Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: 2006 MS Alerts - Q2

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post 2x MS Security Advisories updated - IE

    FYI...

    Microsoft Security Advisory (917077)
    Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution
    - http://www.microsoft.com/technet/sec...ry/917077.mspx
    Updated: April 3, 2006
    "...Microsoft will be releasing a Compatibility Patch (deployed like a Hotfix), to be available the same day as the Internet Explorer April Security Update. Once deployed, the patch will temporarily return Internet Explorer to the previous functionality for handling ActiveX controls. This patch will function until the June Internet Explorer cumulative Update is released at which time the changes to the way Internet Explorer handles ActiveX controls will be permanent..."
    Revisions:
    • April 3, 2006: Advisory updated to clarify that the Compatibility Patch will be replaced in the June update cycle..."

    Microsoft Security Advisory (912945)
    Non-Security Update for Internet Explorer
    - http://www.microsoft.com/technet/sec...ry/912945.mspx
    Updated: April 3, 2006
    "...Microsoft will be releasing a Compatibility Patch. This Compatibility Patch will be available the same day as the next Internet Explorer Security Update. As soon as it is deployed, the Compatibility Patch will temporarily return Internet Explorer to the previous functionality for handling ActiveX controls. This Compatibility Patch will function until an Internet Explorer update is released as part of the June update cycle, at which time the changes to the way Internet Explorer handles ActiveX controls will be permanent..."
    Revisions:
    • April 3, 2006: Advisory updated to clarify that the Compatibility Patch will be replaced in the June update cycle..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation IEv6 Race Condition Vuln

    FYI...
    - http://secunia.com/advisories/19521/
    Release Date: 2006-04-04
    Critical: Less critical
    Impact: Spoofing
    Where: From remote
    Solution Status: Unpatched
    Software: Microsoft Internet Explorer 6.x
    Description:
    ...The vulnerability is caused due to a race condition in the loading of web content and Macromedia Flash Format files (".swf") in browser windows. This can be exploited to spoof the address bar in a browser window showing a Flash file from a malicious web site.
    NOTE: The impact of exploitation is reduced because the URL of the malicious Flash file is visible in the title of the browser window.
    The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. Other versions may also be affected.
    Solution:
    Disable Active Scripting support..."
    -------------------------------------------------
    - http://secunia.com/advisories/19521/
    Last Update: 2006-04-06
    Critical: Moderately critical ^
    Impact: Spoofing
    Where: From remote
    Solution Status: Unpatched
    Software: Microsoft Internet Explorer 6.x

    Exploit code is out!...

    Secunia has constructed a test, which can be used to check if your browser is affected by this issue:
    http://secunia.com/Internet_Explorer...rability_Test/
    The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (March edition). Other versions may also be affected...
    Solution:
    Disable Active Scripting support.
    2006-04-06: Added CVE reference. Added information about Internet Explorer 7 Beta 2 Preview being affected."
    > http://cve.mitre.org/cgi-bin/cvename...=CAN-2006-1626

    :(
    Last edited by AplusWebMaster; 2006-04-06 at 23:17. Reason: Exploit code is out!... Secunia criticality updated
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post IE createTextRange() vuln - patch release 4.11.2006

    FYI...

    - http://blogs.technet.com/msrc/archiv...06/424519.aspx
    Published Thursday, April 06, 2006 7:14 PM
    "...This coming Tuesday, the 11th, we’re planning to release five security bulletins, 4 for Windows and 1 that affects both Windows and Office. One of the Windows bulletins will be the cumulative Internet Explorer update that will address the "CreateTextRange" vulnerability..."

    MS Security Bulletin Advance Notification - April 2006
    - http://www.microsoft.com/technet/sec...n/advance.mspx
    Updated: April 6, 2006

    .
    Last edited by AplusWebMaster; 2006-04-07 at 16:15.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Internet Explorer updates - 4.11.2006

    FYI...

    - http://www.techweb.com/article/print...section=700028
    April 11, 2006
    "...What should users expect?
    --- By default, IE will now consider embedded ActiveX content as inactive. Thus on unmodified sites, ActiveX content will not run. In other words, music won't play or a Flash component won't launch.
    --- To activate an interactive ActiveX control, move the mouse over the content -- which now will be boxed -- and click on the pop-up tool tip dialog.
    --- Alternately, users can press the Tab key until the focus is set on the content's box, then press either the spacebar or Enter key to activate.
    --- Each control on each page must be manually activated in this way.
    Adobe has posted a short Flash-based demo that shows the activation process. (Ironic note: If you're using IE -after- the Tuesday update has been applied, you must active the Flash demo manually.)..."

    * http://www.macromedia.com/devnet/act...ptivate_before
    "...User Experience in the Updated Internet Explorer
    Microsoft has released updates to Internet Explorer that will change how it handles active content such as that viewed in Adobe’s Macromedia Flash Player, Authorware Player, Shockwave Player, and Adobe Reader, as well as Sun Java, Apple QuickTime, RealNetworks RealPlayer and other ActiveX controls.
    Active content that is embedded in HTML pages in certain ways will not be able to receive user input (for example, keyboard or mouse events) until the user clicks to either activate or continue loading the control. To get more information on what types of interaction are blocked before the user clicks the content, see the MSDN article, Activating ActiveX Controls. To see what users are expected to experience when they view Flash content with the new browser, watch the following demo..." (...at the Macromedia URL above)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary for April, 2006

    FYI...

    - http://www.microsoft.com/technet/sec.../ms06-apr.mspx
    Published: April 11, 2006

    ...Critical (3)

    Microsoft Security Bulletin MS06-013
    Cumulative Security Update for Internet Explorer (912812)
    - http://www.microsoft.com/technet/sec.../MS06-013.mspx
    Executive Summary: This update resolves several vulnerabilities in Internet Explorer that could allow remote code execution.
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution ...
    >>> Caveats: Microsoft Knowledge Base Article 912812 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 912812:
    - http://support.microsoft.com/kb/912812
    >>> Compatibility Patch – To help enterprise customers who need more time to prepare for the ActiveX update changes discussed in Microsoft Knowledge Base Article 912945 and included in Microsoft Security Bulletin MS06-013, Microsoft is releasing a Compatibility Patch on April 11, 2006. As soon as it is deployed, the Compatibility Patch will temporarily return Internet Explorer to the previous functionality for handling ActiveX controls. This Compatibility Patch will function until an Internet Explorer update is released as part of the June update cycle, at which time the changes to the way Internet Explorer handles ActiveX controls will be permanent. This compatibility patch may require an additional restart for systems it is deployed on. For more information, see Microsoft Knowledge Base Article 917425:
    - http://support.microsoft.com/kb/917425 ...

    Microsoft Security Bulletin MS06-014
    Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)
    - http://www.microsoft.com/technet/sec.../MS06-014.mspx
    Executive Summary: This update resolves a vulnerability in MDAC that could allow remote code execution.
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...

    Microsoft Security Bulletin MS06-015
    Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)
    - http://www.microsoft.com/technet/sec.../MS06-015.mspx
    Executive Summary: This update resolves a vulnerability in Windows Explorer that could allow remote code execution.
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...

    ...Important (1)

    Microsoft Security Bulletin MS06-016

    Cumulative Security Update for Outlook Express (911567)
    - http://www.microsoft.com/technet/sec.../MS06-016.mspx
    Executive Summary: This update resolves a vulnerability in Outlook Express that could allow an attacker to take complete control of the affected system. User interaction is required for an attacker to exploit this vulnerability.
    Maximum Severity Rating: Important
    Impact of Vulnerability: Remote Code Execution...

    ...Moderate (1)

    Microsoft Security Bulletin MS06-017

    Vulnerability in Microsoft Front Page Server Extensions Could Allow Cross Site Scripting (917627)
    - http://www.microsoft.com/technet/sec.../MS06-017.mspx
    Executive Summary: This update resolves a cross-site scripting vulnerability in FrontPage Server Extensions that could allow an attacker to run script in the context of the locally logged on user. User interaction is required for an attacker to exploit this vulnerability.
    Maximum Severity Rating: Moderate
    Impact of Vulnerability: Remote Code Execution...

    --------------------------
    Notes...
    [2] Critical security updates for these platforms (W98, W98SE, and WinME) will not be available concurrently with the other security updates provided as part of this security bulletin. They will be made available as soon as possible following the release. When these security updates are available, you will be able to download them only from the Windows Update Web site...
    Revisions:
    • V1.0 (April 11, 2006): Bulletin published...
    ====================================

    FYI... (ISC Analysis)
    - http://isc.sans.org/diary.php?compare=1&storyid=1257
    Last Updated: 2006-04-11 23:27:12 UTC
    "...Microsoft Security Bulletin Summary for April, 2006..."

    (Way too much to post here - see the ISC URL.)

    .
    Last edited by AplusWebMaster; 2006-04-13 at 00:02. Reason: Highlight "Compatibility patch" info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Junior Member
    Join Date
    Apr 2006
    Posts
    2

    Exclamation Problems in Windows Explorer or the Windows shell after you install update MS06-015

    Article ID : 918165
    Last Review : April 15, 2006
    Revision : 1.0

    SYMPTOMS
    After you install security update MS06-015 (908531) (http://www.microsoft.com/technet/sec...ms06-015.mspx), you may experience one of more of the following issues:
    • Unable to access special folders like "My Documents" or "My Pictures".
    • Microsoft Office applications may stop responding when you attempt to save or open Office files in the "My Documents" folder.
    • Office files in the "My Documents" folder are not able to open in Microsoft Office.
    • Opening a file through an application's File / Open menu causes the program to stop responding.
    • Typing an address into Internet Explorer’s address bar has no effect.
    • Right-clicking on a file and selecting Send To has no effect.
    • Clicking on the plus (+) sign beside a folder in Windows Explorer has no effect.
    • Some third-party applications stop responding when opening or saving data in the “My Documents” folder.

    CAUSE
    The MS06-015 security update package installs a new binary, VERCLSID.EXE, which validates shell extensions before they are instantiated by the Windows Shell or Windows Explorer. On some computers, VERCLSID.EXE stops responding. The following have been identified to cause VERCLSID.EXE to stop responding:
    • Hewlett-Packard's Share-to-Web software. There have been reported issues where HP software causes the VERCLSID.EXE process to stop responding. In particular, HP's Share-to-Web Namespace Daemon (Hpgs2wnd.exe) which ships with:
    • HP PhotoSmart software
    • Any HP DeskJet printer that includes a card reader
    • HP Scanners
    • Some HP CD-DVD RWs
    • HP Cameras

  7. Share-to-Web Namespace Daemon can be found in the "C:\Program Files\hewlett-packard\hp share-to-web\hpgs2wnd.exe" folder. Share-to-Web is auto-started from both the Startup menu and the Run registry key.
    • The VERCLSID.EXE process is flagged by Sunbelt Kerio Personal Firewall. Sunbelt Kerio Personal Firewall (http://www.sunbelt-software.com/Kerio.cfm) has a feature which flags any attempt by an application to launch another application for the user's approval. Kerio is flagging Explorer.exe's launch of VERCLSID.EXE. When this occurs, VERCLSID.EXE’s execution stops until the user clicks through Kerio's notification dialog. Users can configure Kerio to allow VERCLSID.EXE to execute without prompting.


    RESOLUTION
    • Hewlett-Packard's Share-to-Web software. The MS06-015 (908531) (http://www.microsoft.com/technet/sec.../ms06-015.mspx) security update includes a "white list"; VERCLSID.EXE will not scan any extension that appears on this list. Adding the HP shell extension corrects the problem. Manually edit the registry:
    1. Log on to the computer with an account with administrator privileges.
    2. Click the Start button and then click Run.
    3. Type Regedit and then click OK.
    4. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
    5. Right-click "Cached", point to New, click "DWORD Value", and then enter: {A4DF5659-0801-4A60-9607-1C48695EFDA9} {000214E6-0000-0000-C000-000000000046} 0x401
    6. Set the Data of this value to 1
    7. Close the Registry Editor.
    8. Use Task Manager to end the Verclsid.exe process or restart the computer.

    Note: If other third-party COM controls or shell extensions are determined to cause this issue, the same method must be used to add the appropriate shell extension.

    • VERCLSID.EXE process flagged by Sunbelt Kerio Personal Firewall. Kerio Personal Firewall Users can configure Kerio to allow VERCLSID.EXE to execute without prompting.

    It has not been determined if there are other third-party COM controls or shell extensions that may also cause this problem. If the steps above do not resolve your issue, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web: http://support.microsoft.com/directory/overview.asp (http://support.microsoft.com/?scid=h...2foverview.asp)

    --------------------------------------------------------------------------------

    APPLIES TO
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Small Business Server 2003 Premium Edition
    • Microsoft Windows Small Business Server 2003 Standard Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
    • Microsoft Windows Server 2003 Service Pack 1, when used with:
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003 R2 Datacenter x64 Edition
  • Microsoft Windows Server 2003 R2 Enterprise x64 Edition
  • Microsoft Windows Server 2003 R2 Standard x64 Edition
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Media Center Edition 2002
  • Microsoft Windows XP Tablet PC Edition
  • Microsoft Windows XP Media Center Edition 2005
  • Microsoft Windows XP Tablet PC Edition 2005
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft BackOffice Small Business Server 2000 Service Pack 1
  • Microsoft Windows 2000 Service Pack 4, when used with:
  • Microsoft Small Business Server 2000 Standard Edition
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Service Pack 4

  • #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Update to the MS06-015 issue

    FYI...

    - http://blogs.technet.com/msrc/default.aspx
    posted Tuesday, April 18, 2006 1:43 AM by stepto
    "Hi everyone, Mike Reavey here again. I wanted to follow up with the results of our investigation into some issues with security update MS06-015. Turns out that under certain circumstances, changes introduced in MS06-015 could cause an application to stop responding during specific interactions with older versions of Hewlett Packard’s “Share-to-web” software utility, or older NVIDIA video card drivers. In the case of the Hewlett Packard software, their new version known as “HP Image Zone Version 5” is not affected. Neither are the most recent NVIDIA graphics card drivers. So customers running these more recent versions are not affected by this issue. The current versions of the Hewlett Packard and NVIDIA software are available from the manufacturer websites.
    To give you some idea of the scope of the problem, so far out of over 120 million successful installations of the MS06-015 update, the number of calls related to this issue is currently well under a thousand. Of course, even one customer having a problem is too many and that’s why we’ve been working on investigating this and determining solutions. We are also continuing to monitor the situation to measure scope and impact.
    We’ve updated security bulletin MS06-015 to document this issue. In addition, we published knowledge base article 918165*, which details the older software this issue affects. We’ll be updating that soon to provide locations to the updated software that is unaffected by this issue. We’re working directly with the manufactures of the affected software to assist customers.
    So to be clear, customers who are running the latest NVIDIA drivers, or who are running the current version of the Hewlett Packard Image Zone software are not impacted. Customers who believe they are affected should upgrade to the latest versions of the affected software, or they can contact Microsoft Product Support Services for assistance. Contact Product Support Services in North America for help with security update issues at no charge using the PC Safety line (1-866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/security.
    Meanwhile we're still looking at the best way to assist customers who may have been impacted by this and I encourage everyone to review KB article 918165* or contact us using the number above if they think they are having the problem..."

    * http://support.microsoft.com/kb/918165/en-us

    --------------------------------------------------------

    Latest Microsoft Security Glitch Limited
    - http://www.internetnews.com/security...le.php/3599756
    April 18, 2006
    "UPDATED: Microsoft said a limited range of consumer software is to blame for its latest security update unintentionally backfiring on Office and IE users. The update was among five the company released last week. Some analysts say the software giant's solution doesn't go far enough and is courting disaster. Digital photography software from HP and a personal firewall from Sunbelt Software rejected a new file Microsoft introduced as part of a security fix for a flaw in Windows Explorer. The glitch causes Office to stop saving and opening files and prevents IE from visiting Web pages. The problems reported appear limited to consumer-oriented software, Microsoft stresses on its security blog. MS06-015 included a new file, VERCLSID.EXE, which validates shell extensions before being used by Windows Explorer or Windows Shell. A vulnerability in Windows Explorer, which Microsoft deemed "important," allowed remote attackers to convince the shell to start HTML applications, thereby gaining total system control. However, the solution seems to be creating problems for some applications.
    In explaining the glitch, Microsoft said HP's Share-to-Web software causes VERCLSID.EXE to stop responding. The software, used by HP's PhotoSmart software, HP DeskJet printers that include a card reader, HP cameras and scanners, as well as some HP CD-DVD burners, can also cause trouble for Windows Explorer and IE, according to Microsoft. Windows users may lose access to their "My Documents" and "My Pictures" folders. Office could stop opening or saving files in "My Documents". Attempting to open or save a document could cause Office to stop responding, according to Microsoft. Additionally, the problem causes typing an address into IE to have no effect. Also, users of Sunbelt's Kerio Personal Firewall will need to reconfigure that application to recognize the new Microsoft file. Without the change, the file is flagged and waits for user approval.
    To resolve the issue, Microsoft is suggesting HP users manually edit the Windows registry "white list" included with the security update. The edit will instruct VERCLSID.EXE to not scan the HP shell extension. Microsoft had no comment beyond the blog posting, according to Pete Voss, a company spokesman. HP did not return a request for comment by press time. Although the software giant gives instructions, analysts warn the process isn't for the faint of heart.
    Joe Wilcox, analyst with JupiterResearch, said a misstep could make Windows unusable. Although Microsoft says the scope of the glitch is limited to consumers, Wilcox said the type of applications –- digital imaging and security –- are more important. While a couple of applications are known today, many more could be found to be affected tomorrow, according to the analyst. "The possible interactions are immeasurable," Wilcox said. Still, Microsoft has made much of its new-found focus on security and editing the Windows registry is not enough in this case. "You have to release an updated patch," said Wilcox."

    :(
    Last edited by AplusWebMaster; 2006-04-18 at 23:03. Reason: Additional info link...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  • #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS to re-release MS06-015 patch / MS06-016 buggy...

    FYI...

    MS to re-release MS06-015 patch
    Microsoft Security Bulletin MS06-015
    Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)
    - http://www.microsoft.com/technet/sec.../ms06-015.mspx
    Updated: April 20, 2006 ...
    FAQ ...For customers who have already applied the update and are experiencing the problem related to the older Hewlett Packard Share-to-Web software, or older NVIDIA drivers prior to or including version 61.94, the revised update will be available through Windows Update and Microsoft Update. The targeted re-release will be automatically delivered to affected computers through Automatic Update if it has been enabled. The re-release will not be distributed to non-affected computers...
    • V1.2 (April 20, 2006): Bulletin revised: FAQ Section updated to include information about an upcoming re-release of the security update."

    --------------------

    Re-release available:

    Microsoft Security Bulletin MS06-015
    Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)
    - http://www.microsoft.com/technet/sec.../ms06-015.mspx
    Updated: April 25, 2006
    What updates does this release replace?
    This security update replaces several prior security updates. The security bulletin IDs and affected operating systems are listed in the following table.
    Bulletin ID ... Windows 2000... Windows XP... Windows Server 2003
    MS05-016 .....Not Replaced...... Replaced....... Replaced
    MS05-008 .....Replaced............ Replaced....... Replaced
    Does this update contain any security-related changes to functionality?
    Yes. Besides the changes that are listed in the "Vulnerability Details" section of this bulletin, this update includes the following changes in security functionality:
    • This security update introduces a new file, Verclsid.exe. Verclsid.exe is used to verify a COM object before it is instantiated by Windows Explorer.
    • This security update includes a Defense in Depth change which ensures that prompting occurs consistently in Internet zone drag and drop scenarios...
    Version: 2.0...
    • V2.0 (April 25, 2006): Bulletin revised: This bulletin has been re-released to advise customers that revised versions of the security update are available for all products listed in the “Affected Software” section. Customers who have already applied the MS06-015 update who are not experiencing the problem need take no action. For additional information, see “Why did Microsoft reissue this bulletin on April 25, 2006.” in "Frequently asked questions (FAQ) related to this security update" section..."

    -------------------------------

    MS06-016 Patch 'Erases' Outlook Express Addresses...
    - http://isc.sans.org/diary.php?storyid=1281
    Last Updated: 2006-04-21 15:55:13 UTC
    "There have been reports of problems with... MS06-016 where the Outlook Express address book disappears. In this case removal of the patch and the address book re-appears, however the other vulnerabilities the patch address come back..."

    Also: http://www.techweb.com/wire/security/186500211
    -------------------------------

    Microsoft Security Bulletin MS06-016
    Cumulative Security Update for Outlook Express (911567)
    - http://www.microsoft.com/technet/sec.../ms06-016.mspx
    • V1.2 (April 26, 2006): Bulletin revised: “Caveats” section updated due to new issues discovered with the security update. Error message when you open the Windows Address Book or you open Outlook Express after you install cumulative security update..."
    Problem resolution:
    - http://support.microsoft.com/kb/911567 -and- http://support.microsoft.com/kb/917288/

    Last edited by AplusWebMaster; 2006-04-28 at 22:37. Reason: Added MS06-016 resolution info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  • #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Another new IE 0-day exploit loose - Highly Critical

    FYI...

    - http://www.techweb.com/article/print...section=700028
    April 24, 2006
    "Microsoft's Internet Explorer, which was just patched with 10 fixes two weeks ago, suffers from yet another zero-day vulnerability that can be exploited remotely, security firm Symantec said Monday. In an alert to customers of its DeepSight threat system, Symantec cited a vulnerability first posted to the Bugtraq security mailing list* by researcher Michal Zalewski, who notes that IE is prone to memory corruption because of the way it handles malformed HTML. HTML content that contains nested tags without the corresponding closure tags, said Symantec's alert, can trigger the bug. "An attacker could exploit this issue via a malicious web page to potentially execute arbitrary code in the context of the currently logged-in user," said the advisory. "If the attack is successful, the executable content will be executed. Failed exploit attempts will likely crash the affected application"... A fully-patched version of IE 6 for Windows XP SP2 -- the most-secure production version of Microsoft's browser -- is open to the attack. ... While Zalewski has published HTML code that crashes the browser, no more-malicious exploit has yet been seen, said Symantec. Still, it warned IE users to run the browser in a non-administration user account, stay away from questionable Web sites, and disable HTML in e-mail clients, since an attack could also be launched by getting users to preview HTML-based messages. Symantec rated the new zero-day vulnerability with an overall threat score of 7.5 out of a possible 10..."
    * http://www.securityfocus.com/archive/1/431796

    ------------------------------------------------------------
    - http://secunia.com/advisories/19762/
    Release Date: 2006-04-25
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Unpatched
    Software: Microsoft Internet Explorer 6.x ...
    Solution:
    Do not visit untrusted web sites... "
    ------------------------------------------------------------

    Correction to "Security Tracker" reference:

    The "Security Tracker" post regarding this bug was one of 3 posted for IE on 4.27.2006:
    - http://securitytracker.com/archives/target/49.html

    ------------------------------------------------------------

    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-1992
    Last revised: 4/26/2006
    Source: US-CERT/NIST
    Overview
    mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via nested OBJECT tags, which trigger invalid pointer dererences including NULL dereferences.
    Impact
    CVSS Severity: 8.0 (High)
    Range: Remotely exploitable
    Authentication: Not required to exploit
    Impact Type: Provides user account access, Allows disruption of service..."

    Last edited by AplusWebMaster; 2006-05-01 at 20:52. Reason: Corrected "Security Tracker" info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  • #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation US-CERT Cyber Security Bulletin SB06-117

    FYI...(MS updates per US-CERT)

    "Summary of Security Items from April 20 through April 26, 2006
    - http://www.us-cert.gov/cas/bulletins/SB06-117.html#win6

    > Microsoft Outlook Express
    - http://www.microsoft.com/technet/sec.../ms06-016.mspx
    V1.2: Revised due to issues discovered with the security update...

    > Microsoft Windows Explorer
    - http://www.microsoft.com/technet/sec.../ms06-015.mspx
    V2.0: Revised to inform customers that revised versions of the security update are available.

    > Microsoft Internet Explorer 6.0 SP2
    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-1992
    Last revised: 4/26/2006
    Source: US-CERT/NIST
    Overview
    mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via nested OBJECT tags, which trigger invalid pointer dererences including NULL dereferences.
    Impact
    CVSS Severity: 8.0 (High)
    Range: Remotely exploitable
    Authentication: Not required to exploit
    Impact Type: Provides user account access, Allows disruption of service..."

    Last edited by AplusWebMaster; 2006-04-29 at 04:32. Reason: US-CERT URL correction...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  • Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •