Old MS Alerts

MS Security Bulletin Summary - February 2010

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS10-feb.mspx
February 09, 2010 - "This bulletin summary lists security bulletins released for February 2010... (Total of -13-)

Critical -5-

Microsoft Security Bulletin MS10-006 - Critical
Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
- http://www.microsoft.com/technet/security/Bulletin/MS10-006.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-007 - Critical
Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
- http://www.microsoft.com/technet/security/bulletin/MS10-007.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-008 - Critical
Cumulative Security Update of ActiveX Kill Bits (978262)
- http://www.microsoft.com/technet/security/bulletin/ms10-008.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-009 - Critical
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
- http://www.microsoft.com/technet/security/Bulletin/MS10-009.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-013 - Critical
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
- http://www.microsoft.com/technet/security/bulletin/MS10-013.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Important -7-

Microsoft Security Bulletin MS10-003 - Important
Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
- http://www.microsoft.com/technet/security/bulletin/MS10-003.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office

Microsoft Security Bulletin MS10-004 - Important
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
- http://www.microsoft.com/technet/security/Bulletin/MS10-004.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office

Microsoft Security Bulletin MS10-010 - Important
Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
- http://www.microsoft.com/technet/security/bulletin/MS10-010.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-011 - Important
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
- http://www.microsoft.com/technet/security/Bulletin/MS10-011.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-012 - Important
Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
- http://www.microsoft.com/technet/security/Bulletin/MS10-012.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-014 - Important
Vulnerability in Kerberos Could Allow Denial of Service (977290)
- http://www.microsoft.com/technet/security/bulletin/MS10-014.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-015 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
- http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Moderate -1-

Microsoft Security Bulletin MS10-005 - Moderate
Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
- http://www.microsoft.com/technet/security/bulletin/ms10-005.mspx
Maximum Severity Rating: Moderate
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows
___

Severity and Exploitability Index
- http://blogs.technet.com/photos/msrcteam/images/3311615/original.aspx

Deployment Priority
- http://blogs.technet.com/photos/msrcteam/images/3311613/original.aspx
___

ISC Analysis
- http://isc.sans.org/diary.html?storyid=8197
Last Updated: 2010-02-09 19:28:42 UTC
___

MSRT
- http://support.microsoft.com/?kbid=890830
February 9, 2010 - Revision: 69.0
(Recent additions)
- http://www.microsoft.com/security/malwareremove/families.aspx
Win32/Hamweq - December 2009 (V 3.2) Moderate
Win32/Rimecud - January 2010 (V 3.3) Moderate
Win32/Pushbot - February 2010 (V 3.4) Severe
- http://go.microsoft.com/fwlink/?LinkId=40587
File Name: windows-kb890830-v3.4.exe
Version: 3.4
___

Secunia advisory references - MS Security Bulletins - Feb. 2010
MS10-003 - http://secunia.com/advisories/38481/2/
MS10-004 - http://secunia.com/advisories/38493/2/
MS10-004 - http://secunia.com/advisories/35115/2/
MS10-005 - http://secunia.com/advisories/36634/2/
MS10-006 - http://secunia.com/advisories/38500/2/
MS10-007 - http://secunia.com/advisories/38501/2/
MS10-008 - http://secunia.com/advisories/38485/2/
MS10-009 - http://secunia.com/advisories/38506/2/
MS10-010 - http://secunia.com/advisories/38508/2/
MS10-011 - http://secunia.com/advisories/38509/2/
MS10-012 - http://secunia.com/advisories/38510/2/
MS10-013 - http://secunia.com/advisories/38511/2/
MS10-014 - http://secunia.com/advisories/38512/2/
MS10-015 - http://secunia.com/advisories/38265/2/

.
 
Last edited:
Microsoft Security Advisories 979682 / 977377

FYI...

Microsoft Security Advisory (979682)
Vulnerability in Windows Kernel Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/979682.mspx
Updated: February 09, 2010 - "... We have issued MS10-015* to address this issue..."
* http://blogs.technet.com/msrc/archi...ate-re-released-with-new-detection-logic.aspx
• V1.2 (March 2, 2010): Added an item to the Frequently Asked Questions (FAQ) About this Security Update to announce the offering of revised packages on Windows Update. Customers who have already successfully updated their systems do not need to take any action.
• V1.3 (March 17, 2010): Added verification registry keys for the revised packages released March 2, 2010 for Microsoft Windows 2000, Windows XP, and Windows Server 2003. This is an informational change only.

Microsoft Security Advisory (977377)
Vulnerability in TLS/SSL Could Allow Spoofing
- http://www.microsoft.com/technet/security/advisory/977377.mspx
2/9/2010 - "Microsoft is investigating public reports of a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. At this time, Microsoft is not aware of any attacks attempting to exploit the reported vulnerability. As an issue affecting an Internet standard, we recognize that this issue affects multiple vendors... The TLS and SSL protocols are implemented in several Microsoft products, both client and server, and this advisory will be updated as our investigation continues... As part of this security advisory, Microsoft is making available a workaround which enables system administrators to disable TLS and SSL renegotiation functionality. However, as renegotiation is required functionality for some applications, this workaround* is not intended for wide implementation and should be tested extensively prior to implementation..."
* http://support.microsoft.com/kb/977377

- http://secunia.com/advisories/38365/2/
Release Date: 2010-02-09
Critical: Less critical
Solution Status: Unpatched
Original Advisory:
http://www.microsoft.com/technet/security/advisory/977377.mspx

:fear:
 
Last edited:
MS10-015 may cause WinXP BSOD

FYI...

- http://isc.sans.org/diary.html?storyid=8215
Last Updated: 2010-02-11 20:24:17 UTC - "UPDATE: I have been in contact with Microsoft and they have insured me that there were no updates done outside of their normal updates. They said that if the Auto Update was turned off - then NO updates were done. So the plot thickens. How is it that NO updates were done either by the software vendor or by Microsoft and yet the machines Blue Screened. Just what is it that happened to our Windows XP -and- Windows Vista machines that rendered them blue. I will update again as soon as more information becomes available from either Microsoft or the Vendor..."
Last Updated: 2010-02-11 19:12:54 UTC - Deborah Hale - "... I did finally get a call back from the company as well as a couple of emails indicating that the problem -was- a result of the Microsoft updates. This really puzzles me because most of our machines are setup to NOT download and install the updates for this very reason. We prefer to wait a few days after the update is released before we actually install. We prefer to wait to see if there are problems and give Microsoft an opportunity to fix it before it breaks computers. So my question is: "Did Microsoft force an update despite our auto updates being turned off?" I have verified that the majority of the computers APPEAR to have not had the patches applied. I have present(ed) this question to Microsoft and have no answer back yet. As soon as I do I will update..."

MS10-015 may cause Windows XP to blue screen
- http://isc.sans.org/diary.html?storyid=8209
Last Updated: 2010-02-11 14:56:42 UTC - "We have heard about reports that MS10-015* causes some Windows XP machines to blue screen. If you are seeing this issue, please let us know. (I am filling in for Deborah on this diary as she is ironically busy dealing with lots of blue screens in her organization, which may be related). See for example:
- http://www.krebsonsecurity.com/2010/02/new-patches-cause-bsod-for-some-windows-xp-users/
-and-
- http://social.answers.microsoft.com/Forums/en-US/vistawu/thread/73cea559-ebbd-4274-96bc-e292b69f2fd1 "

Microsoft Security Bulletin MS10-015 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
* http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx
• V1.1 (February 10, 2010): Corrected the verification registry key for all supported x64-based editions of Windows XP. This is an informational change only.

:sad::fear:
 
Last edited:
MSRC - MS10-015 restart issues

FYI...

MSRC: Restart issues after installing MS10-015
- http://blogs.technet.com/msrc/archive/2010/02/11/restart-issues-after-installing-ms10-015.aspx
February 11, 2010 - "... we are aware that after installing the February security updates a limited number of users are experiencing issues restarting their computers. Our initial analysis suggests that the issue occurs after installing MS10-015 (KB977165). However, we have not confirmed that the issue is specific to MS10-015 or if it is an interoperability problem with another component or third-party software. Our teams are working to resolve this as quickly as possible. We also stopped offering this update through Windows Update as soon as we discovered the restart issues. However, those using enterprise deployment systems such as SMS or WSUS will still see and be able to deploy these packages... While we work to address this issue, customers who choose not to install the update can implement the workaround outlined in the bulletin. CVE-2010-0232 was publicly disclosed and we previously issued Security Advisory 979682 in response. Customers can disable the NTVDM subsystem as a workaround and we have provided an automated method of doing that with a Microsoft Fix It that you can find here:
http://support.microsoft.com/kb/979682 ..."

:fear:
 
MSRC - Update on MS10-015 issue...

FYI...

MSRC - Update - Restart Issues After Installing MS10-015
- http://blogs.technet.com/msrc/archi...restart-issues-after-installing-ms10-015.aspx
February 12, 2010 - "In our continuing investigation in to the restart issues related to MS10-015 that a limited number of customers are experiencing, we have determined that malware on the system can cause the behavior. We are not yet ruling out other potential causes at this time and are still investigating... This can be a difficult issue to solve once a computer is in an un-bootable state so we encourage customers who feel they have been impacted by this to contact our Customer Service and Support group... Keep an eye on this blog for more updates as we have them."

- http://www.krebsonsecurity.com/2010/02/rootkit-may-be-culprit-in-recent-windows-crashes/
February 12, 2010

:fear:
 
Last edited:
MS10-015 and the Alureon Rootkit

FYI...

MS10-015 and the Alureon Rootkit
- http://blogs.technet.com/msrc/archi...talling-ms10-015-and-the-alureon-rootkit.aspx
February 17, 2010 6:29 PM - "...Our investigation has concluded that the reboot occurs because the system is infected with malware, specifically the Alureon rootkit*. We were able to reach this conclusion after the comprehensive analysis of memory dumps obtained from multiple customer machines and extensive testing against third party applications and software. The restarts are the result of modifications the Alureon rootkit makes to Windows Kernel binaries, which places these systems in an unstable state. In every investigated incident, we have not found quality issues with security update MS10-015... While this issue could impact any 32bit Windows system that was infected with the malware, since reports are predominately on 32bit versions of Windows XP this test process is described at a high level focusing on that version in the... table (shown at the URL above)... the presence of Alureon does -not- allow for a successful boot of the compromised system. The Windows Engineering team continued testing different configurations, as well as retesting several third party applications, leading to our firm conclusion that the blue screen issue is the result of the Alureon rootkit. A malware compromise of this type is serious, and if customers cannot confirm removal of the Alureon rootkit using their chosen anti-virus/anti-malware software, the most secure recommendation is for the owner of the system to back up important files and completely restore the system from a cleanly formatted disk..."
* http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus:Win32/Alureon.A

[ > Of course, it never occurred to their marketing "genius" that they might think to use their own product to lay the groundwork for a clean install. Maybe this should be their blueprint/template for future MS Update rollouts - force the MSRT -first-. :- ( ]
- http://isc.sans.org/diary.html?storyid=8266
Last Updated: 2010-02-19 01:39:31 UTC
> http://www.prevx.com/blog/143/BSOD-after-MS-TDL-authors-apologize.html
2/16/2010

MS MMPC blog - February 17, 2010:
http://blogs.technet.com/mmpc/archi...fected-machine-after-ms10-015-is-applied.aspx
"...For the most common system configuration (for machines using ATA hard disk drives), the ATA miniport driver ‘atapi.sys’ is the file which is targeted... ‘atapi.sys’ resides at the following location: %windir%\system32\drivers\atapi.sys "

(Was) Cleaned by the MSRT ( ... probably not now, since the malware authors have changed their footprint.)
- http://www.microsoft.com/security/malwareremove/families.aspx
• Alureon...
> http://go.microsoft.com/fwlink/?LinkId=40587
Date Published: 2/9/2010
File Name: windows-kb890830-v3.4.exe
Version: 3.4

:fear:
 
Last edited:
Win32hlp and IE issue...

FYI...

New win32hlp and IE issue
- http://blogs.technet.com/msrc/archi...new-win32hlp-and-internet-explorer-issue.aspx
February 28, 2010 - "On Friday 2/26/2010, an issue was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box. We are not aware of any attacks seeking to exploit this issue at this time and in the current state of our investigation, we have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue. The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system. To help customers better understand unsafe file types, we have published a white paper on the topic which you can find by clicking this link*. Once we have completed our investigation, we will take appropriate action to protect customers..."
* http://www.microsoft.com/downloads/...FamilyID=b7d03027-9791-443b-8bbe-0542b3aa4bfe

- http://secunia.com/advisories/38727/
Release Date: 2010-03-01
Criticality level: Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Systems affected: XP Home, XP Professional
Solution: Avoid pressing F1 on untrusted websites. Disable Active Scripting support

Also:
- http://isc.sans.org/diary.html?storyid=8329
"Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it is time to update."

:fear:
 
Last edited:
IE 0-day using .hlp files

FYI...

Microsoft Security Advisory (981169)
Vulnerability in VBScript Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/981169.mspx
March 01, 2010 - "Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. The main impact of the vulnerability is remote code execution. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.
The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user. On systems running Windows Server 2003, Internet Explorer Enhanced Security Configuration is enabled by default, which helps to mitigate against this issue. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers...
Affected Software:
Microsoft Windows 2000 SP4, Windows XP SP2, Windows XP SP3, and Windows XP Pro x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition SP2..."

IE 0-day using .hlp files
- http://isc.sans.org/diary.html?storyid=8332
Last Updated: 2010-03-01 23:12:47 UTC

- http://preview.tinyurl.com/ybnajys
March 01, 2010 - MSRC Engineering

- http://securitytracker.com/alerts/2010/Mar/1023668.html
Mar 2 2010

- http://secunia.com/advisories/38916/
Release Date: 2010-03-11
Solution: Avoid pressing F1 inside documents or images placed in untrusted directories...

:fear:
 
Last edited:
MS10-015 re-released with new detection logic

FYI...

MS10-015 re-released with new detection logic
- http://blogs.technet.com/msrc/archi...ate-re-released-with-new-detection-logic.aspx
March 02, 2010 - "... we have revised the installation packages for MS10-015 with new logic that prevents the security update from being installed on systems if certain abnormal conditions exist. Such conditions could be the result of an infection with a computer virus such as the Alureon rootkit. If these conditions are detected, the update will not be installed and the result will be a standard Windows Update error. If a user receives this error, they should go to the following landing page for additional help:
http://www.microsoft.com/security/updates/015
At this time, we have resumed offering the update to all affected systems via Automatic Updates. We have also released a Microsoft Fix It* as a standalone scanning tool that reports on the compatibility of a system with the MS10-015 update. The scanning tool can also be deployed through enterprise deployment systems allowing administrators to detect compatibility with the update before deploying broadly. The Fix It and deployment information are available at Microsoft Knowledge Base Article 980966..."
* http://support.microsoft.com/kb/980966
"... This Fix it solution does not resolve the issue. Instead, this Fix it solution only notifies you of a possible issue and suggests next steps..."

- http://www.microsoft.com/technet/security/bulletin/MS10-015.mspx?pubDate=2010-03-02
• V1.2 (March 2, 2010): Added an item to the Frequently Asked Questions (FAQ) About this Security Update to announce the offering of revised packages on Windows Update. Customers who have already successfully updated their systems do not need to take any action. [ KB 977165 ]

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0232
Last revised: 02/23/2010
CVSS v2 Base Score: 7.2 (HIGH)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0233
Last revised: 02/16/2010
CVSS v2 Base Score: 7.2 (HIGH)

:fear:
 
Last edited:
MS Security Bulletin Advance Notification - March 2010

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx
March 04, 2010 - "This is an advance notification of security bulletins that Microsoft is intending to release on March 9, 2010... (Total of -2-)

Important (2)

Bulletin 1
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Windows

Bulletin 2
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Office

- http://blogs.technet.com/msrc/archi...10-bulletin-release-advance-notification.aspx
"... Both bulletins are rated Important and address a total of 8 vulnerabilities..."

MS to end support for Vista0 and XPSP2...
- http://isc.sans.org/diary.html?date=2010-03-01
2010-03-01 - "Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it is time to update."

:fear:
 
Last edited:
MS Security Bulletin Summary - March 2010

FYI...

- https://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx
March 09, 2010 - "This bulletin summary lists security bulletins released for March 2010... (Total of -2-)

Important -2-

Microsoft Security Bulletin MS10-016 - Important
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)
- http://www.microsoft.com/technet/security/bulletin/ms10-016.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows, Microsoft Office

Microsoft Security Bulletin MS10-017 - Important
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
- http://www.microsoft.com/technet/security/Bulletin/MS10-017.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office

Deployment Priority
- http://blogs.technet.com/photos/msrcteam/images/3317885/original.aspx

Severity and Exploitability Index
- http://blogs.technet.com/photos/msrcteam/images/3317884/original.aspx

- http://blogs.technet.com/msrc/archive/2010/03/09/march-2010-security-bulletin-release.aspx
___

ISC Analysis
- http://isc.sans.org/diary.html?storyid=8392
Last Updated: 2010-03-09 18:10:05 UTC
___

MSRT
- http://support.microsoft.com/?kbid=890830
March 9, 2010 - Revision: 70.0
(Recent additions)
- http://www.microsoft.com/security/malwareremove/families.aspx
... added this release
• Helpud: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Helpud

- http://go.microsoft.com/fwlink/?LinkId=40587
File Name: windows-kb890830-v3.5.exe
Version: 3.5
___

Movie Maker
- http://secunia.com/advisories/38791/
MS10-016

Excel
- http://secunia.com/advisories/38805/
MS10-017

.
 
Last edited:
MS Security Advisories - 2010.03.09 ...

FYI...

Microsoft Security Advisory (981374)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/981374.mspx
March 09, 2010 | Updated: March 10, 2010 - "Microsoft is investigating new, public reports of a vulnerability in Internet Explorer 6 and Internet Explorer 7. Our investigation has shown that the latest version of the browser, Internet Explorer 8, is not affected. The main impact of the vulnerability is remote code execution. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue..."
- http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx
KB 981374:
- http://support.microsoft.com/kb/981374
See "APPLIES TO"...
• V1.1 (March 10, 2010): Restated the mitigation concerning the e-mail vector. Added a new workaround for disabling the peer factory class in iepeers.dll.

- http://blog.trendmicro.com/new-ie-zero-day-exploit-cve-2010-0806/
03/11/2010 - "... malicious JavaScript file as JS_SHELLCODE.CD... exploits CVE-2010-0806*"
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0806
Last revised: 03/11/2010
CVSS v2 Base Score: 9.3 (HIGH)

IE 0-day - IE6, IE7...
- http://www.krebsonsecurity.com/2010/03/microsoft-warns-of-internet-explorer-0day/
March 9, 2010

- http://secunia.com/advisories/38860/
Last Update: 2010-03-12
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: MS IE6, IE7 ...

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft.com/technet/security/advisory/973811.mspx
August 11, 2009 | Updated: March 09, 2010 - "This advisory was released to announce to customers the release of a non-security update to make available a new feature, Extended Protection for Authentication, on the Windows platform...
•V1.3 (March 9, 2010): Updated the FAQ to announce the rerelease (see "Affected Software") of the update that enables Internet Information Services to opt in to Extended Protection for Authentication. For more information, see Known issues in Microsoft Knowledge Base Article 973917*
* ( http://support.microsoft.com/kb/973917 )
- http://support.microsoft.com/kb/973811

:fear:
 
Last edited:
MS IE Security Advisory updated...

FYI...

Microsoft Security Advisory (981374)
Vulnerability in Internet Explorer Could Allow Remote Code Execution - IEv6-IEv7
- http://www.microsoft.com/technet/security/advisory/981374.mspx
Published: March 09, 2010 | Updated: March 12, 2010
• V1.2 (March 12, 2010): Added an automated Microsoft Fix it solution* to apply or undo the workaround for disabling the peer factory class on Windows XP or Windows Server 2003. (See "Workarounds")
* http://support.microsoft.com/kb/981374

- http://blogs.technet.com/msrc/archive/2010/03/12/update-on-security-advisory-981374.aspx
March 12, 2010 - "... we are working hard to produce an update which is now in testing..."

- http://www.sophos.com/support/knowledgebase/article/110399.html

:fear:
 
Last edited:
MS10-017-Excel-updated-fixed...

FYI...

MS10-017-Excel-updated-fixed...
Non-English Text in Add or Remove Programs tool
- http://blogs.technet.com/office_sus...lish-text-in-add-or-remove-programs-tool.aspx
March 12, 2010 - "We have received reports from some of our Excel 2003 and Excel 2002 customers that after installing update KB978471 or KB978474, they are seeing non-English text in the Add or Remove Programs tool (WinXP) or the Programs and Features --> Installed Updates view (Vista, Win7). The title text being displayed for this update is Chinese Simplified. It’s very important to note that this cosmetic issue does not affect the functionality of the update. All of the security fixes in this bulletin (MS10-017) are included in the update. If English text in your Add or Remove Programs tool (WinXP) or the Programs and Features --> Installed Updates view (Vista, Win7) is a requirement, there is a two-part workaround available.
1. Un-install this update
2. Navigate to the link below and install a corrected version of the update from the Download Center.
EXCEL 2002: http://download.microsoft.com/downl...99BE081880/officexp-KB978471-FullFile-ENU.exe
EXCEL 2003: http://download.microsoft.com/downl...927626BD/office2003-KB978474-FullFile-ENU.exe "

:sad:
 
IE 0-Day status: IEv6, IEv7...

FYI...

IE 0-Day status: IEv6, IEv7...
- http://securitylabs.websense.com/content/Blogs/3585.aspx
03.19.2010 - "... Internet Explorer zero-day exploits are not new to the world: we have been suffering from them since the beginning of IE... Just a week after the exploit code was exposed to the world we have seen many variants come out..."

- http://www.microsoft.com/technet/security/advisory/981374.mspx
Updated: March 12, 2010
• V1.2 (March 12, 2010): Added an automated Microsoft Fix it* solution to apply or undo the workaround for disabling the peer factory class on Windows XP or Windows Server 2003.
* http://support.microsoft.com/kb/981374
Last Review: March 13, 2010 - Revision: 4.0

- http://secunia.com/advisories/38860
Last Update: 2010-03-15
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Internet Explorer 6.x, Microsoft Internet Explorer 7.x

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0806
Last revised: 03/16/2010
CVSS v2 Base Score: 9.3 (HIGH)

:fear::fear:
 
IE update to be released March 30, 2010

FYI...

IE update to be released March 30, 2010
- http://www.microsoft.com/technet/security/bulletin/ms10-mar.mspx
March 29, 2010 - "This is an advance notification of an out-of-band security bulletin that Microsoft is intending to release on March 30, 2010. The bulletin is being released to address attacks against customers of Internet Explorer 6 and Internet Explorer 7... described in Microsoft Security Advisory 981374. The out-of-band security bulletin is a cumulative security update for Internet Explorer and will also contain fixes for privately reported vulnerabilities rated Critical on -all- versions of Internet Explorer that are not related to this attack..."

- http://blogs.technet.com/msrc/archi...-cumulative-update-releasing-out-of-band.aspx
March 29, 2010 - "... Security Bulletin MS10-18 is a cumulative update, it will also address nine other vulnerabilities in Internet Explorer..."

:fear:
 
Last edited:
MS10-018 IE patch released...

FYI...

Microsoft Security Bulletin MS10-018 - Critical
Cumulative Security Update for Internet Explorer (980182)
- http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx
March 30, 2010 - "This security update resolves nine privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer... The security update addresses these vulnerabilities by modifying the way that Internet Explorer verifies the origin of scripts and handles objects in memory, content using encoding strings, and long URL... This security update also addresses the vulnerability first described in Microsoft Security Advisory 981374..."
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Internet Explorer
* http://support.microsoft.com/kb/980182

Aggregate severity on Internet Explorer 6, 7, and 8
Graphic: http://blogs.technet.com/photos/msrcteam/images/3322077/original.aspx

- http://isc.sans.org/diary.html?storyid=8533
Last Updated: 2010-03-30 17:19:30 UTC
Uninitialized Memory Corruption Vulnerability - CVE-2010-0267
Post Encoding Information Disclosure Vulnerability - CVE-2010-0488
Race Condition Memory Corruption Vulnerability - CVE-2010-0489
Uninitialized Memory Corruption Vulnerability - CVE-2010-0490
HTML Object Memory Corruption Vulnerability - CVE-2010-0491
HTML Object Memory Corruption Vulnerability - CVE-2010-0492
HTML Element Cross-Domain Vulnerability - CVE-2010-0494
Memory Corruption Vulnerability - CVE-2010-0805
Uninitialized Memory Corruption Vulnerability - CVE-2010-0806
HTML Rendering Memory Corruption Vulnerability - CVE-2010-0807

- http://secunia.com/advisories/38860
Last Update: 2010-03-30
Criticality level: Extremely critical
Impact: Exposure of sensitive information, System access
Where: From remote
Software: MS IE 5.01, 6.x, 7.x, 8.x
Solution: Apply patches.
Advisory: MS10-018 (KB980182):
http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx

- http://atlas.arbor.net/briefs/index#-443267133
March 31, 2010 - "Analysis: This is a critical fix for -all- users of IE and Windows that we encourage people to apply immediately. Exploits are in use in the wild."

Active Exploitation of CVE-2010-0806
- http://blogs.technet.com/blogfiles/...iveExploitationofCVE20100806_9A4A/image_2.png
March 10-28, 2010

:fear:
 
Last edited:
MS Security Bulletin Advance Notification - April 2010

FYI...

MS Security Bulletin Advance Notification - April 2010
- http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx
April 08, 2010 - "This is an advance notification of security bulletins that Microsoft is intending to release on April 13, 2010..." (5 Critical, 5 Important, 1 Moderate)

- http://blogs.technet.com/msrc/archi...10-bulletin-release-advance-notification.aspx
April 08, 2010 - "... next Tuesday we will release 11 bulletins addressing 25 vulnerabilities in Windows, Microsoft Office, and Microsoft Exchange... we will be closing the following open Security Advisories with next week’s updates:
· Microsoft Security Advisory (981169) - Vulnerability in VBScript Could Allow Remote Code Execution.
· Microsoft Security Advisory (977544) - Vulnerability in SMB Could Allow Denial of Service ..."

:fear:
 
Last edited:
MS Security Bulletin Summary - April 2010

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS10-apr.mspx
April 13, 2010 - "This bulletin summary lists security bulletins released for April 2010... (Total of -11-)

Critical -5-

Microsoft Security Bulletin MS10-019 - Critical
Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
- http://www.microsoft.com/technet/security/Bulletin/MS10-019.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-020 - Critical
Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
- http://www.microsoft.com/technet/security/Bulletin/MS10-020.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-025 - Critical
Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
- http://www.microsoft.com/technet/security/Bulletin/MS10-025.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-026 - Critical
Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
- http://www.microsoft.com/technet/security/Bulletin/MS10-026.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-027 - Critical
Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
- http://www.microsoft.com/technet/security/Bulletin/MS10-027.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows

Important -5-

Microsoft Security Bulletin MS10-021 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
- http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-022 - Important
Vulnerability in VBScript Could Allow Remote Code Execution (981169)
- http://www.microsoft.com/technet/security/Bulletin/MS10-022.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-023 - Important
Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
- http://www.microsoft.com/technet/security/bulletin/ms10-023.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office

]Microsoft Security Bulletin MS10-024 - Important
Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
- http://www.microsoft.com/technet/security/bulletin/ms10-024.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Microsoft Exchange

Microsoft Security Bulletin MS10-028 - Important
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
- http://www.microsoft.com/technet/security/bulletin/ms10-028.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office

Moderate -1-

Microsoft Security Bulletin MS10-029 - Important
Vulnerabilities in Windows ISATAP Component Could Allow Spoofing (978338)
- http://www.microsoft.com/technet/security/bulletin/ms10-029.mspx
Maximum Severity Rating: Moderate
Vulnerability Impact: Spoofing
Restart Requirement: Requires restart
Affected Software: Microsoft Windows
___

ISC Analysis
- http://isc.sans.org/diary.html?storyid=8626
Last Updated: 2010-04-13 17:32:12 UTC
___

Deployment priority
- http://blogs.technet.com/photos/msrcteam/images/3324789/original.aspx

Severity and Exploitability Index
- http://blogs.technet.com/photos/msrcteam/images/3324790/original.aspx
___

MS10-019 (KB981210, KB978601, KB979309) MS Windows Authentication Verification Two Vulnerabilities
- http://secunia.com/advisories/39371/
MS10-020 (KB980232) MS Windows SMB Client Multiple vulns
- http://secunia.com/advisories/39372/
MS10-021 (KB979683) MS Windows Kernel Privilege Escalation and Denial of Service vulns
- http://secunia.com/advisories/39373/
MS10-021 (KB979683) MS Windows Kernel Denial of Service vulns
- http://secunia.com/advisories/39374/
MS10-022 (KB981169, KB981350, KB981350, KB981349): Vuln in VBScript Could Allow Remote Code Exec
- http://secunia.com/advisories/38727/
MS10-023 (KB980466, KB980469, KB980470) MS Office Publisher File Parsing Buffer Overflow Vulnerability
- http://secunia.com/advisories/39375/
MS10-024 (KB976703, KB981832) MS Exchange Server 2000 Information Disclosure vuln
- http://secunia.com/advisories/39253/
MS10-024 (KB976323, KB976702, KB981407, KB981832) MS Exchange/Windows SMTP Service 2 vulns
- http://secunia.com/advisories/39376/
MS10-025 (KB980858) MS Windows Media Services Buffer Overflow Vulnerability
- http://secunia.com/advisories/39377/
MS10-026 (KB977816) MS Windows MPEG Layer-3 Codecs Buffer Overflow
- http://secunia.com/advisories/39379/
MS10-027 (KB979402) - Windows Media Player Hosted Media Content Handling vuln
- http://secunia.com/advisories/39380/
MS10-028 (KB980094, KB979356, KB979364, KB979365) MS Office Visio 2 Memory Corruption vulns
- http://secunia.com/advisories/39381/
MS10-029 (KB978338) MS Windows ISATAP Component IP Address Spoofing Vulnerability
- http://secunia.com/advisories/39382/
___

MSRT
- http://support.microsoft.com/?kbid=890830
April 13, 2010 - Revision: 71.0
(Recent additions)
- http://www.microsoft.com/security/malwareremove/families.aspx
... added this release
• Magania: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Magania

- http://go.microsoft.com/fwlink/?LinkId=40587
File Name: windows-kb890830-v3.6.exe
Version: 3.6

.
 
Last edited:
MS Advisory updates - 2010.04.13...

FYI...

Microsoft Security Advisory (981169)
Vulnerability in VBScript Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/981169.mspx
Updated: 4/13/2010 - "... We have issued MS10-022* to address this issue..."

Microsoft Security Advisory (977544)
Vulnerability in SMB Could Allow Denial of Service
- http://www.microsoft.com/technet/security/advisory/981169.mspx
Updated: 4/13/2010 - "... We have issued MS10-020* to address this issue..."

* http://forums.spybot.info/showpost.php?p=367591&postcount=126

:fear:
 
You must log in or register to reply here.
Back
Top