Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: 2006 MS Alerts - Q2

  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary for May, 2006

    FYI...

    - http://www.microsoft.com/technet/sec.../ms06-may.mspx
    Published: May 9, 2006
    Version: 1.0

    Critical (2)

    Microsoft Security Bulletin MS06-019
    Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803)
    - http://www.microsoft.com/technet/sec.../ms06-019.mspx
    ...Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical...
    Affected Software:
    • Microsoft Exchange Server 2000 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004(870540)
    • Microsoft Exchange Server 2003 Service Pack 1
    • Microsoft Exchange Server 2003 Service Pack 2...

    Microsoft Security Bulletin MS06-020
    Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)
    - http://www.microsoft.com/technet/sec.../ms06-020.mspx
    ...Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical...
    Affected Software:
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)...


    Moderate (1)

    Microsoft Security Bulletin MS06-018
    Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)
    - http://www.microsoft.com/technet/sec.../ms06-018.mspx
    Impact of Vulnerability: Denial of Service
    Maximum Severity Rating: Moderate...
    Affected Software:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2003 for Itanium-based Systems...

    Revisions:
    • V1.0 (May 9, 2006): Bulletin published..."

    -----------------------------------------
    ISC Analysis:

    MS06-019 (Critical)
    - http://isc.sans.org/diary.php?storyid=1322
    Last Updated: 2006-05-09 18:32:46 UTC
    "...Exchange admins you will have your hands full, especially if you are running your own RIM/Blackberry Enterprise Server. Please read the earlier entry*... for details on the "gotcha" there. This vulnerability allows for remote code execution and is critical that it be patched.
    * http://www.isc.sans.org/diary.php?storyid=1320

    MS06-020 (Critical)
    - http://isc.sans.org/diary.php?storyid=1323
    Last Updated: 2006-05-09 18:05:03 UTC
    "...This bulletin addresses flaws in older versions of Adobe's flash player. Both have been fixed for a while by Adobe. In case you haven't yet, this is your last chance to update the Adobe Flash player. MS06-020 patched this vulnerability as well. However, it only patched Flash Player 7 (or 8 ). If a user had initially Flashplayer 6 installed, MS06-020 was not applied. As a result, a user may have installed 7 or 8 later, and ended up vulnerable as a result. See the KB article above for details ( http://support.microsoft.com/kb/913433 ). The "safe" version is 8.0.24.0 (this is currently the most recent version)... This patch should be applied fast on all desktops. You may be able to wait a bit on servers, or you could just uninstall the flash player on servers (if you never use them to browse)..."

    MS06-018 (Moderate)
    - http://isc.sans.org/diary.php?storyid=1321
    Last Updated: 2006-05-09 18:32:27 UTC
    "...This update patches two vulnerabilities in MSDTC (CVE-2006-0034,CVE-2006-1184). Both represent a denial of service in MSDTC which can be exploited locally or remotely with malformed messages. This vulnerability is listed as moderate for Windows 2000 versus Low for XP and 2003 because MSDTC is enabled by default on that platform. The severity is the same on the other platforms when the service is running..."

    Last edited by AplusWebMaster; 2006-05-09 at 21:50. Reason: Added ISC Analysis...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #12
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS06-020 update - "flash player cannot be updated"

    FYI...

    - http://www.techweb.com/article/print...section=700028
    May 10, 2006
    "...Problems with the MS06-020 update -- the one tagged as "critical" that patched flawed Flash Players -- drove many to mark complaints on the Windows Update newsgroup. Threads with titles such as "Security Update for Flash Player," and "Flash Player" contain a slew of grievances, most of them remarking about repeated failures of the patch to install. Microsoft is aware of the problem, which it dubbed a "known issue" in a support document* posted Wednesday. The document offers a workaround that requires users to delete a pair of Flash-related files, then manually download and install the Player update. The problem, Microsoft said, involves a PC's specific history with Flash. If, for instance, a user had installed Flash Player 7 or 8 on a machine that previously had version 6, then later uninstalled version 7 or 8, Windows Update will repeatedly offer the update, and display the error "The version of Macromedia Flash you have installed does not match the update you are trying to install." ...Buried in the FAQ section of MS06-020 is a paragraph that spells it out for Windows 98 and Millennium users... Even some users who followed the rules, however, were nonplussed. "I had already gotten [updated Flash Player version] 8.0.r24 from [Adobe's] site a while ago, but Windows Update still tried to patch me up," wrote Kevin Hobbs in an e-mail to TechWeb. "Go figure..."

    * http://support.microsoft.com/default.aspx/kb/913433?

    :(
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #13
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Microsoft Security Advisory (919637) - Word Vuln

    FYI...

    Microsoft Security Advisory (919637)
    Vulnerability in Word Could Allow Remote Code Execution
    - http://www.microsoft.com/technet/sec...ry/919637.mspx
    Published: May 22, 2006
    "Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word XP and Microsoft Word 2003. In order for this attack to be carried out, a user must first open a malicious Word document attached to an e-mail or otherwise provided to them by an attacker. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.
    Microsoft is completing development of a security update for Microsoft Word that addresses this vulnerability. The security update is now being finalized through testing to ensure quality and application compatibility and is on schedule to be released as part of the June security updates on June 13, 2006, or sooner as warranted.
    Microsoft is concerned that this new report of a vulnerability in Word was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed..."
    -----------------------------------------------
    Update on Word 0-Day Issue
    - http://isc.sans.org/diary.php?storyid=1351
    Last Updated: 2006-05-23 03:25:51 UTC
    "Microsoft and Eeye have each released advisories related to the issue this evening.
    Microsoft's security advisory can be found here: http://www.microsoft.com/technet/sec...ry/919637.mspx
    Eeye's advisory can be found here: http://www.eeye.com/html/resources/n...amunbmvambckmn

    The information about vulnerable exploits differs a little between the two advisories. Microsoft says the vulnerability only affects Word 2002/XP and Word 2003 and that Word 2000 is not vulnerable. The Microsoft advisory contains information on workarounds including not using Word as the default mail editor in Outlook and running Word in 'Safe Mode' to disable the functionality that is affected by the vulnerability and exploit.
    Eeye says that the vulnerability affects Word 2000 as well. The Eeye advisory mentions that they believe there are two variants of this exploit. Thus, it may be that the first variant only affects Word 2002/XP and 2003 and the second variant affects all three versions."

    Last edited by AplusWebMaster; 2006-05-23 at 13:43. Reason: Added ISC info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #14
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow MS Security Bulletin Advance Notification - June 2006

    FYI...

    - http://www.microsoft.com/technet/sec...n/advance.mspx
    Updated: June 8, 2006
    "On 13 June 2006 Microsoft is planning to release:

    Security Updates
    • Nine Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.
    Note that, as discussed in Microsoft Security Bulletin MS06-013, with the release of one of these bulletins, support for the compatibility patch discussed in Microsoft Knowledge Base Article 917425 will cease.
    This means that all users who apply this security update will receive the ActiveX update discussed in Microsoft Knowledge Base Article 912945 regardless of whether or not they have applied the compatibility patch discussed in Microsoft Knowledge Base Article 917425.
    Administrators are encouraged to review the following articles prior to release and take appropriate steps for their environment:
    • Microsoft Security Advisory 912945 – Non-Security Update for Internet Explorer
    • Microsoft Knowledge Base Article 912945
    • Microsoft Knowledge Base Article 917425
    • Information for Developers about Internet Explorer
    • One Microsoft Security Bulletin affecting Microsoft Exchange. The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
    Note that this update will include the functionality change discussed in Microsoft Knowledge Base Article 912918. Administrators are urged to review this Knowledge Base article prior to release and take steps appropriate for their environment.
    • Two Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

    Microsoft Windows Malicious Software Removal Tool
    • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
    Note that this tool will NOT be distributed using Software Update Services (SUS).

    Non-security High Priority updates on MU, WU, WSUS and SUS
    • Microsoft will release 1 NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
    • Microsoft will release two NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

    Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released..."

    --------------------------------------------------------------
    Additional info w/links:

    - http://blogs.technet.com/msrc/archiv...08/434186.aspx

    Last edited by AplusWebMaster; 2006-06-09 at 03:36. Reason: Additional Technet blog info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #15
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS06-014 exploit on the Web

    FYI...

    - http://www.eweek.com/article2/0,1759...129TX1K0000614
    June 8, 2006
    "Malicious hackers are actively exploiting a flaw patched by Microsoft in its April batch of bulletins to hijack computers for use in botnets, according to a warning from malware hunters. Researchers at Exploit Prevention Labs, an Atlanta-based Internet security outfit, said several bot-seeding scripts are targeting the MDAC (Microsoft Data Access Components) flaw covered in the software maker's MS06-014* bulletin. ... the MDAC exploits present a serious threat to corporate Windows users who have not yet deployed the patch. "Some businesses take a long time to completely install all patches. In some cases, they are six months behind"... Windows users using Automatic Updates to apply patches should be safe, but because it's a Web-based exploit, enterprise IT departments should avoid depending entirely on firewalls for protection..."

    * http://www.microsoft.com/technet/sec.../MS06-014.mspx

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #16
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow MS Security Bulletin Summary - June, 2006

    FYI...

    - http://www.microsoft.com/technet/sec.../ms06-jun.mspx
    "Published: June 13, 2006
    Version: 1.0...
    --------------------
    Critical ( 8 )
    --------------------

    Microsoft Security Bulletin MS06-021
    Cumulative Security Update for Internet Explorer (916281)
    - http://www.microsoft.com/technet/sec.../MS06-021.mspx
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical
    Caveats:
    • Microsoft Knowledge Base Article 916281 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 916281.
    • Microsoft is releasing an additional security update included with Microsoft Security Bulletin MS06-023: Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344). We recommend that you install both security updates at the same time as an update in Microsoft Security Bulletin MS06-021: Cumulative Security Update for Internet Explorer (916281) could expose the JScript vulnerability or cause application compatibility issues.
    • This security update also replaces the cumulative update for Internet Explorer that was released on February 28, 2006. For more information about this update, see Microsoft Knowledge Base Article 912945.
    • This security update also replaces the compatibility patch released on April 11, 2006. That compatibility patch temporarily returned Internet Explorer to the previous functionality for handling ActiveX controls, to help enterprise customers who needed more time to prepare for the ActiveX update changes discussed in Microsoft Knowledge Base Article 912945. This security update replaces that compatibility patch, and makes the changes in Microsoft Knowledge Base Article 912945 permanent. For more information about these changes, see Microsoft Knowledge Base Article 912945 and the product documentation...

    Microsoft Security Bulletin MS06-022
    Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)
    - http://www.microsoft.com/technet/sec.../MS06-022.mspx
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical...

    Microsoft Security Bulletin MS06-023
    Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)
    - http://www.microsoft.com/technet/sec.../MS06-023.mspx
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical...

    Microsoft Security Bulletin MS06-024
    Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)
    - http://www.microsoft.com/technet/sec.../MS06-024.mspx
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical...

    Microsoft Security Bulletin MS06-025
    Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)
    - http://www.microsoft.com/technet/sec.../MS06-025.mspx
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical...

    Microsoft Security Bulletin MS06-026
    Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)
    - http://www.microsoft.com/technet/sec.../MS06-026.mspx
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical...

    Microsoft Security Bulletin MS06-027
    Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)
    - http://www.microsoft.com/technet/sec.../MS06-027.mspx
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical...

    Microsoft Security Bulletin MS06-028
    Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)
    - http://www.microsoft.com/technet/sec.../MS06-028.mspx
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical...

    --------------------
    Important (3)
    --------------------

    Microsoft Security Bulletin MS06-029
    Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)
    - http://www.microsoft.com/technet/sec.../MS06-029.mspx
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Important...

    Microsoft Security Bulletin MS06-030
    Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
    - http://www.microsoft.com/technet/sec.../MS06-030.mspx
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Important...

    Microsoft Security Bulletin MS06-032
    Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)
    - http://www.microsoft.com/technet/sec.../MS06-032.mspx
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Important...

    --------------------
    Moderate (1)
    --------------------

    Microsoft Security Bulletin MS06-031
    Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)
    - http://www.microsoft.com/technet/sec.../MS06-031.mspx
    Impact of Vulnerability: Spoofing
    Maximum Severity Rating: Moderate...

    --------------------
    ...Revisions:
    • V1.0 (June 13, 2006): Bulletin published..."
    =====================================

    ISC Analysis:

    - http://isc.sans.org/diary.php?storyid=1404
    Last Updated: 2006-06-13 20:48:25 UTC
    "...
    * MS06-021 Cumulative patch for Internet Explorer - Critical
    - http://isc.sans.org/diary.php?storyid=1400
    * MS06-022 ART image library buffer overflow - Critical
    - http://isc.sans.org/diary.php?storyid=1401
    * MS06-023 Microsoft JScript memory corruption - Critical
    - http://isc.sans.org/diary.php?storyid=1402
    * MS06-024 Windows media player - Critical
    - http://isc.sans.org/diary.php?storyid=1406
    * MS05-025 RRAS - Critical
    - https://isc.sans.org/diary.php?storyid=1409
    * MS06-026 Graphics rendering engine remote code execution - Critical
    - http://isc.sans.org/diary.php?storyid=1403
    (** This vulnerability ONLY applies to Windows 98, 98SE, and ME... Windows 2000, XP and beyond are not vulnerable **)

    * MS06-027 Word remote code execution - Critical
    - http://isc.sans.org/diary.php?storyid=1405
    * MS06-028 Powerpoint remote code execution -Critical
    - http://isc.sans.org/diary.php?storyid=1407
    * MS06-029 Exchange - Important
    - http://isc.sans.org/diary.php?storyid=1414
    * MS06-030 SMB privilege escalation - Important
    - http://isc.sans.org/diary.php?storyid=1412
    * MS06-031 RPC mutual authentication spoofing - Moderate
    - http://isc.sans.org/diary.php?storyid=1413
    * MS06-032 IP source routing allows remote code execution - Important
    - http://isc.sans.org/diary.php?storyid=1410

    ...also re-released one: * MS06-011
    - http://isc.sans.org/diary.php?storyid=1408 ..."

    .
    Last edited by AplusWebMaster; 2006-06-14 at 01:16. Reason: Added ISC Analysis...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #17
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Exploits already out for 6.13.06 MS Patches

    FYI...

    - http://isc.sans.org/diary.php?storyid=1415
    Last Updated: 2006-06-14 11:31:15 UTC
    "After yesterday's patchday, we start to receive a number of reports about newly released exploits for vulnerabilities announced on Tuesday. Here a quick lists of what we have seen so far:

    MS06-024: Windows Media Player.
    Exploit released by penetration testing vendor to customers.

    MS06-025: RRAS
    Exploit released by penetration testing vendor to customers.

    MS06-027: Word remote code execution
    Exploit available -before- release of patch.

    MS06-030: SMB Priviledge Escalation.
    Two exploits released to the public.

    MS06-032: IP Source Routing Exploit.
    DoS exploits released privately (trivial exploit) ..."
    ==========================================

    - http://www.techweb.com/article/print...section=700028
    June 14, 2006 (5:41 PM EDT)
    "Although security experts said Tuesday that the previous day's patching of 21 Microsoft vulnerabilities shouldn't present users with any major threats, closer examination of the updates a day later indicates different. Exploits or proof-of-concept code samples are already available for more than a third of the patched bugs... VeriSign iDefense also noted that almost 20 percent (4 out of 21) of the patches fixed bugs that had previously been disclosed in public forums. Two of the four went public in May and one in April, but the fourth harks back to December 2005..."

    Last edited by AplusWebMaster; 2006-06-15 at 15:23. Reason: Additional reference info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #18
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Potential Patch Problem with MS06-025

    FYI...

    - http://isc.sans.org/diary.php?compare=1&storyid=1423
    Last Updated: 2006-06-17 20:55:03 UTC
    "...UPDATE: We received an email from one of our readers today indicating that the MS06-025 update is causing problems with the iPassConnect program. I would recommend if you are using the iPassConnect program then test with the update before rolling the update out."

    - http://blogs.technet.com/msrc/archiv...17/436882.aspx

    - http://support.microsoft.com/kb/911280
    Last Review: June 17, 2006
    Revision: 1.1 ...
    "Known Issues
    • An issue has been confirmed involving dial-up connections which use the terminal window or dial-up scripting. Dial-up terminal windows or scripting is an older technology rarely used by most modern dial-up connections. If dial-up scripting is used in a connection, the connection may stop responding. This does not affect any dial-up connections that do not use dial-up scripting. This issue may affect direct dial connections to a corporate or university network or to some ISPs (Internet Service Providers). Microsoft is working on developing and testing a revision to this update which will address this issue. If you need to use these dial-up scripting or terminal window features do not install security update MS06-025 (KB911280) until the revised version is available. More information on dial-up scripting can be found at http://www.microsoft.com/technet/arc...ork/xns10.mspx . Virtual private network (VPN) connections are not affected by this issue; dial-up scripting is not supported in VPN scenarios..."
    ========================================

    EDIT/ADD:
    - http://www.microsoft.com/technet/sec.../ms06-025.mspx
    "V1.1 (June 19, 2006): FAQ and Vulnerability Details sections updated to provide clarification on affected RASMAN component. Caveats section updated to include known issues.
    V1.2 (June 21, 2006): Bulletin updated to provide additional differentiation between RRAS, RAS, and RASMAN components."

    - http://support.microsoft.com/kb/911280
    Last Review: June 20, 2006
    Revision: 3.0
    "...If you must use dial-up scripting or terminal window features, do not install security update 911280 (MS06-025) until the revised version is available*..."

    *(Currently still -un-available.)

    Last edited by AplusWebMaster; 2006-06-22 at 21:27. Reason: Updated info from MS...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #19
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Microsoft Security Advisory (921365) - Excel vuln

    FYI...

    Microsoft Security Advisory (921365)
    Vulnerability in Excel Could Allow Remote Code Execution
    - http://www.microsoft.com/technet/sec...ry/921365.mspx
    Published: June 19, 2006
    "Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Excel 2003, Excel Viewer 2003, Excel 2002, Excel 2000, Microsoft Excel 2004 for Mac, and Microsoft Excel v. X for Mac. In order for this attack to be carried out, a user must first open a malicious Excel file attached to an e-mail or otherwise provided to them by an attacker. Opening the Excel document out of email will prompt the user to be careful about opening the attachment. As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live Safety Center today for up-to-date removal of malicious software that attempts to exploit this vulnerability. Microsoft is also actively sharing information with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks...
    Mitigating Factors for Microsoft Excel Remote Code Execution Vulnerability:
    • An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
    • On Excel 2002 and Excel 2003, the vulnerability could not be exploited automatically through e-mail. For an attack to be successful a user must accept a prompt confirming that they Open, Save or Cancel the attachment that is sent in an e-mail message before the exploit could occur.
    • This vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
    Note: Excel 2000 does not prompt the user to Open, Save, or Cancel before opening a document..."
    =====================================

    EDIT/ADD:
    MS Office Long Link Buffer Overflow Vuln
    - http://secunia.com/advisories/20748/
    Release Date: 2006-06-20
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Unpatched
    Software:
    Microsoft Excel 2000, Microsoft Excel 2002, Microsoft Excel 2003, Microsoft Excel Viewer 2003, Microsoft Office 2000, Microsoft Office 2003 Professional Edition, Microsoft Office 2003 Small Business Edition, Microsoft Office 2003 Standard Edition, Microsoft Office 2003 Student and Teacher Edition, Microsoft Office XP ...
    ...The vulnerability is caused due to a boundary error in hlink.dll within the handling of Hyperlinks in e.g. Excel documents. This can be exploited to cause a stack-based buffer overflow by tricking a user into clicking a specially crafted Hyperlink in a malicious Excel document. Successful exploitation allows execution of arbitrary code. The vulnerability has been confirmed in Microsoft Excel 2003 SP2 (fully updated). Other versions and Office products may also be affected.
    NOTE: Secunia is currently not aware of this vulnerability being actively exploited and working exploit code is not currently publicly available. However, the vulnerability is quite simple to exploit and it is therefore likely that exploit code is published soon.
    Solution:
    Do not open untrusted Microsoft Office documents.
    Do not follow links in Microsoft Office documents..."

    - http://isc.sans.org/diary.php?storyid=1432
    Last Updated: 2006-06-20 17:34:08 UTC
    "...the organizations that really need to be concerned about 0day are the ones responsible for protecting military/government assets, financial institutions, and critical infrastructure agencies. Since you know 0day exists and if you are a target, what are you doing to protect yourself? How do you protect against, detect, and respond to unknown vulnerabilities?
    For the rest of the folks out there (small/medium businesses, hobbyists)... Should you worry about 0day? Usually not, but if you have all the other critical security components in place then go ahead... There is also a good list of commercial products for Windows... here: http://isc.sans.org/diary.php?storyid=635
    In summary, you should expect 0day to be alive and well for your favorite operating systems, daemons, and applications. And if it concerns you, then do something about it instead of waiting to get smacked with it later. You will sleep better at night and not be frustrated at your favorite software vendor when they take 6+ months to patch simple little vulnerabilities."

    Suggested reads:
    - http://isc.sans.org/diary.php?storyid=635
    - Data Execution Protection (DEP): http://support.microsoft.com/kb/875352
    ========================================

    EDIT/ADD:
    Microsoft Hyperlink Object Library stack buffer overflow
    - http://www.kb.cert.org/vuls/id/394444
    Last Updated: 06/21/2006
    "...The Problem
    There is a stack-based buffer overflow in the Microsoft Hyperlink Object Library. The overflow may be triggered by clicking a specially crafted hyperlink. Note that any program that links to the HLINK.DLL library may be vulnerable, including Microsoft Office applications. Exploit code for this vulnerability is publicly available...
    Solution: There is currently no patch or update to correct this problem. Until a solution is available, refer to the workaround below.
    - Do not follow unsolicited hyperlinks
    - Do not click on unsolicited links received in email or embedded in Office documents. Exploitation of this vulnerability requires a user to click a specially crafted link. By only accessing hyperlinks from known and trusted sources, the chances of exploitation are reduced..."

    Last edited by AplusWebMaster; 2006-06-22 at 21:30. Reason: Added US-CERT reference...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #20
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ...Third Zero-Day Excel Flaw

    FYI...

    - http://www.techweb.com/article/print...section=700028
    June 22, 2006

    ...Excel 'Shockwave Flash Object' Lets Remote Users Execute Code...
    - http://www.securitytracker.com/alert...n/1016344.html
    CVE Reference: CVE-2006-3014 ...
    Date: Jun 20 2006
    Impact: Execution of arbitrary code via network, User access via network
    Vendor Confirmed: Yes
    Description: A vulnerability was reported in Microsoft Excel. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create an Excel file that includes a malicious Flash file embedded using the Excel 'Shockwave Flash Object' function. When the target user opens the Excel file, the Flash code will execute automatically without user interaction. The code will run with the privileges of the target user. The vendor was notified on May 3, 2006...
    Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: No solution was available at the time of this entry.
    Microsoft indicates that customers can set ActiveX control kill bits to prevent the observed behavior. Information on setting kill bits is available at: http://support.microsoft.com/kb/240797/EN-US/ ..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •