Results 1 to 10 of 467

Thread: Microsoft Alerts

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory (2718704)

    FYI...

    Microsoft Security Advisory (2718704)
    Unauthorized Digital Certificates Could Allow Spoofing
    - https://technet.microsoft.com/en-us/...visory/2718704
    June 03, 2012 - "Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:
    • Microsoft Enforced Licensing Intermediate PCA (2 certificates)
    • Microsoft Enforced Licensing Registration Authority CA (SHA1)
    Recommendation. For supported releases of Microsoft Windows, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service..."
    * http://support.microsoft.com/kb/2718704

    - https://blogs.technet.com/b/msrc/arc...edirected=true
    3 Jun 2012 - "We recently became aware of a complex piece of targeted malware known as 'Flame' and immediately began examining the issue. As many reports assert, Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk. Additionally, most antivirus products will detect and remove this malware. That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks..."

    - https://blogs.technet.com/b/srd/arch...edirected=true
    3 Jun 2012 - "... we released Security Advisory 2718704*, notifying customers that unauthorized digital certificates have been found that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority... we encourage all customers to apply the officially tested update to add the proper certificates to the Untrusted Certificate Store... Components of the Flame malware were signed with a certificate that chained up to the Microsoft Enforced Licensing Intermediate PCA certificate authority, and ultimately, to the Microsoft Root Authority. This code-signing certificate came by way of the Terminal Server Licensing Service that we operate to issue certificates to customers for ancillary PKI-based functions in their enterprise. Such a certificate could (without this update being applied) also allow attackers to sign code that validates as having been produced by Microsoft.
    Conclusion: We recommend that all customers apply this update."

    - http://support.microsoft.com/kb/894199
    Last Review: June 4, 2012 - Revision: 129.0
    ___

    - http://www.securitytracker.com/id/1027114
    Jun 4 2012
    ... Unauthorized digital certificates derived from these certificate authorities are being actively used in attacks.
    Windows Mobile 6.x and Windows Phone 7 and 7.5 are also affected.
    Impact: A remote user may be able to spoof code signing signatures.
    Solution: The vendor has issued a fix (KB2718704), available via automatic update...

    >> https://www.f-secure.com/weblog/archives/00002377.html
    June 4, 2012
    ___

    Microsoft Security Advisory (2718704)
    - http://atlas.arbor.net/briefs/index#-2141289419
    Severity: Extreme Severity
    Published: Monday, June 04, 2012 20:39
    This security vulnerability is high risk and should be looked at ASAP by security teams.
    Analysis: Due to the risks involved, multiple sources suggest that this issue be mitigated as soon as possible. The vulnerability has already been used in the Flame malware, which has been around for a few years. How many other potential adversaries have found and are leveraging the same security hole for their purposes is an open question.
    Source: http://technet.microsoft.com/en-us/s...visory/2718704

    Source: https://isc.sans.edu/diary.html?storyid=13366
    Last Updated: 2012-06-05 ...(Version: 4)

    Source: http://www.wired.com/threatlevel/201...security-fail/
    June 1, 2012 Mikko Hypponen, Chief Research Officer - F-Secure

    Last edited by AplusWebMaster; 2012-06-07 at 21:37.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation WSUS and Windows update hardening

    FYI...

    WSUS and Windows update hardening

    - http://blogs.technet.com/b/wsus/arch...available.aspx
    8 Jun 2012
    - http://blogs.technet.com/b/mu/archiv...this-week.aspx
    June 8, 2012 - Revision: 2.2
    - http://blogs.technet.com/b/configmgr...available.aspx
    8 Jun 2012

    ... and:

    - http://support.microsoft.com/kb/2720211
    Last Review: June 8, 2012 - Revision: 2.2
    - http://support.microsoft.com/kb/894199
    Last Review: June 8, 2012 - Revision: 131.0
    ___

    An update for Windows Server Update Services 3.0 Service Pack 2 is available
    - http://support.microsoft.com/kb/2720211
    Last Review: June 11, 2012 - Revision: 5.0

    Last edited by AplusWebMaster; 2012-06-11 at 18:23.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - June 2012

    FYI...

    Ref: http://technet.microsoft.com/en-us/security/bulletin

    - https://technet.microsoft.com/en-us/...letin/ms12-jun
    June 12, 2012 - "This bulletin summary lists security bulletins released for June 2012...
    (Total of -7-)

    Critical -3-

    Microsoft Security Bulletin MS12-036 - Critical
    Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)
    - https://technet.microsoft.com/en-us/...letin/MS12-036
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-037 - Critical
    Cumulative Security Update for Internet Explorer (2699988)
    - https://technet.microsoft.com/en-us/...letin/ms12-037
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

    Microsoft Security Bulletin MS12-038 - Critical
    Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
    - https://technet.microsoft.com/en-us/...letin/ms12-038
    Critical - Remote Code Execution - May require restart Microsoft Windows, Microsoft .NET Framework

    Important -4-


    Microsoft Security Bulletin MS12-039 - Important
    Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)
    - https://technet.microsoft.com/en-us/...letin/MS12-039
    Important - Remote Code Execution - May require restart - Microsoft Lync

    Microsoft Security Bulletin MS12-040 - Important
    Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
    - https://technet.microsoft.com/en-us/...letin/ms12-040
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-041 - Important
    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
    - https://technet.microsoft.com/en-us/...letin/ms12-041
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-042 - Important
    Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)
    - https://technet.microsoft.com/en-us/...letin/MS12-042
    Important - Elevation of Privilege - Requires restart - Microsoft Windows

    ___

    Certificate Trust List update...
    - https://blogs.technet.com/b/msrc/arc...edirected=true
    12 Jun 2012
    RSA keys under 1024 bits are blocked
    - https://blogs.technet.com/b/pki/arch...edirected=true
    11 Jun 2012

    Bulletin deployment priority
    - https://blogs.technet.com/cfs-filesy...2-Priority.png

    Severity and exploitability index
    - https://blogs.technet.com/cfs-filesy...2-Severity.png
    ___

    Microsoft Security Advisory (2719615)
    Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
    - https://technet.microsoft.com/en-us/...visory/2719615
    June 12, 2012
    0-day... CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1889 - 9.3 (HIGH)
    > http://support.microsoft.com/kb/2719615#FixItForMe

    Microsoft Security Advisory (2269637)
    Insecure Library Loading Could Allow Remote Code Execution
    - https://technet.microsoft.com/en-us/...visory/2269637
    • V16.0 (June 12, 2012) - "... Updates relating to Insecure Library Loading section: MS12-039..."
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=13453
    Last Updated: 2012-06-12 17:45:41 UTC
    ___

    MSRT
    - http://support.microsoft.com/?kbid=890830
    June 12, 2012 - Revision: 103.0
    (Recent additions)
    - http://www.microsoft.com/security/pc...-families.aspx
    ... added this release...
    • Cleaman
    • Kuluoz

    Download:
    - http://www.microsoft.com/download/en...ylang=en&id=16
    File Name: Windows-KB890830-V4.9.exe - 15.5 MB
    - https://www.microsoft.com/download/e...s.aspx?id=9905
    x64 version of MSRT:
    File Name: Windows-KB890830-x64-V4.9.exe - 16.1 MB

    .
    Last edited by AplusWebMaster; 2012-06-26 at 17:12.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisories 2012.06.12

    FYI...

    Microsoft Security Advisory (2719615)
    Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
    - https://technet.microsoft.com/en-us/...visory/2719615
    June 12, 2012
    0-day... CVE Reference: http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1889 - 9.3 (HIGH)
    > http://support.microsoft.com/kb/2719615#FixItForMe

    - https://secunia.com/advisories/49456/
    Release Date: 2012-06-12
    Criticality level: Extremely critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Workaround
    ... vulnerability is reportedly being actively exploited.
    Solution: Apply Microsoft Fix it solution.
    Reported as a 0-day.
    Original Advisory: Microsoft:
    http://technet.microsoft.com/en-us/s...visory/2719615

    - http://googleonlinesecurity.blogspot...ity-under.html
    June 12, 2012 - "... attacks are being distributed both via malicious web pages intended for Internet Explorer users and through Office documents. Users running Windows XP up to and including Windows 7 are known to be vulnerable..."
    ___

    Microsoft Security Advisory (2269637)
    Insecure Library Loading Could Allow Remote Code Execution
    - https://technet.microsoft.com/en-us/...visory/2269637
    • V16.0 (June 12, 2012) - "... Updates relating to Insecure Library Loading section: MS12-039..."
    ___

    An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
    - http://support.microsoft.com/kb/2677070
    Last Review: June 13, 2012 - Revision: 2.0

    > https://blogs.technet.com/b/pki/arch...edirected=true
    ___

    > http://forums.spybot.info/showpost.p...8&postcount=25

    Last edited by AplusWebMaster; 2012-06-13 at 19:13.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory updates 2012.06.13...

    FYI...

    Further insight into Security Advisory 2719615
    - https://blogs.technet.com/b/msrc/arc...edirected=true
    13 Jun 2012 - "During our regular Update Tuesday bulletin cycle this week, we released Security Advisory 2719615*, which provides guidance concerning a remote code execution issue affecting MSXML Code Services. As part of that Advisory, we've built a Fix it workaround that blocks the potential attack vector in Internet Explorer. Fix its are a labor-saving mechanism that helps protect customers from a specific issue in advance of a comprehensive security update. We encourage customers to read more about SA2716915's one-click, no-reboot-required Fix it in an in-depth post on the SRD blog**."
    * http://technet.microsoft.com/en-us/s...visory/2719615

    ** http://blogs.technet.com/b/srd/archi...fixing-it.aspx

    Microsoft Security Advisory (2718704)
    Unauthorized Digital Certificates Could Allow Spoofing
    - https://technet.microsoft.com/en-us/...visory/2718704
    "... update revokes the trust of the following intermediate CA certificates:
    Microsoft Enforced Licensing Intermediate PCA (2 certificates)
    Microsoft Enforced Licensing Registration Authority CA (SHA1) ..."
    V1.1 (June 13, 2012): Advisory revised to notify customers that Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices are not affected by the issue.

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation FixIt NOW - 0-day XML Core Services...

    FYI...

    FixIt NOW - 0-day XML Core Services...
    > https://isc.sans.edu/diary.html?storyid=13489
    Last Updated: 2012-06-16 15:58:47 UTC - "... metasploit module (public release) for this vulnerability. Users are encouraged to patch*..."

    * http://support.microsoft.com/kb/2719615#FixItForMe
    June 12, 2012 - Revision: 3.0

    > http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1889 - 9.3 (HIGH)

    - https://secunia.com/advisories/49456/
    Last Update: 2012-06-22
    Criticality level: Extremely critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Workaround
    ... vulnerability is currently being actively exploited...

    - http://h-online.com/-1619732
    18 June 2012

    - https://www.us-cert.gov/current/#mic..._advisory_for5
    updated June 25, 2012

    - http://nakedsecurity.sophos.com/2012...e-exploit-kit/
    June 29, 2012 - "... CVE-2012-1889 exploiting code very similar to that published to Metasploit was seen within the landing page of a Blackhole exploit kit..."

    Last edited by AplusWebMaster; 2012-07-04 at 21:10.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •