Old MS Alerts

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../MS09-mar.mspx
March 5, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on March 10, 2009...
(Total of -3-)

Critical (1)

Windows 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Important (2)

Windows 2
Maximum Severity Rating: Important
Vulnerability Impact: Spoofing
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Windows 3
Maximum Severity Rating: Important
Vulnerability Impact: Spoofing
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Other Information
Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center...

- http://blogs.technet.com/msrc/archiv...ification.aspx
___

- http://www.informationweek.com/share...leID=215800831
March 5, 2009 - "The vulnerability that Microsoft warned about just over a week ago affects files that use the old .xls binary format but not the newer .xlsx format... Conspicuously absent is a fix for the Excel security flaw..."
// Excel 0-day - http://www.microsoft.com/technet/sec...ry/968272.mspx

- http://atlas.arbor.net/briefs/index#-1301369182
Severity: High Severity
Published: Thursday, March 05, 2009 14:00
At least one, possibly two, new and previously undisclosed vulnerabilities have been discovered and are being actively exploited in targeted, selective attacks. The document drops an EXE that downloads more components from three websites: 61.59.24.55, 61.59.24.45, and 61.221.40.63. At least two of these websites appear to be disabled at this point. We do not know when this vulnerability will be fixed by Microsoft.
Analysis: This is a targeted, very selective attack at this point focusing on US government and specific agencies and third-parties at this point. We do not have any additional information to share at this time, we recommend concerned parties contact Microsoft, CERT/CC or US-CERT for additional details as needed.
- http://www.securityfocus.com/brief/914

SecureWorks
- http://preview.tinyurl.com/99wgn9

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0238

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec.../MS09-mar.mspx
March 10, 2009 - "This bulletin summary lists security bulletins released for March 2009...

Critical -1-

Microsoft Security Bulletin MS09-006 – Critical
Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
- http://www.microsoft.com/technet/sec.../MS09-006.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...
Executive Summary: This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008...
CVE-2009-0081, CVE-2009-0082, CVE-2009-0083

Important -2-

Microsoft Security Bulletin MS09-007 - Important
Vulnerability in SChannel Could Allow Spoofing (960225)
- http://www.microsoft.com/technet/sec.../MS09-007.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...
Executive Summary: This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means. This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008...
CVE-2009-0085

Microsoft Security Bulletin MS09-008 – Important
Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)
- http://www.microsoft.com/technet/sec.../MS09-008.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...
Executive Summary: This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS server and Windows WINS server. These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems. This security update is rated Important for all supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008...
CVE-2009-0093, CVE-2009-0094, CVE-2009-0233, CVE-2009-0234
___

Malicious Software Removal Tool
- http://www.microsoft.com/security/ma...e/default.mspx
File Name: windows-kb890830-v2.8.exe
Version: 2.8
Knowledge Base (KB) Articles: http://support.microsoft.com/?kbid=890830
Date Published: 3/10/2009
___

ISC Analysis
- http://isc.sans.org/diary.html?storyid=5995
Last Updated: 2009-03-10 17:48:31 UTC

[AplusWebMaster]

Revised...

Microsoft Security Bulletin MS08-052 – Critical
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
- http://www.microsoft.com/technet/sec.../ms08-052.mspx
Updated: March 10, 2009
• V4.0 (March 10, 2009): Added entry in the Frequently Asked Questions (FAQ) Related to this Security Update section to communicate the rerelease of the update packages for Windows XP Service Pack 3 and Windows Server 2003 Service Pack 2 to fix an installation issue. Customers who have already successfully installed the original updates for Windows XP Service Pack 3 or Windows Server 2003 Service Pack 2 do not need to reinstall the new updates.

[AplusWebMaster]

FYI...

- http://isc.sans.org/diary.html?storyid=6010
Last Updated: 2009-03-13 03:07:43 UTC - "...Microsoft should really fix this vulnerability and pay more attention to local privilege escalation vulnerabilities. While MS released an advisory with suggested workarounds (available at http://www.microsoft.com/technet/sec...ry/951306.mspx *), I don’t think enough people know about this..."
* Microsoft Security Advisory (951306)
Vulnerability in Windows Could Allow Elevation of Privilege...
Revisions:
• April 17, 2008: Advisory published
• April 23, 2008: Added clarification to impact of workaround for IIS 6.0
• August 27, 2008: Added Windows XP Professional Service Pack 3 as affected software.
• October 9, 2008: Added information regarding the public availability of exploit code.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (969136)
Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...ry/969136.mspx
April 2, 2009 - "Microsoft is investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability... Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."

- http://secunia.com/advisories/34572/
Release Date: 2009-04-03
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...

- http://www.cve.mitre.org/cgi-bin/cve...=CVE-2009-0556

[AplusWebMaster]

FYI...

New exploit of MS08-067
- http://blogs.technet.com/mmpc/archiv...dentified.aspx
April 03, 2009 - "... We have found a new exploit of MS08-067 other than Conficker. We also discovered that we already detected and protected users against this new malware... Neeris is a worm that has been active for a few years. Some of its variants used to exploit MS06-040 which addressed a vulnerability in the same Server service as MS08-067. However it looks like the authors of Neeris have been taking notes from Conficker. A new variant of the Neeris worm has been launched this week. It has some interesting similarities to Conficker:
• The new variant of Neeris has been updated to exploit MS08-067. Also, after the successful exploitation, the victim machine downloads a copy of the worm from the attacking machine using HTTP.
• Neeris spreads via autorun. The new Neeris variant even adds the same ‘Open folder to view files’ AutoPlay option that Conficker does.
• Neeris uses a driver to patch the TCP/IP layer of the system in order to remove the outgoing connection limits from XPSP2 ...
The file names that this malware uses are deceptive. Most commonly we saw it using the name “Netmon.exe” but it sometimes masquerades itself as a SCR file with names that follow the pattern <two digits.scr>. It also drops a copy of itself using the file name smartkey.exe. Even its image time stamp is bogus: 6/19/1992 10:22:17 PM. The malware adds itself to start every time Windows starts and even adds itself to the Safe Boot configuration.
Due to the similarities to Conficker, most of the mitigations that were mentioned also apply here: make sure to install MS08-067 if you haven’t done so yet and be careful to use only AutoPlay options you’re familiar with or consider disabling the Autorun altogether. Other mitigations and information are available in our write up at Worm:Win32/Neeris.gen!C *..."
* http://www.microsoft.com/security/po...2fNeeris.gen!C

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec...r.mspx?pf=true
April 9, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on April 14, 2009... (Total of -8-)

Critical (5)

Windows 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Microsoft Office...

Windows 2
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Windows 3
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows...

IE
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Internet Explorer...

Excel
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

Important (2)

Windows 4
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

ISA
Maximum Severity Rating: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Forefront Edge Security...

Moderate (1)

Windows 5
Maximum Severity Rating: Moderate
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

//

[AplusWebMaster]

FYI...

- http://www.wservernews.com/
Apr. 10, 2009 - "Next Tuesday (14-Apr-2009), Redmond will no longer offer mainstream support for a bunch of Service Packs flavors, WinXP (Service Pack 0) and W2K3 SP1 among them. They said they will continue to provide free security fixes for XP until 2014. Windows XP still accounts for about 63 percent of all Internet-connected computers, according to March 2009 statistics from Hitslink, while Windows Vista makes up about 24 percent. Here are the Hitslink market share numbers:
http://marketshare.hitslink.com/oper....aspx?qprid=10
Support for WinXP Service Pack 2 is until July 13, 2010. Existing XP users are encouraged to upgrade to the latest SP3. More about this at the "Windows Service Pack Road Map" at Microsoft:
- http://www.microsoft.com/windows/lif...vicepacks.mspx ...
... list of products and versions where the support will end on April 14, 2009...
- http://preview.tinyurl.com/s870 ..."

[AplusWebMaster]

FYI...

- http://preview.tinyurl.com/cj5b73
April 10, 2009 IEBlog - "... Starting on or about the third week of April, users still running IE6 or IE7 on Windows XP, Windows Vista, Windows Server 2003, or Windows Server 2008 will get will get a notification through Automatic Update about IE8. This rollout will start with a narrow audience and expand over time to the entire user base. On Windows XP and Server 2003, the update will be High-Priority. On Windows Vista and Server 2008 it will be Important. IE8 will not automatically install on machines. Users must opt-in to install IE8. Users will see a Welcome screen that offers choices: Ask later, install now, or don’t install. Users who decline the automatic update can still download it from http://www.microsoft.com/ie8 or from Windows Update as an optional update... If an organization uses Automatic Update to keep Windows up-to-date but wants to manage its own deployment of IE8, a free Blocker Toolkit* is available that will block automatic delivery of IE8. This blocker toolkit was released in January 2009 and has no expiration date..."
* http://preview.tinyurl.com/9yjpqw

[AplusWebMaster]

FYI...

- http://www.microsoft.com/technet/sec...r.mspx?pf=true
April 14, 2009 - "This bulletin summary lists security bulletins released for April 2009... (Total of -8- )

Critical (5)

Microsoft Security Bulletin MS09-009
Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
- http://www.microsoft.com/technet/sec.../MS09-009.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS09-010
Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
- http://www.microsoft.com/technet/sec.../MS09-010.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Microsoft Office...

Microsoft Security Bulletin MS09-011
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
- http://www.microsoft.com/technet/sec.../MS09-011.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-013
Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
- http://www.microsoft.com/technet/sec.../MS09-013.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-014
Cumulative Security Update for Internet Explorer (963027)
- http://www.microsoft.com/technet/sec.../MS09-014.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Internet Explorer...

Important (2)

Microsoft Security Bulletin MS09-012
Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
- http://www.microsoft.com/technet/sec.../MS09-012.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-016
Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)
- http://www.microsoft.com/technet/sec.../MS09-016.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Forefront Edge Security...

Moderate (1)

Microsoft Security Bulletin MS09-015
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
- http://www.microsoft.com/technet/sec.../MS09-015.mspx
Maximum Severity Rating: Moderate
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

- http://blogs.technet.com/msrc/archiv...n-release.aspx
April 14, 2009
___

MSRT - April 2009
- http://support.microsoft.com/?kbid=890830
April 14, 2009 - Revision: 58.0
(Recent adds)
Win32/Conficker - January 2009 (V 2.6) High
Win32/Srizbi - February 2009 (V 2.7) Moderate
Win32/Koobface - March 2009 (V 2.8) Moderate
Win32/Waledac - April 2009 (V 2.9) Moderate
Download: http://preview.tinyurl.com/6bb67
___

ISC Analysis (includes CVE links)
- http://isc.sans.org/diary.html?storyid=6193
Last Updated: 2009-04-15 02:14:16 UTC ...
___

- http://preview.tinyurl.com/cnylhb
April 14, 2009 (Computerworld) - 10 of the 23 vulnerabilities have already been exploited or are public...

.