Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: 2006 MS Alerts - Q1

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    Microsoft Security Advisory (912920)
    Systems that are infected with Win32/Sober.Z@mm may download and run malicious files from certain Web domains beginning on January 6, 2006
    - http://www.microsoft.com/technet/sec...ry/912920.mspx
    Published: January 3, 2006
    "Microsoft is aware of the Sober mass mailer worm variant named Win32/Sober.Z@mm. The worm tries to entice users through social engineering efforts into opening an attached file or executable in e-mail. If the recipient opens the file or executable, the worm sends itself to all the contacts that are contained in the system’s address book. Customers who are using the most recent and updated antivirus software are at a reduced risk from infection by the Win32/Sober.Z@mm worm. On systems that are infected by Win32/Sober.Z@mm, the malware is programmed to download and run malicious files from certain Web domains beginning on January 6, 2006. Beginning approximately every two weeks thereafter, the worm is set to begin downloading and running malicious files from additional sites on the same Web domains. As with all currently known variants of the Sober worm, the worm does not appear to target a security vulnerability, but rather relies on the user opening an infected attachment...
    Suggested Actions
    • Check for and remove the Sober infection.
    Use the Microsoft Windows Malicious Software Removal Tool, Safety.live.com, or Windows OneCare to search for and remove the Sober worm and its variants from infected systems.
    • Monitor outbound network connections to targeted Web sites.
    • Because the Win32/Sober.Z@mm worm may download and run malicious files from certain Web domains beginning on January 6, 2006, attempted connections to the following Web sites should be monitored for signs of an infected host on local networks.
    Targeted Web sites
    people.freenet.de
    scifi.pages.at
    home.pages.at
    free.pages.at
    home.arcor.de ..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary for January, 2006

    FYI...

    - http://www.microsoft.com/technet/sec.../ms06-jan.mspx
    Revisions:
    • V2.0 (January 10, 2006): Updated to include additional Microsoft Security Bulletins

    Microsoft Security Bulletin MS06-001
    Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
    - http://www.microsoft.com/technet/sec.../MS06-001.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution

    Microsoft Security Bulletin MS06-002
    Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)
    - http://www.microsoft.com/technet/sec.../MS06-002.mspx
    A vulnerability exists when viewing Embedded Web Fonts that could lead to remote code execution.
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...

    Microsoft Security Bulletin MS06-003
    Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)
    - http://www.microsoft.com/technet/sec.../MS06-003.mspx
    A vulnerability exists in TNEF messages that could allow remote code execution.
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...

    -------------------------------------------------

    ISC Analysis
    - http://isc.sans.org/diary.php?storyid=1032
    Last Updated: 2006-01-10 20:46:39 UTC

    .
    Last edited by AplusWebMaster; 2006-01-14 at 00:08.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Default Windows Vista security patch (already?)

    FYI...

    - http://isc.sans.org/diary.php?storyid=1045
    Last Updated: 2006-01-16 01:31:48 UTC
    "Microsoft has released a security update for the in-testing Windows Vista. The update addresses the WMF vulnerability covered earlier this month for released windows versions..."
    >>> http://tinyurl.com/dxfd2


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation -aka- "Blackworm"

    FYI...

    MS Security Advisory (904420)
    - http://www.microsoft.com/technet/sec...ry/904420.mspx
    Win32/Mywife.E@mm
    Published: January 30, 2006
    "Microsoft wants to make customers aware of the Mywife mass mailing malware variant named Win32/Mywife.E@mm. The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message. If the recipient opens the file, the malware sends itself to all the contacts that are contained in the system’s address book. The malware may also spread over writeable network shares on systems that have blank administrator passwords.
    Customers who are using the most recent and updated antivirus software could be at a reduced risk of infection from the Win32/Mywife.E@mm malware. Customers should verify this with their antivirus vendor. Antivirus vendors have assigned different names to this malware but the Common Malware Enumeration (CME) group has assigned it ID CME-24.
    On systems that are infected by Win32/Mywife@E.mm, the malware is intended to permanently corrupt a number of common document format files on the third day of every month. February 3, 2006 is the first time this malware is expected to permanently corrupt the content of specific document format files. The malware also modifies or deletes files and registry keys associated with certain computer security-related applications..."

    Also see:
    - http://forums.spybot.info/showthread...=9452#post9452

    EDIT/ADD:
    Security Advisories Updated or Released Today - 2.1.2006
    ==============================================
    * Security Advisory (904420)
    - Title: Win32/Mywife.E@mm
    - Reason For Update: Additional information about the blank password restriction functionality in Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003, and Windows Server 2003 Service Pack 1. Added link to Virus Information Alliance member Sophos.
    - Web site: http://go.microsoft.com/fwlink/?LinkId=50423

    .
    Last edited by AplusWebMaster; 2006-02-02 at 05:40. Reason: Additional info link...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory (914457)

    FYI...

    MS Security Advisory (914457)
    Possible Vulnerability in Windows Service ACLs
    - http://www.microsoft.com/technet/sec...ry/914457.mspx
    Published: February 7, 2006
    Microsoft is aware of published information and proof-of-concept code that attempts to exploit overly permissive access controls on third-party (i.e., non-Microsoft) application services. This code also attempts to exploit default services of Windows XP Service Pack 1 and Windows Server 2003. If these attempts were successful, a user who has low user privileges could gain privilege escalation.
    Microsoft has investigated these reports and the findings are summarized in the chart below. Microsoft has confirmed that customers who run Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 are not vulnerable to these issues because security-related changes were made to these service packs as part of our ongoing security improvement process. Users who run Windows XP Service Pack 1 and Windows Server 2003 Gold may be at risk, but the risk to Windows Server 2003 users is reduced.
    Users are encouraged to contact their third-party software vendors whose products require services installation to determine if any non-default Windows services are affected.
    Microsoft is not aware of any attacks attempting to use the reported vulnerabilities or of customer impact at this time. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.
    Mitigating Factors:
    • The latest Microsoft operating systems, including Windows XP Service Pack2 and Windows Server 2003 Service Pack 1 are not vulnerable to these issues.
    • A malicious user who launches an attack based on the finder’s report would require at least authenticated user access to the affected operating systems
    • Two of the four services identified in the paper (NetBT and SCardSvr) require an attacker to already be running in a privileged security context. Additionally, the two services that do allow an authenticated user to attack are vulnerable only on Windows XP Service Pack 1.
    • Firewall best practices and standard default firewall configurations can help protect from attacks that originate outside the enterprise perimeter. Best practices also recommend that personal firewalls be used within a network and that systems connected to the Internet have a minimal number of ports exposed..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory (913333)

    FYI...

    MS Security Advisory (913333)
    Vulnerability in Internet Explorer Could Allow Remote Code Execution
    - http://www.microsoft.com/technet/sec...ry/913333.mspx
    Published: February 7, 2006
    "Microsoft is investigating new public reports of a vulnerability in older versions of Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user. The attacker could do this by one or more of the following actions:
    • By hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site;
    • By convincing a user to open a specially crafted e-mail attachment;
    • By convincing a user to click on a link in an e-mail message that takes the user to a malicious Web site; or
    • By sending a specially crafted e-mail message to Outlook Express users, which they view in the preview pane.
    >>> Note This is not the same issue as the one addressed by Microsoft Security Bulletin MS06-001 (912919).
    The vulnerability exists in:
    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium.
    The vulnerability does not exist in:
    • Internet Explorer for Microsoft Windows XP Service Pack 1 and Windows XP Service Pack 2
    • Internet Explorer for Microsoft Windows XP Professional x64 Edition
    • Internet Explorer for Microsoft Windows Server 2003 and Windows Server 2003 Service Pack 1
    • Internet Explorer for Windows Server 2003 for Itanium-based Systems
    • Internet Explorer for Windows Server 2003 with Service Pack 1 for Itanium-based Systems
    • Internet Explorer for Windows Server 2003 x64 Edition
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 98 Second Edition
    • Internet Explorer 6 Service Pack 1 on Windows Millennium Edition
    Microsoft has determined that an attacker who exploits this vulnerability would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems. In an e-mail based attack, customers would have to click a link to the malicious Web site, preview a malicious e-mail message, or open an attachment that exploited the vulnerability. In both Web-based and e-mail based attacks, the code would execute in the security context of the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
    Microsoft will continue to investigate these reports and provide additional guidance depending on customer needs..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Advance Notification - February 2006

    FYI...

    - http://www.microsoft.com/technet/sec...n/advance.mspx
    Updated: February 9, 2006
    "...On 14 February 2006 Microsoft is planning to release:
    Security Updates
    • One Microsoft Security Bulletin affecting Microsoft Windows Media Player. The highest Maximum Severity rating for this is Critical. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scanning Tool.
    • Four Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. Some of these updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
    • One Microsoft Security Bulletin affecting Microsoft Windows and Microsoft Office. The highest Maximum Severity rating for these is Important. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
    • One Microsoft Security Bulletin affecting Microsoft Office. The highest Maximum Severity rating for this is Important. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.
    Microsoft Windows Malicious Software Removal Tool
    • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
    Note that this tool will NOT be distributed using Software Update Services (SUS).
    Non-security High Priority updates on MU, WU, WSUS and SUS
    • Microsoft will not release any NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
    • Microsoft will release one NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
    Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released..."

    - http://isc.sans.org/diary.php?storyid=1109
    Last Updated: 2006-02-09 23:46:02 UTC
    "...There are 7 total updates, with 5 of them being labeled as critical (1 for Windows Media Player, 4 for Windows itself). Also, they'll be releasing an update of their Malicious Software Removal Tool. Looks like it will be an eventful Black Tuesday."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary for February, 2006

    FYI...

    - http://www.microsoft.com/technet/sec.../ms06-feb.mspx
    Published: February 14, 2006
    Version: 1.0...

    Critical (2):

    Microsoft Security Bulletin MS06-004
    Cumulative Security Update for Internet Explorer (910620)
    - http://www.microsoft.com/technet/sec.../MS06-004.mspx

    Microsoft Security Bulletin MS06-005
    Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)
    - http://www.microsoft.com/technet/sec.../MS06-005.mspx

    Important (5):

    Microsoft Security Bulletin MS06-006
    Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
    - http://www.microsoft.com/technet/sec.../MS06-006.mspx

    Microsoft Security Bulletin MS06-007
    Vulnerability in TCP/IP Could Allow Denial of Service (913446)
    - http://www.microsoft.com/technet/sec.../ms06-007.mspx

    Microsoft Security Bulletin MS06-008
    Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)
    - http://www.microsoft.com/technet/sec.../ms06-008.mspx

    Microsoft Security Bulletin MS06-009
    Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)
    - http://www.microsoft.com/technet/sec.../ms06-009.mspx

    Microsoft Security Bulletin MS06-010
    Vulnerability in PowerPoint 2000 Could Allow Information Disclosure (889167)
    - http://www.microsoft.com/technet/sec.../MS06-010.mspx

    ...Revisions:
    • V1.0 (February 14, 2006): Bulletin published.

    --------------------------

    ISC Analysis:
    - http://isc.sans.org/diary.php?storyid=1120
    Happy Valentines Day and Black Tuesday
    Last Updated: 2006-02-14 23:51:14 UTC

    Problems with MS patch KB913446 (for the IGMP issue, MS06-007)
    - http://isc.sans.org/diary.php?storyid=1121
    Last Updated: 2006-02-14 19:58:30 UTC
    "A number of our readers have written in (and some of the handlers have duplicated the issue) to report that when using Microsoft Update or autoupdate the patch (KB913446) downloads, but fails to install with Error Code: 0x80242006. The version located here*, however, does not appear to have this issue. Until Microsoft fixes the former, you may want to install that one patch manually..."
    * http://www.microsoft.com/downloads/d...displaylang=en

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow MS Security Advisory (906267)

    FYI...

    Microsoft Security Advisory (906267)
    A COM Object (Msdds.dll) Could Cause Internet Explorer to Unexpectedly Exit
    - http://www.microsoft.com/technet/sec...ry/906267.mspx
    Updated: February 21, 2006
    "Microsoft has completed the investigation into a public report of a vulnerability affecting Internet Explorer. We have issued a security bulletin to address this issue*..."
    * http://www.microsoft.com/technet/sec.../MS05-052.mspx

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow Microsoft Security Advisory (914457)

    FYI...

    Microsoft Security Advisory (914457)
    Vulnerability in Windows Service ACLs
    - http://www.microsoft.com/technet/sec...ry/914457.mspx
    Updated: February 22, 2006
    "...Revisions:
    • February 7, 2006: Advisory published
    • February 7, 2006: Added line breaks to Group Policy workaround security template for Windows XP Service Pack 1
    • February 8, 2006: Added additional FAQ information for affected platforms and service start-up type properties
    • February 14, 2006: Additional services identified, Windows XP Service Pack 2 and Windows 2000 clarification
    • February 22, 2006: Added Microsoft Knowledge Base Article 914392* "

    Best practices and guidance for writers of service discretionary access control lists
    * http://support.microsoft.com/kb/914392

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •