Old MS Alerts

[AplusWebMaster]

FYI...

- http://securitylabs.websense.com/con...logs/3148.aspx
08.01.2008 - "...We've been closely monitoring this exploit since its release, and are now tracking several hundred occurrences in the wild, found mostly in China. There is currently no patch available, but Microsoft has several workarounds listed in their advisory. We recommend setting the killbit for this ActiveX control on all workstations where it is installed.
Vulnerable ActiveX CLSIDs:
* F0E42D50-368C-11D0-AD81-00A0C90DC8D9
* F0E42D60-368C-11D0-AD81-00A0C90DC8D9
* F2175210-368C-11D0-AD81-00A0C90DC8D9
This vulnerability is a simple design flaw, and does not require any complicated exploit code. Attackers are able to compromise remote systems simply by calling methods provided by the Snapshot Viewer ActiveX control. This is very similar to the November 9, 2005 ADODB.Stream vulnerability, which was widely taken advantage of because it was easy to exploit. Luckily, the vulnerable ActiveX control does NOT appear in a default Microsoft Windows installation. It does appear, however, to be included by default with Microsoft Office 2000 - 2003."

- http://www.symantec.com/security_res...atconlearn.jsp
"The ThreatCon is at level 2. On August 1, 2008, a new attack vector for the Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability (BID 30114) was identified being exploited in the wild. This vulnerability is currently unpatched. Microsoft Access ActiveX Control Arbitrary File Download Vulnerability ( http://www.securityfocus.com/bid/30114 ) Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access ( http://www.microsoft.com/technet/sec...ry/955179.mspx ) The new attack vector allows an attacker to install a vulnerable version of the ActiveX control on target systems that did not originally contain the associated software. This is possible because the control is digitally signed and marked safe for scripting by Microsoft. This is known to affect users of Internet Explorer 6. Note that Internet Explorer 7 requires user interaction to confirm the installation of the ActiveX control. As a result of this discovery, we urge all Microsoft Windows users, even those whose systems do not currently have the vulnerable control installed, to set the kill bit on the three CLSIDs associated with Snapshot Viewer.
F0E42D50-368C-11D0-AD81-00A0C90DC8D9
F0E42D60-368C-11D0-AD81-00A0C90DC8D9
F2175210-368C-11D0-AD81-00A0C90DC8D9
For instructions on how to set the kill bit on an ActiveX control, please see the following article: Microsoft Knowledge Base Article 240797 (Microsoft) Microsoft ( http://support.microsoft.com/kb/240797 )."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (954960)
...WSUS Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/sec...ry/954960.mspx
Updated: August 12, 2008

Some computers do not receive updates from the WSUS server
* http://support.microsoft.com/kb/954960
Last Review: August 12, 2008
Revision: 5.0

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../ms08-aug.mspx
August 7, 2008 - "This is an advance notification of security bulletins that Microsoft is intending to release on August 12, 2008... (Total of 12)

Critical (7)

Windows 1 Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

IE Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer...

Media Player Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Access Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Excel Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

PowerPoint Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Office Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

---

Important (5)

Windows 2 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows...

Windows 3 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

OE Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows, Outlook Express, Windows Mail...

Messenger Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows, Windows Messenger...

Word Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution
Affected Software: Microsoft Office...

- http://blogs.technet.com/msrc/archiv...ification.aspx
August 07, 2008 - "...we are planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). You can get additional information, in the “Other Information” section of the Advanced Notification..."

//

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../ms08-aug.mspx
August 12, 2008 - "This bulletin summary lists security bulletins released for August 2008..." (Total 11)

Critical (6)

Microsoft Security Bulletin MS08-046
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
- http://www.microsoft.com/technet/sec.../MS08-046.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)
- http://www.microsoft.com/technet/sec.../MS08-045.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer...

Microsoft Security Bulletin MS08-041
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
- http://www.microsoft.com/technet/sec.../MS08-041.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-043
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
- http://www.microsoft.com/technet/sec.../MS08-043.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-051
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
- http://www.microsoft.com/technet/sec.../MS08-051.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-044
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
- http://www.microsoft.com/technet/sec.../MS08-044.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Important (5)

Microsoft Security Bulletin MS08-047
Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)
- http://www.microsoft.com/technet/sec.../MS08-047.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-049
Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
- http://www.microsoft.com/technet/sec.../MS08-049.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-048
Security Update for Outlook Express and Windows Mail (951066)
- http://www.microsoft.com/technet/sec.../MS08-048.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows, Outlook Express, Windows Mail...

Microsoft Security Bulletin MS08-050
Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
- http://www.microsoft.com/technet/sec.../MS08-050.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows, Windows Messenger...

Microsoft Security Bulletin MS08-042
Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)
- http://www.microsoft.com/technet/sec.../MS08-042.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

---

ISC Analysis
- http://isc.sans.org/diary.html?storyid=4876
Last Updated: 2008-08-12 19:06:35 UTC

---
Revised (4):

Microsoft Security Bulletin MS08-022 – Critical
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
- http://www.microsoft.com/technet/sec.../MS08-022.mspx
• V2.0 (August 12, 2008): Added known issues link. Also added an entry to the section, Frequently Asked Questions (FAQ) Related to this Security Update, about the known issues and solutions. The solutions include a deployment change for this security update for one issue and a workaround for another. Customers who have successfully updated their systems do not need to reinstall this update.

Microsoft Security Bulletin MS08-033 – Critical
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
- http://www.microsoft.com/technet/sec.../MS08-033.mspx
• V2.1 (August 12, 2008): Added known issues link. Also added an entry to the section, Frequently Asked Questions (FAQ) Related to this Security Update, about the known issues and solutions. The solutions include a change to Microsoft Baseline Security Analyzer (MBSA) 2.1 to correctly detect this update.

Microsoft Security Bulletin MS07-047 - Important
Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
- http://www.microsoft.com/technet/sec.../MS07-047.mspx
• V2.0 (August 12, 2008): Added Windows XP Service Pack 3 as affected software. This is a detection change only; there were no changes to the binaries. Customers who have successfully updated their systems do not need to reinstall this update.

Microsoft Security Bulletin MS08-040 – Important
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
- http://www.microsoft.com/technet/sec.../MS08-040.mspx
• V1.6 (August 12, 2008): Added entry to the Frequently Asked Questions (FAQ) Related to this Security Update to communicate a change in the installation code for the security update for SQL Server 2005 Service Pack 2. This is an installation code change only. There were no changes to the security update binaries.

//

[AplusWebMaster]

FYI...

Microsoft Security Advisory (953839)
Cumulative Security Update of -ActiveX- Kill Bits
- http://www.microsoft.com/technet/sec...ry/953839.mspx
August 12, 2008 - "Microsoft is releasing a new set of ActiveX kill bits with this advisory. The update includes kill bits for the following third-party software:
• Aurigma Image Uploader. Aurigma has issued an advisory and an update that addresses vulnerabilities...
http://blogs.aurigma.com/post/2008/0...-bulletin.aspx ...
• HP Instant Support. HP has issued an advisory and an update that addresses vulnerabilities. Please see the advisory from HP for more information...
http://h20000.www2.hp.com/bizsupport...ctID=c01422264 ...
...Customers who are interested in learning more about this update should review Microsoft Knowledge Base Article 953839
- http://support.microsoft.com/kb/953839
August 12, 2008

- http://www.microsoft.com/technet/sec...ry/953839.mspx
• August 13, 2008: Updated to include links to HP’s Advisories
"...HP has issued -2- advisories..."
* http://h20000.www2.hp.com/bizsupport...ctID=c01422264
** http://h20000.www2.hp.com/bizsupport...ctID=c01439758

[AplusWebMaster]

FYI...

MS08-051 V2.0 Patch issued August 20, 2008
- http://isc.sans.org/diary.html?storyid=4918
Last Updated: 2008-08-22 00:30:51 UTC - "Microsoft has posted new update packages, labeled Version 2, for Microsoft Office PowerPoint 2003 Service Pack 2 and Microsoft Office PowerPoint 2003 Service Pack 3" described in MS08-051*, Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution... Others should check with their patch management vendors. The original patch "contained incorrect versions of the binaries. While these versions did protect against the vulnerabilities discussed in the bulletin, they lacked other important security and reliability updates..."

* http://www.microsoft.com/technet/sec.../ms08-051.mspx
• V2.0 (August 20, 2008): ...Customers who manually installed Version 1 of this update from Microsoft Download Center need to reinstall Version 2 of this update. Customers who have installed this update using Microsoft Update or Office Update do not need to reinstall..."

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../ms08-sep.mspx
September 4, 2008 - "...This is an advance notification of security bulletins that Microsoft is intending to release on September 9, 2008 (Total of -4-)...

Critical (4)

Windows Media Player Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows.

Windows Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer, .NET Framework, Messenger, Office, SQL Server, Visual Studio.

Windows Media Encoder Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows.

Office Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

[AplusWebMaster]

FYI...

Gotcha: IE8 Lock-In With XP SP3
- http://www.wservernews.com/?id=690
Sep 1, 2008 - "...Redmond on its IE blog* warned XP SP3 users that in some circumstances they will not be able to uninstall either SP3 or IE8. This heads-up was similar to an earlier warning in May, when XP SP3 had just been released. Redmond said then that you wouldn't be able to downgrade from IE7 to the older IE6 browser without uninstalling SP3. Jane Maliouta, an IE program manager, gave specifics about this new gotcha, which impacts you when you downloaded and installed IE8 Beta 1 prior to updating XP to SP3. If you then upgrade IE8 to Beta 2, which Redmond unveiled on the 28th, you will be stuck with both IE8 and Windows XP SP3. You will get a warning dialog:
"If you continue, XP SP3 and IE8 Beta 2 will become permanent, you will still be able to upgrade to later IE8 builds as they become available, but you won't be able to uninstall them."
So how to get around this lock-in? First uninstall XP SP3, then uninstall IE8 Beta 1; then reinstall XP SP3 and follow that by installing IE8 Beta 2. Dang, that's a hassle..."
* http://blogs.msdn.com/ie/archive/200...-8-beta-2.aspx

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../MS08-sep.mspx
September 9, 2008 - "The security bulletins for this month are as follows, in order of severity: (Total of -4-)

Critical (4)

Microsoft Security Bulletin MS08-054
Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
- http://www.microsoft.com/technet/sec.../ms08-054.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-052
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
- http://www.microsoft.com/technet/sec.../ms08-052.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Visual Studio...

Microsoft Security Bulletin MS08-053
Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
- http://www.microsoft.com/technet/sec.../ms08-053.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-055
Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)
- http://www.microsoft.com/technet/sec.../ms08-055.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

---
ISC Analysis:
- http://isc.sans.org/diary.html?storyid=5009
Last Updated: 2008-09-09 17:46:41 UTC

- http://blogs.technet.com/swi/
Sep. 9, 2008

---
MS08-052
- http://secunia.com/advisories/31675/

MS08-053
- http://secunia.com/advisories/31724/

MS08-054
- http://secunia.com/advisories/31726/

MS08-055
- http://secunia.com/advisories/31744/

---
Revisions...

MS08-052:
- http://www.microsoft.com/technet/sec.../ms08-052.mspx
• V2.0 (September 12, 2008): Bulletin updated to add Microsoft Office Project 2002 Service Pack 2, all Office Viewer software for Microsoft Office 2003, and all Office Viewer software for 2007 Microsoft Office System as Affected Software...

MS08-053:
- http://www.microsoft.com/technet/sec.../ms08-053.mspx
• V1.1 (September 10, 2008): Corrected the "Installing without user intervention" and "Installing without restarting" switches in the Security Update Deployment sections for Windows Vista and Windows Server 2008. Also changed "C:\Program Files" to "%programfiles%" in the Workarounds for Windows Media Encoder Buffer Overrun Vulnerability - CVE-2008-3008 commands.

MS08-054:
- http://www.microsoft.com/technet/sec.../ms08-054.mspx
• V1.1 (September 10, 2008): Removed erroneous entry from Mitigating Factors for Windows Media Player Sampling Rate Vulnerability - CVE-2008-2253.

MS08-055:
- http://www.microsoft.com/technet/sec.../ms08-055.mspx
• V1.1 (September 10, 2008): Corrected the installation switches and deployment information for OneNote 2007, and added to the list of non-affected software. Also, updated FAQ entries explaining why this update is offered to systems with non-affected software.

:-(

[AplusWebMaster]

FYI...

- http://www.symantec.com/security_res...atconlearn.jsp
Sep. 19, 2008 - "The ThreatCon is currently at Level 1. Symantec is currently monitoring in-the-wild attacks leveraging the recently patched Windows Media Player ActiveX vulnerability associated with MS08-053. On September 15, 2008, the DeepSight honeynet observed active exploitation of this flaw as part of a web exploit kit. Successful exploitation of this, or any of the other targeted vulnerabilities, will install malicious code on victim computers. For details on the vulnerability, see the following: Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability ( http://www.securityfocus.com/bid/31065 ) We strongly urge all users to apply the patches made available in the MS08-053 security bulletin immediately. Those who cannot do so should set the kill bit on the associated CLSID (A8D3AD02-7508-4004-B2E9-AD33F087F43C) until patches can be applied. For more information and patches, see the Microsoft bulletin: Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution ( http://www.microsoft.com/technet/sec.../MS08-053.mspx ) ."