Old MS Alerts

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../ms08-jul.mspx
July 3, 2008
This is an advance notification of security bulletins that Microsoft is intending to release on July 8, 2008...
[Total of 4]...

Important (4)

Bulletin Identifier: SQL Bulletin
Maximum Severity Rating:Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows, Microsoft SQL Server...

Bulletin Identifier: Windows Bulletin 1
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Bulletin Identifier: Windows Bulletin 2
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Microsoft Windows...

Bulletin Identifier: Exchange Server Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Exchange Server...

- http://blogs.technet.com/msrc/archiv...y-release.aspx
July 03, 2008

[AplusWebMaster]

FYI...

Microsoft Security Advisory (955179)
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
- http://www.microsoft.com/TechNet/sec...ry/955179.mspx
July 7, 2008 - "Microsoft is investigating active, targeted attacks leveraging a potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003. The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer...
Suggested Actions / Workarounds:
Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, this is stated in the entry.
• Prevent COM objects from running in Internet Explorer
You can disable attempts to instantiate a COM object in Internet Explorer by setting the kill bit for the control in the registry..."

(Kill bit listings shown in the advisory at the URL above.)

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../ms08-jul.mspx
July 8, 2008 - "This bulletin summary lists security bulletins released for July 2008...

Important (4)

Microsoft Security Bulletin MS08-040
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
- http://www.microsoft.com/technet/sec.../ms08-040.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows, Microsoft SQL Server...

Microsoft Security Bulletin MS08-038
Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
- http://www.microsoft.com/technet/sec.../ms08-038.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-037
Vulnerabilities in DNS Could Allow Spoofing (953230)
- http://www.microsoft.com/technet/sec.../ms08-037.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Spoofing...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-039
Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
- http://www.microsoft.com/technet/sec.../ms08-039.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows...

-
ISC Analysis
- http://isc.sans.org/diary.html?storyid=4684
Last Updated: 2008-07-08 18:22:23 UTC
---

MS08-038 exploit/fix available
- http://isc.sans.org/diary.html?storyid=4684
Last Updated: 2008-07-08 18:22:23 UTC
"...MS08-038 - Multiple vulnerabilities in Windows explorer allow code execution with the rights of the logged on user... Publicly disclosed... CVE-2008-0951* is a well known vulnerability: CERT VU#889747** (march 2008)..."
- http://www.microsoft.com/technet/sec.../ms08-038.mspx
July 8, 2008
* http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0951
Last revised: 3/25/2008
** http://www.kb.cert.org/vuls/id/889747
First Published 03/20/2008
---
Updated / CVE references:
- http://isc.sans.org/diary.html?storyid=4684
Last Updated: 2008-07-09 08:21:40 UTC ...(Version: 3)
MS08-037: Windows DNS
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1447
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1454
MS08-038: Windows explorer / Vista
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1435
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0951
MS08-039: Exchange server
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2247
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2248
MS08-040: SQL server
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0085
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0086
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0106
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0107

//

[AplusWebMaster]

FYI... updated:

- http://isc.sans.org/diary.html?storyid=4684
Last Updated: 2008-07-09 08:21:40 UTC ...(Version: 3)
"...MS08-037 - Windows DNS ...ZoneAlarm users report* trouble with their firewall set to "high" for the Internet zone..."

Update - Important! - see: http://forums.spybot.info/showpost.p...8&postcount=78 -prior- to MS08-037 install.

** http://support.microsoft.com/?kbid=951748
MS08-037 ...Windows XP... (client side)

//

[AplusWebMaster]

FYI...

- http://www.theinquirer.net/gb/inquir...-sp3-automatic
9 July 2008 - "AS ANNOUNCED previously by Microsoft, automatic updates for Windows XP SP3 will be launched Wednesday, July 10 2008, starting at 10:00 am Pacific Time. For most Windows XP users who haven't already manually downloaded and applied SP3, the automatic update process should work properly. After all, Microsoft has had almost three months to test, tweak and polish it since it was first released. Microsoft's Automatic Updates process should know about and scan for configurations that are problematic, and prevent the Windows XP SP3 update installation process from proceeding if it detects a troublesome situation. However, if there's any hiccough in the automatic update process, your computer could become unusable. Therefore, certain technical advisors recommend using Microsoft's Automatic Updates facility only to provide notification that the update is available, then applying it manually. They caution that you should also take care to follow Microsoft's service pack pre-installation instructions, including:
* Disable antivirus programs,
* Make sure no other applications are running,
* Have your system plugged in during the update, that is, not on battery power, and
* Make sure that you have sufficient free space available on your system's hard disk.
You can make certain that the Windows Automatic Update facility doesn't attempt to, er... automatically update your system by using Microsoft's Windows Service Pack Blocker Tool Kit, and that's available here: http://preview.tinyurl.com/2tadkt
Should you find that Windows XP SP3 causes problems on your system, instructions on how to remove it are available here: http://www.iaps.com/blog/2008/07/how...ce-pack-3.html ..."

//

[AplusWebMaster]

FYI...

Update 2: Microsoft Security Advisory (954960)
- http://blogs.technet.com/msrc/archiv...ry-954960.aspx
July 10, 2008 - "...customers running Windows Server Update Services 3.0 Service Pack 1 on Windows Server 2008 may experience an issue installing the update provided in Microsoft Knowledge Base Article 954960*. The update does not correctly elevate privileges, which are required for the installation to complete. In order to successfully install this update we have identified steps in Advisory 954960**. Additionally, the update does not place an entry in Add or Remove Programs, and cannot be uninstalled. Microsoft has identified the packaging inconsistencies in the current update and is investigating options to resolve them. We will continue to monitor the situation and post updates to the advisory and the MSRC blog as we become aware of any important new information..."
* http://support.microsoft.com/kb/954960
Last Review: July 11, 2008 -?-
Revision: 3.0

** http://www.microsoft.com/technet/sec...ry/954960.mspx
• July 10, 2008: Advisory updated to reflect specific installation and uninstallation procedures for the update for Windows Server Update Services running on Windows Server 2008.

//

[AplusWebMaster]

FYI...

- http://blogs.technet.com/msrc/archiv...-ms08-037.aspx
July 10, 2008 (MSRC) - "...After the release of MS08-037, we became aware of reports of ZoneAlarm customers experiencing issues after applying the security updates. We started investigating these reports as soon as we heard about them and have been working to research this issue. We’re still working on this issue but we do have some information from our investigation so far, which we’ve put into the bulletin. Specifically, we’ve identified that customers who are running either ZoneAlarm or Check Point Endpoint Security (previously named Check Point Integrity) who apply MS08-037 may lose network connectivity after applying these updates. Our investigation so far has shown that no other customers are affected by this issue. We’re still investigating this issue but we encourage customers who are using ZoneAlarm to review the appropriate ZoneAlarm Web site** and Check Point Endpoint customers to review the appropriate Check Point Web site*** for the latest guidance or software updates and factor this information into your risk assessment, testing, and deployment planning..."

* http://www.microsoft.com/technet/sec.../MS08-037.mspx
• V2.0 (July 10, 2008): Bulletin revised to inform users of ZoneAlarm and Check Point Endpoint Security of an Internet connectivity issue detailed in the section, Frequently Asked Questions (FAQ) Related to this Security Update. The revision did -not- change the security update files in this bulletin, but users of ZoneAlarm and Check Point Endpoint Security should read the FAQ entries for guidance.

** http://download.zonealarm.com/bin/fr...cessIssue.html
Last Revised : 14 July 2008

*** https://supportcenter.checkpoint.com...nter/index.jsp

//

[AplusWebMaster]

FYI...

- http://www.symantec.com/security_res...atconlearn.jsp
ThreatCon is currently at Level 2: Elevated.
Symantec honeypots have captured further exploitation of the Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability (BID 30114). Before this event, this exploit was known to be used only in isolated attacks. Further analysis of these honeypot compromises has revealed that the exploit has been added to a variant of the neosploit exploit kit, it will very likely reach a larger number of victims. This version will compromise vulnerable English versions of Microsoft Windows by downloading a malicious application into the Windows Startup folder. Computers that have Microsoft Access installed are potentially affected by this vulnerability. Customers are advised to manually set the kill bit on the following CLSIDs until a vendor update is available:
F0E42D50-368C-11D0-AD81-00A0C90DC8D9
F0E42D60-368C-11D0-AD81-00A0C90DC8D9
F2175210-368C-11D0-AD81-00A0C90DC8D9
...For information on setting the kill bit for CLSIDs, see the following: Microsoft Knowledge Base Article 240797 (Microsoft) Microsoft ( http://support.microsoft.com/kb/240797 ) For more information about the vulnerability, see the following: Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability ( http://www.securityfocus.com/bid/30114/references )"
[2008.07.11]

Ref: http://www.microsoft.com/TechNet/sec...ry/955179.mspx
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
July 7, 2008

[AplusWebMaster]

FYI...

- http://isc.sans.org/diary.html?storyid=4747
Last Updated: 2008-07-17 18:48:22 UTC - "Microsoft has issued a "Security Bulletin Major Revision" involving its DirectX products. These revisions include the following two previously released bulletins and particularly affect administrative users as the resulting compromise allows the attacker to gain user rights.

MS08-033* - Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) is rated as -critical- and states that DirectX 9.0 was added as affected software. This vulnerability can be exploited through a specially crafted media file.
* http://www.microsoft.com/technet/sec.../MS08-033.mspx
Updated: July 16, 2008 - Version: 2.0

MS07-064** - Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) is also rated -critical- and has been updated to reflect DirectX 9.0 and 9.0a as affected software. This vulnerability can be exploited through a specially crafted media file via streaming."
** http://www.microsoft.com/technet/sec.../ms07-064.mspx
Updated: July 16, 2008 - Version: 3.0

[AplusWebMaster]

FYI...

Microsoft Security Advisory (956187)
Increased Threat for DNS Spoofing Vulnerability
- http://www.microsoft.com/technet/sec...ry/956187.mspx
July 25, 2008 - "Microsoft released Microsoft Security Bulletin MS08-037* on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the Internet... attacks are likely imminent due to the publicly posted proof of concept..."
* http://www.microsoft.com/technet/sec.../ms08-037.mspx
Updated: July 25, 2008
Version: 2.2

- http://support.microsoft.com/kb/953230
Last Review: July 25, 2008
Revision: 4.1

- http://securitylabs.websense.com/con...erts/3141.aspx
07.25.2008

//