Page 6 of 51 FirstFirst ... 234567891016 ... LastLast
Results 51 to 60 of 501

Thread: Old MS Alerts

  1. #51
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Vista SP1 Survival Guide

    FYI...

    Vista SP1 Survival Guide
    - http://www.informationweek.com/share...leID=205917537
    March 4, 2008


    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #52
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Default MS Security Bulletin Advance Notification - March 2008

    FYI...

    - http://www.microsoft.com/technet/sec.../MS08-mar.mspx
    March 6, 2008 - "...This is an advance notification of -four- security bulletins that Microsoft is intending to release on March 11, 2008..."

    Critical (4)

    Microsoft Security Bulletin 1
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Microsoft Office...

    Microsoft Security Bulletin 2
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Microsoft Office....

    Microsoft Security Bulletin 3
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Microsoft Office...

    Microsoft Security Bulletin 4
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Microsoft Office Web Components...


    Non-Security, High-Priority Updates on MU, WU, and WSUS
    For this month:
    • Microsoft is planning to release -two- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
    • Microsoft is planning to release -three- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.

    Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #53
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy MS OneCare tags SiteAdvisor in error...

    FYI...

    - http://preview.tinyurl.com/ypjaam
    March 6, 2008 (AvertLabs blog) - "Microsoft’s OneCare team issued an update on January 31, 2008 that resulted in SiteAdvisor users receiving a Microsoft warning message recommending that SiteAdvisor be removed due to interference with OneCare... as a general rule, Microsoft recommends running only one security application at a time because of potential performance and “PC stability” issues. We explained to Microsoft that SiteAdvisor functionality is totally unrelated to OneCare. They agreed... there is no need to disable SiteAdvisor or OneCare. The two products co-exist nicely (aside from the pop-up!). Because OneCare doesn’t allow white listing of applications, affected consumers have limited options until all installations of OneCare are patched."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #54
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Active exploit of Excel vuln

    FYI...

    - http://isc.sans.org/diary.html?storyid=4117
    Last Updated: 2008-03-10 23:52:52 UTC - "...We can confirm these attacks and have been tracking several exploits over the last few days. It should be noted that the incidents we are aware of have been limited to a very specific targeted attack and were not widespread. In total, we established approximately 21 reports of attacks using only 8 different files, from within the same two communities, so far... some of the signatures we know of that catch iterations of these attacks. Note that some are relatively generic and catch multiple other exploits as well... Trojan-Dropper.MSExcel.Agent ...We are aware that some of the samples connect back to update-microsoft.kmip.net (221.130.180.87) on port 80, to retrieve the IP address of the actual control server."

    > http://www.us-cert.gov/current/#troj..._vulnerability

    - http://blog.trendmicro.com/olympic-f...ms-excel-vuln/
    March 9, 2008 - "XLS files specially designed to exploit a currently unpatched vulnerability in Microsoft Excel (identified as CVE-2008-0081) are reportedly being sent as email attachments in the wild. The attachments, which arrive either as OLYMPIC.XLS or SCHEDULE.XLS are capable of dropping and executing Windows binary executables. This Trojan also drops a non-malicious Excel file and opens it upon execution to trick the user that it is the attached Excel file... Both OLYMPIC.XLS and SCHEDULE.XLS are observed to use similar exploit templates and even allow malware writers to customize the exploit to perform other routines... malware authors are using this window of opportunity to infect a large number of computers. More information on this exploit can be found on this Microsoft Security Advisory*. Trend Micro advises users to be wary of opening unsolicited email messages, much more of files attached to them..."
    (Screenshots available at the URL above.)

    * http://www.microsoft.com/technet/sec...ry/947563.mspx
    January 16, 2008

    - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0081
    Last revised: 1/17/2008

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #55
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - March 2008

    FYI...

    - http://www.microsoft.com/technet/sec.../MS08-mar.mspx
    March 11, 2008
    "...The security bulletins for this month are as follows, in order of severity:

    Critical (4)

    Microsoft Security Bulletin MS08-014
    Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
    - http://www.microsoft.com/technet/sec.../MS08-014.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Microsoft Office...

    Microsoft Security Bulletin MS08-015
    Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
    - http://www.microsoft.com/technet/sec.../MS08-015.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Microsoft Office...

    Microsoft Security Bulletin MS08-016
    Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
    - http://www.microsoft.com/technet/sec.../MS08-016.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Microsoft Office...

    Microsoft Security Bulletin MS08-017
    Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)
    - http://www.microsoft.com/technet/sec.../MS08-017.mspx
    Maximum Severity Rating: Critical
    Impact of Vulnerability: Remote Code Execution...
    Affected Software: Microsoft Office Web Components...


    Other Information -
    Microsoft Windows Malicious Software Removal Tool
    Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

    Non-Security, High-Priority Updates on MU, WU, and WSUS
    For this month:
    • Microsoft has released -two- non-security, high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
    • Microsoft has released -three- non-security, high-priority updates for Windows on Windows Update (WU) and WSUS.

    Note that this information pertains only to non-security, high-priority updates on Microsoft Update, Windows Update, and Windows Server Update Services released on the same day as the security bulletin summary. Information is not provided about non-security updates released on other days..."
    --------------------------------------------------------------

    ISC Analysis
    - http://isc.sans.org/diary.html?storyid=4124
    Last Updated: 2008-03-11 18:33:40 UTC
    --------------------------------------------------------------

    Microsoft Security Advisory (947563)
    Vulnerability in Microsoft Excel Could Allow Remote Code Execution
    - http://www.microsoft.com/technet/sec...ry/947563.mspx
    Published: January 15, 2008 | Updated: March 11, 2008 - "...We have issued MS08-014* to address this issue..."
    * http://www.microsoft.com/technet/sec.../MS08-014.mspx
    Last edited by AplusWebMaster; 2008-03-11 at 21:30. Reason: Added ISC analysis URL...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #56
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation IE5 and IE6 FTP vuln

    FYI...

    - http://isc.sans.org/diary.html?storyid=4126
    Last Updated: 2008-03-11 20:57:53 UTC - "The many out there still using older versions of MSIE (such as Internet Explorer 5 or 6) might well be interested in two new vulnerabilities discovered and made public today on full disclosure. It looks somewhat like a Cross Site Request Forgery (CSRF) attack: A malicious URL you (somehow) hit. It can be unintentional on the user's part through e.g. an injected iframe on a forum. The URL tells the client to contact another server and does some bad things there that the user never intended, but had the authorization to do. The twist in this case is that the second hit doing damage can also be a FTP request, not just a HTTP request. Still normally you can only log in and download (GET) files using a URL, and if the FTP server is requiring authentication, the user or the URL should enter the login/password, tipping them off something strange is going on or the attacker already knowing the credential. That's true, till you see the duo of bugs in IE:
    * Apparently IE5 and IE6 allow other commands too, such as deleting files by constructing a URL with %-encoded line-breaks.
    * Similarly IE 5 and IE6 allow the URL to be constructed in such a manner as to try to re-authenticate with cached credentials.
    IE7 is claimed not to suffer from this, so if you need a bit more incentive to (be allowed to) upgrade, this might just be it."
    --------------------------------

    - http://preview.tinyurl.com/2at5ub
    March 12, 2008 (ComputerWorld) - "A flaw in the way Microsoft's Internet Explorer browser processes FTP commands could let attackers steal or erase data from a victim's FTP site. The bug, which affects users of IE 6 and the unsupported IE 5 browser, gives an attacker a way of hijacking the victim's FTP sessions... "The attack seems viable, but the stars have to be aligned just right for the attack to work," said Craig Schmugar, a researcher with McAfee's Avert Labs..."

    ('Maybe -not- so difficult...)
    - http://www.finjan.com/Content.aspx?id=1367
    ("Malicious Page of the Month" Feb. 2008 synopsis) - "...deployment of ready-made Crimeware toolkits has gained momentum... When examining a server hosting the latest version of this Crimeware toolkit, we also found an almost unnoticeable standalone application, especially designed to abuse and trade stolen FTP account credentials of legitimate companies around the world. More than 8,700 FTP servers’ credentials of highly respected organizations and enterprises were thus stolen, including valid user names and passwords."
    --------------------------------

    - http://secunia.com/advisories/29346/
    Release Date: 2008-03-12
    Impact: Manipulation of data
    Where: From remote
    Solution Status: Unpatched
    Software: MS IE 5.01, MS IE 6.x
    ...The vulnerability is confirmed in version 6.0.2900.2180 and also reported in version 5. Other versions may also be affected.
    Solution: Upgrade to Internet Explorer 7. Do not browse untrusted websites...
    --------------------------------

    - http://www.securityfocus.com/bid/28208/discuss
    "...This issue affects Internet Explorer 5 and 6; prior versions may also be affected..."
    - http://www.securityfocus.com/bid/28208/solution
    Solution:
    Reports indicate that the vendor intends to release a patch that will address this issue...
    - http://www.rapid7.com/advisories/R7-0032.jsp
    "...Solution
    The vendor plans to release a patch for this issue in an upcoming security bulletin. If possible, upgrade to Internet Explorer 7..."

    Last edited by AplusWebMaster; 2008-03-14 at 00:27. Reason: Added update - vendor to issue patch... (When?)
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #57
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Microsoft has made revisions...

    FYI...

    - http://www.us-cert.gov/current/#micr...urity_bulletin
    updated March 17, 2008 - " Microsoft has made revisions to all of the March Security Bulletins. These revisions:
    * Clarify why a non-vulnerable version of Office was offered during this update.
    * Correct the registry key for verifying the update for ISA Server.
    * Remove MS07-015 as a replaced bulletin for Microsoft Office XP Service Pack 3.
    * Update vulnerability FAQs
    * Update file information tables for Outlook 2000 and 2003.
    Microsoft has also re-released MS08-014 to include additional information about issues relating to users of Excel 2003 Service Pack 2 or Service Pack 3..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #58
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post MS Windows Vista SP1

    FYI...

    Vista SP1
    - http://isc.sans.org/diary.html?storyid=4160
    Last Updated: 2008-03-19 17:04:57 UTC ...(Version: 3)
    "The first service pack from Microsoft for Vista is out. Please let us know your experiences downloading and applying the 434.5 MB Windows Vista Service Pack 1 Five Language Standalone (KB936330):

    MS downloads:
    - http://preview.tinyurl.com/ywb4al
    "...IF YOU ARE UPDATING JUST ONE COMPUTER: A smaller, more appropriate download is available on Windows Update..."

    Update 1: If Vista SP1 will not install, or is not being offered as a option you should read the following article. You may have to update drivers first or other issues...
    Windows Vista Service Pack 1 is not available for installation from Windows Update and is not offered by Automatic Updates: http://support.microsoft.com/?kbid=948343

    Update 2: Before you install the final release of Windows Vista SP1, you must uninstall any previous releases... http://support.microsoft.com/kb/936330

    Windows Service Pack Blocker Tool
    - http://technet.microsoft.com/en-us/w.../bb927794.aspx

    .
    Last edited by AplusWebMaster; 2008-03-19 at 19:56.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #59
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Excel 2003 - MS08-014 Re-release

    FYI...

    - http://blogs.technet.com/msrc/archiv...e-release.aspx
    March 19, 2008 - "...we've just re-released MS08-014 for Microsoft Office Excel 2003 Service Pack 2 and Service Pack 3 only... The original version released on March 11, 2008 did fully protect against the security issues discussed in the bulletin. However, after release we discovered that the security update caused a calculation error in Microsoft Excel 2003 when a Real Time Data source was used in a user-created Visual Basic for Applications solution (in other words a custom-built VBA function). For additional details, please refer to KB950340*. If you're -not- running Microsoft Excel 2003, this re-release doesn't apply to you and you don't need to take any action. If you are running Microsoft Excel 2003 Service Pack 2 or Service Pack 3, you should use the guidance provided in Knowledge Base article KB950340* to deploy the new update."
    * http://support.microsoft.com/kb/950340

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #60
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Vista SP1 Chokes On Widely Used Intel Chipset Drivers

    FYI...

    Vista SP1 Chokes On Widely Used Intel Chipset Drivers
    - http://www.informationweek.com/share...leID=206904946
    March 20, 2008 - "PCs from Hewlett-Packard, Gateway, Lenovo, and other major computer makers that contain a widely used Intel chipset can't be upgraded to Windows Vista Service Pack 1 if they're running certain drivers. Microsoft has said that Vista SP1 won't work with "a small number of device drivers." The list, however, includes drivers for an Intel chipset that's found in thousands of PCs and laptops. The affected chipset is Intel's 945G Express series, which is used in computers from virtually all major system vendors. It's also found on standalone motherboards sold by Asus. The 945G Express chipset driver versions between numbers 7.14.10.1322 and 7.14.10.1403 won't work with Vista SP1, according to Microsoft. Chipsets provide a connection point for all key subsystems within a PC. The 945G Express chipset includes Intel's GMA 950 graphics core, which also won't work with Vista SP1 if those drivers are used. Microsoft is urging Vista users to update all of their hardware to the latest drivers before even attempting to install SP1... The service pack also won't work with computers that use certain, widely-deployed audio drivers from Realtek and certain drivers for security devices manufactured by Symantec. Microsoft has published a full list of drivers that are incompatible with the service pack*. Meanwhile, Microsoft is continuing to receive reports from computer users who say Vista SP1 is wreaking havoc on their systems..."
    * http://support.microsoft.com/?kbid=948343#method5
    Last Review: March 20, 2008
    Revision: 3.0

    ('Shades of the XPSP2 installs... 'Like Yogi said, "It's deja vu all over again"...)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •