Page 5 of 47 FirstFirst 12345678915 ... LastLast
Results 41 to 50 of 467

Thread: Microsoft Alerts

  1. #41
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MSRT Nov '12 ...

    FYI...

    MSRT November '12 ...
    - https://blogs.technet.com/b/mmpc/arc...edirected=true
    4 Dec 2012
    > https://www.microsoft.com/security/p...sof/Weels4.png

    > https://www.microsoft.com/security/p...sof/Weels5.png
    ___

    Unexpected reboot: Necurs
    - https://blogs.technet.com/b/mmpc/arc...edirected=true
    6 Dec 2012 - "Necurs is a prevalent threat in the wild at the moment - variants of Necurs were reported on 83,427 unique machines during the month of November 2012. Necurs is mostly distributed by drive-by download. This means that you might be -silently- infected by Necurs when you visit websites that have been compromised by exploit kits such as Blackhole. So what does Necurs actually do? At a high level, it enables further compromise by providing the functionality to:
    - Download additional malware
    - Hide its components
    - Stop security applications from functioning
    In addition Necurs contains backdoor functionality, allowing remote access and control of the infected computer. Necurs also monitors and filters network activity and has been observed to send spam and install rogue security software. Nefariousness aplenty. See our Trojan:Win32/Necurs* family write-up for the full details... we've had reports from a number of users stating that they're having trouble with the Microsoft Security Essentials real time protection option being turned off after their computer has rebooted. We will continue to monitor variants of Necurs in the wild..."
    * http://www.microsoft.com/security/po...n:Win32/Necurs
    Updated: Dec 05, 2012

    Last edited by AplusWebMaster; 2012-12-09 at 00:52.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #42
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Bulletin Summary - December 2012

    FYI...

    - http://technet.microsoft.com/en-us/s...letin/ms12-dec
    December 11, 2012 - "This bulletin summary lists security bulletins released for December 2012...
    (Total of 7)

    Microsoft Security Bulletin MS12-077 - Critical
    Cumulative Security Update for Internet Explorer (2761465)
    - http://technet.microsoft.com/en-us/s...letin/ms12-077
    Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

    Microsoft Security Bulletin MS12-078 - Critical
    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
    - http://technet.microsoft.com/en-us/s...letin/ms12-078
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-079 - Critical
    Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
    - http://technet.microsoft.com/en-us/s...letin/ms12-079
    Critical - Remote Code Execution - May require restart - Microsoft Office

    Microsoft Security Bulletin MS12-080 - Critical
    Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
    - http://technet.microsoft.com/en-us/s...letin/ms12-080
    Critical - Remote Code Execution - May require restart - Microsoft Server Software

    Microsoft Security Bulletin MS12-081 - Critical
    Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
    - http://technet.microsoft.com/en-us/s...letin/ms12-081
    Critical - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-082 - Important
    Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
    - http://technet.microsoft.com/en-us/s...letin/ms12-082
    Important - Remote Code Execution - Requires restart - Microsoft Windows

    Microsoft Security Bulletin MS12-083 - Important
    Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
    - http://technet.microsoft.com/en-us/s...letin/ms12-083
    Important - Security Feature Bypass - Requires restart - Microsoft Windows
    ___

    - http://blogs.technet.com/b/msrc/arch...edirected=true

    Bulletin Deployment Priority:
    - https://blogs.technet.com/cfs-filesy...355.Slide2.PNG

    Severity and Exploitability Index:
    - https://blogs.technet.com/cfs-filesy...550.Slide1.PNG

    - http://blogs.technet.com/b/security/...edirected=true
    ___

    ISC Analysis
    - https://isc.sans.edu/diary.html?storyid=14683
    Last Updated: 2012-12-12 01:54:45 UTC
    ___

    - https://secunia.com/advisories/51411/ - MS12-077
    - https://secunia.com/advisories/51459/ - MS12-078
    - https://secunia.com/advisories/51467/ - MS12-079
    - https://secunia.com/advisories/51474/ - MS12-080
    - https://secunia.com/advisories/51493/ - MS12-081
    - https://secunia.com/advisories/51497/ - MS12-082
    - https://secunia.com/advisories/51500/ - MS12-083
    ___

    MSRT
    - http://support.microsoft.com/?kbid=890830
    December 11, 2012 - Revision: 117.0
    - http://www.microsoft.com/security/pc...-families.aspx
    "... added in this release...
    • Phdet ..."
    - https://blogs.technet.com/b/mmpc/arc...edirected=true

    Download:
    - https://www.microsoft.com/download/e...ylang=en&id=16
    File Name: Windows-KB890830-V4.15.exe - 16.8 MB
    - https://www.microsoft.com/download/e...s.aspx?id=9905
    x64 version of MSRT:
    File Name: Windows-KB890830-x64-V4.15.exe - 17.4 MB

    .
    Last edited by AplusWebMaster; 2012-12-12 at 21:03.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #43
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory update - 2012.12.11 ...

    FYI...

    Microsoft Security Advisory (2749655)
    Compatibility Issues Affecting Signed Microsoft Binaries
    - http://technet.microsoft.com/en-us/s...visory/2749655
    V2.0 (December 11, 2012): Added the KB2687627 and KB2687497 updates described in MS12-043, the KB2687501 and KB2687510 updates described in MS12-057, the KB2687508 update described in MS12-059, and the KB2726929 update described in MS12-060* to the list of available rereleases.
    * http://technet.microsoft.com/en-us/s...letin/ms12-060
    V2.0 (December 11, 2012): Re-released bulletin to replace the KB2687323 update with the KB2726929 update for Windows common controls on all affected variants of Microsoft Office 2003, Microsoft Office 2003 Web Components, and Microsoft SQL Server 2005.

    Microsoft Security Advisory (2755801)
    Update for Vulnerabilities in Adobe Flash Player in IE 10
    - http://technet.microsoft.com/en-us/s...visory/2755801
    V5.0 (December 11, 2012): Added KB2785605* to the Current update section.
    * http://support.microsoft.com/kb/2785605
    Dec 11, 2012 - Revision: 1.0
    ___

    The following bulletins have undergone a major revision increment. Please see the appropriate bulletin for more details.

    - http://technet.microsoft.com/security/bulletin/MS12-043
    - http://technet.microsoft.com/security/bulletin/MS12-050
    V2.1 (December 12, 2012): Clarified that the update for Microsoft SharePoint Services 2.0 is available from the Microsoft Download Center only.
    - http://technet.microsoft.com/security/bulletin/MS12-057
    - http://technet.microsoft.com/security/bulletin/MS12-059
    - http://technet.microsoft.com/security/bulletin/MS12-060

    Last edited by AplusWebMaster; 2012-12-15 at 05:35.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #44
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS12-078 - "Known issues" ...

    FYI..

    MS12-078 - "Known issues" ...
    - http://support.microsoft.com/kb/2753842
    Last Review: December 14, 2012 - Revision: 2.0
    "Known issues with this security update: We are aware of issues related to OpenType Font (OTF) rendering in applications such as PowerPoint on affected versions of Windows that occur after this security update is applied. We are currently investigating these issues and will take appropriate action to address the known issues..."

    - http://h-online.com/-1771419
    18 Dec 2012 - "... this patch seems to prevent the correct display of PostScript Type 1 fonts and OpenType fonts. They disappear completely in a variety of applications – CorelDraw, QuarkExpress and PowerPoint – and currently the only way to make them visible again is to remove the patch..."

    Last edited by AplusWebMaster; 2012-12-19 at 05:14.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #45
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS12-078 re-released

    FYI...

    MS12-078 re-released
    - https://technet.microsoft.com/en-us/...letin/ms12-078
    V2.0 (December 20, 2012): Re-released update KB2753842 to resolve an issue with OpenType fonts not properly rendering after the original update was installed. Customers who have successfully installed the original KB2753842 update need to install the rereleased update.
    (Requires restart.)

    - http://support.microsoft.com/kb/2753842
    Dec 20, 2012 - Rev: 3.0
    ___

    - http://h-online.com/-1773744
    21 Dec 2012

    - https://secunia.com/advisories/51459/
    Last Update: 2012-12-21
    Criticality level: Highly critical
    CVE Reference(s):
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-2556 - 9.3 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4786 - 10.0 (HIGH)
    Original Advisory: MS12-078 (KB2779030, KB2753842):
    https://technet.microsoft.com/en-us/...letin/ms12-078

    Last edited by AplusWebMaster; 2012-12-21 at 22:45.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #46
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation IE 0-day attack in-the-wild...

    FYI...

    IE 0-day attack in-the-wild...
    - https://krebsonsecurity.com/2012/12/...zero-day-flaw/
    Dec 28th, 2012 - "Attackers are breaking into Microsoft Windows computers using a newly discovered vulnerability in Internet Explorer, security experts warn. While the flaw appears to have been used mainly in targeted attacks so far, this vulnerability could become more widely exploited if incorporated into commercial crimeware kits sold in the underground. In a blog posting* Friday evening, Milpitas, Calif. based security vendor FireEye said it found that the Web site for the Council on Foreign Relations was compromised and rigged to exploit a previously undocumented flaw in IE8 to install malicious software on vulnerable PCs used to browse the site. According to FireEye, the attack uses Adobe Flash to exploit a vulnerability in the latest (fully-patched) version of IE8..."
    * http://blog.fireeye.com/research/201...k-details.html
    2012.12.28 - "... we received reports that the Council on Foreign Relations (CFR) website was compromised and hosting malicious content on or around 2:00 PM EST on Wednesday, December 26. Through our Malware Protection Cloud, we can confirm that the website was compromised at that time, but we can also confirm that the CFR website was also hosting the malicious content as early as Friday, December 21... We can also confirm that the malicious content hosted on the website does appear to use Adobe Flash to generate a heap spray attack against Internet Explorer version 8.0 (fully patched), which was the source of the zero-day vulnerability. We have chosen not to release the technical details of this exploit, as Microsoft is still investigating the vulnerability at this time... the JavaScript proceeded to load a flash file today.swf, which ultimately triggered a heap spray in Internet Explorer in order to complete the compromise of the endpoint..."
    Update: "... We have seen multiple variations of this attack, as it looks like the attackers changed tactics multiple times during this campaign... Here is the decrypted payload.
    - https://www.virustotal.com/file/af57...80b9/analysis/
    File name: base
    Detection ratio: 21/45
    Analysis date: 2012-12-31

    - https://krebsonsecurity.com/2012/12/...flaw/#comments
    Dec 29, 2012 - "... worth noting that IE9 is not supported on Windows XP, so this vulnerability is probably most dangerous for XP users who browse with IE."
    ___

    - https://secunia.com/advisories/51695/
    Release Date: 2012-12-30
    Criticality level: Extremely critical
    Impact: System access
    Where: From remote
    Solution Status: Unpatched
    Software: IE 6.x, 7.x, 8.x
    ... currently being actively exploited in targeted attacks.
    Original Advisory: http://technet.microsoft.com/en-us/s...visory/2794220

    - http://h-online.com/-1775071
    30 Dec 2012

    - http://www.kb.cert.org/vuls/id/154201
    29 Dec 2012
    ___

    MS Security Advisory (2794220)
    Vulnerability in Internet Explorer Could Allow Remote Code Execution
    - http://technet.microsoft.com/en-us/s...visory/2794220
    Dec 29, 2012 - "Microsoft is investigating public reports of a vulnerability in IE6, IE7, and IE8. Internet Explorer 9 and Internet Explorer 10 are -not- affected by the vulnerability. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8. The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
    CVE Reference:
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4792
    "... exploited in the wild in December 2012."

    - https://blogs.technet.com/b/msrc/arc...edirected=true
    Dec 29, 2012 - "... we are actively working to develop a security update to address this issue..."

    - https://blogs.technet.com/b/srd/arch...edirected=true
    29 Dec 2012 - "... We’re also working on an appcompat shim-based Fix It protection tool that can be used to protect systems until the comprehensive update is available. The shim does not address the vulnerability but does prevent the vulnerability from being exploited for code execution... we’re working around the clock on the full security update. You should next expect to see an update from us announcing the availability of a Fix It tool to block the vulnerable code paths..."

    Last edited by AplusWebMaster; 2012-12-31 at 06:58.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #47
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Targeted 0-day attack - IE 6, 7, and 8

    FYI...

    Targeted 0-day attack - IE 6, 7, and 8
    - https://isc.sans.edu/diary.html?storyid=14776
    Last Updated: 2012-12-30 22:06:53 UTC... Version: 2 - "... Update:
    There is now a Metasploit module (ie_cdwnbindinfo_uaf)that emulates this attack, meaning this will move in to mainstream exploitation rapidly, thus mitigation steps should be taken so soon as possible. Home users running XP should be looking to use another browser as their primary method of browsing the web, and corporate security staff should review Microsoft’s recommendations to build a layered defence to protect staff..."

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4792 - 9.3 (HIGH)
    Last revised: 12/31/2012 - "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8... exploited in the wild in December 2012..."

    - https://secunia.com/advisories/51695/
    Release Date: 2012-12-30
    Criticality level: Extremely critical
    Impact: System access
    Where: From remote
    Solution Status: Unpatched
    Software: IE 6.x, 7.x, 8.x
    ... currently being actively exploited in targeted attacks.
    Original Advisory: http://technet.microsoft.com/en-us/s...visory/2794220

    Last edited by AplusWebMaster; 2012-12-31 at 21:11.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #48
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS FixIt released for IE 0-day...

    FYI...

    MS FixIt released for IE 0-day...
    MS Security Advisory (2794220)
    Vulnerability in Internet Explorer Could Allow Remote Code Execution
    - http://technet.microsoft.com/en-us/s...visory/2794220
    V1.1 (December 31, 2012): Added link to Microsoft Fix it* solution, "MSHTML Shim Workaround," that prevents exploitation of this issue.
    * http://support.microsoft.com/kb/2794220#FixItForMe
    Last Review: Dec 31, 2012 - Rev 1.0
    Applies to: IE8, IE7, IE6...

    - https://blogs.technet.com/b/srd/arch...edirected=true
    31 Dec 2012

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4792 - 9.3 (HIGH)
    ___

    - https://windowssecrets.com/windows-s...r-to-remember/
    Jan 2, 2013
    > http://www.microsoft.com/security/pc...ns/201212.aspx

    >> http://forums.spybot.info/showpost.p...3&postcount=51
    7 Jan 2013

    Last edited by AplusWebMaster; 2013-01-09 at 17:57.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #49
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation MS Security Advisory 2798897 - Fraudulent Digital Certificates...

    FYI...

    MS Security Advisory (2798897)
    Fraudulent Digital Certificates Could Allow Spoofing
    - http://technet.microsoft.com/en-us/s...visory/2798897
    Jan 03, 2013 - "Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. To help protect customers from the fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) and is providing an update for all supported releases of Microsoft Windows that removes the trust of certificates that are causing this issue... see Microsoft Knowledge Base Article 2677070 for details..."
    * http://support.microsoft.com/kb/2677070
    ___

    - http://h-online.com/-1777291
    4 Jan 2013 - "... Mozilla will be adding the two SubCA certificates to its certificate blacklist during its next update, which is due on 8 January... Chrome has also been updated and no longer trusts the SubCA certificates; the company says that when it updates Chrome later in the month it will no longer show Extended Validation status for TURKTRUST issued certificates."

    Last edited by AplusWebMaster; 2013-01-04 at 16:27.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #50
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation IE FixIt negated with bypass

    FYI...

    IE FixIt negated with bypass ...
    - http://www.securitytracker.com/id/1027930
    CVE Reference: https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-4792 - 9.3 (HIGH)
    Updated: Jan 4 2013
    Original Entry Date: Dec 30 2012
    Impact: Execution of arbitrary code via network, User access via network
    Vendor Confirmed: Yes
    Version(s): IE6,7,8
    ... the vendor has provided the Microsoft Fix it solution, "MSHTML Shim Workaround"... the Microsoft Fix it solution can be bypassed using a variation of the original exploit http://blog.exodusintel.com/2013/01/...cve-2012-4792/
    The vendor's advisory is available at:
    http://technet.microsoft.com/en-us/s...visory/2794220

    Mitigation: Use an alternative browser until a full patch is released for this issue.

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •