FYI...
- http://www.microsoft.com/technet/sec.../MS09-mar.mspx
March 5, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on March 10, 2009...
(Total of -3-)
Critical (1)
Windows 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...
Important (2)
Windows 2
Maximum Severity Rating: Important
Vulnerability Impact: Spoofing
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...
Windows 3
Maximum Severity Rating: Important
Vulnerability Impact: Spoofing
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...
Other Information
Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center...
- http://blogs.technet.com/msrc/archiv...ification.aspx
___
- http://www.informationweek.com/share...leID=215800831
March 5, 2009 - "The vulnerability that Microsoft warned about just over a week ago affects files that use the old .xls binary format but not the newer .xlsx format... Conspicuously absent is a fix for the Excel security flaw..."
// Excel 0-day - http://www.microsoft.com/technet/sec...ry/968272.mspx
- http://atlas.arbor.net/briefs/index#-1301369182
Severity: High Severity
Published: Thursday, March 05, 2009 14:00
At least one, possibly two, new and previously undisclosed vulnerabilities have been discovered and are being actively exploited in targeted, selective attacks. The document drops an EXE that downloads more components from three websites: 61.59.24.55, 61.59.24.45, and 61.221.40.63. At least two of these websites appear to be disabled at this point. We do not know when this vulnerability will be fixed by Microsoft.
Analysis: This is a targeted, very selective attack at this point focusing on US government and specific agencies and third-parties at this point. We do not have any additional information to share at this time, we recommend concerned parties contact Microsoft, CERT/CC or US-CERT for additional details as needed.
- http://www.securityfocus.com/brief/914
SecureWorks
- http://preview.tinyurl.com/99wgn9
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0238