    Microsoft Security Bulletin MS06-002
    Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
    - http://www.microsoft.com/technet/sec.../MS06-002.mspx
    A vulnerability exists when viewing Embedded Web Fonts that could lead to remote code execution.
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...

    Microsoft Security Bulletin MS06-003
    Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
    - http://www.microsoft.com/technet/sec.../MS06-003.mspx
    A vulnerability exists in TNEF messages that could allow remote code execution.
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...

    -------------------------------------------------

    ISC Analysis
    - http://isc.sans.org/diary.php?storyid=1032
    Last Updated: 2006-01-10 20:46:39 UTC

    .
    Last edited by AplusWebMaster; 2006-01-14 at 00:08.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Default Windows Vista security patch (already?)

    FYI...

    - http://isc.sans.org/diary.php?storyid=1045
    Last Updated: 2006-01-16 01:31:48 UTC
    "Microsoft has released a security update for the in-testing Windows Vista. The update addresses the WMF vulnerability covered earlier this month for released windows versions..."
    >>> http://tinyurl.com/dxfd2


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation -aka- "Blackworm"

    FYI...

    MS Security Advisory (904420)
    - http://www.microsoft.com/technet/sec...ry/904420.mspx
    Win32/Mywife.E@mm
    Published: January 30, 2006
    "Microsoft wants to make customers aware of the Mywife mass mailing malware variant named Win32/Mywife.E@mm. The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message. If the recipient opens the file, the malware sends itself to all the contacts that are contained in the system’s address book. The malware may also spread over writeable network shares on systems that have blank administrator passwords.
    Customers who are using the most recent and updated antivirus software could be at a reduced risk of infection from the Win32/Mywife.E@mm malware. Customers should verify this with their antivirus vendor. Antivirus vendors have assigned different names to this malware but the Common Malware Enumeration (CME) group has assigned it ID CME-24.
    On systems that are infected by Win32/Mywife@E.mm, the malware is intended to permanently corrupt a number of common document format files on the third day of every month. February 3, 2006 is the first time this malware is expected to permanently corrupt the content of specific document format files. The malware also modifies or deletes files and registry keys associated with certain computer security-related applications..."

    Also see:
    - http://forums.spybot.info/showthread...=9452#post9452

    EDIT/ADD:
    Security Advisories Updated or Released Today - 2.1.2006
    ==============================================
    * Security Advisory (904420)
    - Title: Win32/Mywife.E@mm
    - Reason For Update: Additional information about the blank password restriction functionality in Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003, and Windows Server 2003 Service Pack 1. Added link to Virus Information Alliance member Sophos.
    - Web site: http://go.microsoft.com/fwlink/?LinkId=50423

    .
    Last edited by AplusWebMaster; 2006-02-02 at 05:40. Reason: Additional info link...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory (914457)

    FYI...

    MS Security Advisory (914457)
    Possible Vulnerability in Windows Service ACLs
    - http://www.microsoft.com/technet/sec...ry/914457.mspx
    Published: February 7, 2006
    Microsoft is aware of published information and proof-of-concept code that attempts to exploit overly permissive access controls on third-party (i.e., non-Microsoft) application services. This code also attempts to exploit default services of Windows XP Service Pack 1 and Windows Server 2003. If these attempts were successful, a user who has low user privileges could gain privilege escalation.
    Microsoft has investigated these reports and the findings are summarized in the chart below. Microsoft has confirmed that customers who run Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 are not vulnerable to these issues because security-related changes were made to these service packs as part of our ongoing security improvement process. Users who run Windows XP Service Pack 1 and Windows Server 2003 Gold may be at risk, but the risk to Windows Server 2003 users is reduced.
    Users are encouraged to contact their third-party software vendors whose products require services installation to determine if any non-default Windows services are affected.
    Microsoft is not aware of any attacks attempting to use the reported vulnerabilities or of customer impact at this time. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.
    Mitigating Factors:
    • The latest Microsoft operating systems, including Windows XP Service Pack2 and Windows Server 2003 Service Pack 1 are not vulnerable to these issues.
    • A malicious user who launches an attack based on the finder’s report would require at least authenticated user access to the affected operating systems
    • Two of the four services identified in the paper (NetBT and SCardSvr) require an attacker to already be running in a privileged security context. Additionally, the two services that do allow an authenticated user to attack are vulnerable only on Windows XP Service Pack 1.
    • Firewall best practices and standard default firewall configurations can help protect from attacks that originate outside the enterprise perimeter. Best practices also recommend that personal firewalls be used within a network and that systems connected to the Internet have a minimal number of ports exposed..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory (913333)

    FYI...

    MS Security Advisory (913333)
    Vulnerability in Internet Explorer Could Allow Remote Code Execution
    - http://www.microsoft.com/technet/sec...ry/913333.mspx
    Published: February 7, 2006
    "Microsoft is investigating new public reports of a vulnerability in older versions of Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user. The attacker could do this by one or more of the following actions:
    • By hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site;
    • By convincing a user to open a specially crafted e-mail attachment;
    • By convincing a user to click on a link in an e-mail message that takes the user to a malicious Web site; or
    • By sending a specially crafted e-mail message to Outlook Express users, which they view in the preview pane.
    >>> Note This is not the same issue as the one addressed by Microsoft Security Bulletin MS06-001 (912919).
    The vulnerability exists in:
    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium.
    The vulnerability does not exist in:
    • Internet Explorer for Microsoft Windows XP Service Pack 1 and Windows XP Service Pack 2
    • Internet Explorer for Microsoft Windows XP Professional x64 Edition
    • Internet Explorer for Microsoft Windows Server 2003 and Windows Server 2003 Service Pack 1
    • Internet Explorer for Windows Server 2003 for Itanium-based Systems
    • Internet Explorer for Windows Server 2003 with Service Pack 1 for Itanium-based Systems
    • Internet Explorer for Windows Server 2003 x64 Edition
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98 Second Edition
    • Internet Explorer 6 Service Pack 1 on Windows Millennium Edition
    Microsoft has determined that an attacker who exploits this vulnerability would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems. In an e-mail based attack, customers would have to click a link to the malicious Web site, preview a malicious e-mail message, or open an attachment that exploited the vulnerability. In both Web-based and e-mail based attacks, the code would execute in the security context of the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
    Microsoft will continue to investigate these reports and provide additional guidance depending on customer needs..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Microsoft Security Advisory (914457)

    FYI...

    Microsoft Security Advisory (914457)
    Vulnerability in Windows Service ACLs
    - http://www.microsoft.com/technet/sec...ry/914457.mspx
    Updated: February 22, 2006
    "...Revisions:
    • February 7, 2006: Advisory published
    • February 7, 2006: Added line breaks to Group Policy workaround security template for Windows XP Service Pack 1
    • February 8, 2006: Added additional FAQ information for affected platforms and service start-up type properties
    • February 14, 2006: Additional services identified, Windows XP Service Pack 2 and Windows 2000 clarification
    • February 22, 2006: Added Microsoft Knowledge Base Article 914392* "

    Best practices and guidance for writers of service discretionary access control lists
    * http://support.microsoft.com/kb/914392

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Microsoft Security Advisory (912945)

    FYI...

    Microsoft Security Advisory (912945)
    Non-Security Update for Internet Explorer
    - http://www.microsoft.com/technet/sec...ry/912945.mspx
    Published: February 28, 2006
    "Microsoft is releasing a non-security update for Internet Explorer on February 28, 2006.
    For more information about this update, see Microsoft Knowledge Base Article 912945*. This update is separate from the security update released on February 14, 2006 as part of Microsoft Security Bulletin MS06-004.
    Microsoft Knowledge Base Article 912945* and the accompanying non-security update targets the following software:
    • Internet Explorer for Microsoft Windows XP Service Pack 2
    • Internet Explorer for Microsoft Windows Server 2003 Service Pack 1
    Microsoft Security Bulletin MS06-004 and the accompanying security update released on February 14, 2006 targeted the following software:
    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 ..."

    * http://support.microsoft.com/kb/912945
    Last Review : February 28, 2006
    Revision: 5.0
    INTRODUCTION
    Microsoft is releasing a software update to Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2 and for Microsoft Windows Server 2003 Service Pack 1. This update changes the way in which Internet Explorer handles some Web pages that use ActiveX controls. Examples of programs that use ActiveX controls include the following:
    - Adobe Reader
    - Apple QuickTime Player
    - Macromedia Flash
    - Microsoft Windows Media Player
    - Real Networks RealPlayer
    - Sun Java Virtual Machine
    After you install this update, you cannot interact with ActiveX controls from certain Web pages until these controls are enabled. To enable an ActiveX control, manually click the control. There are also techniques that Web developers can use to update their Web pages. For more information about these techniques, visit the following MSDN Web site:
    http://msdn.microsoft.com/ieupdate
    As part of this Internet Explorer update, Microsoft will release updates to the current versions of Windows XP and of Windows Server 2003. All client operating systems will be updated. These client operating systems include the following:
    • Windows XP Starter Edition
    • Windows XP Home Edition
    • Windows XP Professional Edition
    • Windows XP Tablet PC Edition
    • Windows XP Media Center Edition
    • Windows XP Professional for Embedded Systems
    Additionally, updates for earlier versions of Internet Explorer will be released as part of the monthly security update packages.
    MORE INFORMATION
    Known issues
    • Initial logon dialog boxes may reappear and reset to default configurations
    This issue occurs if you deploy the hotfix version of this software update on 64-bit systems, such as a 64-bit version of Microsoft Windows Server 2003 with Service Pack 1 or a x64-bit version of Windows XP with Service Pack 2. In this case, the initial logon dialog boxes may appear for applications and for Windows components. Additionally, some settings reset to default. This behavior may cause the following issues:
    • Applications ask users to opt in to privacy features.
    • Default settings for Internet Explorer favorites are reset.
    • Internet Explorer security zones are reset to default settings.
    • Internet Explorer advanced settings are reset to default settings.
    • Initial Windows Media Player dialog boxes appear.
    This is a known issue and is expected to be fixed in the next update for Windows.
    • Google Toolbar
    You may experience an access violation in the Google Toolbar when you close a window that contains an inactive ActiveX control. Microsoft and Google technical teams have been working together to address this issue. Google is expected to fix this problem by using its automatic "servicing mechanism" for Google Toolbar users. This problem affects Google Toolbar versions before version 3.0.129.2. Visit the following Google Web site to download the latest version:
    http://toolbar.google.com
    • External script technique does not work when the "Disable Script Debugging in Internet Explorer" check box is cleared
    Microsoft is investigating this problem and plans to fix it in a future cumulative update.
    • ActiveX controls that use Java Platform, Standard Edition 1.3 or 1.4
    After you click on an ActiveX applet control in a program that runs the applet control by using Java Platform, Standard Edition (J2SE) 1.3 or J2SE 1.4, the focus does not go to the applet control. You must click the control a second time to establish focus. The focus behavior works correctly in J2SE 1.5. To obtain the latest version of J2SE, visit the following Sun Microsystems, Inc. Web site:
    http://java.sun.com/j2se
    For recommended techniques to make sure that ActiveX controls function without user interaction, visit the following MSDN Web site:
    http://msdn.microsoft.com/ieupdate
    The following issues occur on Web sites that do not use the recommended techniques.
    Note: All these issues are resolved by using the techniques that are described on the MSDN Web site.
    • Scrolling
    When you use the mouse wheel to scroll through a page that contains an interactive control, the control may not be displayed correctly. Microsoft is investigating this issue and plans to fix it in a future cumulative update.
    • Abstract Window Toolkit
    Access violations have been reported with Java programs that use Abstract Window Toolkit (AWT) classes in the user interface. Microsoft is investigating this issue and plans to fix it in a future cumulative update.
    • Transparent Flash
    A full-page ad disappears, but the focus rectangle remains. In this situation, the control is still there, but it is transparent. Therefore, the associated overlay window remains on the page.
    • DHTML menus
    When a DHTML menu is expanded, the menu may appear on top of an ActiveX control. If you click the menu in this situation, you enable the control instead of gaining access to the DHTML menu. The overlay window has the highest z-order. Therefore, this window receives the mouse-click message.
    • Controls that prompt before they are loaded
    When certain controls are loaded on a Web page, the controls are not correctly masked by the functionality of this update. These controls include controls that are used in Macromedia Shockwave Director, in QuickTime Player, and in Virtools Web Player. When Windows determines that a control is inactive, the system prompts the user before the control is loaded.
    • CSS attributes on controls
    Controls that are hidden or that have a display-mode setting of None, but that do have size dimensions, display the focus rectangle when you move the pointer over them.
    The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products..."

    ---------------------------------------

    (Verrryyy interesting - a "Non-Security Update for IE" issued under an MS "Security Advisory"... only in America.)

    ---------------------------------------------

    EDIT/ADD:
    Microsoft updates IE after patent spat
    - http://news.com.com/2102-1032_3-6044...=st.util.print
    Story last modified Tue Feb 28 17:38:18 PST 2006
    "... Microsoft is modifying IE to shield itself from liability in a long-running patent dispute with Eolas Technologies and the University of California. Microsoft expects a second trial in the case to start sometime this year after a federal appeals court last March partially reversed a lower-court decision that exposed it to more than $500 million in damages. In September, the U.S. Patent Office upheld the validity of the patent at issue in the case. Microsoft is delivering the IE update in phases. The company last December said it would make the tweaks and a month later made the update available on MSDN, its Web site for developers. The update is now available to the general public as an optional download via Windows Update and Microsoft's Download Center Web site. "Microsoft expects the vast majority of existing IE customers will download the update as part of ongoing security updates in the next four to six months," the Microsoft representative said. The update is available for IE 6 on Windows XP with Service Pack 2 and Windows Server 2003 with SP 1, the Microsoft representative said."

    .
    Last edited by AplusWebMaster; 2006-03-01 at 15:35. Reason: ... Additional info.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow MS Security Bulletin Advance Notification - March 2006

    FYI... http://www.microsoft.com/technet/sec...n/advance.mspx
    Updated: March 9, 2006
    "...On 14 March 2006 Microsoft is planning to release:
    Security Updates
    • One Microsoft Security Bulletin affecting Microsoft Office. The highest Maximum Severity rating for this is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scanning Tool.
    • One Microsoft Security Bulletin affecting Microsoft Windows. The highest Maximum Severity rating for this is Important. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
    Microsoft Windows Malicious Software Removal Tool
    • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
    Note that this tool will NOT be distributed using Software Update Services (SUS).
    Non-security High Priority updates on MU, WU, WSUS and SUS
    • Microsoft will not release any NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
    • Microsoft will release one NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

    Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released..."
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary for March, 2006

    FYI...

    - http://www.microsoft.com/technet/sec.../ms06-mar.mspx
    Published: March 14, 2006
    Version: 1.0 ...

    Critical (1)
    Microsoft Security Bulletin MS06-012
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
    - http://www.microsoft.com/technet/sec.../MS06-012.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    (Critically) Office Affected Software:
    Word 2000, Excel 2000, Outlook 2000, PowerPoint 2000, Office 2000 MultiLanguage Packs, Works Suite 2000, Works Suite 2001, Works Suite 2002

    Important (1)
    Microsoft Security Bulletin MS06-011
    Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)
    - http://www.microsoft.com/technet/sec.../ms06-011.mspx
    Maximum Severity Rating: Important
    Impact of Vulnerability: Elevation of Privilege...
    Affected Software:
    • Microsoft Windows XP Service Pack 1
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems
    Non-Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition ...

    Disclaimer:
    The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

    Revisions:
    • V1.0 (March 14, 2006): Bulletin published...

    --------------------------------------------

    ISC Analysis
    - http://isc.sans.org/diary.php?storyid=1190
    Last Updated: 2006-03-14 19:09:39 UTC
    "...
    MS06-012: Critical Vulnerability in Microsoft Office, KB905413
    This update fixes a number of different Excel vulnerabilities, and a "Malformed Routing Slip" vulnerability which affects muliple Office components. All the vulnerabilities come down to the same issue: If you open a malformed file, an attacker could get control of the system as the user opening the file. If you use Microsoft Office, you should apply this patch quickly.

    MS06-011: Priviledge Escalation in Windows (Important)
    It may be possible for a regular user to obtain the privileges assigned to a service. A lower privileged user could change the configuration for a service in order to have it execute code or modify the system in other ways, once the service is running at the higher privilege (e.g. 'system').
    This vulnerability has been disclosed for a while now. It is important to note that a "service" is not just a "server". Services typically have to run at a higher privilege level as they require access to files across multiple users, and access to system resources..."

    .
    Last edited by AplusWebMaster; 2006-03-14 at 21:52. Reason: Additional info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •