Microsoft Alerts

AplusWebMaster · Aug 14, 2012

MS Security Advisories - 2012.08.14 ...

FYI...

Microsoft Security Advisory (2737111)
Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2737111
• V2.0 (August 14, 2012): Advisory updated to reflect publication of security bulletin for Microsoft Exchange.
... MS12-058* addresses this issue for Microsoft Exchange.
* https://technet.microsoft.com/en-us/security/bulletin/ms12-058

Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- https://technet.microsoft.com/en-us/security/advisory/2661254
August 14, 2012 - Ref:
> http://support.microsoft.com/kb/2661254
... Update for minimum certificate key length
August 14, 2012 - Revision: 1.6

>> http://forums.spybot.info/showpost.php?p=429691&postcount=42

:fear::fear:

AplusWebMaster · Aug 20, 2012

MS12-043 re-released ...

FYI...

Microsoft Security Bulletin MS12-043 - Critical
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-043
V2.0 (August 14, 2012): Bulletin re-released to offer the security updates for Microsoft XML Core Services 5.0 that were unavailable at the time of initial release. Customers running Microsoft XML Core Services 5.0 should apply the KB2687324, KB2596856, or KB2596679 update to be protected from the vulnerability described in this bulletin. Customers who have already successfully installed the updates originally offered on July 10, 2012 for Microsoft XML Core Services 3.0, Microsoft XML Core Services 4.0, and Microsoft XML Core Services 6.0 do not need to take any action. See the Update FAQ for details...

- http://support.microsoft.com/kb/2687324
Last Review: August 14, 2012 - Revision: 1.9

- http://support.microsoft.com/kb/2596856
Last Review: August 14, 2012 - Revision: 1.0

- http://support.microsoft.com/kb/2596679
Last Review: August 14, 2012 - Revision: 1.2

:fear:

AplusWebMaster · Aug 20, 2012

MS Security Advisory (2743314)

FYI...

Microsoft Security Advisory (2743314)
Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/security/advisory/2743314
August 20, 2012 - "Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). The MS-CHAP v2 protocol is widely used as an authentication method in Point-to-Point Tunneling Protocol (PPTP)-based VPNs. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary..."
- http://support.microsoft.com/kb/2744850
Last Review: August 20, 2012 - Revision: 1.4

- http://h-online.com/-1672257
22 August 2012
___

Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- https://blogs.technet.com/b/gladiat...d-to-the-download-center.aspx?Redirected=true
14 Aug 2012 - "... an update was released that, once applied, will block RSA certificates with keys less than 1024 bits. The software update was released to the Download Center. The security advisory is located at:
http://technet.microsoft.com/security/advisory/2661254 .
The KB article is available at http://support.microsoft.com/kb/2661254 *.
The update is available now to allow organizations to assess the impact of this update and to reissue certificates with larger key sizes, if necessary, before the update is sent out through Windows Update. Previous blogs may have mentioned it being released to Windows Update this month. That is no longer the case. The update is planned to be sent out through Windows Update on October 9, 2012..."
* http://support.microsoft.com/kb/2661254
Last Review: August 21, 2012 - Revision: 2.1

:fear:

AplusWebMaster · Sep 6, 2012

MS Bulletin Advance Notification - September 2012

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms12-sep
September 06, 2012 - "This is an advance notification of security bulletins that Microsoft is intending to release on September 11, 2012...
(Total of -2-)

Bulletin 1 - Important - Elevation of Privilege - No restart required - Microsoft Developer Tools
Bulletin 2 - Important - Elevation of Privilege - No restart required - Microsoft Server Software
___

- https://blogs.technet.com/b/msrc/ar...-concerning-certificates.aspx?Redirected=true
6 Sep 2012 - "... Security Advisory 2661254* was initially made available in August via the Download Center and the Microsoft Update Catalog, with distribution through Windows Update planned for October 2012. To help ensure that all customers are prepared for the update, we are reiterating those announcements before releasing the requirement change with our monthly bulletins on Oct. 9... customers will want to take advantage of September’s quiet bulletin cycle to review their asset inventories – in particular, examining those systems and applications that have been tucked away to collect dust and cobwebs because they “still work” and have not had any cause for review for some time. For those who find they are using certificates with RSA key lengths of -less- than 1024 bits, those certificates will be required to be reissued with at least a 1024-bit key length. (1024 should, by the way, be considered a minimum length; the most up-to-date security practices recommend 2048 bits or even better.) We recommend that you evaluate your environments with the information provided in Security Advisory 2661254 and your organization is aware of and prepared to resolve any known issues prior to October. Some known issues that customers may encounter after applying this update may include:
• Error messages when browsing to web sites that have SSL certificates with keys that are less than 1024 bits
• Problems enrolling for certificates when a certificate request attempts to utilize a key that is less than 1024 bits
• Difficulties creating or consuming email (S/MIME) messages that utilize less than 1024 bit keys for signatures or encryption
• Difficulties installing Active X controls that were signed with less than 1024 bit signatures
• Difficulties installing applications that were signed with less than 1024 bit signatures (unless they were signed prior to Jan. 1, 2010, which will not be blocked by default)..."
* http://support.microsoft.com/kb/2661254
Last Review: August 21, 2012 - Revision: 2.1

.

AplusWebMaster · Sep 11, 2012

MS Security Bulletin Summary - September 2012

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms12-sep
Sep 11, 2012 - "This bulletin summary lists security bulletins released for September 2012...
(Total of -2-)

Microsoft Security Bulletin MS12-061 - Important
Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-061
Important - Elevation of Privilege - No restart required - Microsoft Developer Tools

Microsoft Security Bulletin MS12-062 - Important
Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-062
Important - Elevation of Privilege - No restart required - Microsoft Server Software

Bulletin Deployment priority
- https://blogs.technet.com/cfs-files...-45-71/8228.September-2012-Deployment-Pri.png

Severity and exploitability index
- https://blogs.technet.com/cfs-files....September-2012-Deployment-S_2600_E-Index.png
___

- https://secunia.com/advisories/50463/ - MS12-061
- https://secunia.com/advisories/50497/ - MS12-062
___

Microsoft Security Advisory (2736233)
Update Rollup for ActiveX Kill Bits
- https://technet.microsoft.com/en-us/security/advisory/2736233
Sep 11, 2012 - "... This update sets the kill bits for the following third-party software:
Cisco Secure Desktop... relates to a request by Cisco to set a kill bit for an ActiveX control that is vulnerable...
Cisco Hostscan... relates to a request by Cisco to set a kill bit for an ActiveX control that is vulnerable...
Cisco AnyConnect Secure Mobility Client... relates to a request by Cisco to set a kill bit for an ActiveX control that is vulnerable..."
- http://support.microsoft.com/kb/2736233

Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- https://technet.microsoft.com/en-us/security/advisory/2661254
V1.2 (September 11, 2012): Clarified that applications and services that use RSA keys for cryptography and call into the CertGetCertificateChain function could be impacted by this update. Examples of these applications and services include but are not limited to encrypted email, SSL/TLS encryption channels, signed applications, and private PKI environments.
- http://support.microsoft.com/kb/2661254
Last Review: September 12, 2012 - Revision: 3.0
___

MSRT
- http://support.microsoft.com/?kbid=890830
September 11, 2012 - Revision: 110.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Medfos ..."

- https://blogs.technet.com/b/mmpc/ar...acking-your-daily-search.aspx?Redirected=true

Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.12.exe - 16.1 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.12.exe - 16.7 MB
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=14071
Last Updated: 2012-09-11

.

AplusWebMaster · Sep 18, 2012

Microsoft Security Advisory 2757760 - IE

FYI...

Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
* http://technet.microsoft.com/security/advisory/2757760
17 Sep 2012 (see "Workarounds" [install EMET**, etc.] ) - "... To download EMET, visit the following Microsoft website:
https://www.microsoft.com/en-us/download/details.aspx?id=29851 ..."

** http://support.microsoft.com/kb/2458544

- https://blogs.technet.com/b/msrc/ar...ecurity-advisory-2757760.aspx?Redirected=true
17 Sep 2012 - "... we released Security Advisory 2757760* to address an issue that affects Internet Explorer 9 and earlier versions if a user views a website hosting malicious code. Internet Explorer 10 is not affected. We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue. In the meantime, customers using Internet Explorer are protected when they deploy the following workarounds and mitigations included in the advisory:
• Deploy the Enhanced Mitigation Experience Toolkit (EMET)
This will help prevent exploitation by providing mitigations to help protect against this issue and should not affect usability of websites.
• Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
Deploying EMET will help to prevent a malicious website from successfully exploiting the issue described in Security Advisory 2757760*. EMET in action is unobtrusive and should not affect customers’ Web browsing experience. We are monitoring the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog..."
___

- https://www.net-security.org/secworld.php?id=13614
18 Sep 2012 - "... The Rapid7 team got right on it and created a module exploiting the vulnerability for the Metasploit exploit toolkit during the weekend, and advised IE users to switch to other browsers such as Chrome or Firefox until Microsoft patches the flaw security update becomes available. Microsoft has reacted fast by issuing a security advisory yesterday, in which it confirms the existence of the flaw in Internet explorer 9 and all previous versions (IE10 is not affected), and offers instructions on steps the users can take to mitigate - but not yet remove - the threat:
• Deploy the Enhanced Mitigation Experience Toolkit (EMET) and configure it for Internet Explorer
• Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
These steps could bring additional problems to the users, such as being bombarded by a slew of security warnings, so until Microsoft releases a definitive patch for the hole, maybe it would be easier for IE users to take Rapid7's advice and switch to another browser for the time being."

:fear::sad:

AplusWebMaster · Sep 19, 2012

MS Security Advisory 2757760 V1.1

FYI...

Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2757760
V1.1 (Sep 18, 2012): Assigned Common Vulnerability and Exposure number CVE-2012-4969 to the issue. Also -corrected- instructions in the EMET workaround.
V1.2 (Sep 19, 2012): Added link to Microsoft Fix it solution, "Prevent Memory Corruption via ExecCommand in Internet Explorer," that prevents exploitation of this issue.

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4969 - 9.3 (HIGH)
"... function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012..."

- https://blogs.technet.com/b/msrc/ar...ecurity-advisory-2757760.aspx?Redirected=true
18 Sep 2012 - "We will release a Fix it in the next few days to address an issue in Internet Explorer... It will not affect your ability to browse the Web, and it will provide full protection against this issue until an update is available. It won’t require a reboot of your computer. This Fix it will be available for everyone to download and install within the next few days..."

:fear:

AplusWebMaster · Sep 20, 2012

IE Fix it available - Security Update scheduled for Friday

FYI...

IE Fix it available - Security Update scheduled for Friday
- https://blogs.technet.com/b/msrc/ar...ate-scheduled-for-friday.aspx?Redirected=true
19 Sep 2012 - "... today we have released a Fix it* that is available to address that issue. This is an easy, one-click solution that will help protect your computer right away. It will not affect your ability to browse the web, and it does not require a reboot of your computer. Then, on this Friday, Sept. 21, we will release a cumulative update for Internet Explorer through Windows Update and our other standard distribution channels. We recommend that you install this update as soon as it is available... This will not only reinforce the issue that the Fix It addressed, but cover other issues as well. Today’s Advance Notification Service** (ANS) provides additional details about the update we are releasing on Friday - MS12-063. We are planning to release this bulletin as close to 10 a.m. PDT as possible. This cumulative update for Internet Explorer has an aggregate severity rating of Critical. It addresses the publicly disclosed issue described in Security Advisory 2757760 as well as four other Critical-class remote code execution issues..."
* http://support.microsoft.com/kb/2757760#FixItForMe
Last Review: September 20, 2012 - Revision: 2.0

** http://technet.microsoft.com/security/bulletin/ms12-sep
Sep 19, 2012 - Version: 2.0
Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

:fear:

AplusWebMaster · Sep 21, 2012

MS12-063 released - Critical - IE

FYI...

> https://technet.microsoft.com/en-us/security/bulletin/ms12-sep
V2.0 (Sep 21, 2012): Added Microsoft Security Bulletin MS12-063, Cumulative Security Update for Internet Explorer (2744842)... out-of-band security bulletin.

Microsoft Security Bulletin MS12-063 - Critical
Cumulative Security Update for Internet Explorer (2744842)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-063
Sep 21, 2012 - Internet Explorer 6, 7, 8, 9.
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1529 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2546 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2548 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2557 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4969 - 9.3 (HIGH)

> https://update.microsoft.com/

:fear:

AplusWebMaster · Sep 21, 2012

MS12-063 released - IE out-of-band ...

FYI...

Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2757760
V2.0 (Sep 21, 2012): Advisory updated to reflect publication of security bulletin.
"... We have issued MS12-063* to address this issue..."
* https://technet.microsoft.com/en-us/security/bulletin/ms12-063
Sep 21, 2012 - "... rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows..."

- https://blogs.technet.com/b/msrc/ar...te-for-internet-explorer.aspx?Redirected=true
21 Sep 2012

- http://atlas.arbor.net/briefs/index#1229731326
Severity: Extreme Severity
Sep 21, 2012
MS12-063 patches the recent 0day security hole in Internet Explorer along with other security holes.
Analysis: The exploit for one of the now-patched security holes was first found and reported last week and was apparently used in targeted attacks. One of the actions of at least one group of attackers was the installation of the Poison Ivy Remote Access Trojan (RAT). The exploit for this issue was soon revealed to the public and a Metasploit module was developed, allowing anyone to gain access to the exploit code for any purpose...

> https://update.microsoft.com/
___

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- https://technet.microsoft.com/en-us/security/advisory/2755801
Sep 21, 2012 - "... availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10... The update addresses the vulnerabilities described in Adobe security bulletins APSB12-18 and APSB12-19. As of the release of this update, CVE-2012-1535* is known to be under active attack. For more information about this update, including download links, see Microsoft Knowledge Base Article 2755399**... Customers with Windows 8 Release Preview and Windows Server 2012 Release Candidate are encouraged to apply the update to their systems. The update is only available on Windows Update**..."
** http://go.microsoft.com/fwlink/?LinkId=21130

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1535 - 9.3 (HIGH)
Last revised: 08/15/2012
** http://support.microsoft.com/kb/2755399
Sep 21, 2012
- https://blogs.technet.com/b/msrc/ar...dobe-flash-player-issues.aspx?Redirected=true
21 Sep 2012

- http://atlas.arbor.net/briefs/index#1045103976
Severity: Elevated Severity
Sep 21, 2012
Microsoft releases a security update to Flash player.
Analysis: This patch resolves security issues patched by Adobe in August 2012 for Internet Explorer 10 on Windows 8. This includes the following CVE's: CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168, CVE-2012-4171. Attacks on the CVE-2012-1535 vulnerability are actively underway...

:fear::fear:

AplusWebMaster · Sep 28, 2012

MS KB 2732059 - .oxps files ...

FYI...

MS KB 2732059 - .oxps files ...
You cannot open an .oxps file in Windows 7 or in Windows Server 2008 R2
- http://support.microsoft.com/kb/2732059
Last Review: September 26, 2012 - Revision: 2.0
"This issue occurs because Windows 7 and Windows Server 2008 R2 do not support the .oxps format. The supported XPS document format in Windows 7 and in Windows Server 2008 R2 is .xps... This update is available from the following Microsoft Update website:
https://update.microsoft.com
Applies to: Win7, Windows Server 2008 ..."

:fear:

AplusWebMaster · Oct 9, 2012

MS Security Bulletin Summary - October 2012

FYI...

- http://technet.microsoft.com/en-us/security/bulletin/ms12-oct
October 09, 2012 - "This bulletin summary lists security bulletins released for October 2012...
(Total of 7-)

Microsoft Security Bulletin MS12-064 - Critical
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-064
Critical - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS12-065 - Important
Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-065
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS12-066 - Important
Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-066
Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software, Microsoft Lync

Microsoft Security Bulletin MS12-067 - Important
Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-067
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS12-068 - Important
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-068
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-069 - Important
Vulnerability in Kerberos Could Allow Denial of Service (2743555)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-069
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-070 - Important
Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-070
Important - Elevation of Privilege - May require restart - Microsoft SQL Server
___

Assessing risk for the October 2012 security updates
- https://blogs.technet.com/b/srd/arc...er-2012-security-updates.aspx?Redirected=true
9 Oct 2012

Bulletin Deployment Priority
- https://blogs.technet.com/cfs-files...-00-00-45-71/7585.October-2012-Deployment.png

Severity and Exploitability Index
- https://blogs.technet.com/cfs-files...00-00-00-45-71/6866.October-2012-Severity.png

MSRC > Welcome to the 1024-bit world and the October security updates
- http://blogs.technet.com/b/msrc/arc...october-security-updates.aspx?Redirected=true
9 Oct 2012
___

MSRT
- http://support.microsoft.com/?kbid=890830
October 9, 2012 - Revision: 111.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Nitol
• OneScan..."

- https://blogs.technet.com/b/mmpc/ar...ogues-with-just-one-scan.aspx?Redirected=true
9 Oct 2012

Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.13.exe - 16.2 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.13.exe - 16.8 MB
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=14272
Last Updated: 2012-10-09 17:12:12 UTC

.

AplusWebMaster · Oct 9, 2012

MS Security Advisories - 10.09.2012 recent issues-updates

FYI...

Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.microsoft.com/en-us/security/advisory/2749655
October 09, 2012 - "... For more information about the update, please see Microsoft Knowledge Base Article 2749655*..."
* http://support.microsoft.com/kb/2749655

Security Advisory 2749655 and timestamping
- https://blogs.technet.com/b/srd/arc...2749655-and-timestamping.aspx?Redirected=true
9 Oct 2012 - "... due to a clerical error, a subset of binaries processed by the PRSS lab between June 12, 2012 and August 14, 2012 were digitally signed in an incorrect manner... we are re-releasing an initial batch of four security updates -- MS12-053, MS12-054, MS12-055, and MS12-058 -- with new digital signatures, each of which has been timestamped with a proper timestamping certificate. We are continuing our investigation and expect to re-release additional bulletins as needed in months to come..."
___

Microsoft Security Advisory (2737111)
Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2737111
• V3.0 (October 9, 2012): Advisory updated to reflect publication of security bulletin* for Microsoft FAST Search Server 2010 for SharePoint.
* http://technet.microsoft.com/en-us/security/bulletin/ms12-067

Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- http://technet.microsoft.com/en-us/security/advisory/2661254
• V2.0 (October 9, 2012): Revised advisory to re-release the KB2661254 update for Windows XP and to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. Customers who previously applied the KB2661254 update do not need to take any action. See advisory FAQ for details.

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe -Flash- Player in IE 10
* https://technet.microsoft.com/en-us/security/advisory/2755801
Updated: Oct 08, 2012 - "... Microsoft recommends that customers apply the current update -immediately- using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered..."
• V2.0 (October 8, 2012): Added KB2758994** to the Current update section.
** http://support.microsoft.com/kb/2758994

:fear::fear:

AplusWebMaster · Oct 10, 2012

Re-released MS Security Bulletins ...

FYI...

RE-RELEASED:

Microsoft Security Bulletin MS12-043 - Critical
- http://technet.microsoft.com/en-us/security/bulletin/ms12-043
• V3.0 (October 9, 2012): Added Microsoft XML Core Services 4.0 when installed on supported editions of Windows 8 and Windows Server 2012 to affected software and announced a corresponding detection change for the KB2721691 update package. Customers who have installed Microsoft XML Core Services 4.0 on systems running Windows 8 or Windows Server 2012 need to install the KB2721691 update to be protected from the vulnerability described in this bulletin. See the update FAQ for details.

Microsoft Security Bulletin MS12-053 - Critical
- http://technet.microsoft.com/en-us/security/bulletin/ms12-053
• V2.0 (October 9, 2012): Revised bulletin to rerelease the KB723135 update for Windows XP. Customers do not need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655.

Microsoft Security Bulletin MS12-054 - Critical
- http://technet.microsoft.com/en-us/security/bulletin/ms12-054
• V2.0 (October 9, 2012): Revised bulletin to rerelease the KB2731847 update for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Customers using Windows XP and Windows Server 2003 do not need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655. Customers using Windows Vista, Windows 7, and Windows Server 2008 need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655.

Microsoft Security Bulletin MS12-055 - Important
- http://technet.microsoft.com/en-us/security/bulletin/ms12-055
• V2.0 (October 9, 2012): Revised bulletin to rerelease the KB2731847 update for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Customers using Windows XP and Windows Server 2003 do not need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655. Customers using Windows Vista, Windows 7, and Windows Server 2008 need to apply the rereleased update packages to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655.

Microsoft Security Bulletin MS12-058 - Critical
- http://technet.microsoft.com/en-us/security/bulletin/ms12-058
• V2.0 (October 9, 2012): Revised bulletin to offer the rerelease of updates for Microsoft Exchange Server 2007 Service Pack 3 (KB2756497), Microsoft Exchange Server 2010 Service Pack 1 (KB2756496), and Microsoft Exchange Server 2010 Service Pack 2 (KB2756485). Customers need to apply the rereleased updates to avoid an issue with digital certificates described in Microsoft Security Advisory 2749655.

>> Per: Security Advisory 2749655 and timestamping
- https://blogs.technet.com/b/srd/arc...2749655-and-timestamping.aspx?Redirected=true
9 Oct 2012 - "... due to a clerical error, a subset of binaries processed by the PRSS lab between June 12, 2012 and August 14, 2012 were digitally signed in an incorrect manner... we are re-releasing an initial batch of four security updates -- MS12-053, MS12-054, MS12-055, and MS12-058 -- with new digital signatures, each of which has been timestamped with a proper timestamping certificate. We are continuing our investigation and expect to re-release additional bulletins as needed in months to come..."

:fear::fear::sad:

AplusWebMaster · Oct 19, 2012

Windows Update software has to be updated ...

FYI...

Windows Update Web site indicates that your Windows Update software has to be updated
- http://support.microsoft.com/kb/836974/en-us
Last Review: October 18, 2012 - Revision: 3.0
Resolution: To resolve this issue, manually update the Windows Update software, and then return to the Windows Update Web site to update your computer. To do this, follow the appropriate steps for your Microsoft Windows operating system...
Windows Server 2003, Windows XP, and Windows 2000
1. Download the Iuctl.cab file and save it on your desktop. To download the Iuctl.cab file, visit the following Windows Update Web site:
http://v4.update.microsoft.com/cab/x86/unicode/iuctl.cab
2. After the file is saved on your desktop, right-click the Iuctl.cab file, and then click Open
3. Select all the files that are listed. To do this, point to the file list, and then press CTRL+A.
4. Right-click the files that you selected, and then click Extract.
5. Select a known location, and then click OK. For example, select the desktop.
6. Locate the file where you extracted it. For example, locate the file on the desktop.
7. Right-click the Iuctl.inf file, and then click Install.
8. Try again to update your computer by using the Windows Update Web site.
After you have resolved this issue, you can safely delete the files and folders that you downloaded and extracted in steps 1 through 4 of this procedure.

:fear::secret:

AplusWebMaster · Oct 24, 2012

MSRT results - Oct 2012...

FYI...

MSRT results - Oct 2012...
- https://blogs.technet.com/b/mmpc/ar...-12-nitol-by-the-numbers.aspx?Redirected=true
22 Oct 2012 - "... Top 10 countries with Win32/Nitol detections (January 2012 to October 2012):
> https://www.microsoft.com/security/portal/blog-images/Nitol/Nitol1.png
... Monthly report volume for Win32/Nitol (January 2011 to October 2012):
> https://www.microsoft.com/security/portal/blog-images/Nitol/Nitol3.png
... This month’s MSRT included two prevalent families - Win32/Onescan, which is a Korean rogue software, and Win32/Nitol. Within the first two days of MSRT release, Win32/Onescan was our top family detected and cleaned by the MSRT tool, while Win32/Nitol took the 9th spot. After one week of report monitoring, while Win32/Onescan was still on top and had been cleaned from almost 1,000,000 machines, Win32/Nitol had slipped to the 11th spot, having been removed from over 36,000 machines. Win32/Nitol’s numbers are something within our expectation. The recent takedown which disrupted a large percentage of Win32/Nitol’s C&C (command and control) infrastructure is a big factor in explaning why Win32/Nitol’s prevalence has been dropping considerably.
MSRT top 15 families after one week:
> https://www.microsoft.com/security/portal/blog-images/Nitol/Nitol4.png ..."

:fear:

AplusWebMaster · Oct 31, 2012

MS12-034 v1.5 ...

FYI...

Microsoft Security Bulletin MS12-034 - Critical
Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight
- http://technet.microsoft.com/en-us/security/bulletin/ms12-034
V1.0 (May 8, 2012): Bulletin published.
V1.1 (May 16, 2012): Added a link to Microsoft Knowledge Base Article 2681578 under Known Issues in the Executive Summary. Also added Microsoft .NET Framework 1.1 Service Pack 1 to the Non-Affected Software table and corrected the update replacement information for Microsoft Office. These were informational changes only. There were no changes to the security update files or detection logic.
V1.2 (May 22, 2012): Added an entry to the Frequently Asked Questions (FAQ) Related to This Security Update section to explain this revision.
V1.3 (June 6, 2012): Added an entry to the update FAQ to explain why systems with non-affected versions of Microsoft Visio Viewer 2010 will be offered security update KB2589337.
V1.4 (July 31, 2012): Bulletin revised to announce a detection change in the Windows Vista packages for KB2676562 to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
V1.5 (October 31, 2012): Corrected update replacement information for the KB2676562* update.
* http://support.microsoft.com/kb/2676562

.

AplusWebMaster · Nov 13, 2012

MS Security Bulletin Summary - November 2012

FYI...

- http://technet.microsoft.com/en-us/security/bulletin/ms12-nov
November 13, 2012 - "This bulletin summary lists security bulletins released for November 2012...
(Total of -6-)

Microsoft Security Bulletin MS12-071 - Critical
Cumulative Security Update for Internet Explorer (2761451)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-071
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS12-072 - Critical
Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-072
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-074 - Critical
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-074
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS12-075 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-075
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-076 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184)
- http://technet.microsoft.com/en-us/security/bulletin/ms12-076
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS12-073 - Moderate
Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information
- https://technet.microsoft.com/en-us/security/bulletin/ms12-073
Moderate - Information Disclosure - May require restart - Microsoft Windows
___

Bulletin Deployment Priority
- https://blogs.technet.com/cfs-files...00-00-45-71/5353.November-2012-Deployment.png

Severity and Exploitabilty Index
- https://blogs.technet.com/cfs-files...0-00-00-45-71/0486.November-2012-Severity.png

- http://blogs.technet.com/b/msrc/arc...er-2012-bulletin-release.aspx?Redirected=true
13 Nov 2012 - "... six security bulletins... four Critical, one Important, and one Moderate – addressing 19 vulnerabilities in Microsoft Windows Shell, Windows Kernel, Internet Explorer, Internet Information Services (IIS), .NET Framework, and Excel..."
___

- https://secunia.com/advisories/51202/ - MS12-071
- https://secunia.com/advisories/51221/ - MS12-072
- https://secunia.com/advisories/51235/ - MS12-073
- https://secunia.com/advisories/51236/ - MS12-074
- https://secunia.com/advisories/51239/ - MS12-075
- https://secunia.com/advisories/51242/ - MS12-076
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=14503
Last Updated: 2012-11-13 18:43:04 UTC
___

MSRT
- http://support.microsoft.com/?kbid=890830
November 13, 2012 - Revision: 116.0
- http://www.microsoft.com/security/pc-security/malware-families.aspx
"... added in this release...
• Folstart
• Phorpiex
• Weelsof ..."

- https://blogs.technet.com/b/mmpc/archive/2012/11/13/don-t-fall-for-folstart.aspx?Redirected=true
13 Nov 2012 - "... good practice to show hidden files and system files file extensions..."
- https://www.microsoft.com/security/portal/blog-images/Folstart/3.png
... How to display hidden files and folders, and show file extensions

Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: Windows-KB890830-V4.14.exe - 16.5 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: Windows-KB890830-x64-V4.14.exe - 17.1 MB

.

AplusWebMaster · Nov 14, 2012

MS Security Advisory updates - 2012.11.13 ...

FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2269637
V18.0 (November 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-074*, "Vulnerabilities in .NET Framework Could Allow Remote Code Execution."
* http://technet.microsoft.com/en-us/security/bulletin/ms12-074

Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.microsoft.com/en-us/security/advisory/2749655
V1.2 (November 13, 2012): Added the KB2687626 update, described in MS12-046*, to the list of available re-releases (List of available re-releases at the URL above).
* http://technet.microsoft.com/en-us/security/bulletin/ms12-046
V2.0 (November 13, 2012): Re-released bulletin to replace the KB2598361 update with the KB2687626** update for Microsoft Office 2003 Service Pack 3 to address an issue with digital certificates described in Microsoft Security Advisory 2749655. See the update FAQ for details.
** http://support.microsoft.com/KB/2687626
November 13, 2012 - Revision: 2.0

.

AplusWebMaster · Nov 14, 2012

KB 2750841 problems ...

FYI... Per comments/info below, you may choose -not- to install this item:

"An IPv6 readiness update is available for Windows 7 and for Windows Server 2008 R2"
- http://support.microsoft.com/kb/2750841
November 13, 2012 - Revision: 1.0
___

From: Susan Bradley
Subject: Do not install KB2750841

http://support.microsoft.com/kb/2750841
Do -not- install that

Threads here:
http://forums.opendns.com/comments.php?DiscussionID=16465
here
http://answers.microsoft.com/en-us/...required/d5be5c1c-f9aa-4f06-943e-03d8cb305a57
and
https://isc.sans.edu/diary.html?storyid=14503#comment
"After applying the updates, in the Network Notification Area, I get 'Additional log on info may be required'..."

:fear::sad:

Microsoft Alerts

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member