Old MS Alerts

IE 0day exploit domains

FYI...

IE 0day exploit domains...
- http://isc.sans.org/diary.html?storyid=6739
Last Updated: 2009-07-07 02:33:54 UTC - "This diary entry contains a list of domains that are exploiting the new IE-0day as well as secondary domains that are hosting potentially malicious binaries utilized in these attacks. This list has been produced as a combined effort of researchers, vendors, and volunteers. You can thank the groups below for their efforts and their willingness to share this information with the public. This list is intended to serve as a quick way to provide protection against these attacks by identifying domains that are hosting these (and potentially other) exploits. This list is not formatted for any specific file format, it is up to you the reader to translate this date into the proper formatting that your environment requires... The information provided has had varying degrees of verification performed on it. As such this information is provided as is. There may very well be mistakes, mistakes that may result in legitimate sites being blocked if you choose to use this list as a block list..."

:fear:
 
0-day exploit leads to KILLAV...

FYI...

0-day exploit leads to KILLAV
- http://blog.trendmicro.com/zero-day...2tunerequest-exploit-leads-to-killav-malware/
July 6, 2009 - "... Around 967 Chinese websites are reported to be infected by a malicious script that leads users to successive site redirections and lands them to download a .JPG file containing the exploit. Trend Micro detects it as JS_DLOADER.BD... Upon successful exploitation, the script downloads another malware detected as WORM_KILLAV.AI. This malware disables and terminates antivirus software processes, and drops other malware on the affected system..."
(Screenshots available at the URL above.)

Edit/update - see: http://secunia.com/advisories/35683/2/
Last Update: 2009-07-14
Solution Status: Vendor Patch
MS09-032 (KB973346):
http://www.microsoft.com/technet/security/Bulletin/MS09-032.mspx ...

:fear::spider::fear:
 
Last edited:
MS Security Bulletin Advance Notification - July 2009

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx
July 09, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on July 14, 2009... (Total of -6-)

Critical -3-

Windows 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Windows 2
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows...

Windows 3
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows...

Important -3-

VPC/VS
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Virtual PC, Virtual Server...

ISA
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft ISA Server...

Publisher
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...
 
Microsoft Security Advisory (973472)

FYI...

Microsoft Security Advisory (973472)
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/973472.mspx
July 13, 2009 - "Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention. We are aware of attacks attempting to exploit the vulnerability. Customers may prevent the Microsoft Office Web Components from running in Internet Explorer either manually, using the instructions in the Workaround section, or automatically, using the solution found in Microsoft Knowledge Base Article 973472*..."
* http://support.microsoft.com/kb/973472#FixItForMe
July 13, 2009 - Revision: 1.2

- http://secunia.com/advisories/35800/2/
Release Date: 2009-07-13
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Solution: Set the kill-bit for the affected ActiveX control.
Provided and/or discovered by: Reported as a 0-day...

- http://isc.sans.org/diary.html?storyid=6778
Last Updated: 2009-07-14 01:35:23 UTC ...(Version: 8) - "... This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets... we are seeing active exploit pages... Start working on this ASAP. The impact is remote code execution with the privileges of the logged in user running Internet Explorer, and might not require user intervention. As in browse to a nasty web site and be pwn3d..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1136

:fear:
 
Last edited:
Microsoft Security Bulletin Summary - July 2009

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx
July 14, 2009 - "This bulletin summary lists security bulletins released for July 2009...
(Total of -6-)

Critical -3-

Microsoft Security Bulletin MS09-029
Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
- http://www.microsoft.com/technet/security/bulletin/MS09-029.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-028
Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
- http://www.microsoft.com/technet/security/bulletin/MS09-028.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-032
Cumulative Security Update of ActiveX Kill Bits (973346)
- http://www.microsoft.com/technet/security/bulletin/MS09-032.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows...

Important -3-

Microsoft Security Bulletin MS09-033
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
- http://www.microsoft.com/technet/security/bulletin/MS09-033.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Virtual PC, Virtual Server...

Microsoft Security Bulletin MS09-031
Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
- http://www.microsoft.com/technet/security/bulletin/MS09-031.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft ISA Server...

Microsoft Security Bulletin MS09-030
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (969516)
- http://www.microsoft.com/technet/security/bulletin/MS09-030.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office...
___

ISC Analysis
- http://isc.sans.org/diary.html?storyid=6790
Last Updated: 2009-07-14 17:34:08 UTC - "...MS09-032 - Note there are recently discovered killbits one should set that are -not- included in this update..." (See: http://support.microsoft.com/kb/973472#FixItForMe - July 14, 2009)
___

MSRT
- http://support.microsoft.com/?kbid=890830
Release Date: July 14, 2009
(Recent additions)
Win32/Winwebsec May 2009 (V 2.10) Moderate
Win32/InternetAntivirus June 2009 (V 2.11) Moderate
Win32/FakeSpypro July 2009 (V 2.12) Moderate
 
Last edited:
MS09-032 FAQ update...

FYI...

Microsoft Security Bulletin MS09-032 - Critical
Cumulative Security Update of ActiveX Kill Bits (973346)
- http://www.microsoft.com/technet/security/bulletin/ms09-032.mspx
Published: July 14, 2009 | Updated: July 15, 2009
"... Frequently Asked Questions (FAQ) Related to This Security Update
If I have applied the workaround from Microsoft Security Advisory 972890, do I need to install this security update?
Microsoft Security Advisory 972890 describes a workaround that prevents the Microsoft Video ActiveX Control from running in Internet Explorer. Customers can either manually apply this workaround or use the automated Microsoft Fix it solution in Microsoft Knowledge Base Article 972890 to enable the workaround. Customers who have applied this workaround using either method do -not- need to install this security update.
... Customers who want this update to be offered to Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems must remove the kill bit settings previously applied by the workaround by deleting the registry keys referenced in the workaround, "Prevent COM objects from running in Internet Explorer."
• V1.1 (July 15, 2009): Clarified a FAQ about the workaround from Microsoft Security Advisory 972890, added a FAQ about Microsoft Security Advisory 973472, and added a FAQ about the kill bits contained in this bulletin.

- http://windowssecrets.com/2009/07/16/07-Killbit-update-requires-Fix-it-undo-for-XP-PCs
July 16, 2009 - "... Anyone who applied the Fix-it workaround won't see the cumulative patch among the updates being offered to XP systems because the workaround removed the affected Registry keys."
 
MS Security Bulletin Advance Notification - July 2009... Two out-of-band

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx
July 24, 2009 - "This is an advance notification of two out-of-band security bulletins that Microsoft is intending to release on July 28, 2009. One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications. The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical...

Internet Explorer
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Internet Explorer...

Visual Studio
Maximum Severity Rating: Moderate
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Visual Studio...
 
MS OWC vuln used in site compromise

FYI...

MS OWC vuln used in site compromise
- http://securitylabs.websense.com/content/Alerts/3451.aspx
07.27.2009 - "Websense... has discovered that the Center for Defense Information (CDI) Web site has been compromised. The site is injected with a JavaScript code that exploits the latest Microsoft Office Web Components Control vulnerability... The vulnerability is in the Internet Explorer ActiveX control used to display Excel spreadsheets (CVE-2009-1136)... The exploit code pushes a Trojan from hxxp ://vicp .cc/. The Trojan has more than 50% detection*. Note that Microsoft provides a workaround for the problem in their Fixit** program..."

* http://www.virustotal.com/analisis/...2deb8b9df804af33da9f0ef3baee60138c-1248724806
File solar.exe received on 2009.07.27 20:00:06 (UTC)
Result: 24/41 (58.54%)

** http://support.microsoft.com/kb/973472#FixItForMe

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1136
Last revised: 07/16/2009
CVSS v2 Base Score: 9.3 (HIGH)

:mad:
 
Last edited:
MS Security Bulletin Summary - July 28, 2009

FYI...

Microsoft Security Advisory (973882)
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/973882.mspx
July 28, 2009 - "Microsoft is releasing this security advisory to provide information about our ongoing investigation into vulnerabilities in the public and private versions of Microsoft's Active Template Library (ATL). This advisory also provides guidance as to what developers can do to help ensure that the controls and components they have built are not vulnerable to the ATL issues; what IT Professionals and consumers can do to mitigate potential attacks that use the vulnerabilities; and what Microsoft is doing as part of its ongoing investigation into the issue described in this advisory. This security advisory will also provide a comprehensive listing of all Microsoft Security Bulletins and Security Updates related to the vulnerabilities in ATL. Microsoft's investigation into the private and public versions of ATL is ongoing, and we will release security updates and guidance as appropriate as part of the investigation process...
Updates related to ATL: Updates released on July 28, 2009...

Microsoft Security Bulletin MS09-034 - Critical
Cumulative Security Update for Internet Explorer (972260)
- http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx
July 28, 2009

Microsoft Security Bulletin MS09-035 - Moderate
Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
- http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx
July 28, 2009

- http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx
• V2.0 (July 28, 2009): Added Microsoft Security Bulletins MS09-034, Cumulative Security Update for Internet Explorer (972260), and MS09-035, Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706). Also added the bulletin webcast links for these out-of-band security bulletins.
___

- http://isc.sans.org/diary.html?storyid=6874
Last Updated: 2009-07-28 17:19:30 UTC ...(Version: 2)
___

- http://secunia.com/advisories/35962/2/
Release Date: 2009-07-28
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Microsoft Internet Explorer v5 - v8 ...
Solution: Apply patches...
Original Advisory: MS09-034 (KB972260):
http://www.microsoft.com/technet/security/Bulletin/MS09-034.mspx
Other References: Microsoft Security Advisory (KB973882):
http://www.microsoft.com/technet/security/advisory/973882.mspx ...

- http://secunia.com/advisories/35967/2/
Release Date: 2009-07-28
Critical: Moderately critical
Impact: System access, Exposure of sensitive information, Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software: Microsoft Visual C++ (multiple versions), Microsoft Visual Studio (multiple versions)...
Original Advisory: MS09-035 (KB969706, KB971089, KB971090, KB971091, KB971092, KB973544, KB973551, KB973552, KB973830):
http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx ...

- http://www.sophos.com/blogs/sophoslabs/v/post/5627
July 28, 2009 - "...MS09-035 fixes the actual ATL code included with several versions of Microsoft Visual Studio so that the new ActiveX components compiled with the fixed ATL code are not affected by the incorrect pointer passing vulnerability in CComVariant::ReadFromStream function. Developers of ActiveX components that use ATL are advised to recompile and update their components using the fixed version of the Active Template Library...."
 
Last edited:
MS Security Bulletin Summary - August 2009

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-aug.mspx
August 11, 2009 - "This bulletin summary lists security bulletins released for August 2009... (Total of -9-)

Critical -5-

Microsoft Security Bulletin MS09-043
Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
- http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office, Microsoft Visual Studio, Microsoft ISA Server, Microsoft BizTalk Server...

Microsoft Security Bulletin MS09-044
Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
- http://www.microsoft.com/technet/security/bulletin/MS09-044.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Remote Desktop Connection Client for Mac...

Microsoft Security Bulletin MS09-039
Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
- http://www.microsoft.com/technet/security/bulletin/MS09-039.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-038
Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)
- http://www.microsoft.com/technet/security/bulletin/MS09-038.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-037
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
- http://www.microsoft.com/technet/security/bulletin/MS09-037.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Important -4-

Microsoft Security Bulletin MS09-041
Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)
- http://www.microsoft.com/technet/security/bulletin/MS09-041.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-040
Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)
- http://www.microsoft.com/technet/security/bulletin/MS09-040.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS09-036
Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
- http://www.microsoft.com/technet/security/bulletin/MS09-036.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Does not require restart
Affected Software: Microsoft Windows, Microsoft .NET Framework...

Microsoft Security Bulletin MS09-042
Vulnerability in Telnet Could Allow Remote Code Execution (960859)
- http://www.microsoft.com/technet/security/bulletin/MS09-042.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows...
___

Severity and Exploitabilty Index (chart)
- http://blogs.technet.com/photos/msrcteam/images/3272462/original.aspx
___

ISC Analysis
- http://isc.sans.org/diary.html?storyid=6937
Last Updated: 2009-08-11 19:22:14 UTC
___

MSRT
- http://support.microsoft.com/?kbid=890830
Release Date: 8/11/2009
(Recent additions)
Win32/InternetAntivirus June 2009 (V 2.11) Moderate
Win32/FakeSpypro July 2009 (V 2.12) Moderate
Win32/FakeRean August 2009 (V 2.13) Moderate
 
Last edited:
Microsoft Security Advisories- updated/new

FYI...

Microsoft Security Advisory (973882)
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/973882.mspx
Published: July 28, 2009 | Updated: August 11, 2009 - "...Updates related to ATL:
- Updates released on August 11, 2009
• MS09-037 - Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/bulletin/ms09-037.mspx
• MS09-035 - Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution
Published: July 28, 2009 | Updated: August 11, 2009
http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx
- Updates released on July 28, 2009
• MS09-035 - Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution
• MS09-034 - Cumulative Security Update for Internet Explorer
http://www.microsoft.com/technet/security/bulletin/ms09-034.mspx
- Update released on July 14, 2009
• MS09-032 - Cumulative Security Update of ActiveX Kill Bits
http://www.microsoft.com/technet/security/bulletin/ms09-032.mspx
___

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft.com/technet/security/advisory/973811.mspx
Published: August 11, 2009 - "Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA). The update itself does not directly provide protection against specific attacks such as credential forwarding, but allows applications to opt-in to Extended Protection for Authentication. This advisory briefs developers and system administrators on this new functionality and how it can be deployed to help protect authentication credentials... Apply the updates associated with security bulletin MS09-042...
http://www.microsoft.com/technet/security/bulletin/ms09-042.mspx

Microsoft Security Advisory (973472)
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/973472.mspx
Published: July 13, 2009 | Updated: August 11, 2009 - "... We have issued MS09-043* to address this issue..."
* http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx

.
 
MS09-039 exploit in the wild

FYI...

- http://isc.sans.org/diary.html?storyid=6976
Last Updated: 2009-08-18 10:24:24 UTC - "... the MS09-039* vulnerability is actively exploited in the wild. To remind you, this vulnerability affects servers with the WINS service installed. The patch fixes two vulnerabilities. We do not have any technical information yet. However, the DShield graph shows a relatively high increase in targets for port 42 (see http://isc.sans.org/port.html?port=42 )... TCP port 42 is used for WINS replication..."
* http://www.microsoft.com/technet/security/bulletin/MS09-039.mspx

:fear::fear:
 
Microsoft Security Advisory (973882) - ATL

FYI...

Microsoft Security Advisory (973882)
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/973882.mspx
• V3.0 (August 25, 2009): Advisory revised to provide details about the Windows Live Messenger* 14.0.8089 release and to communicate the removal of the Windows Live Hotmail "Attach Photo" feature.

* http://download.live.com/messenger

:fear:
 
Microsoft Security Advisory (967940) - Update for Windows Autorun

FYI...

Microsoft Security Advisory (967940)
Update for Windows Autorun
- http://www.microsoft.com/technet/security/advisory/967940.mspx
• V1.1 (August 25, 2009): Summary revised to notify users of an update to Autorun that restricts AutoPlay functionality to CD-ROM and DVD-ROM media, available for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 from Microsoft Knowledge Base Article 971029*.
* http://support.microsoft.com/kb/971029

:fear:
 
Microsoft Security Advisory (975191) - IIS

FYI...

Microsoft Security Advisory (975191)
Vulnerability in Internet Information Services FTP Service Could Allow for Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/975191.mspx
September 01, 2009 - "Microsoft is investigating new public reports of a vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, and Microsoft Internet Information Services (IIS) 6.0. The vulnerability could allow remote code execution on affected systems that are running the FTP service and are connected to the Internet. Microsoft is aware that detailed exploit code has been published on the Internet for this vulnerability. Microsoft is -not- currently aware of active attacks that use this exploit code or of customer impact at this time...
(See: )
Workarounds...
Additional Suggested Actions..."
* http://support.microsoft.com/kb/975191
September 2, 2009

> http://secunia.com/advisories/36443/2/
Release Date: 2009-09-01

- http://www.microsoft.com/technet/security/advisory/975191.mspx
"... Microsoft is currently aware of limited attacks that use this exploit code..."
Workarounds...
• Do not allow FTP write access to anonymous users...
• Do not allow FTP access to anonymous users...
• Modify NTFS file system permissions to disallow directory creation by FTP users...
• Upgrade to FTP Service 7.5 - FTP Service 7.5 is available for Windows Vista and Windows Server 2008. This version of FTP Service is not affected by the vulnerabilities in this advisory...
• Disable the FTP Service...
---
• V2.0 (September 3, 2009): Advisory revised to add CVE-2009-2521 and to provide more information on affected software, mitigations, and workarounds.

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3023
Last revised: 09/04/2009
CVSS v2 Base Score: 9.0 (HIGH)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2521
Last revised: 09/04/2009

:fear:
 
Last edited:
MS Bulletin Advance Notification - September 2009

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-sep.mspx
September 03, 2009 - "This is an advance notification of security bulletins that Microsoft is intending to release on September 8, 2009... (Total of 5)

Critical -5-

Bulletin 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows

Bulletin 2
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Vulnerability Impact: Microsoft Windows

Bulletin 3
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows

Bulletin 4
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Vulnerability Impact: Microsoft Windows

Bulletin 5
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows
 
MS Security Bulletin Summary - September 2009

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS09-sep.mspx
September 08, 2009 - "This bulletin summary lists security bulletins released for September 2009... security bulletins for this month in order of severity... (Total of -5-)

Critical -5-

Microsoft Security Bulletin MS09-045
Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
- http://www.microsoft.com/technet/security/bulletin/MS09-045.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS09-049
Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710)
- http://www.microsoft.com/technet/security/bulletin/MS09-049.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS09-047
Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)
- http://www.microsoft.com/technet/security/bulletin/MS09-047.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS09-048
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
- http://www.microsoft.com/technet/security/bulletin/MS09-048.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS09-046
Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844)
- http://www.microsoft.com/technet/security/bulletin/MS09-046.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows
___

MS09-045 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1920
MS09-046 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2519
MS09-047 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2498
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2499
MS09-048 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4609
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1925
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1926
MS09-049 - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1132
___

ISC Analysis
- http://isc.sans.org/diary.html?storyid=7099
Last Updated: 2009-09-08 19:14:07 UTC
___

MS Severity and Exploitability Index
- http://blogs.technet.com/photos/msrcteam/images/3279846/original.aspx

MS Deployment Prioritization Assessment
- http://blogs.technet.com/photos/msrcteam/images/3279847/original.aspx

.
 
Last edited:
FYI...

Vista/2008/Windows7 SMB2 BSOD 0-Day
- http://isc.sans.org/diary.html?storyid=7093
Last Updated: 2009-09-08 13:09:06 UTC - "... vulnerability affecting Microsoft SMB2* can be remotely crashed with proof-of-concept code that has been published yesterday and a Metasploit module is out. We have confirmed it affects Windows 7/Vista/Server 2008. The exploit needs no authentication, only file sharing enabled with one 1 packet to create a BSOD. We recommend filtering access to port TCP 445 with a firewall. Windows 2000/XP are NOT affected by this exploit..."
* http://en.wikipedia.org/wiki/Server_Message_Block#SMB2
___

Microsoft Security Advisory (975497)
Vulnerabilities in SMB Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/975497.mspx
September 08, 2009 - "Microsoft is investigating new public reports of a possible vulnerability in Microsoft Server Message Block (SMB) implementation. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time... Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs...
Workarounds...
• Disable SMB v2... modify the registry key...
• Block TCP ports 139 and 445 at the firewall..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3103
Last revised: 09/09/2009

- http://www.symantec.com/connect/blogs/bsod-and-possibly-more
September 15, 2009

:fear:
 
Last edited:
SMB2 remote exploit released

FYI...

SMB2 remote exploit released
- http://isc.sans.org/diary.html?storyid=7141
Last Updated: 2009-09-16 21:15:36 UTC - "... 0-day vulnerability in SMB2 on Windows Vista and Server 2008 operating systems... Yesterday a well known security company added a module for their exploitation product. The module contains the remote exploit for this vulnerability – in other words, any user running this tool can get full access to affected machines. If the exploit is stable enough, it can _very easily_ be used in a worm, so it can potentially be devastating. So, if you are running a Windows Vista or Server 2008 machine (Windows 7 RTM is not affected, RC *is*), be sure you apply one of workarounds listed by Microsoft (they are not perfect, but they can help), available here*..."
* http://www.microsoft.com/technet/security/advisory/975497.mspx

- http://www.theregister.co.uk/2009/09/16/windows_vista_exploit_released/
16 September 2009

:fear::mad::fear:
 
Last edited:
You must log in or register to reply here.
Back
Top