Old MS Alerts

AplusWebMaster · Apr 15, 2009

Multiple MS Security Advisory updates

FYI...

Microsoft Security Advisory (968272)
Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/968272.mspx
Published: February 24, 2009 | Updated: April 14, 2009 - "... We have issued MS09-009 to address this issue..."
- http://www.microsoft.com/technet/security/bulletin/MS09-009.mspx

Microsoft Security Advisory (960906)
Vulnerability in WordPad Text Converter Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/960906.mspx
Published: December 9, 2008 | Updated: April 14, 2009 - "... We have issued MS09-010 to address this issue..."
- http://www.microsoft.com/technet/security/bulletin/MS09-010.mspx

Microsoft Security Advisory (953818)
Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform
- http://www.microsoft.com/technet/security/advisory/953818.mspx
Published: May 30, 2008 | Updated: April 14, 2009 - "... Customers running Safari on Windows should review this advisory. We have issued Microsoft Security Bulletin MS09-014, Cumulative Security Update for Internet Explorer (963027), and MS09-015, Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426), to address this issue. For more information about this issue, including download links for security updates, please review MS09-014 and MS09-015.
- http://www.microsoft.com/technet/security/Bulletin/ms09-014.mspx
- http://www.microsoft.com/technet/security/Bulletin/ms09-015.mspx
Apple Support has released a security advisory that addresses the vulnerability in Apple’s Safari 3.1.2 for Windows. Please see Apple security advisory About the security content of Safari 3.1.2 for Windows for more information.
- http://support.apple.com/kb/HT2092
Mitigating Factors:
• Customers who have changed the default location where Safari downloads content to the local drive are not affected by this blended threat..."

Microsoft Security Advisory (951306)
Vulnerability in Windows Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/951306.mspx
Published: April 17, 2008 | Updated: April 14, 2009 - "... We have issued MS09-012 to address this issue..."
- http://www.microsoft.com/technet/security/Bulletin/ms09-012.mspx

:fear:

AplusWebMaster · Apr 29, 2009

IEv8 now pushed

FYI...

IEv8 now pushed...
- http://isc.sans.org/diary.html?storyid=6283
Last Updated: 2009-04-28 23:55:01 UTC - "If you were to go to your "Windows Update..." feature today, you will see that IE8 is now available as a "critical" update to your Microsoft OS..."

Internet Explorer 8 for Windows XP
Date last published: 4/28/2009
Download size: 16.1 MB

:lip:

AplusWebMaster · Apr 29, 2009

MS Office 2007 SP2 released

FYI...

MS Office 2007 SP2 released
- http://www.informationweek.com/shared/printableArticle.jhtml?articleID=217200466
April 28, 2009 - "The productivity suite update adds built-in support for Open Document Format and a slew of other tweaks, including improved Outlook performance... The new service pack became available as a manual download* Tuesday. It won't become an automatic update for another 90 days, and then only with a 30-day notice."
* http://preview.tinyurl.com/cfq34v
Knowledge Base (KB) Articles: http://support.microsoft.com/kb/953195
Date Published: 4/24/2009
290.2 MB

>> Note: Several reports found both the IEv8 and MS Office 2007 SP2 updates available on the MS Update site.

- http://jkontherun.com/2009/04/30/office-2007-sp2-breaking-corporate-email/
April 30, 2009 - "... a number of corporate users are experiencing a major bug in SP2 that affects the ability to access the Global Address Book, effectively rendering corporate email useless. One corporate user says the problem went away when Office 2007 SP2 was removed..."

:lip:

AplusWebMaster · Apr 30, 2009

MS Security Bulletin revisions

FYI...

MS Security Bulletin revisions to:

• MS09-012 - Important
- http://www.microsoft.com/technet/security/bulletin/ms09-012.mspx
• -V2.0- (April 29, 2009): Added an entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update to communicate the rerelease of the Norwegian-language update for Microsoft Windows 2000 Service Pack 4 (KB952004). Customers who require the Norwegian-language update need to download and install the rereleased update. No other updates or locales are affected by this rerelease.

• MS08-076 - Important
- http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx
• -V4.0- (April 29, 2009): Added Windows Media Services 2008 (KB952068) on 32-bit and x64-based editions of Windows Server 2008 Service Pack 2 as affected software. Also, added Windows Server 2008 for Itanium-based Systems Service Pack 2 as non-affected software. This is a detection change only; there were no changes to the binaries. Customers who have already successfully installed KB952068 do not need to reinstall.

• MS08-069 - Critical
- http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx
• -V2.0- (April 29, 2009): Added Microsoft XML Core Services 4.0 (KB954430) on 32-bit and x64-based editions of Windows Vista Service Pack 2 and on 32-bit, x64-based, and Itanium-based editions of Windows Server 2008 Service Pack 2 as affected software. Also added as non-affected software: Microsoft XML Core Services 3.0 and Microsoft XML Core Services 6.0 on 32-bit and x64-based editions of Windows Vista Service Pack 2 and on 32-bit, x64-based, and Itanium-based editions of Windows Server 2008 Service Pack 2. This is a detection change only; there were no changes to the binaries. Customers who have already successfully installed KB954430 do not need to reinstall.

:fear:

AplusWebMaster · May 8, 2009

MS Security Bulletin Advance Notification - May 2009

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-may.mspx
May 7, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on May 12, 2009..."
(Total of -1-)

Critical (1)

PowerPoint
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

- http://www.us-cert.gov/current/index.html#microsoft_releases_advance_notification_for21
May 7, 2009

.

AplusWebMaster · May 12, 2009

AplusWebMaster · May 13, 2009

MS Security Advisory updated

FYI...

Microsoft Security Advisory (969136)
Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/969136.mspx
Updated: May 12, 2009 - "...We have issued MS09-017* to address this issue..."
* http://www.microsoft.com/technet/security/bulletin/ms09-017.mspx

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0556

// At least one of the vulnerabilities is actively being exploited in the wild.

AplusWebMaster · May 15, 2009

MS08-066 exploit in the wild

FYI...

- http://pandalabs.pandasecurity.com/archive/MS08_2D00_066-in-the-wild.aspx
14 May 09 - "... use Windows with a regular user account, in order to avoid most of the malware actions that require admin rights (install rootkits, modify system files, registry or services,…) . However it’s really important to keep our system updated. You should install Windows updates every month because even if your default Windows user hasn’t got admin privileges, you could still have problems if you execute a malware... With this piece of code, if the system hasn’t been updated with the MS08-066* patch, the malware would be able to do whatever it wants..."
* http://www.microsoft.com/technet/security/bulletin/ms08-066.mspx
Vuln in the MS Ancillary Function Driver Could Allow Elevation of Privilege (956803)
... Why was this security bulletin revised on January 13, 2009?
Microsoft revised this security bulletin to announce a detection change for this security update. As a result of the correction, the detection offers the security update to affected systems that previously were not offered this security update....
- http://support.microsoft.com/kb/956803

(More detail available at the PandaLabs URL above.)

:fear::fear:

AplusWebMaster · May 16, 2009

MS IIS6.0 vuln - unpatched

FYI...

- http://www.symantec.com/security_response/threatconlearn.jsp
May 16, 2009 - "The ThreatCon is currently at Level 2: Elevated... A newly discovered and unpatched flaw has been disclosed affecting Microsoft IIS 6 with WebDAV enabled. Due to an error in the way unicode characters are handled, it is possible for an attacker to bypass authentication requirements when accessing a protected resource. It may also be possible for attackers to upload files to a vulnerable server without supplying credentials. Due to the nature of this flaw and the ease at which it can be triggered, we feel that it is probable that attacks will be carried out in the wild. Reports indicate that Microsoft IIS 7 is not vulnerable. More information is available in the following BID: Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
http://www.securityfocus.com/bid/34993 ..."

- http://isc.sans.org/diary.html?storyid=6397
Last Updated: 2009-05-16 00:05:27 UTC - "... adding certain Unicode characters to an URL makes it possible to bypass authentication in Microsoft IIS6 with WebDav and access or even upload files in folders which are supposed to be password protected... If you have WebDav active and accessible from the Internet on any of your IIS6, it is probably a wise move to hedge and turn WebDav off.."
- http://blog.zoller.lu/2009/05/iis-6-webdac-auth-bypass-and-data.html

- http://secunia.com/advisories/35109/2/
Release Date: 2009-05-18
Critical: Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Information Services (IIS) 5.x, Microsoft Internet Information Services (IIS) 6
Solution: Do not store sensitive files inside the webroot. Disable WebDAV support...

:fear::fear:

AplusWebMaster · May 19, 2009

MS Security Advisory - IIS WebDAV...

FYI...

Microsoft Security Advisory (971492)
Vulnerability in Internet Information Services Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/971492.mspx
May 18, 2009 - "Microsoft is investigating new public reports of a possible vulnerability in Microsoft Internet Information Services (IIS). An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication. We are not aware of attacks that are trying to use this vulnerability or of customer impact at this time. Microsoft is investigating the public reports...
Workarounds:
- Disable WebDAV...
- Alternate method to disable WebDAV on IIS 5.0 and IIS 5.1...
- Alternate method to disable WebDAV on IIS 5.1 and IIS 6.0...
- Change file system ACLs to deny access to the anonymous user account...

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1676
Last revised: 05/20/2009
CVSS v2 Base Score: 7.6 (HIGH)

> http://blogs.technet.com/srd/archiv...tion-about-the-iis-authentication-bypass.aspx
May 18, 2009

Understanding Microsoft's KB971492 IIS5/IIS6 WebDAV Vulnerability
- http://unixwiz.net/techtips/ms971492-webdav-vuln.html
26 May 2009

:fear:

AplusWebMaster · May 20, 2009

MS IIS hacked...

FYI...

- http://www.theregister.co.uk/2009/05/20/iis_bug_fells_university_server/
20 May 2009 - "Hackers have wasted no time targeting a gaping hole in Microsoft's Internet Information Services webserver, according to administrators at Ball State University, who say servers that used the program were breached on Monday... On Monday, Microsoft confirmed what it called an "elevation of privilege vulnerability" in versions 5 and 6 of IIS when it runs an extension known as WebDAV. Microsoft said at the time it was unaware of any in-the-wild exploits of the vulnerability. The assessment was at odds with this warning*..."
* http://www.us-cert.gov/current/index.html#microsoft_internet_information_services_iis
updated May 19, 2009 - "... US-CERT is also aware of publicly available exploit code and active exploitation of this vulnerability... note that disabling WebDAV may affect the functionality of other applications such as SharePoint..."

- http://www.theregister.co.uk/2009/05/21/ball_state_retracts/
21 May 2009 - "Network administrators at Ball State University have retracted their claims that a campus website was brought down by a zero-day vulnerability in Microsoft's Internet Information Services webserver... corrects an advisory campus officials issued Tuesday that claimed the breach was the result of someone targeting a vulnerability in versions 5 and 6 of IIS that allows attackers to list, access, and in some cases upload files in a password-protected folders of vulnerable machines. The vulnerability exists when IIS uses the WebDAV protocol. The advisory was featured prominently on the university's website. "Initially, both Microsoft and Ball State suspected the intruder used the WebDAV vulnerability that was made public by Microsoft on May 15," Proudfoot said..."

Corrected CVE:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1676
Last revised: 05/20/2009
CVSS v2 Base Score: 7.6 (HIGH)

// http://forums.spybot.info/showpost.php?p=312447&postcount=98

AplusWebMaster · May 27, 2009

MS Windows Vista SP2

FYI...

- http://www.theinquirer.net/inquirer/news/1137482/vista-service-pack-light
26 May 2009 - "... Microsoft has finally released the next official first aid kit for Windows Vista - SP2. If you've been running the BETA of Service Pack 2 that was released last year, then you'll need to uninstall that before installing the official service pack. Plus, you'll also need to have Service Pack 1 installed first. Although the Service Pack hasn't made it to Windows Update yet, you can now grab the official downloads from Microsoft's Download Center. The installer includes Service Pack 2 for both Windows Vista and Windows Server 2008, resulting in a 348.3MB file for 32-bit version - and a 577.4MB file for 64-bit version. Despite the massive file size, however, there's not much to get excited about. The update mainly includes all of the bits and bobs that have been released since Service Pack 1, although this doesn't include Internet Explorer 8..."

- http://technet.microsoft.com/en-us/windows/dd262148.aspx
May 26, 2009

:spider:

AplusWebMaster · May 29, 2009

MS Security Advisory - DirectX

FYI...

Microsoft Security Advisory (971778)
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/971778.mspx
May 28, 2009 - "Microsoft is investigating new public reports of a new vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted QuickTime media file. Microsoft is aware of limited, active attacks that use this exploit code. While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not vulnerable... Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."

- http://www.theregister.co.uk/2009/05/28/critical_microsoft_directx_vulnerability/
28 May 2009 22:37 GMT - "... Microsoft has offered several work-arounds until a patch is available. The most straight-forward of them involves visiting this link* and clicking on the "Fix it" icon. (We got an error when using Firefox, but it worked fine with Internet Explorer)..."
* http://support.microsoft.com/kb/971778

> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1537

- http://secunia.com/advisories/35268/2/
Release Date: 2009-05-29
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched...
Solution: Disable the parsing of QuickTime content in quartz.dll. Please see the vendor's advisory for more information. Do not browse untrusted websites or follow untrusted links. Do not open untrusted media files...

:fear:

AplusWebMaster · Jun 4, 2009

Vista SP2 buggy...

FYI...

Problems confirmed with Vista SP2
- http://windowssecrets.com/comp/090604#known0
2009-06-04

:sad:

AplusWebMaster · Jun 5, 2009

MS Security Bulletin Advance Notification - June 2009

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-jun.mspx
June 4, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on June 9, 2009...
(Total of -10-)

Critical -6-

Windows 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Windows 2
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

IE
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Internet Explorer...

Word
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

Excel
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

Office
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

Important -3-

Windows 3
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Windows 4
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Windows 5
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Moderate -1-

Windows 6
Maximum Severity Rating: Moderate
Vulnerability Impact: Information Disclosure
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

- http://blogs.technet.com/msrc/archive/2009/06/04/june-2009-advance-notification.aspx
June 04, 2009

.

AplusWebMaster · Jun 9, 2009

MS Security Bulletin Summary - June 2009

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-jun.mspx
June 9, 2009 - "This bulletin summary lists security bulletins released for June 2009... The following table summarizes the security bulletins for this month in order of severity... (Total of -10-)

Critical -6-

Microsoft Security Bulletin MS09-018
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
- http://www.microsoft.com/technet/security/bulletin/MS09-018.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution, Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-022
Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
- http://www.microsoft.com/technet/security/bulletin/MS09-022.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-019
Cumulative Security Update for Internet Explorer (969897)
- http://www.microsoft.com/technet/security/bulletin/MS09-019.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Internet Explorer ...
- http://atlas.arbor.net/briefs/
"...major update to IE 6, 7 and 8 for all platforms. This could affect thousands of users and, as we have seen, be used in drive by attacks for years to come. Source: MS09-019 ..."

Microsoft Security Bulletin MS09-027
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)
- http://www.microsoft.com/technet/security/bulletin/MS09-027.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS09-021
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
- http://www.microsoft.com/technet/security/bulletin/MS09-021.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS09-024
Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
- http://www.microsoft.com/technet/security/bulletin/MS09-024.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...

Important -3-

Microsoft Security Bulletin MS09-026
Vulnerability in RPC Could Allow Elevation of Privilege (970238)
- http://www.microsoft.com/technet/security/bulletin/MS09-026.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-025
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
- http://www.microsoft.com/technet/security/bulletin/MS09-025.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-020
Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
- http://www.microsoft.com/technet/security/bulletin/MS09-020.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Moderate -1-

Microsoft Security Bulletin MS09-023
Vulnerability in Windows Search Could Allow Information Disclosure (963093)
- http://www.microsoft.com/technet/security/bulletin/MS09-023.mspx
Maximum Severity Rating: Moderate
Vulnerability Impact: Information Disclosure
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...
___

ISC Analysis
- http://isc.sans.org/diary.html?storyid=6538
Last Updated: 2009-06-10 13:01:38 UTC ...(Version: 2)
___

- http://www.reuters.com/article/technologyNews/idUSTRE5585IV20090609?sp=true
Jun 9, 2009 - "Microsoft Corp issued software to fix 31 security flaws in its programs, a single-day record for the company whose products are targeted by hackers because they sit on the vast majority of computers..."
___

MSRT
- http://www.microsoft.com/security/malwareremove/default.mspx
Version: 2.11
Knowledge Base (KB) Articles: http://support.microsoft.com/?kbid=890830
Date Published: 6/9/2009 ...
Recent adds:
Win32/Waledac - April 2009 (V 2.9) Moderate
Win32/Winwebsec - May 2009 (V 2.10) Moderate
Win32/InternetAntivirus - June 2009 (V 2.11) Moderate

AplusWebMaster · Jun 10, 2009

MS Security Advisories - updated

FYI...

Microsoft Security Advisory (971888)
Update for DNS Devolution
- http://www.microsoft.com/technet/security/advisory/971888.mspx
Published or Last Updated: 6/9/2009

Microsoft Security Advisory (971492)
Vulnerability in Internet Information Services Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/971492.mspx
Published: May 18, 2009 | Updated: June 9, 2009 - "... We have issued MS09-020 to address this issue..." - http://www.microsoft.com/technet/security/Bulletin/MS09-020.mspx

Microsoft Security Advisory (969898)
Update Rollup for ActiveX Kill Bits
- http://www.microsoft.com/technet/security/advisory/969898.mspx
June 9, 2009 - "Microsoft is releasing a new set of ActiveX kill bits with this advisory.
The update includes a kill bit from a previously published Microsoft Cumulative Update:
• Microsoft Visual Basic 6.0 Service Pack 6 Cumulative Update (KB957924)
- http://www.microsoft.com/downloads/...35-0403-45c4-9e41-459f0eb89e36&displaylang=en
The update also includes kill bits for the following third-party software:
• Derivco. This security update sets a kill bit for an ActiveX control developed by Derivco. Derivco has released a security update that addresses a vulnerability in the affected component. For more information and download locations, see the security release from Derivco. This kill bit is being set at the request of the owner of the ActiveX controls...
• eBay Advanced Image Upload Component. This security update sets a kill bit for an ActiveX control developed by eBay. eBay has released a security update that addresses a vulnerability in the affected component. For more information and download locations, see the security release from eBay. This kill bit is being set at the request of the owner of the ActiveX controls...
• HP Virtual Room v7.0. This security update sets a kill bit for an ActiveX control developed by Research In Motion (RIM). RIM has released a security update that addresses a vulnerability in the affected component. For more information and download locations, see the security release from HP. This kill bit is being set at the request of the owner of the ActiveX controls..."

Microsoft Security Advisory (945713)
Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure
- http://www.microsoft.com/technet/security/advisory/945713.mspx
Published: December 3, 2007 | Updated: June 9, 2009 - "... We have issued MS09-008 to address the WPAD issue and have released configuration guidance and updates for DNS devolution in Microsoft Security Advisory 971888. The vulnerabilities addressed are DNS Server Vulnerability in WPAD Registration Vulnerability CVE-2009-0093 and WPAD WINS Server Registration Vulnerability CVE-2009-0094..."
- http://www.microsoft.com/technet/security/Bulletin/MS09-008.mspx
- http://www.microsoft.com/technet/security/advisory/971888.mspx
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0093
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0094

:fear:

AplusWebMaster · Jun 20, 2009

DirectShow exploit In the wild - Part II

FYI...

DirectShow Exploit In the Wild, Part II
- http://preview.tinyurl.com/lhmtkd
06-19-2009 Symantec Security Response Blog - "... With no patch for this vulnerability available as of yet, the fact that we are seeing this exploit used more commonly in the wild is worrying... To trigger this vulnerability, attackers are currently enticing users to visit a malicious page. Attackers have become quite adept at doing this by embedding iframe tags in legitimate pages, among other techniques. This is the most likely attack vector. We have seen iframe tags pointing to this exploit inside phishing pages already and we do expect to see iframe tags added to more pages. The vulnerability exists in the code within Microsoft DirectX and can be triggered by a specially crafted QuickTime media file. The attackers Web page will try to play the malicious QuickTime file, not using the QuickTime player, but using Windows Media Player instead. This will trigger the vulnerability and allow the attacker to execute code on the visitor’s computer. The vulnerable code exists in quartz.dll and is a null-byte overwrite. It allows the attacker to overwrite just one byte of memory with a null byte... (end-user) work-around*."
* http://support.microsoft.com/kb/971778#FixItForMeAlways
June 3, 2009 (Get the Enable Workaround "FixIt" here. MUST be run in Admin mode.)

- http://www.microsoft.com/technet/security/advisory/971778.mspx

> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1537
Last revised: 06/09/2009
CVSS v2 Base Score: 9.3 (HIGH)
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service...

:fear:

AplusWebMaster · Jul 6, 2009

0-day in MS DirectShow used in drive-by attacks

FYI...

0-day in MS DirectShow (msvidctl.dll) used in drive-by attacks
- http://isc.sans.org/diary.html?storyid=6733
Last Updated: 2009-07-06 08:56:55 UTC - "A 0-day exploit within the msVidCtl component of Microsoft DirectShow is actively being exploited through drive-by attacks using thousands of newly compromised web sites, according to CSIS. The code has been published in the public domain via a number of Chinese web sites. Please keep a watchful eye on your AV and IDS/IPS vendors updates to ensure coverage as early as possible on this exploit as it is likely to be widely deployed with the code being available. A valid work around for the attack vector is available which set's the kill bit on the vulnerable DLL.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
"Compatibility Flags"=dword:00000400 ..."

- http://securitylabs.websense.com/content/Alerts/3432.aspx
07.06.2009 - "Websense... is currently tracking -legitimate- sites that have been compromised to lead to a zero-day exploit targeting an Internet Explorer vulnerability. The compromised sites lead to a handful of payload sites hosting the exploit code which targets msvidctl.dll - an ActiveX control for streaming video. The new zero-day exploit has been added to other exploits on Chinese payload sites. We have been monitoring these sites, which have been systematically injected throughout the last year..."

- http://secunia.com/advisories/35683/2/
Release Date: 2009-07-06
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
OS: Microsoft Windows XP Home Edition, Microsoft Windows XP Professional ...
... The vulnerability is caused due to a boundary error in the ActiveX control for streaming video (msvidctl.dll) and can be exploited to cause a stack-based buffer overflow via specially crafted image content.
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
NOTE: The vulnerability is currently being actively exploited...
Solution: Set the kill-bit for the affected ActiveX control...

- http://www.f-secure.com/weblog/archives/00001716.html
July 6, 2009 - "... The exploit targets Microsoft Internet Explorer… so one work around is kind of obvious. Use some other browser besides Internet Explorer until this vulnerability is patched..."

>>> http://support.microsoft.com/kb/972890#FixItForMe
July 6, 2009 (Get the Enable Workaround "FixIt" here. MUST be run in Admin mode.)

:fear:

AplusWebMaster · Jul 6, 2009

Microsoft Security Advisory (972890)

FYI...

Microsoft Security Advisory (972890)
Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/972890.mspx
July 06, 2009 - "Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention. We are aware of attacks attempting to exploit the vulnerability.
Our investigation has shown that there are no by-design uses for this ActiveX Control in Internet Explorer which includes all of the Class Identifiers within the msvidctl.dll that hosts this ActiveX Control. For Windows XP and Windows Server 2003 customers, Microsoft is recommending removing support for this ActiveX Control within Internet Explorer using all the Class Identifiers listed in the Workaround section. Though unaffected by this vulnerability, Microsoft is recommending that Windows Vista and Windows Server 2008 customers remove support for this ActiveX Control within Internet Explorer using the same Class Identifiers as a defense-in-depth measure. Customers may prevent the Microsoft Video ActiveX Control from running in Internet Explorer, either manually using the instructions in the Workaround section or automatically using the solution found in Microsoft Knowledge Base Article 972890*..."
* http://support.microsoft.com/kb/972890#FixItForMe
July 6, 2009 (Get the Enable Workaround "FixIt" here. MUST be run in Admin mode.)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0015
Last revised: 07/09/2009
CVSS v2 Base Score: 9.3 (HIGH)
Impact Type: Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service ...

- http://securitylabs.websense.com/content/Blogs/3434.aspx
07.09.2009

:fear:

Old MS Alerts

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member

New member