Old MS Alerts

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../MS11-may.mspx
May 10, 2011 - "This bulletin summary lists security bulletins released for May 2011. (Total of -2-)...

Microsoft Security Bulletin MS11-035 - Critical
Vulnerability in WINS Could Allow Remote Code Execution (2524426)
- http://www.microsoft.com/technet/sec.../MS11-035.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-036 - Important
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814)
- http://www.microsoft.com/technet/sec.../MS11-036.mspx
Important - Remote Code Execution - May require restart - Microsoft Office
___

Deployment Priority
- http://blogs.technet.com/cfs-filesys...71/3731.DP.png

Severity and Exploitability Index
- http://blogs.technet.com/cfs-filesys...everity-XI.png
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=10855
Last Updated: 2011-05-10 16:58:08 UTC
___

- http://www.securitytracker.com/id/1025512 - MS11-035
- http://www.securitytracker.com/id/1025513 - MS11-036
May 10 2011
___

MSRT
- http://support.microsoft.com/?kbid=890830
May 10, 2011 - Revision: 87.0
(Recent additions)
- http://www.microsoft.com/security/pc...-families.aspx
... added this release...
• Ramnit

Download:
- http://www.microsoft.com/downloads/e...displaylang=en
File Name: windows-kb890830-v3.19.exe - 12.6MB

To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/d...displaylang=en
File Name: windows-kb890830-x64-v3.19.exe - 13.1MB

.

[AplusWebMaster]

FYI...

MSIR Vol. 10 released
- http://blogs.technet.com/b/mmpc/arch...volume-10.aspx
11 May 2011 - "... in-depth regional threat intelligence for 117 countries based on data from more than 600 million machines worldwide. The report highlights a polarization of cybercriminal behavior and an increasing trend of cybercriminals using "marketing-like" approaches and deception methods to target consumers... key data points that indicate these tactics are on the rise:
• Rogue Security Software – Rogue security software was detected and blocked on almost 19 million systems in 2010, and the top five families were responsible for approximately 13 million of these detections.
• Phishing – Phishing using social networking as the lure increased 1,200 percent – from a low of 8.3 percent of all phishing in January to a high of 84.5 percent in December 2010. Phishing that targeted online gaming sites reached a high of 16.7 percent of all phishing in June.
• Adware – Global detections of adware when surfing websites increased 70 percent from the second quarter to the fourth quarter of 2010. This increase was almost completely caused by the detection of a pair of new Adware families, JS/Pornpop and Win32/ClickPotato, which are the two most prevalent malware in many countries.
... notable that Windows 7 operating systems are infected only about half as often as Vista, and Vista half as often as Windows XP..."
___

- http://www.theinquirer.net/inquirer/...cript-exploits
May 12 2011 - "... In Microsoft's latest security intelligence report, the firm revealed that in the third quarter of 2010 the number of Java attacks increased to fourteen times the number of attacks it saw in the previous quarter... Java attacks surpassed every other exploitation category that the Microsoft Malware Protection tracked..."
___

Java - most common target for attacks
- http://www.h-online.com/security/new...ew=zoom;zoom=1

- http://www.h-online.com/security/new...ew=zoom;zoom=4

- http://www.h-online.com/security/new...ew=zoom;zoom=5

[AplusWebMaster]

FYI...

MS11-018 re-released for IE7 on XP and Server 2003
- http://blogs.technet.com/b/msrc/arch...rver-2003.aspx
16 May 2011 - "... we re-released MS11-018. If you are using Internet Explorer 7 on supported editions of Windows XP and Windows Server 2003 you may be offered this re-release. For more details, please see the security bulletin, MS11-018*..."
* http://www.microsoft.com/technet/sec.../MS11-018.mspx
• V2.0 (May 16, 2011): Bulletin rereleased to reoffer the update for Internet Explorer 7 on supported editions of Windows XP and Windows Server 2003. This is a detection change only. There were no changes to the binaries. Only affected customers will be offered the update. Customers who have installed the update manually and customers running configurations not targeted by the change to detection logic do not need to take any action.

.

[AplusWebMaster]

FYI...

MS EMET v2.1 released
- http://blogs.technet.com/b/srd/archi...available.aspx
18 May 2011 - "... new version of the Enhanced Mitigation Experience Toolkit (EMET) with brand new features and mitigations. Users can click here* to download the tool free... new features:
• EMET is an officially-supported product through the online forum
• “Bottom-up Rand” new mitigation randomizes (8 bits of entropy) the base address of bottom-up allocations (including heaps, stacks, and other memory allocations) once EMET has enabled this mitigation.
• Export Address Filtering is now available for 64 bit processes. EAF filters all accesses to the Export Address Table which blocks most of the existing shellcodes
• Improved command line support for enterprise deployment and configuration
• Ability to export/import EMET settings
• Improved SEHOP (structured exception handler overwrite protection) mitigation
• Minor bug fixes..."
* http://www.microsoft.com/downloads/e...8-115192c491cb

.

[AplusWebMaster]

FYI...

MSRT detections - May 10–20, 2011
- http://blogs.technet.com/b/mmpc/arch...e-numbers.aspx
Family Count Note
Sality 202,351 Classic parasitic virus
Taterf 77,236 Worm
Rimecud 65,149 Worm
Vobfus 59,918 Worm
Alureon 58,884 Evolved parasitic virus
Parite 53,778 Evolved parasitic virus
Ramnit 52,549 Evolved parasitic virus
Brontok 50,392 Worm
Cycbot 50,209 Trojan ...
(Top 25 detections listed at the URL above.)

.

[AplusWebMaster]

FYI...

MS Bulletin Advance Notification - June 2011
- http://www.microsoft.com/technet/sec.../MS11-jun.mspx
June 9, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on June 14, 2011...

Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 2 - Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight
Bulletin 3 - Critical - Remote Code Execution - Requires restart - Microsoft Forefront Threat Management Gateway
Bulletin 4 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 5 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 6 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 7 - Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework
Bulletin 8 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 9 - Critical - Remote Code Execution - May require restart - Microsoft Windows, Internet Explorer

Bulletin 10 - Important - Information Disclosure - May require restart - Microsoft Windows
Bulletin 11 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 12 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 13 - Important - Denial of Service - Requires restart - Microsoft Windows
Bulletin 14 - Important - Denial of Service - Requires restart - Microsoft Windows
Bulletin 15 - Important - Information Disclosure - May require restart - Microsoft Office, Microsoft SQL Server, Microsoft Visual Studio
Bulletin 16 - Important - Elevation of Privilege

- http://blogs.technet.com/b/msrc/arch...revisited.aspx
June 9, 2011 - "... 16 bulletins (nine Critical in severity, seven Important) addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studios, Silverlight and ISA..."
___

> http://www.theinquirer.net/inquirer/...windows-reader
Jun 10 2011 - "... The pre-notification also indicates that all versions of Excel in Microsoft Office will be updated on both Windows and Mac OS X. Internet Explorer versions 6, 7, 8 and 9 will also be patched... The same day, 14 June is also the date for Adobe to release a patch as part of its regular quarterly update cycle... The Adobe patches will address critical vulnerabilities in Adobe Reader X, Reader 9.4.3 and its earlier versions..."

.

[AplusWebMaster]

FYI...

Vista SP1 support ends July 12, 2011
- http://www.h-online.com/security/new...d-1259389.html
13 June 2011 - "... From 10 April, 2012, the Home editions of Windows Vista will no longer be supported. The Business and Enterprise editions of Vista with their comparatively wider range of features will be supported until 2017. However, Vista Ultimate, which has the widest range of features, is counted as a Home edition, and Microsoft's support for this edition will also end in April 2012. Irrespective of this, another support period will end before then, as Microsoft will only continue to support Windows Vista if the current Service Pack has been installed; this applies to all editions from Starter to Ultimate. When a new Service Pack for Windows is released, users have two years to install it, as the support of the previous Service Pack is discontinued after that time. And that is what is about to happen to Vista with SP1: from 12 July, patches will only be released for versions of Vista that have SP2 installed.
After April 2012, affected Vista users can either switch to Windows 7 – Windows 8 will probably not be ready yet – or to Windows XP. Contrary to Microsoft's rules, all versions of XP, including XP Home, will be supported until at least 2014."

- http://windows.microsoft.com/en-us/w...ucts/lifecycle
Desktop operating systems | Date of availability | Support retired
Windows Vista SP1 | Feb. 4, 2008 | July 12, 2011
___

"How to..." install Vista SP2
- http://windows.microsoft.com/en-US/w...ice-Pack-2-SP2

.

[AplusWebMaster]

FYI...

June 2011 Security Bulletin - Q&A
- http://blogs.technet.com/b/msrc/p/ju...letin-q-a.aspx
June 15, 2011
___

- http://www.microsoft.com/technet/sec.../MS11-jun.mspx
June 14, 2011 - "This bulletin summary lists security bulletins released for June 2011..." (Total of -16-)

Critical

Microsoft Security Bulletin MS11-038 - Critical
Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
- http://www.microsoft.com/technet/sec.../MS11-038.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-039 - Critical
Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
- http://www.microsoft.com/technet/sec.../MS11-039.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight

Microsoft Security Bulletin MS11-040 - Critical
Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
- http://www.microsoft.com/technet/sec.../MS11-040.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Forefront Threat Management Gateway

Microsoft Security Bulletin MS11-041 - Critical
Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
- http://www.microsoft.com/technet/sec.../MS11-041.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-042 - Critical
Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
- http://www.microsoft.com/technet/sec.../MS11-042.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-043 - Critical
Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
- http://www.microsoft.com/technet/sec.../MS11-043.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-044 - Critical
Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
- http://www.microsoft.com/technet/sec.../MS11-044.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS11-050 - Critical
Cumulative Security Update for Internet Explorer (2530548)
- http://www.microsoft.com/technet/sec.../MS11-050.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS11-052 - Critical
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
- http://www.microsoft.com/technet/sec.../MS11-052.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows, Internet Explorer

Important

Microsoft Security Bulletin MS11-037 - Important
Vulnerability in MHTML Could Allow Information Disclosure (2544893)
- http://www.microsoft.com/technet/sec.../ms11-037.mspx
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-045 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
- http://www.microsoft.com/technet/sec.../MS11-045.mspx
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS11-046 - Important
Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
- http://www.microsoft.com/technet/sec.../MS11-046.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-047 - Important
Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
- http://www.microsoft.com/technet/sec.../MS11-047.mspx
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-048 - Important
Vulnerability in SMB Server Could Allow Denial of Service (2536275)
- http://www.microsoft.com/technet/sec.../MS11-048.mspx
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-049 - Important
Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
- http://www.microsoft.com/technet/sec.../MS11-049.mspx
Important - Information Disclosure - May require restart - Microsoft Office, Microsoft SQL Server, Microsoft Visual Studio

Microsoft Security Bulletin MS11-051 - Important
Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
- http://www.microsoft.com/technet/sec.../ms11-051.mspx
Important - Elevation of Privilege - May require restart - Microsoft Windows
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=11050
Last Updated: 2011-06-14 20:37:35 UTC
___

Deployment Priority
- http://blogs.technet.com/cfs-filesys...D00_201106.png

Severity and Exploitabilty Index
- http://blogs.technet.com/cfs-filesys...D00_201106.png
___

MSRT
- http://support.microsoft.com/?kbid=890830
June 14, 2011 - Revision: 88.0
(Recent additions)
- http://www.microsoft.com/security/pc...-families.aspx
... added this release...
• Rorpian
• Yimfoca
• Nuqel

Download:
- http://www.microsoft.com/downloads/e...displaylang=en
File Name: windows-kb890830-v3.20.exe - 12.9MB

To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/d...displaylang=en
File Name: windows-kb890830-x64-v3.20.exe - 13.3MB

.

[AplusWebMaster]

FYI...

- http://www.symantec.com/security_res...atconlearn.jsp
"The ThreatCon is currently at Level 2: Elevated... On June 16, 2011, one of the issues fixed in Microsoft's June update, CVE-2011-1255, described in MS11-050 was found to be exploited in-the-wild. Customers are advised to install all applicable updates as soon as possible..."
- http://www.symantec.com/connect/blog...erability-wild

MS11-050 - Critical - Cumulative Security Update for Internet Explorer (2530548)
- http://www.microsoft.com/technet/sec.../MS11-050.mspx

- http://www.securityfocus.com/bid/48206/exploit
Updated: Jun 17 2011 - Symantec has discovered in-the-wild exploitation of the issue. The exploit is not publicly available.
___

- http://labs.m86security.com/2011/06/...cve-2011-1255/
June 26, 2011

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1255
Last revised: 06/29/2011
CVSS v2 Base Score: 9.3 (HIGH)

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2501584)
Office File Validation for Microsoft Office
- http://www.microsoft.com/technet/sec...y/2501584.mspx
Updated: 6/30/2011 - "Microsoft is announcing the availability of the Office File Validation feature for supported editions of Microsoft Office 2003 and Microsoft Office 2007. The feature, previously only available for supported editions of Microsoft Office 2010, is designed to make it easier for customers to protect themselves from Office files that may contain malformed data, such as unsolicited Office files received from unknown or known sources, by scanning and validating files before they are opened. The Office File Validation feature described in this advisory applies when opening an Office file using Microsoft Excel 2003, Microsoft PowerPoint 2003, Microsoft Word 2003, Microsoft Publisher 2003, Microsoft Excel 2007, Microsoft PowerPoint 2007, Microsoft Word 2007, or Microsoft Publisher 2007. Office File Validation helps detect and prevent a kind of exploit known as a file format attack. File format attacks exploit the integrity of a file, and occur when the structure of a file is modified with the intent of adding malicious code...
Affected Software: Microsoft Office 2003 SP3, Microsoft Office 2007 SP2 ...
Microsoft revised this advisory to announce that as of June 28, 2011, the Office File Validation Add-in described in Microsoft Knowledge Base Article 2501584* is available through the Microsoft Update service...
Suggested Actions: Consult TechNet article, Office File Validation for Office 2003 and Office 2007, for information on deployment, installation, and configuration of the Office File Validation feature for Microsoft Office 2003 and Microsoft Office 2007**..."

* http://support.microsoft.com/kb/2501584

** http://technet.microsoft.com/en-us/l...0054287af.aspx

.