Old MS Alerts

[AplusWebMaster]

FYI...

Win7 SP1 available
- http://support.microsoft.com/kb/976932
Last Review: February 22, 2011 - Revision: 3.1

- http://windows.microsoft.com/installwindows7sp1
"... How to get SP1
The recommended (and easiest) way to get SP1 is to turn on automatic updating in Windows Update in Control Panel, and wait for Windows 7 to notify you that SP1 is ready to install. It takes about 30 minutes to install, and you'll need to restart your computer about halfway through the installation..."

What's included in Windows 7 SP1
- http://windows.microsoft.com/en-US/w...ice-pack-1-sp1

- http://windows.microsoft.com/en-US/w...ice-pack-1-sp1
"... Installation method
Estimated amount of free disk space required
Windows Update
• x86-based (32-bit): 750 MB
• x64-based (64-bit): 1050 MB
Downloading SP1 from the Microsoft website
• x86-based (32-bit): 4100 MB
• x64-based (64-bit): 7400 MB
Installing SP1 using an installation DVD
• x86-based (32-bit): 4100 MB
• x64-based (64-bit): 7400 MB

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2491888)
Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/sec...y/2491888.mspx
February 23, 2011 - "... an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users. Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the update to the Microsoft Malware Protection Engine is installed along with the updated malware definitions for the affected products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly. Typically, no action is required of enterprise administrators or end users to install this update, because the built-in mechanism for the automatic detection and deployment of this update will apply the update within the next 48 hours. The exact time frame depends on the software used, Internet connection, and infrastructure configuration..."
- http://support.microsoft.com/kb/2510781
February 23, 2011 - "... how to verify that the updates have been installed... This update requires Windows Live OneCare..."
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-0037
Last revised: 02/28/2011 - CVSS v2 Base Score: 7.2 (HIGH) - "... before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare..."
___

- http://secunia.com/advisories/43468/
Release Date: 2011-02-24
Solution Status: Partial Fix
...The vulnerability is reported in version 1.1.6502.0 and prior of Microsoft Malware Protection Engine.
Solution: Ensure that systems are running version 1.1.6603.0 or later of Microsoft Malware Protection Engine. Typically, malware definitions and updates for Microsoft Malware Protection Engine are applied automatically...

- http://www.h-online.com/security/new...m-1196731.html
24 February 2011 - "... such updates are usually installed within 48 hours, but that users can also initiate the process manually..."

[AplusWebMaster]

FYI...

Win7 / 2008 R2 SP1 problems...
- http://isc.sans.edu/diary.html?storyid=10453
Last Updated: 2011-02-24 13:45:34 UTC ...(Version: 1) - "... some of the problems we are hearing about with Windows 7 SP1 and Windows 2008 R2 SP1. Right now, there is no urgent reason to install this service pack and it should be tested first...
Specific examples. Consider them anecdotal but if you run any software mentioned here, or similar software, this list should give you a guide to test.
* Users with old versions of Microsoft Security Essentials may not be able to install SP1. Upgrade first.
* Samsung Galaxy S phone drivers may have problems with SP1
* some users reported very long install times (> 1hr. but not all that unusual for a service pack)
* Chrome 10 and 11 have issues according to some tweets
* Word 2003 VBA
* slower boot times with SP1 then without
* some reports of download issues due to overloaded servers
* Lenovo's Thinkvantage System Update may not work (update it before applying the SP)
* EVGA Precision Utility 2.0.2 (Graphics card stats program liked by gamers)
* MSI Afterburner
* some issues with Bitlocker are reported. But no confirmation at this point and it may also be due to entering the wrong password on reboot (you have to reboot a couple times in certain situations)

Link to a technet page with reports of install issues:
http://technet.microsoft.com/en-us/l...8WS.10%29.aspx
If all fails, here's a link with an uninstall procedure for SP1:
http://windows.microsoft.com/en-US/w.../uninstall-sp1
To temporarily block installation of the service pack:
http://www.microsoft.com/downloads/e...displaylang=en
...This tool can be used with:
• Windows 7 Service Pack 1 (valid through 2/22/2012)
• Windows Server 2008 R2 Service Pack 1 (valid through 2/22/2012) ..."

[AplusWebMaster]

FYI...

MS Autorun update v2.1 now "automatic" from Windows Update
- http://isc.sans.edu/diary.html?storyid=10468
Last Updated: 2011-03-02 06:27:56 UTC - "Microsoft has moved their Windows Autorun V2.1 [1] (967940) update patch from optional updates to automatic updates. This is the same patch that was released in last month’s patch Tuesday. When Windows update is next run, this patch will automatically be selected to apply to your machine. This is more likely to affect home users, as companies should be using group policies to control how USB autorun settings operate. Expect one or two calls... why their favorite autorun USB stick application has stopped working."

[1] http://www.microsoft.com/technet/sec...ry/967940.mspx

[AplusWebMaster]

FYI...

MS Security Bulletin Advance Notification - March 2011
- http://www.microsoft.com/technet/sec.../MS11-mar.mspx
March 03, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on March 8, 2011..."
(Total of -3-)

Bulletin 1
Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 2
Important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 3
Important - Remote Code Execution - May require restart - Microsoft Office

.

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../MS11-mar.mspx
March 08, 2011 - "This bulletin summary lists security bulletins released for March 2011... (Total of -3-)

Microsoft Security Bulletin MS11-015 - Critical
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
- http://www.microsoft.com/technet/sec.../ms11-015.mspx
Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-017 - Important
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)
- http://www.microsoft.com/technet/sec.../MS11-017.mspx
Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-016 - Important
Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)
- http://www.microsoft.com/technet/sec.../MS11-016.mspx
Remote Code Execution - May require restart - Microsoft Office
___

MS11-015: http://secunia.com/advisories/43626/
Highly critical - System access - From remote
MS11-016: http://secunia.com/advisories/41104/
Highly critical - System access - From remote
MS11-017: http://secunia.com/advisories/43628/
Highly critical - System access - From remote

MS11-015:
- http://www.securitytracker.com/id/1025169
- http://www.securitytracker.com/id/1025170
MS11-016:
- http://www.securitytracker.com/id/1025171
MS11-017:
- http://www.securitytracker.com/id/1025172
___

- http://blogs.technet.com/b/msrc/arch...n-release.aspx
"8 Mar 2011
MS11-015. This bulletin resolves one Critical-level and one Important-level vulnerability affecting certain media files in all versions of Microsoft Windows. It has an Exploitability Index rating of 1 ...
MS11-016 is a DLL-preloading issue affecting Microsoft Groove 2007 Service Pack 2, which makes this an Office bulletin. Versions 2007 and 2010 of Groove are unaffected, as is Microsoft SharePoint Workspace 2010.
MS11-017 is also a DLL-preloading issue, in this instance in Microsoft Windows Remote Client Desktop. This security update is rated Important for Remote Desktop Connection 5.2 Client, Remote Desktop Connection 6.0 Client, Remote Desktop Connection 6.1 Client, and Remote Desktop Connection 7.0 Client..."

Deployment Priority
- http://blogs.technet.com/cfs-filesys...deployment.png

Severity and Exploitability
- http://blogs.technet.com/cfs-filesys...ty_2D00_xi.png
___

MSRT
- http://support.microsoft.com/?kbid=890830
March 8, 2011 - Revision: 85.0
(Recent additions)
- http://www.microsoft.com/security/pc...-families.aspx
... added this release...
• Renocide

- http://blogs.technet.com/b/mmpc/arch...-renocide.aspx
9 Mar 2011

Download:
- http://www.microsoft.com/downloads/e...displaylang=en
File Name: windows-kb890830-v3.17.exe

To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/d...displaylang=en
File Name: windows-kb890830-x64-v3.17.exe
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=10510
Last Updated: 2011-03-08 18:17:20 UTC

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2491888)
Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/sec...y/2491888.mspx
• V1.1 (March 8, 2011): Revised advisory FAQ to announce updated version of the MSRT...
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-0037
Last revised: 02/28/2011
CVSS v2 Base Score: 7.2 (HIGH)
"... before 1.1.6603.0..."

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...y/2269637.mspx
• V6.0 (March 8, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-015, "Vulnerabilities in Windows Media Could Allow Remote Code Execution;" MS11-016, "Vulnerability in Microsoft Groove Could Allow Remote Code Execution;" and MS11-017, "Vulnerability in Remote Desktop Client Could Allow Remote Code Execution."

[AplusWebMaster]

FYI...

Forefront update fails - KB2508823
- http://isc.sans.edu/diary.html?storyid=10522
Last Updated: 2011-03-09 23:13:29 UTC - "Included in this Patch Tuesday is a Forefront update KB2508823[1] (Client Version: 1.5.1996.0). We have received a number of reports that the KB2508823 update fails during the install. Once the update fails, the existing Forefront client is also removed. This leaves the machine without any anti-malware protection. We recommend you hold off deploying the update until confirmation from Microsoft. Microsoft have posted a similar warning here:
- http://blogs.technet.com/b/clientsec...11-update.aspx
"Update 9 March 2011... you may want to hold off approving this update for the moment..."
___

- http://blogs.technet.com/b/clientsec...11-update.aspx
"Update 10 March 2011... We have received reports of an installation issue with our March update of Forefront Client Security when the option of “install updates and shutdown” is used. We wanted to be clear on the issue and exactly what steps we are taking to rectify it.
Symptom: A computer attempts to use the install updates and shutdown Windows feature to update to the latest version of FCSv1. After restart, the computer does not have the Antimalware agent installed, but will still have the Security State Assessment(SSA) and Microsoft Operation Manager components installed.
The problem: This issue only occurs on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. It does not occur on Windows XP, Windows Server 2003 or Windows 2000. This issue was not introduced in the March Update. It is caused by a previously undetected problem in the October 2010 update. Please review the steps below for what options you should take. For the bug to occur, the system must have either the policy setting changing the default shutdown behavior or the user clicks on “Apply updates at Shutdown”. If the update is deployed or manually installed in other ways, this bug does not occur..."
(MS recommended steps to take at the URL above.)

[1] http://support.microsoft.com/kb/2508823

[AplusWebMaster]

FYI...

MS advisory - updated (2501696)
Vulnerability in MHTML Could Allow Information Disclosure
* http://www.microsoft.com/technet/sec...y/2501696.mspx
• V1.1 (March 11, 2011): Revised Executive Summary to reflect investigation of limited, targeted attacks.

- https://www.computerworld.com/s/arti...icrosoft_warns
March 12, 2011 - "An Internet Explorer flaw made public by a Google security researcher two months ago is now being used in online attacks. The flaw, which has not yet been patched, has been used in "limited, targeted attacks," Microsoft said Friday*... The attack is triggered when the victim is tricked into visiting a maliciously encoded Web page - what's known as a Web drive-by attack... Microsoft has released a Fixit tool** that users can download to repair the problem, but has not said when, or even if, it plans to push out a comprehensive security update to all users..."
** http://support.microsoft.com/kb/2501696#FixItForMe

- http://www.theregister.co.uk/2011/03..._google_users/
12 March 2011

- http://www.pcmag.com/article2/0,2817,2381881,00.asp
PCmag.com - "... Firefox and Chrome are not affected in their default configuration, as they do not support MHTML without the installation of specific add-on modules..."

[AplusWebMaster]

FYI...

MSRT 2011.03 results...
- http://blogs.technet.com/b/mmpc/arch...aftermath.aspx
16 Mar 2011 - "On March 8th, we announced the release of our latest Malicious Software Removal Tool (MSRT), version that included detection and cleaning capabilities for a backdoor enabled worm we are calling Win32/Renocide... According to our telemetry, this new addition was among the top 5 detected threats (in the first week of release), both when it comes to infected machines and when classified based on number of detected files... The high tally of affected machines reflects Renocide's relative age; the botnet has been around since 2008 and has slowly but steadily increased its prevalence. Our first detection dates back to the first half of 2008... Sality leads in the threat count ranking due to the fact that it is a file infector..."
(Charts available at the URL above.)