2006 MS Alerts - Q2

[AplusWebMaster]

FYI...

- http://www.techweb.com/article/print...section=700028
May 10, 2006
"...Problems with the MS06-020 update -- the one tagged as "critical" that patched flawed Flash Players -- drove many to mark complaints on the Windows Update newsgroup. Threads with titles such as "Security Update for Flash Player," and "Flash Player" contain a slew of grievances, most of them remarking about repeated failures of the patch to install. Microsoft is aware of the problem, which it dubbed a "known issue" in a support document* posted Wednesday. The document offers a workaround that requires users to delete a pair of Flash-related files, then manually download and install the Player update. The problem, Microsoft said, involves a PC's specific history with Flash. If, for instance, a user had installed Flash Player 7 or 8 on a machine that previously had version 6, then later uninstalled version 7 or 8, Windows Update will repeatedly offer the update, and display the error "The version of Macromedia Flash you have installed does not match the update you are trying to install." ...Buried in the FAQ section of MS06-020 is a paragraph that spells it out for Windows 98 and Millennium users... Even some users who followed the rules, however, were nonplussed. "I had already gotten [updated Flash Player version] 8.0.r24 from [Adobe's] site a while ago, but Windows Update still tried to patch me up," wrote Kevin Hobbs in an e-mail to TechWeb. "Go figure..."

* http://support.microsoft.com/default.aspx/kb/913433?

:(

[AplusWebMaster]

FYI...

Microsoft Security Advisory (919637)
Vulnerability in Word Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...ry/919637.mspx
Published: May 22, 2006
"Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word XP and Microsoft Word 2003. In order for this attack to be carried out, a user must first open a malicious Word document attached to an e-mail or otherwise provided to them by an attacker. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.
Microsoft is completing development of a security update for Microsoft Word that addresses this vulnerability. The security update is now being finalized through testing to ensure quality and application compatibility and is on schedule to be released as part of the June security updates on June 13, 2006, or sooner as warranted.
Microsoft is concerned that this new report of a vulnerability in Word was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed..."
-----------------------------------------------
Update on Word 0-Day Issue
- http://isc.sans.org/diary.php?storyid=1351
Last Updated: 2006-05-23 03:25:51 UTC
"Microsoft and Eeye have each released advisories related to the issue this evening.
Microsoft's security advisory can be found here: http://www.microsoft.com/technet/sec...ry/919637.mspx
Eeye's advisory can be found here: http://www.eeye.com/html/resources/n...amunbmvambckmn

The information about vulnerable exploits differs a little between the two advisories. Microsoft says the vulnerability only affects Word 2002/XP and Word 2003 and that Word 2000 is not vulnerable. The Microsoft advisory contains information on workarounds including not using Word as the default mail editor in Outlook and running Word in 'Safe Mode' to disable the functionality that is affected by the vulnerability and exploit.
Eeye says that the vulnerability affects Word 2000 as well. The Eeye advisory mentions that they believe there are two variants of this exploit. Thus, it may be that the first variant only affects Word 2002/XP and 2003 and the second variant affects all three versions."

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec...n/advance.mspx
Updated: June 8, 2006
"On 13 June 2006 Microsoft is planning to release:

Security Updates
• Nine Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.
Note that, as discussed in Microsoft Security Bulletin MS06-013, with the release of one of these bulletins, support for the compatibility patch discussed in Microsoft Knowledge Base Article 917425 will cease.
This means that all users who apply this security update will receive the ActiveX update discussed in Microsoft Knowledge Base Article 912945 regardless of whether or not they have applied the compatibility patch discussed in Microsoft Knowledge Base Article 917425.
Administrators are encouraged to review the following articles prior to release and take appropriate steps for their environment:
• Microsoft Security Advisory 912945 – Non-Security Update for Internet Explorer
• Microsoft Knowledge Base Article 912945
• Microsoft Knowledge Base Article 917425
• Information for Developers about Internet Explorer
• One Microsoft Security Bulletin affecting Microsoft Exchange. The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
Note that this update will include the functionality change discussed in Microsoft Knowledge Base Article 912918. Administrators are urged to review this Knowledge Base article prior to release and take steps appropriate for their environment.
• Two Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

Microsoft Windows Malicious Software Removal Tool
• Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS
• Microsoft will release 1 NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
• Microsoft will release two NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released..."

--------------------------------------------------------------
Additional info w/links:

- http://blogs.technet.com/msrc/archiv...08/434186.aspx

[AplusWebMaster]

FYI...

- http://www.eweek.com/article2/0,1759...129TX1K0000614
June 8, 2006
"Malicious hackers are actively exploiting a flaw patched by Microsoft in its April batch of bulletins to hijack computers for use in botnets, according to a warning from malware hunters. Researchers at Exploit Prevention Labs, an Atlanta-based Internet security outfit, said several bot-seeding scripts are targeting the MDAC (Microsoft Data Access Components) flaw covered in the software maker's MS06-014* bulletin. ... the MDAC exploits present a serious threat to corporate Windows users who have not yet deployed the patch. "Some businesses take a long time to completely install all patches. In some cases, they are six months behind"... Windows users using Automatic Updates to apply patches should be safe, but because it's a Web-based exploit, enterprise IT departments should avoid depending entirely on firewalls for protection..."

* http://www.microsoft.com/technet/sec.../MS06-014.mspx