Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 26

Thread: 2006 MS Alerts - Q3

  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy "Automatic Update" PC's still waiting for patches?

    FYI...

    - http://www.techweb.com/wire/security/192100058
    August 15, 2006
    "...Last week, blog entries from the MSRC* identified the MS06-040 patch as the one users should put at the top of their to-do lists. Security analysts across the board seconded the motion, with some urging users to patch before a likely worm appeared. Also last week, users who manually updated their PCs using Windows Update or Microsoft Update were greeted with an additional color-coded "Addresses a critical security problem" notation below the listing for the MS06-040 update. Both moves were firsts for Microsoft, as was its admission that it prioritizes patches provided by its update mechanisms. Microsoft's online description of those tools, for example, says nothing of prioritizing. "The threat presented by the vulnerability addressed in MS06-040 prompted us to do everything possible to ensure that customers received the update with the highest possible priority," Stone continued. "If you have not seen the rest of this month's updates yet on your computer rest assured they are coming and this is perfectly normal."

    * http://blogs.technet.com/msrc/archiv...15/446848.aspx

    :(
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #12
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs up Microsoft August 2006 Patches: STATUS

    FYI...

    (The ISC obviously is aware that following all the mods, updates, re-releases of the MS Updates is, well, "challenging", to say the least, for August in particular. They have put alot of effort into a fine chart, which makes it ALOT easier to follow.)

    Microsoft August 2006 Patches: STATUS
    - http://isc.sans.org/diary.php?compare=1&storyid=1611
    Last Updated: 2006-08-18 02:40:20 UTC


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #13
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation More MS06-042 woes

    FYI...

    More MS06-042 woes
    - http://isc.sans.org/diary.php?storyid=1627
    Last Updated: 2006-08-22 21:20:36 UTC
    "The hotfix for MS06-042, which was supposed to be released today, has been delayed. Worse: It turns out that MS06-042 introduced a new security problem. The crashes everyone is having so much fun with are just the tip of the iceberg. The issue can also be used to execute arbitrary code....

    http://isc.sans.org/diary.php?compare=1&storyid=1611 (updated patch matrix)

    http://www.microsoft.com/technet/sec...ry/923762.mspx ..."

    EDIT/ADD:
    - http://blogs.technet.com/msrc/archiv...22/448689.aspx

    - http://blogs.msdn.com/ie/archive/2006/08/22/711402.aspx

    - http://research.eeye.com/html/alerts/AL20060822.html
    "MS06-042 Related Internet Explorer 'Crash' is Exploitable
    Date: August 22, 2006
    Severity: Critical
    Systems Affected:
    Windows 2000 with IE6 SP1 and MS06-042 hotfix installed
    Windows XP SP1 with IE6 SP1 and MS06-042 hotfix installed ..."

    .
    Last edited by AplusWebMaster; 2006-08-23 at 14:42. Reason: Added eEye link re: hotfix/exploit...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #14
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS06-040 exploit list grows

    FYI...

    MS06-040 exploit list grows
    (See CME-762 and CME-482)
    - http://cme.mitre.org/data/list.html


    :(
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #15
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation IEv6 Vuln - MS06-042 reissued

    FYI...

    - http://secunia.com/advisories/21557/
    Release Date: 2006-08-23
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Workaround
    Software: Microsoft Internet Explorer 6.x
    ...The vulnerability affects Internet Explorer 6 SP1 on Windows 2000 and Windows XP SP1 and was introduced by the MS06-042 patches.
    Solution: The vendor recommends disabling the HTTP 1.1 protocol in Internet Explorer (see the vendor's advisory for details)...
    Original Advisory:
    Microsoft: http://www.microsoft.com/technet/sec...ry/923762.mspx
    http://support.microsoft.com/kb/923762/
    Other References: US-CERT VU#821156:
    - http://www.kb.cert.org/vuls/id/821156
    Last Updated 08/23/2006
    "...Microsoft Internet Explorer 6 Service Pack 1 on Windows 2000 and Windows XP SP1 contains a vulnerability when viewing a web site using the HTTP 1.1 protocol. If the web site uses HTTP 1.1 compression and contains an overly long URL, a buffer overflow can occur. Note that this vulnerability was introduced with the first release of the MS06-042 updates on August 8, 2006..."
    =============================

    FYI...

    MS06-042 reissued
    - http://isc.sans.org/diary.php?storyid=1634
    Last Updated: 2006-08-24 17:23:04 UTC
    "The anxiously awaited reissue of the patch from bulletin MS06-042 is now live. Time to re-apply the patch on Internet Explorer 6 Service Pack 1 for Windows XP Service Pack 1 (all versions) and Windows 2000 (all versions)".
    * http://www.microsoft.com/technet/sec.../MS06-042.mspx
    Updated: August 24, 2006

    Last edited by AplusWebMaster; 2006-08-24 at 21:07. Reason: MS06-042 reissued...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #16
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation New Zero-Day vuln in MS Word 2000

    FYI...

    - http://www.symantec.com/enterprise/s..._software.html
    September 3, 2006
    "...In the past couple of days, we have seen samples of a trojan that exploits a previously unknown vulnerability in Microsoft's Office applications. This time it is in Microsoft Word 2000 running on Windows 2000. This trojan (detected.. as Trojan.MDropper.Q*) takes advantage of the vulnerability to drop another file onto the target computer. Detected as a trojan, this dropped file in turn drops another file, which turns out to be new variant of Backdoor.Femo**. As with other recent Office vulnerabilities, documents incorporating the exploit code must be opened with a vulnerable copy of Microsoft Word 2000 for it to work. As such, it makes the vulnerability unsuitable for the creation of self-replicating network worms... Until a vendor supplied patch is made available and then installed, users should follow safe computing practices and exercise extreme caution when opening unsolicited emails containing Microsoft Office documents."

    * http://www.symantec.com/enterprise/s...090219-2855-99

    ** http://www.symantec.com/security_res...080521-2111-99

    Also:
    - http://isc.sans.org/diary.php?storyid=1669

    - http://vil.mcafeesecurity.com/vil/content/v_119055.htm

    - http://secunia.com/advisories/21735/
    ==================================================

    Microsoft Security Advisory (925059)
    Vulnerability in Word Could Allow Remote Code Execution
    - http://www.microsoft.com/technet/sec...ry/925059.mspx
    Published: September 6, 2006
    "Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000. In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker...
    Mitigating Factors for Microsoft Word Remote Code Execution Vulnerability...
    • Users who have installed and are using the Office Document Open Confirmation Tool for Office 2000* will be prompted with Open, Save, or Cancel before opening a document.
    * http://www.microsoft.com/downloads/d...6-C9538E9F2A2F ...
    Workarounds for Microsoft Word Remote Code Vulnerability...
    • Use Word Viewer 2003 to open and view files. Word Viewer 2003 does not contain the vulnerable code and is not susceptible to this attack. To download the Word Viewer 2003 for free, visit the following website**:
    ** http://www.microsoft.com/downloads/d...9-AB826E7B8FDF ...

    Last edited by AplusWebMaster; 2006-09-07 at 00:27. Reason: Added MS Advisory info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #17
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow MS Security Bulletin Advance Notification - September 2006

    FYI...

    - http://www.microsoft.com/technet/sec...n/advance.mspx
    Updated: September 7, 2006
    "On 12 September 2006 Microsoft is planning to release:

    Security Updates
    • Two Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.
    • One Microsoft Security Bulletin affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

    Microsoft Windows Malicious Software Removal Tool
    • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
    Note that this tool will NOT be distributed using Software Update Services (SUS).

    Non-security High Priority updates on MU, WU, WSUS and SUS
    • Microsoft will release Two NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
    • Microsoft will release three NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

    Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #18
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow MS Security Bulletin Summary - September, 2006

    FYI...

    - http://www.microsoft.com/technet/sec.../ms06-sep.mspx
    Published: September 12, 2006

    "Critical (1)

    Microsoft Security Bulletin MS06-054
    Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)
    - http://www.microsoft.com/technet/sec.../MS06-054.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution
    Affected Software: Office...

    Important (1)

    Microsoft Security Bulletin MS06-052
    Vulnerability in Reliable Multicast Program (PGM) Could Result in Denial of Service (919007)
    - http://www.microsoft.com/technet/sec.../MS06-052.mspx
    This update resolves a vulnerability in Reliable Multicast Program (PGM) that could cause a denial of service condition.
    Maximum Severity Rating: Important
    Impact of Vulnerability: Denial of Service
    Affected Software: Windows...

    Moderate (1)

    Microsoft Security Bulletin MS06-053
    Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)
    - http://www.microsoft.com/technet/sec.../MS06-053.mspx
    This update resolves a vulnerability in the Indexing Service that could allow information disclosure.
    Maximum Severity Rating: Moderate
    Impact of Vulnerability: Information Disclosure
    Affected Software: Windows...


    Disclaimer:
    The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind..."

    =============================

    Re-released:

    Microsoft Security Bulletin MS06-040
    Vulnerability in Server Service Could Allow Remote Code Execution (921883)
    - http://www.microsoft.com/technet/sec.../ms06-040.mspx
    • V2.0 (September 12, 2006): The update has been revised and re-released for Microsoft Windows 2003 and Microsoft Windows XP Professional x64 Edition to address the issues identified in Microsoft Knowledge Base Article 921883.
    - http://support.microsoft.com/kb/921883
    Last Review: September 12, 2006
    Revision: 5.0

    Microsoft Security Bulletin MS06-042
    Cumulative Security Update for Internet Explorer (918899)
    - http://www.microsoft.com/technet/sec.../ms06-042.mspx
    Updated: September 12, 2006
    Caveats: On September 12, 2006, this Security Bulletin and Internet Explorer 6 Service Pack 1, Internet Explorer 5.01 Service Pack 4, and Internet Explorer 6 for Microsoft Windows Server 2003 security updates were updated to address a vulnerability documented in the Vulnerability Details section as Long URL Buffer Overflow – CVE-2006-3873. Customers using these versions of Internet Explorer should apply the new update immediately..."
    - http://blogs.msdn.com/ie/archive/2006/09/12/750815.aspx
    "...Users running Windows XP SP2, Server 2003 SP1 or any of the IE7 betas, IE7 Release Candidate 1, or Windows Vista are not affected and do -not- need to take action..."

    =============================

    ISC Anaylsis:

    - http://isc.sans.org/diary.php?storyid=1690 MS06-054

    - http://isc.sans.org/diary.php?storyid=1692 MS06-052

    - http://isc.sans.org/diary.php?storyid=1693 MS06-053

    =============================

    ISC Overview of the September 2006 Microsoft patches
    - http://isc.sans.org/diary.php?storyid=1691
    Last Updated: 2006-09-13 01:35:38 UTC


    .
    Last edited by AplusWebMaster; 2006-09-13 at 06:10. Reason: Added additional ISC info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #19
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Microsoft Security Advisories - 922582 & 925143

    FYI...

    Microsoft Security Advisory (925143)
    Adobe Security Bulletin: APSB06-11 Flash Player Update to Address Security Vulnerabilities
    - http://www.microsoft.com/technet/sec...ry/925143.mspx
    Purpose of Advisory: To make customers aware of a security bulletin and updates that are available from Adobe for Flash Player.
    See:
    - http://www.adobe.com/support/securit...apsb06-11.html


    Microsoft Security Advisory (922582)
    Update for Windows
    - http://www.microsoft.com/technet/sec...ry/922582.mspx
    Published: September 12, 2006
    "Today we are announcing the availability of an update that does not address a security vulnerability, but is a high priority for customers in keeping their systems updated. The update addresses the following issue:
    You may receive error code 0x80070002 when you try to update a computer running on Microsoft Windows that has a minifilter-based application installed..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #20
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Exploit Posted for New IE Zero-Day

    FYI...

    - http://www.eweek.com/article2/0,1895,2016065,00.asp
    September 14, 2006
    "Security researchers in China have published detailed exploit code for a new zero-day vulnerability in Microsoft's dominant Internet Explorer browser. The exploit, which was posted to XSec.org and Milw0rm.com Web sites, could be easily modified to launch code execution attacks without any user action on fully patched Windows machines. A spokesman for the MSRC (Microsoft Security Response Center) said the company is investigating the latest warning, which adds to a list of known high-risk vulnerabilities that remain unpatched... "It's worth knowing about and monitoring, in case someone improves it. But it's not a huge threat as it stands," Thompson said..."

    - http://secunia.com/advisories/21910/
    Last Update: 2006-09-15
    Critical: Extremely critical

    > http://www.microsoft.com/technet/sec...ry/925444.mspx
    =========================================================

    MSIE DirectAnimation ActiveX 0-day update
    - http://isc.sans.org/diary.php?storyid=1705
    Last Updated: 2006-09-15 14:01:55 UTC (...Version: 3...)
    "Microsoft released a security advisory regarding the 0-day we reported on earlier.
    Timeline:
    * Aug 28th: 1st exploit released publicly
    * Aug 29th: CVE-2006-4446 assigned - http://cve.mitre.org/cgi-bin/cvename...=CVE-2006-4446
    * Sept 13th: 2nd exploit released publicly
    * Sept 13th: CVE-2006-4777 assigned - http://cve.mitre.org/cgi-bin/cvename...=CVE-2006-4777
    * Sept 14th: Microsoft Security Advisory (925444) released
    Workarounds:
    * Use an alternate browser (see also diversity*)
    * Disable ActiveX scripting in MSIE
    * Modify the ACL on daxctle.ocx to remove rights to use it
    * Set the KillBit for "{D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}"
    * Make MSIE prompt before executing ActiveX
    Please note that windowsupdate needs an ActiveX enabled browser, but you can do that with settings to the security zones and trusting Microsoft.
    Please note that the Outlook family is affected as well but that the default settings will typically mitigate much of the risk. That is as long as nobody or nothing has modified the settings ..."
    * http://isc.sans.org/diary.php?storyid=1550

    > http://www.kb.cert.org/vuls/id/377369

    Last edited by AplusWebMaster; 2006-09-15 at 17:28. Reason: Added ISC info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •