Microsoft Alerts

MSRT Nov '12 ...

FYI...

MSRT November '12 ...
- https://blogs.technet.com/b/mmpc/ar...weelsof-around-the-world.aspx?Redirected=true
4 Dec 2012
> https://www.microsoft.com/security/portal/blog-images/Weelsof/Weels4.png

> https://www.microsoft.com/security/portal/blog-images/Weelsof/Weels5.png
___

Unexpected reboot: Necurs
- https://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx?Redirected=true
6 Dec 2012 - "Necurs is a prevalent threat in the wild at the moment - variants of Necurs were reported on 83,427 unique machines during the month of November 2012. Necurs is mostly distributed by drive-by download. This means that you might be -silently- infected by Necurs when you visit websites that have been compromised by exploit kits such as Blackhole. So what does Necurs actually do? At a high level, it enables further compromise by providing the functionality to:
- Download additional malware
- Hide its components
- Stop security applications from functioning
In addition Necurs contains backdoor functionality, allowing remote access and control of the infected computer. Necurs also monitors and filters network activity and has been observed to send spam and install rogue security software. Nefariousness aplenty. See our Trojan:Win32/Necurs* family write-up for the full details... we've had reports from a number of users stating that they're having trouble with the Microsoft Security Essentials real time protection option being turned off after their computer has rebooted. We will continue to monitor variants of Necurs in the wild..."
* http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Necurs
Updated: Dec 05, 2012

:fear::fear:
 
Last edited:
MS Security Bulletin Summary - December 2012

FYI...

- http://technet.microsoft.com/en-us/security/bulletin/ms12-dec
December 11, 2012 - "This bulletin summary lists security bulletins released for December 2012...
(Total of 7)

Microsoft Security Bulletin MS12-077 - Critical
Cumulative Security Update for Internet Explorer (2761465)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-077
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS12-078 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-078
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-079 - Critical
Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-079
Critical - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS12-080 - Critical
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-080
Critical - Remote Code Execution - May require restart - Microsoft Server Software

Microsoft Security Bulletin MS12-081 - Critical
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-081
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-082 - Important
Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-082
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-083 - Important
Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-083
Important - Security Feature Bypass - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/arc...er-2012-bulletin-release.aspx?Redirected=true

Bulletin Deployment Priority:
- https://blogs.technet.com/cfs-files...ts-weblogfiles/00-00-00-45-71/6355.Slide2.PNG

Severity and Exploitability Index:
- https://blogs.technet.com/cfs-files...ts-weblogfiles/00-00-00-45-71/0550.Slide1.PNG

- http://blogs.technet.com/b/security...ite-attack-pass-the-hash.aspx?Redirected=true
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=14683
Last Updated: 2012-12-12 01:54:45 UTC
___

- https://secunia.com/advisories/51411/ - MS12-077
- https://secunia.com/advisories/51459/ - MS12-078
- https://secunia.com/advisories/51467/ - MS12-079
- https://secunia.com/advisories/51474/ - MS12-080
- https://secunia.com/advisories/51493/ - MS12-081
- https://secunia.com/advisories/51497/ - MS12-082
- https://secunia.com/advisories/51500/ - MS12-083
___

MSRT
- http://support.microsoft.com/?kbid=890830
December 11, 2012 - Revision: 117.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Phdet ..."
- https://blogs.technet.com/b/mmpc/archive/2012/12/11/msrt-december-12-phdet.aspx?Redirected=true

Download:
- https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.15.exe - 16.8 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.15.exe - 17.4 MB

.
 
Last edited:
MS Security Advisory update - 2012.12.11 ...

FYI...

Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.microsoft.com/en-us/security/advisory/2749655
V2.0 (December 11, 2012): Added the KB2687627 and KB2687497 updates described in MS12-043, the KB2687501 and KB2687510 updates described in MS12-057, the KB2687508 update described in MS12-059, and the KB2726929 update described in MS12-060* to the list of available rereleases.
* http://technet.microsoft.com/en-us/security/bulletin/ms12-060
V2.0 (December 11, 2012): Re-released bulletin to replace the KB2687323 update with the KB2726929 update for Windows common controls on all affected variants of Microsoft Office 2003, Microsoft Office 2003 Web Components, and Microsoft SQL Server 2005.

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.microsoft.com/en-us/security/advisory/2755801
V5.0 (December 11, 2012): Added KB2785605* to the Current update section.
* http://support.microsoft.com/kb/2785605
Dec 11, 2012 - Revision: 1.0
___

The following bulletins have undergone a major revision increment. Please see the appropriate bulletin for more details.

- http://technet.microsoft.com/security/bulletin/MS12-043
- http://technet.microsoft.com/security/bulletin/MS12-050
V2.1 (December 12, 2012): Clarified that the update for Microsoft SharePoint Services 2.0 is available from the Microsoft Download Center only.
- http://technet.microsoft.com/security/bulletin/MS12-057
- http://technet.microsoft.com/security/bulletin/MS12-059
- http://technet.microsoft.com/security/bulletin/MS12-060

:fear:
 
Last edited:
MS12-078 - "Known issues" ...

FYI..

MS12-078 - "Known issues" ...
- http://support.microsoft.com/kb/2753842
Last Review: December 14, 2012 - Revision: 2.0
"Known issues with this security update: We are aware of issues related to OpenType Font (OTF) rendering in applications such as PowerPoint on affected versions of Windows that occur after this security update is applied. We are currently investigating these issues and will take appropriate action to address the known issues..."

- http://h-online.com/-1771419
18 Dec 2012 - "... this patch seems to prevent the correct display of PostScript Type 1 fonts and OpenType fonts. They disappear completely in a variety of applications – CorelDraw, QuarkExpress and PowerPoint – and currently the only way to make them visible again is to remove the patch..."

:fear::fear:
 
Last edited:
MS12-078 re-released

FYI...

MS12-078 re-released
- https://technet.microsoft.com/en-us/security/bulletin/ms12-078
V2.0 (December 20, 2012): Re-released update KB2753842 to resolve an issue with OpenType fonts not properly rendering after the original update was installed. Customers who have successfully installed the original KB2753842 update need to install the rereleased update.
(Requires restart.)

- http://support.microsoft.com/kb/2753842
Dec 20, 2012 - Rev: 3.0
___

- http://h-online.com/-1773744
21 Dec 2012

- https://secunia.com/advisories/51459/
Last Update: 2012-12-21
Criticality level: Highly critical
CVE Reference(s):
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2556 - 9.3 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4786 - 10.0 (HIGH)
Original Advisory: MS12-078 (KB2779030, KB2753842):
https://technet.microsoft.com/en-us/security/bulletin/ms12-078

:fear:
 
Last edited:
IE 0-day attack in-the-wild...

FYI...

IE 0-day attack in-the-wild...
- https://krebsonsecurity.com/2012/12/attackers-target-internet-explorer-zero-day-flaw/
Dec 28th, 2012 - "Attackers are breaking into Microsoft Windows computers using a newly discovered vulnerability in Internet Explorer, security experts warn. While the flaw appears to have been used mainly in targeted attacks so far, this vulnerability could become more widely exploited if incorporated into commercial crimeware kits sold in the underground. In a blog posting* Friday evening, Milpitas, Calif. based security vendor FireEye said it found that the Web site for the Council on Foreign Relations was compromised and rigged to exploit a previously undocumented flaw in IE8 to install malicious software on vulnerable PCs used to browse the site. According to FireEye, the attack uses Adobe Flash to exploit a vulnerability in the latest (fully-patched) version of IE8..."
* http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html
2012.12.28 - "... we received reports that the Council on Foreign Relations (CFR) website was compromised and hosting malicious content on or around 2:00 PM EST on Wednesday, December 26. Through our Malware Protection Cloud, we can confirm that the website was compromised at that time, but we can also confirm that the CFR website was also hosting the malicious content as early as Friday, December 21... We can also confirm that the malicious content hosted on the website does appear to use Adobe Flash to generate a heap spray attack against Internet Explorer version 8.0 (fully patched), which was the source of the zero-day vulnerability. We have chosen not to release the technical details of this exploit, as Microsoft is still investigating the vulnerability at this time... the JavaScript proceeded to load a flash file today.swf, which ultimately triggered a heap spray in Internet Explorer in order to complete the compromise of the endpoint..."
Update: "... We have seen multiple variations of this attack, as it looks like the attackers changed tactics multiple times during this campaign... Here is the decrypted payload.
- https://www.virustotal.com/file/af5...a00067a762469fcb13e0ca6deaa740780b9/analysis/
File name: base
Detection ratio: 21/45
Analysis date: 2012-12-31

- https://krebsonsecurity.com/2012/12/attackers-target-internet-explorer-zero-day-flaw/#comments
Dec 29, 2012 - "... worth noting that IE9 is not supported on Windows XP, so this vulnerability is probably most dangerous for XP users who browse with IE."
___

- https://secunia.com/advisories/51695/
Release Date: 2012-12-30
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: IE 6.x, 7.x, 8.x
... currently being actively exploited in targeted attacks.
Original Advisory: http://technet.microsoft.com/en-us/security/advisory/2794220

- http://h-online.com/-1775071
30 Dec 2012

- http://www.kb.cert.org/vuls/id/154201
29 Dec 2012
___

MS Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2794220
Dec 29, 2012 - "Microsoft is investigating public reports of a vulnerability in IE6, IE7, and IE8. Internet Explorer 9 and Internet Explorer 10 are -not- affected by the vulnerability. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8. The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
CVE Reference:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4792
"... exploited in the wild in December 2012."

- https://blogs.technet.com/b/msrc/ar...ecurity-advisory-2794220.aspx?Redirected=true
Dec 29, 2012 - "... we are actively working to develop a security update to address this issue..."

- https://blogs.technet.com/b/srd/arc...nternet-explorer-8-users.aspx?Redirected=true
29 Dec 2012 - "... We’re also working on an appcompat shim-based Fix It protection tool that can be used to protect systems until the comprehensive update is available. The shim does not address the vulnerability but does prevent the vulnerability from being exploited for code execution... we’re working around the clock on the full security update. You should next expect to see an update from us announcing the availability of a Fix It tool to block the vulnerable code paths..."

:fear: :mad:
 
Last edited:
Targeted 0-day attack - IE 6, 7, and 8

FYI...

Targeted 0-day attack - IE 6, 7, and 8
- https://isc.sans.edu/diary.html?storyid=14776
Last Updated: 2012-12-30 22:06:53 UTC... Version: 2 - "... Update:
There is now a Metasploit module (ie_cdwnbindinfo_uaf)that emulates this attack, meaning this will move in to mainstream exploitation rapidly, thus mitigation steps should be taken so soon as possible. Home users running XP should be looking to use another browser as their primary method of browsing the web, and corporate security staff should review Microsoft’s recommendations to build a layered defence to protect staff..."

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4792 - 9.3 (HIGH)
Last revised: 12/31/2012 - "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8... exploited in the wild in December 2012..."

- https://secunia.com/advisories/51695/
Release Date: 2012-12-30
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: IE 6.x, 7.x, 8.x
... currently being actively exploited in targeted attacks.
Original Advisory: http://technet.microsoft.com/en-us/security/advisory/2794220

:fear::fear:
 
Last edited:
MS FixIt released for IE 0-day...

FYI...

MS FixIt released for IE 0-day...
MS Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2794220
V1.1 (December 31, 2012): Added link to Microsoft Fix it* solution, "MSHTML Shim Workaround," that prevents exploitation of this issue.
* http://support.microsoft.com/kb/2794220#FixItForMe
Last Review: Dec 31, 2012 - Rev 1.0
Applies to: IE8, IE7, IE6...

- https://blogs.technet.com/b/srd/arc...ernet-explorer-6-7-and-8.aspx?Redirected=true
31 Dec 2012

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4792 - 9.3 (HIGH)
___

- https://windowssecrets.com/windows-secrets/a-windows-patching-december-to-remember/
Jan 2, 2013
> http://www.microsoft.com/security/pc-security/bulletins/201212.aspx

>> http://forums.spybot.info/showpost.php?p=435553&postcount=51
7 Jan 2013

:fear:
 
Last edited:
MS Security Advisory 2798897 - Fraudulent Digital Certificates...

FYI...

MS Security Advisory (2798897)
Fraudulent Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/security/advisory/2798897
Jan 03, 2013 - "Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. To help protect customers from the fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) and is providing an update for all supported releases of Microsoft Windows that removes the trust of certificates that are causing this issue... see Microsoft Knowledge Base Article 2677070 for details..."
* http://support.microsoft.com/kb/2677070
___

- http://h-online.com/-1777291
4 Jan 2013 - "... Mozilla will be adding the two SubCA certificates to its certificate blacklist during its next update, which is due on 8 January... Chrome has also been updated and no longer trusts the SubCA certificates; the company says that when it updates Chrome later in the month it will no longer show Extended Validation status for TURKTRUST issued certificates."

:fear:
 
Last edited:
IE FixIt negated with bypass

FYI...

IE FixIt negated with bypass ...
- http://www.securitytracker.com/id/1027930
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4792 - 9.3 (HIGH)
Updated: Jan 4 2013
Original Entry Date: Dec 30 2012
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Version(s): IE6,7,8
... the vendor has provided the Microsoft Fix it solution, "MSHTML Shim Workaround"... the Microsoft Fix it solution can be bypassed using a variation of the original exploit http://blog.exodusintel.com/2013/01...explorer-0day-fix-it-patch-for-cve-2012-4792/
The vendor's advisory is available at:
http://technet.microsoft.com/en-us/security/advisory/2794220

Mitigation: Use an alternative browser until a full patch is released for this issue.

:fear:
 
MS Security Bulletin Summary - Jan 2013

FYI...

- http://technet.microsoft.com/en-us/security/bulletin/ms13-jan
Jan 08, 2013 - "This bulletin summary lists security bulletins released for January 2013...
(Total of -7-)

Microsoft Security Bulletin MS13-001 - Critical
Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-001
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-002 - Critical
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-002
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office, Microsoft Developer Tools, Microsoft Server Software

Microsoft Security Bulletin MS13-003 - Important
Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-003
Important - Elevation of Privilege - Does not require restart - Microsoft Server Software

Microsoft Security Bulletin MS13-004 - Important
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-004
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS13-005 - Important
Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-005
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-006 - Important
Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-006
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-007 - Important
Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-007
Important - Denial of Service - May require restart - Microsoft Windows, Microsoft .NET Framework
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=14854
Last Updated: 2013-01-08 18:02:06 UTC
___

Bulletin Deployment Priority
> https://blogs.technet.com/cfs-files...-00-00-45-71/8284.January-2013-Deployment.png

Severity and Exploitabilty Index
> https://blogs.technet.com/cfs-files...00-00-00-45-71/7384.January-2013-Severity.png

- http://blogs.technet.com/b/msrc/arc...ry-2013-bulletin-release.aspx?Redirected=true
8 Jan 2013
___

- https://secunia.com/advisories/51640/ - MS13-001
- https://secunia.com/advisories/51773/ - MS13-002
- https://secunia.com/advisories/51686/ - MS13-003
- https://secunia.com/advisories/51777/ - MS13-004
- https://secunia.com/advisories/51704/ - MS13-005
- https://secunia.com/advisories/51724/ - MS13-006
- https://secunia.com/advisories/51772/ - MS13-007
___

MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: January 9, 2013 - Revision: 118.7
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Ganelp
• Lefgroo..."
- https://blogs.technet.com/b/mmpc/archive/2013/01/08/msrt-january-2013-ganelp.aspx?Redirected=true
8 Jan 2013

Download:
- https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.16.exe - 16.8 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.16.exe - 17.5 MB

.
 
Last edited:
Microsoft Security Advisories - 2013.01.08

FYI...

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://technet.microsoft.com/en-us/security/advisory/973811
• V1.14 (January 8, 2013): Updated the FAQ and Suggested Actions with information about attacks against NTLMv1 (NT LAN Manager version 1) and LAN Manager (LM) network authentication. Microsoft Fix it solutions for Windows XP and Windows Server 2003 are available to help protect against these attacks. Applying these Microsoft Fix it solutions enables NTLMv2 settings required for users to take advantage of Extended Protection for Authentication.

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.microsoft.com/en-us/security/advisory/2755801
• V6.0 (January 8, 2013): Added KB2796096* to the Current update section.
* http://support.microsoft.com/kb/2796096

:fear::fear:
 
IE patch to be released 1.14.2013

FYI...

IE patch to be released 1.14.2013
- http://technet.microsoft.com/en-us/security/bulletin/ms13-jan
January 13, 2013 - Version: 2.0 - "This is an advance notification for one out-of-band security bulletin that Microsoft is intending to release on January 14, 2013. The bulletin addresses a security vulnerability in Internet Explorer..."

- https://blogs.technet.com/b/msrc/ar...ecurity-advisory-2794220.aspx?Redirected=true
"... We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action. If you applied the Fix it released in Security Advisory 2794220, you won’t need to uninstall it before applying the security update..."

:fear:
 
MS Security Advisories 2013.01.14

FYI...

Microsoft Security Advisory (2798897)
Fraudulent Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/security/advisory/2798897
V1.1 (January 14, 2013): Corrected the disallowed certificate list effective date to "Monday, December 31, 2012 (or later)" in the FAQ entry, "After applying the update, how can I verify the certificates in the Microsoft Untrusted Certificates Store?"

Microsoft Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2794220
V2.0 (January 14, 2013): Advisory updated to reflect publication of security bulletin.
MS13-008

:fear:
 
MS Security Bulletin Summary - February 2013

FYI...

- http://technet.microsoft.com/en-us/security/bulletin/ms13-feb
February 12, 2013 - "This bulletin summary lists security bulletins released for February 2013...
(Total of -12-)

Microsoft Security Bulletin MS13-009 - Critical
Cumulative Security Update for Internet Explorer (2792100)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-009
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS13-010 - Critical
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-010
Critical - Remote Code Execution - May require restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS13-011 - Critical
Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-011
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS13-012 - Critical
Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-012
Critical - Remote Code Execution - May require restart - Microsoft Server Software

Microsoft Security Bulletin MS13-020 - Critical
Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-020
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-013 - Important
Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-013
Important - Remote Code Execution - May require restart Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS13-014 - Important
Vulnerability in NFS Server Could Allow Denial of Service (2790978)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-014
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-015 - Important
Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-015
Important - Elevation of Privilege - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS13-016 - Important
Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-016
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-017 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-017
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-018 - Important
Vulnerability in TCP/IP Could Allow Denial of Service (2790655)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-018
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS13-019 - Important
Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-019
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

Bulletin Deployment Priority
- https://blogs.technet.com/cfs-files...00-45-71/0207.Overview-Slide-2-_2D00_-png.png

Severity and Exploitability Index
- https://blogs.technet.com/cfs-files...00-45-71/1738.Overview-Slide-1-_2D00_-png.png

- http://blogs.technet.com/b/msrc/arc...he-february-2013-release.aspx?Redirected=true
"... 12 bulletins, five Critical-class and seven Important-class, addressing 57 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Exchange and .NET Framework..."
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15142
Last Updated: 2013-02-13

- http://atlas.arbor.net/briefs/index#332003461
High Severity
Feb 13, 2013
Analysis: Many attackers are likely frustrated that their vulnerabilities have now been patched. However, those same attackers still have a significant window of opportunity because not everyone can, or will patch in a timely manner, as has been clearly demonstrated in the widespread use of commodity exploit kits as well as numerous targeted attacks that continue to reign in victims despite vulnerabilities being patched years ago in some cases. The most critical patches are for Internet Explorer, a major target for exploitation due to it's widespread use. Additional hardening in sensitive environments can help reduce the impact of exploitation attempts until patches can be deployed, and robust monitoring can help detect those exploit attempts to provide valuable security intelligence...
___

- https://secunia.com/advisories/52122/ - MS13-009
- https://secunia.com/advisories/52129/ - MS13-010
- https://secunia.com/advisories/52130/ - MS13-011
- https://secunia.com/advisories/52133/ - MS13-012
- https://secunia.com/advisories/52136/ - MS13-013
- https://secunia.com/advisories/52138/ - MS13-014
- https://secunia.com/advisories/52143/ - MS13-015
- https://secunia.com/advisories/52156/ - MS13-016
- https://secunia.com/advisories/52157/ - MS13-017
- https://secunia.com/advisories/52158/ - MS13-018
- https://secunia.com/advisories/52162/ - MS13-019
- https://secunia.com/advisories/52184/ - MS13-020

- https://secunia.com/advisories/52164/ - IE10 Flash
___

MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: February 12, 2013 - Revision: 119.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Sirefef..."

Download:
- https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.17.exe - 17.6 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.17.exe - 18.3 MB

.
 
Last edited:
Win7 IE10 released

FYI...

Win7 IE10 released
- http://windows.microsoft.com/en-us/internet-explorer/downloads/ie-10/worldwide-languages
Feb 26, 2013

"Catch 22" ...
- http://arstechnica.com/information-...t-explorer-10-finally-released-for-windows-7/
Feb 26, 2013 - "... Windows Update will, in its default configuration, install it silently and automatically. Over the coming months, Microsoft will classify Internet Explorer 10 as "important" in more and more markets to ensure it is installed automatically as widely as possible. This marks a significant change from Microsoft's past practices. Traditionally, the company has released new browsers only as optional updates... Internet Explorer 10 on Windows 7 will be near-identical to its Windows 8 counterpart. This includes features such as support for the Pointer Events touch API and hardware acceleration using Direct2D and DirectWrite. To that end, installing Internet Explorer 10 on Windows 7 -requires- the installation of a platform update that brings Windows 7's version of these APIs in line with Windows 8... There will be one important difference between the versions, however. Internet Explorer 10 on Windows 8 includes an embedded version of Flash that gets its updates from Windows Update, rather than through Adobe's installer. On Windows 7, Flash will not be embedded. Instead, it will use the same ActiveX plugin as Internet Explorer 9 did. Updates will have to be installed using Adobe's updater, not Microsoft's."
___

From: Susan Bradley - http://msmvps.com/blogs/bradley/
Subject: Tracking BSOD's after KB2670838
- http://answers.microsoft.com/thread/66be9f5a-2257-4c4a-9c9c-5dc6f0f55d37
28 Feb 2013

I'd not be rushing that one out just yet

- https://www.infoworld.com/t/microso...ushes-another-botched-automatic-update-213802
March 04, 2013 - "... This buggy patch was part of the non-security-related patches typically released on the fourth Tuesday of the month. Since Microsoft switched the patch over to "Optional" on Thursday, it won't be offered automatically to those with Automatic Update turned on. But if you've already downloaded it, Windows may try to install it over and over again.If you've been bit by this bad patch, fortunately the solution is easy -- if you know where the problem came from and how to get rid of it.
> From a blue screen, re-start your PC. Click Start (yes, this is Windows 7) -> Control Panel -> Uninstall a Program. On the left, click the link to View Installed Updates. Scroll way down to KB 2670838, which should be at or near the top of the section marked Microsoft Windows. Double-click on the patch to uninstall it. Re-boot.
Next, just to make sure your system doesn't pick up the patch again, click Start -> Control Panel -> System and Security. Under Windows Update, click the link to Check for Updates. Click the link that says XX Optional Updates are Available. Right-click KB 2670383 and choose Hide.
And while you're at it, make sure Automatic Update is turned off. Last year, Microsoft pushed five different bad patches through Automatic Update. So far this year,the company is running at its usual rate of one really buggy patch every two or three months..."

IEv10 does not install on a hybrid graphics system
- http://support.microsoft.com/kb/2823483/en-us
Last Review: March 12, 2013 - Revision: 8.0
Applies to: Internet Explorer 10, Windows 7 Service Pack 1
___

- http://support.microsoft.com/kb/2670838
Last Review: February 26, 2013 - Revision: 4.0
"... a platform update for Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. This update improves the features and performance of the following components:
• Direct2D
• DirectWrite
• Direct3D
• Windows Imaging Component (WIC)
• Windows Advanced Rasterization Platform (WARP)
• Windows Animation Manager (WAM)
• XPS Document API
• H.264 Video Decoder
• JPEG XR codec ..."

:fear::fear:
 
Last edited:
MS Security Bulletin Summary - March 2013

FYI...

- http://technet.microsoft.com/en-us/security/bulletin/ms13-mar
March 12, 2013 - "This bulletin summary lists security bulletins released for March 2013.
(Total of -7-)

Microsoft Security Bulletin MS13-021 - Critical
Cumulative Security Update for Internet Explorer (2809289)
- https://technet.microsoft.com/en-us/security/bulletin/ms13-021
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS13-022 - Critical
Vulnerability in Silverlight Could Allow Remote Code Execution (2814124)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-022
Critical - Remote Code Execution - Does not require restart - Microsoft Silverlight

Microsoft Security Bulletin MS13-023 - Critical
Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2801261)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-023
Critical - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS13-024 - Critical
Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2780176)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-024
Critical - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS13-025 - Important
Vulnerability in Microsoft OneNote Could Allow Information Disclosure (2816264)
- http://technet.microsoft.com/en-us/security/bulletin/ms13-025
Important - Information Disclosure - May require restart - Microsoft Office

Microsoft Security Bulletin MS13-026 - Important
Vulnerability in Office Outlook for Mac Could Allow Information Disclosure (2813682)
- https://www.microsoft.com/technet/security/bulletin/MS13-026
Important - Information Disclosure - Does not require restart - Microsoft Office

Microsoft Security Bulletin MS13-027 - Important
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2807986)
- http://technet.microsoft.com/en-us/security/bulletin/MS13-027
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

Bulletin Deployment Priority
- https://blogs.technet.com/cfs-files...-weblogfiles/00-00-00-45-71/1321.DP-Slide.PNG

Severity and Exploitability index
- https://blogs.technet.com/cfs-files...gfiles/00-00-00-45-71/0878.Severity-Slide.PNG

- https://blogs.technet.com/b/msrc/ar...ch-2013-bulletin-release.aspx?Redirected=true
12 Mar 2013

- https://blogs.technet.com/b/srd/arc...ch-2013-security-updates.aspx?Redirected=true
12 Mar 2013 - "... seven security bulletins addressing 20 CVE’s..."
- https://www.computerworld.com/s/art..._s_latest_patches_squash_potential_USB_hijack
"... nine critical vulnerabilities in the bulletin MS13-021 for Internet Explorer. They affect -every- current version of Internet Explorer, versions 6 through 10..."
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=15385
Last Updated: 2013-03-13 08:48:46 UTC
___

MSRT
- https://support.microsoft.com/?kbid=890830
Last Review: March 12, 2013 - Revision: 120.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Wecykler..."

- https://blogs.technet.com/b/mmpc/archive/2013/03/11/msrt-march-13-wecykler.aspx?Redirected=true
11 Mar 2013

Download:
- https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.18.exe - 18.6 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.18.exe - 19.3 MB

.
 
Last edited:
MS Security Advisory 2819682 ...

FYI...

Microsoft Security Advisory (2819682)
Security Updates for Microsoft Windows Store Applications
- http://technet.microsoft.com/en-us/security/advisory/2819682
March 26, 2013 - "Microsoft is announcing the availability of security updates for Windows Store applications running on Windows 8, Windows RT, and Windows Server 2012 (Windows Server 2012 Server Core installations are not affected). The updates address vulnerabilities that are detailed in the Knowledge Base articles associated with each update..."
> http://support.microsoft.com/kb/2832006
March 26, 2013 - Revision: 1.0
Applies to:
Windows RT
Windows 8
Windows 8 Enterprise
Windows 8 Pro
Windows Server 2012 Datacenter
Windows Server 2012 Essentials
Windows Server 2012 Foundation
Windows Server 2012 Standard
___

- https://secunia.com/advisories/52779/
Release Date: 2013-03-27
Impact: Spoofing
Where: From remote...
Original Advisory:
- http://technet.microsoft.com/en-us/security/advisory/2819682
- http://support.microsoft.com/kb/2832006

:fear:
 
Last edited:
Back
Top