Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: 2006 MS Alerts - Q4

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MSRT analysis report - 3.5M Trojans...

    FYI...

    - http://www.techweb.com/article/print...section=700028
    June 12, 2006
    "Backdoor Trojans are a clear and present danger to Windows machines, Microsoft said Monday as it released the first-ever analysis of data collected by the 15-month run of its Malicious Software Removal Tool, a utility that seeks out and destroys over five-dozen malware families. According to Microsoft's anti-malware engineering team, Trojans that, once installed, give an attacker access and control of a PC, are a "significant and tangible threat to Windows users." Of the 5.7 million unique PCs from which the Malicious Software Removal Tool (MSRT) has deleted malware, 3.5 million of them -- 62 percent -- had at least one backdoor Trojan... Since it debuted in January 2005, the MSRT has been run some 2.7 billion times on an increasing number of PCs. In March 2006, the last month for which data was compiled, 270 million unique systems ran the tool, which is automatically downloaded and run on systems with Windows/Microsoft Update turned on. Over those 15 months, the MSRT found malware on one in every 311 computers..."
    ------------------------------------------------------------------
    Full report URL: http://tinyurl.com/fy8x9
    File Name: MSRT - Progress Made Lessons Learned.pdf
    Version: 1.0
    Date Published: 6/12/2006
    Download Size: 843 KB

    :(
    Last edited by AplusWebMaster; 2006-06-13 at 18:16. Reason: Added MSRT report URL...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow W98, WinME, W2k -VML- patch from ZERT available

    FYI...

    Security pros patch older Windows versions
    - http://news.com.com/2102-1002_3-6121...=st.util.print
    Sep 30, 2006
    "...Microsoft no longer provides updates for its older operating systems. ZERT sought to fill that void. "A ZERT patch has just been made available for unsupported system versions," the group said on its Web site. The patch has been tested on Windows 98, Windows 98 Second Edition, Windows Millennium Edition, Windows 2000 and Windows 2000 with Service Pack 3, the group said. ZERT is made up of security professionals from around the world who volunteer their time. Last week the group crafted a patch to plug the VML flaw ahead of Microsoft's fix, so IE users can protect themselves while Microsoft worked on an official patch..."

    > http://isotf.org/zert/download.htm
    "...A ZERT patch has just been made available for unsupported system versions (Windows 9x to 2000 SP3 and XP SP0). For our original patch, it is IMPORTANT to rollback the ZERT patch, before OR after the Microsoft patch for it to work. Enter our test page again through our download page to make sure you are secure..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow MS Security Bulletin Advance Notification - October 2006

    FYI...

    Microsoft Security Bulletin Advance Notification
    - http://www.microsoft.com/technet/sec...n/advance.mspx
    Updated: October 5, 2006
    "...On 10 October 2006 Microsoft is planning to release:

    Security Updates
    • -Six- Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.
    • -Four- Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
    • -One- Microsoft Security Bulletin affecting Microsoft .NET Framework. The highest Maximum Severity rating for this is Moderate. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.

    Microsoft Windows Malicious Software Removal Tool
    • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS).

    Non-security High Priority updates on MU, WU, WSUS and SUS
    • Microsoft will release No NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
    • Microsoft will release two NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

    Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Question IE7 Is Coming This Month...Are you Ready?

    FYI...

    - http://blogs.msdn.com/ie/archive/200...ady_3F00_.aspx
    October 06, 2006
    "The final release of IE7 is fast approaching... and will be delivered to customers via Automatic Updates* a few weeks after it’s available for download..."
    * http://blogs.msdn.com/ie/archive/2006/07/26/678149.aspx

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - October, 2006

    FYI...

    Microsoft Security Bulletin Summary for October, 2006
    - http://www.microsoft.com/technet/sec.../ms06-oct.mspx
    Published: October 10, 2006
    "...Summary
    Included in this advisory are updates for newly discovered vulnerabilities. These vulnerabilities, broken down by severity are:

    - Critical (6)

    Microsoft Security Bulletin MS06-057
    Vulnerability in Windows Shell Could Allow Remote Code Execution (923191)
    - http://www.microsoft.com/technet/sec.../MS06-057.mspx
    Impact of Vulnerability: Remote Code Execution
    Maximum Severity Rating: Critical
    Recommendation: Customers should apply the update immediately

    Microsoft Security Bulletin MS06-058
    Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
    - http://www.microsoft.com/technet/sec.../MS06-058.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution

    Microsoft Security Bulletin MS06-059
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)
    - http://www.microsoft.com/technet/sec.../MS06-059.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution

    Microsoft Security Bulletin MS06-060
    Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
    - http://www.microsoft.com/technet/sec.../MS06-060.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution

    Microsoft Security Bulletin MS06-061
    Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)
    - http://www.microsoft.com/technet/sec.../MS06-061.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution

    Microsoft Security Bulletin MS06-062
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)
    - http://www.microsoft.com/technet/sec.../MS06-062.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution


    - Important (1)

    Microsoft Security Bulletin MS06-063
    Vulnerability in Server Service Could Allow Denial of Service (923414)
    - http://www.microsoft.com/technet/sec.../MS06-063.mspx
    Maximum Severity Rating: Important
    Impact of Vulnerability: Denial of Service


    - Moderate (2)

    Microsoft Security Bulletin MS06-056
    Vulnerability in ASP.NET Could Allow Information Disclosure (922770)
    - http://www.microsoft.com/technet/sec.../MS06-056.mspx
    Maximum Severity Rating: Moderate
    Impact of Vulnerability: Information Disclosure

    Microsoft Security Bulletin MS06-065
    Vulnerability In Windows Object Packager Could Allow Remote Code Execution (924496)
    - http://www.microsoft.com/technet/sec.../MS06-065.mspx
    Maximum Severity Rating: Moderate
    Impact of Vulnerability: Remote Code Execution


    - Low (1)

    Microsoft Security Bulletin MS06-064
    Vulnerabilities in TCP/IP Could Allow Denial of Service (922819)
    - http://www.microsoft.com/technet/sec.../MS06-064.mspx
    Maximum Severity Rating: Low
    Impact of Vulnerability: Denial of Service

    ...Revisions:
    • V1.0 (October 10, 2006): Bulletin published..."

    ------------------------------------------------

    ISC Analysis
    - http://isc.sans.org/diary.php?storyid=1770
    Last Updated: 2006-10-10 18:40:00 UTC



    ================================

    - http://blogs.technet.com/msrc/archiv...n-Release.aspx
    October 10, 2006
    "...Due to some network issues experienced on the Microsoft Update platform, the October security updates released today are not yet currently available via:
    * Microsoft Update
    * Automatic Updates
    * Windows Server Update Services (WSUS)
    * Windows Update v6
    To be clear, it’s a delay due to the networking for these systems: there are no issues with the security updates themselves. Also, this issue doesn’t affect customers using Software Update Services (SUS), Windows Update v4 or Office Update. Those of you affected by this delay who want to deploy the updates immediately can go ahead and download and deploy these updates manually by visiting http://www.microsoft.com/technet/security for the list of bulletins released today and then downloading the updates directly from the links in the bulletin..."

    - http://blogs.technet.com/msrc/archiv...n-Release.aspx
    October 10, 2006 7:16 PM
    "...our teams have resolved the network issues with Microsoft Update. You should start seeing content replicated out to Microsoft Update, Automatic Updates, Windows Server Update Services (WSUS), Windows Update v6."
    ======================================

    - http://www.microsoft.com/technet/sec.../ms06-oct.mspx
    • V1.1 (October 11, 2006): Bulletin revised to clarify impact associated with MS06-063 as Denial of Service and Remote Code Execution.

    Microsoft Security Bulletin MS06-063
    Vulnerability in Server Service Could Allow Denial of Service (923414)
    - http://www.microsoft.com/technet/sec.../MS06-063.mspx
    Updated: October 11, 2006
    • V1.1 (October 11, 2006): Bulletin content updated to clarify security impact associated with the SMB Rename Vulnerability - CVE-2006-4696 as an authenticated remote code execution vulnerability. The guidance to block port 593 has also been removed from the “Mitigations and Workarounds” section of the bulletin for both vulnerabilities.
    ===============================================

    - http://www.techweb.com/article/print...section=700028
    October 16, 2006
    "...Security update MS06-061 -- one of five labeled "critical" by Microsoft -- may install multiple versions of the XML Parser or XML Core Services when it's downloaded manually or via an automatic update mechanism. But "if you install a version of MSXML after you install this security update, you may have to install an additional package for this security update," read a Microsoft support document*. That "additional package" can only be acquired by running Automatic Update a second time..."
    * http://support.microsoft.com/default...b/924191/en-us
    Last Review: October 16, 2006
    Revision: 2.1

    Last edited by AplusWebMaster; 2006-10-16 at 21:20. Reason: Added MS06-061 update info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS PPT Unspecified Code Execution Vuln

    FYI...

    - http://secunia.com/advisories/22394/
    Release Date: 2006-10-13
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Unpatched
    ...According to Microsoft, the vulnerability may allow execution of arbitrary code. The vulnerability is reported in Microsoft PowerPoint 2003. Other versions may also be affected.
    Solution: Do not open untrusted Office documents.
    Original Advisory: Microsoft:
    http://blogs.technet.com/msrc/archiv...owerpoint.aspx ..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow IEv7 released for download

    FYI...

    Internet Explorer 7
    Select your operating system from the list:
    - http://www.microsoft.com/windows/ie/...s/default.mspx

    Release Notes for Internet Explorer 7
    - http://msdn.microsoft.com/ie/releasenotes/default.aspx

    - http://blogs.msdn.com/ie/archive/200...the-world.aspx
    Published Wednesday, October 18, 2006

    - http://www.techweb.com/article/print...section=700027
    October 18, 2006
    "Microsoft on Wednesday launched the first major update to Internet Explorer in five years... IE 7 for Windows XP and Windows Server 2003 can be downloaded from here*... The most controversial aspect of IE 7 has been Microsoft's decision to push the update to all users who have Automatic Updates enabled. Although users can reject IE 7 -- and continue using their current edition of Internet Explorer -- Microsoft will begin rolling out the browser as a "High priority" update next month... Microsoft has made one change late in the game. After IE 7 has installed, it will tell the user which search engine is the current default -- grabbed from IE 5 or IE 6 -- and then ask if they want to make a new choice. The process is similar to, but not identical, to the choice that Windows Vista users will face when they upgrade from Windows XP..."
    * http://www.microsoft.com/windows/ie/default.mspx
    ===================================================

    - http://secunia.com/advisories/22477
    Release Date: 2006-10-19
    Critical: Less critical
    Impact: Exposure of sensitive information
    Where: From remote
    Solution Status: Unpatched
    Software: Microsoft Internet Explorer 7.x ...
    ...The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site.
    Secunia has constructed a test, which is available at:
    http://secunia.com/Internet_Explorer...rability_Test/
    Secunia has confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2. Other versions may also be affected.
    Solution: Disable active scripting support..."
    =========================================

    New Quick Reference Sheet Posted to the IE7 Site
    - http://blogs.msdn.com/ie/archive/200...-ie7-site.aspx
    October 19, 2006

    > http://www.microsoft.com/windows/ie/...reference.mspx

    > http://download.microsoft.com/downlo...kReference.pdf
    =================================================

    Information on Reports of IE 7 Vulnerability
    - http://blogs.technet.com/msrc/archiv...erability.aspx
    October 19, 2006
    "...The issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express. While we are aware that the issue has been publicly disclosed, we’re not aware of it being used in any attacks against customers. We do have this under investigation and are monitoring the situation closely and we’ll take appropriate action to protect our customers once we’ve completed the investigation..."
    =======================================

    - http://isc.sans.org/diary.php?storyid=1797
    Last Updated: 2006-10-20 02:05:22 UTC
    "...After analyzing this security vulnerability, we have to disappoint you – it's nothing new. Actually, this vulnerability was announced way back in April this year for Internet Explorer 6 ( http://secunia.com/advisories/19738 ). It is still not patched, so besides IE7, this vulnerability can be exploited in a fully patched IE6 installation as well.
    So what's going on here, did Microsoft just use old code? Not really. The vulnerability exists in the MSXML ActiveX component which is actually part of Outlook Express (so it -is- installed on every machine as well). The exploit uses a "double" redirection trick – it will first create an Msxml2.XMLHTTP ActiveX object which is then used to retrieve a web page from the same server that the original web page is hosted on (one containing the exploit). This web page is actually just a redirection (302) which uses a mhtml: URI. This causes the ActiveX object to retrieve any other web page referenced by the mhtml: URI, which can be referenced from the original web page.
    In other words, this exploit can be used by an attacker to possibly retrieve other data that your browser has access to. While stealing information like banking data is possible, our testing showed that only content of the web page can be retrieved by the attacker – they can not steal your credentials and they can not retrieve that data unless you are logged in to your bank account at the same time when you visit the web page hosting the exploit.
    It looks like Microsoft once again got caught into "ancient" bugs which were already present on the machine (we do wonder why this hasn't been fixed before though). One thing worth noting is that Internet Explorer 7 has a native XMLHTTPRequest object implementation so theoretically it should be possible to disable the ActiveX object, but pages using it would have to be rewritten (hence support for the ActiveX object). Further testing will show if the native support implementation is also vulnerable – we'll post new information as we get it."

    .
    Last edited by AplusWebMaster; 2006-10-20 at 17:53. Reason: Added ISC analysis...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MS Security Report - Jan-Jun06

    FYI...

    - http://news.com.com/2102-7349_3-6129...=st.util.print
    Oct 24, 2006
    "Malicious remote control software continues to be one of the biggest threats to Windows PCs, according to a new Microsoft security report*. More than 43,000 new variants of such insidious software were found in the first half of 2006, making them the most active category of malicious software, Microsoft said in a Security Intelligence Report published Monday. In June Microsoft also flagged zombies as the most prevalent threat to Windows PCs. "Attackers, with financial gain in mind, are clearly concentrating a significant amount of development focus on this category of malware," Microsoft said in the report. Of 4 million Windows PCs found to be infected with some kind of malicious software in the first half of this year, about 2 million were running malicious remote control software, Microsoft said. The data is collected by Microsoft's free Windows Malicious Software Removal Tool, which runs when security updates are installed on Windows PCs..."
    * http://tinyurl.com/w6g9y
    =====================================

    - http://www.eweek.com/article2/0,1895,2036439,00.asp
    October 24, 2006
    "...Some highlights from the report:
    # Backdoor Trojans: The first half of 2006 showed a significant number of new backdoor Trojans. A large number of those belong to bot families, such as Win32/Rbot and Win32/Sdbot. This trend is consistent with anecdotal industry knowledge; owners of bot networks are continually creating and delivering new variants of their bots to maintain their bot networks, and to evade detection by anti-malware products.
    # Password stealers and key loggers: These make up the second-largest malware category, in terms of number of variants. Although this type of malware exists worldwide, the Microsoft anti-malware team has seen a high number of variants coming from Brazil. Several thousand new variants from the Win32/Banker and Win32/Bancos families were discovered during the first half of 2006. These mainly use Portuguese for their user interface and primarily serve as a tool to steal bank account information such as passwords.
    # Downloaders and droppers: These make up the third-largest category and are used by the attackers to copy files to the victim's system that are necessary to complete the attack and control that system. Downloaders and droppers are also often used to distribute spyware and adware. Because of this, the presence of downloaders and droppers as part of malicious attacks is no surprise.
    # Worms: The different types of worm families have a relatively low number of variants, although they remain prevalent. In fact, mass-mailing worms continue to be an effective way to infect a significant number of computers around the world..."

    Last edited by AplusWebMaster; 2006-10-25 at 16:15. Reason: Added eWeek analysis info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MSIE IE7 Popup Address Bar Spoofing Vulnerability

    FYI...

    - http://isc.sans.org/diary.php?storyid=1804
    Last Updated: 2006-10-26 04:49:56 UTC
    "Secunia ( http://secunia.com/advisories/22542/ is reporting a new Microsoft Internet Explorer (MSIE) 7.0 vulnerability. This vulnerability allows a malicious site to spoof the content of the address bar. Instead of the actual URL, the user will see a "fake" URL. We tested the vulnerability and found it to work quite well.
    As a quick workaround you may want to configure MSIE 7.0 to open new windows in a new tab. In order to do this, Tools -> Internet Options -> Tabs Settings -> When a pop-up is encountered: Always open pop-ups in a new tab.
    The PoC exploit by Secunia is pushing the real URL off the screen to the left by adding multiple '%A0' characters between the real URL and the string 'www.microsoft.com'. It appears that the new window will only show right-most part of the URL. For tabs, the left most part is shown. This vulnerability has a lot of potential for phishers or others that attempt to trick the user into trusting the popup window as they trust the site displayed in the main window."
    =========================

    - http://blogs.technet.com/msrc/archiv...bar-issue.aspx
    October 26, 2006
    "...This is an issue with how URLs are displayed in the address bar. Specifically, we’ve seen that this occurs in a pop-up window after a user clicks a specially formed link on an untrusted website or in an untrusted e-mail. Now, while the full URL is actually present in the address bar, the left part of the URL is not initially displayed. But, you can see the full URL if you either click in the browser window or in the address bar and then scroll within the address bar. We’re not aware of any attacks that are attempting to use this, but as always we will continue to monitor the situation throughout our investigation... We do have this issue under investigation and as always, once we complete our investigation we’ll take appropriate steps to protect our customers..."
    ============================================

    > http://secunia.com/product/12366/?task=advisories
    10.30.2006
    "...Currently, 100% (3 out of 3) are marked as Unpatched with the most severe being rated Moderately critical.."

    Last edited by AplusWebMaster; 2006-10-30 at 22:02. Reason: Added Secunia product link...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ADODB.Connection POC published ..."ActiveX" again

    FYI...

    - http://isc.sans.org/diary.php?storyid=1807
    Last Updated: 2006-10-27 18:50:51 UTC
    "A recently discovered vulnerability in ADODB.connection has a proof of concept exploit. Microsoft has mentioned it in their blog*. (This may) be the 'drive by' threat vector of the next little while. This particular threat impact is remote code execution of choice. The code creates new ActiveXObject('ADODB.Connection.2.7') and then executes a number of times. The PoC is a Denial of Service, but it is just a question of time until a working version with shellcode is out (if not already).
    > Mitigation: Disable ActiveX completely, or only allow it in trusted zones.
    US-CERT has published a note here**. "The ADODB.Connection ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID: {00000514-0000-0010-8000-00AA006D2EA4} "

    * http://blogs.technet.com/msrc/archiv...published.aspx
    October 27, 2006
    "...We are fully aware of the recent Proof of Concept (POC) code posting regarding ADODB.Connection. We have initiated our Software Security Incident Response Process to investigate this issue. Once we have completed the investigation and understand if there is a threat to customers we will take the appropriate action to protect and provide guidance – as required. As always we are working with our MSRA partners to monitor and secure the ecosystem. I'll do my best to keep everyone up to date as the investigation progresses."
    ** http://www.kb.cert.org/vuls/id/589272
    Date Last Updated: 10/27/2006

    ~ ~
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •