Old MS Alerts

MS Security Bulletin Summary - September 2010

FYI...

MS Security Bulletin Summary - September 2010
- http://www.microsoft.com/technet/security/Bulletin/MS10-sep.mspx
September 14, 2010 - "This bulletin summary lists security bulletins released for September 2010...
(Total of -9-)
• V2.0 (September 22, 2010): Raised the Exploitability Index assessment rating for CVE-2010-2738, lowered the Exploitability Index assessment rating for CVE-2010-2730, and revised the Exploitability Index key note for CVE-2010-0818.

Critical -4-

Microsoft Security Bulletin MS10-061 - Critical
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
- http://www.microsoft.com/technet/security/bulletin/ms10-061.mspx
Remote Code Execution - Requires restart - Microsoft Windows
- http://blogs.technet.com/b/srd/archive/2010/09/14/ms10-061-printer-spooler-vulnerability.aspx

Microsoft Security Bulletin MS10-062 - Critical
Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558)
- http://www.microsoft.com/technet/security/bulletin/MS10-062.mspx
Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS10-063 - Critical
Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113)
- http://www.microsoft.com/technet/security/bulletin/MS10-063.mspx
Remote Code Execution - May require restart - Microsoft Windows, Microsoft Office

Microsoft Security Bulletin MS10-064 - Critical
Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011)
- http://www.microsoft.com/technet/security/bulletin/ms10-064.mspx
Remote Code Execution - May require restart - Microsoft Office

Important -5-

Microsoft Security Bulletin MS10-065 - Important
Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960)
- http://www.microsoft.com/technet/security/bulletin/MS10-065.mspx
Remote Code Execution - May require restart - Microsoft Windows
- http://blogs.technet.com/b/srd/arch...5-vulnerability-in-iis-s-fastcgi-handler.aspx

Microsoft Security Bulletin MS10-066 - Important
Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802)
- http://www.microsoft.com/technet/security/bulletin/ms10-066.mspx
Remote Code Execution - Requires Restart - Microsoft Windows

Microsoft Security Bulletin MS10-067 - Important
Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922)
- http://www.microsoft.com/technet/security/bulletin/MS10-067.mspx
Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS10-068 - Important
Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)
- http://www.microsoft.com/technet/security/bulletin/MS10-068.mspx
Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS10-069 - Important
Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546)
- http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx
Elevation of Privilege - Requires restart - Microsoft Windows
___

Severity and Exploitability index
- http://blogs.technet.com/cfs-filesy...0-00-45-71/5482.Sept-2010-Risk-and-Impact.png

Deployment priority
- http://blogs.technet.com/cfs-filesy...00-00-45-71/3580.Sept-2010-Overview-Final.png
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=9547
Last Updated: 2010-09-14 18:00:03 UTC
___

- http://secunia.com/advisories/41292/ - MS10-061
- http://secunia.com/advisories/41395/ - MS10-062
- http://secunia.com/advisories/41396/ - MS10-063
- http://secunia.com/advisories/34075/ - MS10-064
- http://secunia.com/advisories/41375/ - MS10-065
- http://secunia.com/advisories/41399/ - MS10-065
- http://secunia.com/advisories/41412/ - MS10-066
- http://secunia.com/advisories/41416/ - MS10-067
- http://secunia.com/advisories/41419/ - MS10-068
- http://secunia.com/advisories/41420/ - MS10-069
___

MSRT
- http://support.microsoft.com/?kbid=890830
September 14, 2010 - Revision: 78.0
(Recent additions)
- http://www.microsoft.com/security/malwareremove/families.aspx
... added this release...
• FakeCog
• Vobfus
- http://blogs.technet.com/b/mmpc/archive/2010/09/14/msrt-sets-its-sights-on-fakecog.aspx

Download:
- http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
File Name: windows-kb890830-v3.11.exe
Version: 3.11
Date Published: 9/14/2010
To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en
File Name: windows-kb890830-x64-v3.11.exe

.
 
Last edited:
MS Security Advisories - 2010.09.14

FYI...

Microsoft Security Advisory (2401593)
Vulnerability in Outlook Web Access Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/2401593.mspx
September 14, 2010 - "Microsoft has completed the investigation of a publicly disclosed vulnerability in Outlook Web Access (OWA) that may affect Microsoft Exchange customers. An attacker who successfully exploited this vulnerability could hijack an authenticated OWA session. The attacker could then perform actions on behalf of the authenticated user without the user's knowledge, within the security context of the active OWA session. This vulnerability affects supported editions of Microsoft Exchange Server 2003 and Microsoft Exchange Server 2007 (except Microsoft Exchange Server 2007 Service Pack 3). Microsoft Exchange Server 2000, Microsoft Exchange Server 2007 Service Pack 3, and Microsoft Exchange Server 2010 are -not- affected by the vulnerability. For more information, see the section, Affected and Non-Affected Software. Microsoft recommends that customers running affected editions of Microsoft Exchange Server upgrade to a non-affected version of Microsoft Exchange Server to address the vulnerability. Customers who are unable to upgrade at this time can refer to the Workarounds section for options that can help limit how an attacker can exploit the vulnerability. At this time, we are unaware of any attacks attempting to exploit this vulnerability."
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3213
- http://secunia.com/advisories/41421/
"... Solution: The vulnerability is fixed in Microsoft Exchange Server 2007 SP3..."

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft.com/technet/security/advisory/973811.mspx
• V1.7 (October 12, 2010): Updated the FAQ with information about a non-security update enabling Windows Server Message Block (SMB) to opt in to Extended Protection for Authentication.

:fear:
 
Last edited:
Microsoft Security Advisory (2416728)

FYI...

Microsoft Security Advisory (2416728)
Vulnerability in ASP.NET Could Allow Information Disclosure
- http://www.microsoft.com/technet/security/advisory/2416728.mspx
September 17, 2010 - "Microsoft is investigating a new public report of a vulnerability in ASP.NET. An attacker who exploited this vulnerability could view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. This would allow the attacker to tamper with the contents of the data. By sending back the altered contents to an affected server, the attacker could observe the error codes returned by the server. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time... Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs...
CVE Reference: CVE-2010-3332..."

- http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx

:fear:
 
MS ASP.NET advisory updated...

FYI...

Microsoft Security Advisory (2416728)
Vulnerability in ASP.NET Could Allow Information Disclosure
- https://www.microsoft.com/technet/security/advisory/2416728.mspx
Published: September 17, 2010 | Updated: September 20, 2010
• V1.1 (September 20, 2010): "Revised Executive Summary to communicate that Microsoft is aware of limited, active attacks. Also added additional entries to the Frequently Asked Questions section and additional clarification to the workaround."

- http://weblogs.asp.net/scottgu/arch...about-the-asp-net-security-vulnerability.aspx
September 20, 2010

- http://blogs.msdn.com/b/sharepoint/...-vulnerability-in-asp-net-and-sharepoint.aspx
20 Sep 2010

:fear::fear:
 
MS ASP.NET advisory • V1.2 ...

FYI...

Microsoft Security Advisory (2416728)
Vulnerability in ASP.NET Could Allow Information Disclosure
- http://www.microsoft.com/technet/security/advisory/2416728.mspx
Updated: September 28, 2010 - "... We have issued MS10-070 to address this issue..."
* http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx
___

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3332
Last revised: 09/22/2010
CVSS v2 Base Score: 5.0 (MEDIUM)

- http://blogs.technet.com/b/msrc/archive/2010/09/24/security-advisory-2416728-workaround-update.aspx
24 Sep 2010 3:27 PM

- http://blogs.msdn.com/b/sharepoint/...-vulnerability-in-asp-net-and-sharepoint.aspx
** Updated 9/24/2010 4:30PM ** – Updated with additional defensive workaround published by the ASP.NET team valid for ALL affected versions of SharePoint...
** Updated 9/22/2010 10:40AM ** – Updated verification step for SharePoint Server 2007 and Windows SharePoint Services 3.0 and added an exception in the workaround for Windows SharePoint Services 2.0 running under ASP.NET 1.1.
** Updated 9/21/2010 11:05PM ** – Updated with workaround for SharePoint Server 2007 and Windows SharePoint Services 3.0 and updated SharePoint 2010 workaround.
** Updated 9/21/2010 3:06PM ** – Included details for previous releases and workaround for WSS 2.0.

- http://weblogs.asp.net/scottgu/archive/2010/09/24/update-on-asp-net-vulnerability.aspx
September 24, 2010 4:13 PM

- http://securitytracker.com/alerts/2010/Sep/1024459.html
Updated: Sep 28 2010

:fear::fear:
 
Last edited:
MS ASP.NET patch to be released ...

FYI...

Out of Band Release to Address Microsoft Security Advisory 2416728
- http://blogs.technet.com/b/msrc/arc...ress-microsoft-security-advisory-2416728.aspx
27 Sep 2010 - "... we will release an out-of-band security update to address the vulnerability discussed in Security Advisory 2416728*..."
* http://www.microsoft.com/technet/security/advisory/2416728.mspx

- http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx
September 27, 2010 - "This is an advance notification of one out-of-band security bulletin that Microsoft is intending to release on September 28, 2010...
(rated Important)..."

:fear:
 
MS10-070 f/ASP.NET released ...

FYI...

MS Security Bulletin Summary - September 2010
- http://www.microsoft.com/technet/security/Bulletin/MS10-sep.mspx
• V4.0 (September 30, 2010): Revised this Bulletin Summary to announce that the updates for MS10-070 are now available through all distribution channels, including Windows Update and Microsoft Update. Also revised the details of updates KB2418240, KB2418241, KB2416470, and KB2416474 for MS10-070.
___

Microsoft Security Bulletin MS10-070 - Important
Vulnerability in ASP.NET Could Allow Information Disclosure (2418042)
- http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx
Information Disclosure - May require restart - Microsoft Windows, Microsoft .NET Framework

- http://blogs.technet.com/b/msrc/archive/2010/09/28/ms10-070-released-out-of-band-today.aspx
28 Sep 2010 - "... The update will be made available initially only through the Microsoft Download Center* and then released through Windows Update and Windows Server Update Services within the next few days..." :scratch:
* http://www.microsoft.com/downloads/en/default.aspx
10 results found (MS10-070)...

- http://weblogs.asp.net/scottgu/archive/2010/09/28/asp-net-security-update-now-available.aspx
September 28, 2010 - "... What is the impact of applying the update to a live web-server?
If you apply the update to a live web-server, there will be some period of time when the web-server will be offline (although an OS reboot should not be required). You’ll want to schedule and coordinate your updates appropriately. Importantly – if your site or application is running across multiple web-servers in a web-farm, you’ll want to make sure the update is applied to all of the machines (and not just some of them)... Once the update is on Windows Update, you can simply run Windows Update on your computer/server and Windows Update will automatically choose the right update to download/apply based on what you have installed. If you download the updates directly from the Microsoft Download Center, then you need to manually select and download the appropriate updates..."

- http://isc.sans.edu/diary.html?storyid=9625
Last Updated: 2010-09-28 18:37:49 UTC ...(Version: -4-)

:fear:
 
Last edited:
MS Security Bulletin Advance Notification - October 2010

FYI...

MS Security Bulletin Advance Notification - October 2010
- http://www.microsoft.com/technet/security/Bulletin/MS10-oct.mspx
October 7, 2010 - "This is an advance notification of security bulletins that Microsoft is intending to release on October 12, 2010... (Total of -16-)

(Critical -4-)
Bulletin 1
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 2
Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 3
Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 4
Critical - Remote Code Execution - May require restart - Microsoft Windows

(Important -10-)
Bulletin 5
Important - Information Disclosure - May require restart - Microsoft Server Software
Bulletin 6
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 7
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 8
Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 9
Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 10
Important - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 11
Important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 12
Important - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 13
Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 14
Important - Denial of Service - Requires restart - Microsoft Windows

(Moderate -2-)
Bulletin 15
Moderate - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 16
Moderate - Tampering - Requires restart - Microsoft Windows
___

- http://news.cnet.com/8301-27080_3-20018933-245.html
October 7, 2010 - "Microsoft will fix a record 49 vulnerabilities in its Patch Tuesday release next week..."
.
 
Last edited:
MS Security Bulletin Summary - October 2010

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS10-oct.mspx
October 12, 2010 - "This bulletin summary lists security bulletins released for October 2010... (Total of -16-)

Critical -4-

Microsoft Security Bulletin MS10-071 - Critical
Cumulative Security Update for Internet Explorer (2360131)
- http://www.microsoft.com/technet/security/bulletin/MS10-071.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS10-075 - Critical
Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679)
- http://www.microsoft.com/technet/security/bulletin/MS10-075.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS10-076 - Critical
Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)
- http://www.microsoft.com/technet/security/bulletin/MS10-076.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS10-077 - Critical
Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841)
- http://www.microsoft.com/technet/security/bulletin/MS10-077.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework

Important -10-

Microsoft Security Bulletin MS10-072 - Important
Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
- http://www.microsoft.com/technet/security/bulletin/ms10-072.mspx
Important - Information Disclosure - May require restart - Microsoft Server Software

Microsoft Security Bulletin MS10-073 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)
- http://www.microsoft.com/technet/security/bulletin/MS10-073.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS10-078 - Important
Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)
- http://www.microsoft.com/technet/security/bulletin/MS10-078.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS10-079 - Important
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
- http://www.microsoft.com/technet/security/bulletin/MS10-079.mspx
Important - Remote Code Execution - Requires restart - Microsoft Office

Microsoft Security Bulletin MS10-080 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211)
- http://www.microsoft.com/technet/security/bulletin/ms10-080.mspx
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS10-081 - Important
Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011)
- http://www.microsoft.com/technet/security/bulletin/MS10-081.mspx
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS10-082 - Important
Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111)
- http://www.microsoft.com/technet/security/bulletin/MS10-082.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS10-083 - Important
Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882)
- http://www.microsoft.com/technet/security/bulletin/MS10-083.mspx
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS10-084 - Important
Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937)
- http://www.microsoft.com/technet/security/bulletin/MS10-084.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS10-085 - Important
Vulnerability in SChannel Could Allow Denial of Service (2207566)
- http://www.microsoft.com/technet/security/bulletin/MS10-085.mspx
Important - Denial of Service - Requires restart - Microsoft Windows

Moderate -2-

Microsoft Security Bulletin MS10-074 - Moderate
Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)
- http://www.microsoft.com/technet/security/bulletin/MS10-074.mspx
Moderate - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS10-086 - Moderate
Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255)
- http://www.microsoft.com/technet/security/bulletin/MS10-086.mspx
Moderate - Tampering - Requires restart - Microsoft Windows
___

Severity and Exploitability Index
- http://blogs.technet.com/cfs-filesy....October-2010-Severity-and-Exploitability.png

Deployment Priority
- http://blogs.technet.com/cfs-filesy...-71/1638.October-2010-Deployment-Priority.png
___

- http://blogs.iss.net/archive/MSFT_SuperTuesday_Oc.html
October 12, 2010
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=9736
Last Updated: 2010-10-13 18:35:58 UTC ...(Version: 2)
___

- http://krebsonsecurity.com/2010/10/microsoft-plugs-a-record-49-security-holes/
"... at least eight of the vulnerabilities were publicly disclosed prior to the release of today’s patches..."
- http://blogs.technet.com/b/srd/arch...the-risk-of-the-october-security-updates.aspx
12 Oct 2010
___

- http://secunia.com/advisories/41271/ - MS10-071
- http://secunia.com/advisories/41746/ - MS10-072
- http://secunia.com/advisories/41775/ - MS10-073
- http://secunia.com/advisories/40298/ - MS10-074
- http://secunia.com/advisories/41776/ - MS10-075
- http://secunia.com/advisories/41777/ - MS10-076
- http://secunia.com/advisories/41751/ - MS10-077
- http://secunia.com/advisories/41778/ - MS10-078
- http://secunia.com/advisories/41785/ - MS10-079
- http://secunia.com/advisories/41788/ - MS10-079
- http://secunia.com/advisories/41789/ - MS10-079
- http://secunia.com/advisories/41790/ - MS10-079
- http://secunia.com/advisories/39303/ - MS10-080
- http://secunia.com/advisories/40217/ - MS10-081
- http://secunia.com/advisories/41779/ - MS10-082
- http://secunia.com/advisories/41786/ - MS10-083
- http://secunia.com/advisories/41700/ - MS10-084
- http://secunia.com/advisories/41787/ - MS10-085
- http://secunia.com/advisories/41781/ - MS10-086
___

MSRT
- http://support.microsoft.com/?kbid=890830
October 12, 2010 - Revision: 79.1
(Recent additions)
- http://www.microsoft.com/security/malwareremove/families.aspx
... added this release...
Zbot
- http://blogs.technet.com/b/mmpc/archive/2010/10/12/msrt-on-zbot-the-botnet-in-a-box.aspx

Download:
- http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
File Name: windows-kb890830-v3.12.exe - 11.2MB
Version: 3.12
Date Published: 10/12/2010
To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en
File Name: windows-kb890830-x64-v3.12.exe - 11.5MB

> http://forums.spybot.info/showpost.php?p=385953&postcount=40
___

An Early Look at the Impact of MSRT on Zbot
- http://blogs.technet.com/b/mmpc/archive/2010/10/17/an-early-look-at-the-impact-of-msrt-on-zbot.aspx
17 Oct 2010 - "... we added Win32/Zbot to MSRT this month... Since the release of MSRT on Tuesday we have removed Zbot 281,491 times from 274,873 computers... Approximately 86 million computers have run this version of MSRT..."

.
 
Last edited:
IE 0-Day advisory...

FYI...

Microsoft Security Advisory (2458511)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2458511.mspx
• V1.1 (November 3, 2010): Added the opening of HTML mail in the Restricted sites zone as a mitigating factor, the automated Microsoft Fix it solution to the CSS workaround, and a finder acknowledgment. Removed reading e-mail in plain text as a workaround. Also clarified content in the EMET, DEP, and CSS workarounds.
"Microsoft is investigating new, public reports of a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution. This advisory contains workarounds and mitigations for this issue. The vulnerability exists due to an invalid flag reference within Internet Explorer. It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
At this time, we are aware of targeted attacks attempting to use this vulnerability... Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update..."
(Workarounds listed at the URL above.)

- http://support.microsoft.com/kb/2458511
Last Review: November 4, 2010 - Revision: 3.0 - "...Two fixit solutions are available:
• Fix it solution for the user-defined CSS
- http://support.microsoft.com/kb/2458511#FixItForMe1
• Fixit solution for Data Execution Prevention in Internet Explorer 7
- http://support.microsoft.com/kb/2458511#FixItForMeAlways

• Enhanced Mitigation Experience Toolkit
- http://support.microsoft.com/kb/2458544/
November 2, 2010 - Revision: 1.0

CVE-2010-3962

IE 0-Day used in Targeted Attacks
- http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
Nov. 3, 2010

- http://www.securitytracker.com/id?1024676
Updated: Nov 4 2010 - "... This vulnerability is being actively exploited..."
- http://secunia.com/advisories/42091/
Last Update: 2010-11-04
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround ...
NOTE: The vulnerability is currently being actively exploited...

- http://blogs.technet.com/b/srd/arch...e-latest-internet-explorer-vulnerability.aspx

- http://isc.sans.edu/diary.html?storyid=9874
Last Updated: 2010-11-07 14:30:10 UTC ...(Version: 6) - "... would likely be leveraged in a drive-by-exploit scenario..."

:fear:
 
Last edited:
MS Security Bulletin Advance Notification - November 2010

FYI...

MS Security Bulletin Advance Notification - November 2010
- http://www.microsoft.com/technet/security/Bulletin/MS10-nov.mspx
November 04, 2010 - "This is an advance notification of security bulletins that Microsoft is intending to release on November 9, 2010... (Total of -3-)

Bulletin 1 - Critical - Remote Code Execution - May require restart - Microsoft Office

Bulletin 2 - Important - Remote Code Execution - May require restart - Microsoft Office

Bulletin 3 - Important - Elevation of Privilege - May require restart - Microsoft Forefront Unified Access Gateway ...

- http://blogs.technet.com/b/msrc/arc...tion-service-for-november-2010-bulletins.aspx
4 Nov 2010 - "... three updates addressing 11 vulnerabilities..."

:fear:
 
Last edited:
IE 0-day in exploit kit...

FYI...

IE 0-day fix due out Dec. 14, 2010
- http://blogs.technet.com/b/mmpc/archive/2010/12/09/cve-2010-3962-the-weekend-warrior.aspx
9 Dec 2010 - "... the bulletin addressing this issue is planned to be released on Tuesday, Dec. 14 ..."
- http://www.microsoft.com/security/portal/blog-images/CVE-2010-3962-geo.jpg
CVE-2010-3942 0-day - Attacks thru 12.8.2010 - MMPC charts
- http://www.microsoft.com/security/portal/blog-images/CVE-2010-3962-OS.jpg
___

IE 0-day in exploit kit...
- http://thompson.blog.avg.com/2010/11/heads-up-0-day-in-an-exploit-kit.html
November 07, 2010 - "... CVE-2010-3962* is in the Wild, but over the last couple of days, we've begun detecting it in the Eleonore Exploit Kit. This raises the stakes considerably..."
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3962
Last revised: 11/11/2010
CVSS v2 Base Score: 9.3 (HIGH) "... as exploited in the wild in November 2010..."
• Fix it solution for the user-defined CSS
- http://support.microsoft.com/kb/2458511#FixItForMe1
November 4, 2010 - Revision: 3.0

- http://www.microsoft.com/technet/security/advisory/2458511.mspx
• V1.1 (November 3, 2010): Added the opening of HTML mail in the Restricted sites zone as a mitigating factor, the automated Microsoft Fix it solution to the CSS workaround, and a finder acknowledgment. Removed reading e-mail in plain text as a workaround. Also clarified content in the EMET, DEP, and CSS workarounds.

:fear::fear:
 
Last edited:
MS Security Bulletin Summary - November 2010

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS10-nov.mspx
November 9, 2010 - "This bulletin summary lists security bulletins released for November 2010... (Total of -3-)

Critical -1-

Microsoft Security Bulletin MS10-087 - Critical
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
- http://www.microsoft.com/technet/security/bulletin/MS10-087.mspx
Critical - Remote Code Execution - May require restart - Microsoft Office
• V1.1 (November 17, 2010): Corrected the severity table and vulnerability section to add CVE-2010-2573 as a vulnerability addressed by this update. This is an informational change only.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2573
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3333
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3334
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3335
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3336
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3337
CVSS v2 Base Score: 9.3 (HIGH)

Important -2-

Microsoft Security Bulletin MS10-088 - Important
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)
- http://www.microsoft.com/technet/security/bulletin/MS10-088.mspx
Important - Remote Code Execution - May require restart - Microsoft Office
• V1.2 (November 17, 2010): Clarified that for Microsoft PowerPoint 2002 and Microsoft PowerPoint 2003, customers also need to install the Microsoft Office update provided in MS10-087 to be protected from the vulnerability described in CVE-2010-2573. This is an informational change only. Customers who have already successfully applied the MS10-087 and the MS10-088 updates do not need to take any action.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2572
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2573
CVSS v2 Base Score: 9.3 (HIGH)

Microsoft Security Bulletin MS10-089 - Important
Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)
- http://www.microsoft.com/technet/security/bulletin/MS10-089.mspx
Important - Elevation of Privilege - May require restart - Microsoft Forefront United Access Gateway
___

Deployment Priority
- http://blogs.technet.com/cfs-filesy...00-00-00-45-71/0537.1011-deployment-slide.png
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=9910
Last Updated: 2010-11-09 18:41:02 UTC
___

- http://www.securitytracker.com/id?1024705
- http://www.securitytracker.com/id?1024706
- http://www.securitytracker.com/id?1024707
Nov 9 2010
___

MSRT
- http://support.microsoft.com/?kbid=890830
November 9, 2010 - Revision: 81.0
(Recent additions)
- http://www.microsoft.com/security/malwareremove/families.aspx
... added this release...
• FakePAV
• Worm:Win32/Sality.AT
• Virus:Win32/Sality.AT

- http://blogs.technet.com/b/mmpc/arc...ckles-fake-microsoft-security-essentials.aspx

Download:
- http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
File Name: windows-kb890830-v3.13.exe

To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en
File Name: windows-kb890830-x64-v3.13.exe
___

Microsoft Security Advisory (2269637)
[DLL] Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2269637.mspx
• V2.0 (November 9, 2010) Added Microsoft Security Bulletin MS10-087, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution," to the Updates relating to Insecure Library Loading section.

.
 
Last edited:
EMET v2.0.0.3 released

FYI...

EMET v2.0.0.3 released
- http://blogs.technet.com/b/srd/archive/2010/11/17/emet-update-2-0-0-3-released.aspx
17 Nov 2010 - "... some Enhanced Mitigation Experience Toolkit (EMET) v2.0 users may have potential issues with the update functionality of specific applications from Adobe and Google. As a result, today we released a new version of EMET that will help ensure these updaters work as expected when EMET is in place for added protection. No other behavior is being changed with this release. You can download version 2.0.0.3 of EMET here*..."
* http://www.microsoft.com/downloads/en/details.aspx?FamilyID=4a8a9171-5a11-4d58-aa34-95c855f69c39

> http://www.computerworld.com/s/arti...ity_tool_after_Google_reports_Chrome_problems
November 18, 2010

- http://www.theregister.co.uk/2010/11/19/ms_security_tool_chrome_adobe_conflicts/
Enterprise Security, 19 November 2010

:fear::fear:
 
Last edited:
MS Security Bulletin Advance Notification - December 2010

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS10-dec.mspx
December 9, 2010 - "This is an advance notification of security bulletins that Microsoft is intending to release on December 14, 2010... (Total of -17-)

Bulletin 1 - Critical - Remote Code Execution - Requires restart
Microsoft Windows, Internet Explorer
Bulletin 2 - Critical - Remote Code Execution - Requires restart
Microsoft Windows
Bulletin 3 - Important - Elevation of Privilege - Requires restart
Microsoft Windows
Bulletin 4 - Important - Remote Code Execution - May require restart
Microsoft Windows
Bulletin 5 - Important - Remote Code Execution - May require restart
Microsoft Windows
Bulletin 6 - Important - Remote Code Execution - Requires restart
Microsoft Windows
Bulletin 7 - Important - Remote Code Execution - May require restart
Microsoft Windows
Bulletin 8 - Important - Remote Code Execution - May require restart
Microsoft Windows
Bulletin 9 - Important - Elevation of Privilege - Requires restart
Microsoft Windows
Bulletin 10 - Important - Elevation of Privilege - Requires restart
Microsoft Windows
Bulletin 11 - Important - Elevation of Privilege - May require restart
Microsoft Windows
Bulletin 12 - Important - Denial of Service - Requires restart
Microsoft Windows
Bulletin 13 - Important - Denial of Service - Requires restart
Microsoft Windows
Bulletin 14 - Important - Remote Code Execution - May require restart
Microsoft Office
Bulletin 15 - Important - Remote Code Execution - May require restart
Microsoft SharePoint
Bulletin 16 - Important - Remote Code Execution - May require restart
Microsoft Office
Bulletin 17 - Moderate - Denial of Service - May require restart
Microsoft Exchange ...

- http://blogs.technet.com/b/msrc/arc...advance-notification-service-is-released.aspx
9 Dec 2010 - "... 17 updates addressing 40 vulnerabilities in Microsoft Windows, Office, Internet Explorer, SharePoint and Exchange..."

- http://www.computerworld.com/s/article/9200642/Microsoft_slates_another_monster_Patch_Tuesday
December 9, 2010 - "... a record, beating the count from October 2010 by one... The total bulletin count for the year - 106 - was also a record, as was the number of vulnerabilities patched in those updates: 266..."

.
 
Last edited:
MS Security Bulletin Summary - December 2010

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS10-dec.mspx
December 14, 2010 - "This bulletin summary lists security bulletins released for December 2010...

Critical -2-

Microsoft Security Bulletin MS10-090 - Critical
Cumulative Security Update for Internet Explorer (2416400)
- http://www.microsoft.com/technet/security/bulletin/MS10-090.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS10-091 - Critical
Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)
- http://www.microsoft.com/technet/security/bulletin/MS10-091.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Important -14-

Microsoft Security Bulletin MS10-092 - Important
Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420)
- http://www.microsoft.com/technet/security/bulletin/ms10-092.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS10-093 - Important
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434)
- http://www.microsoft.com/technet/security/bulletin/MS10-093.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS10-094 - Important
Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961)
- http://www.microsoft.com/technet/security/bulletin/MS10-094.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS10-095 - Important
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678)
- http://www.microsoft.com/technet/security/bulletin/MS10-095.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS10-096 - Important
Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089)
- http://www.microsoft.com/technet/security/bulletin/MS10-096.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS10-097 - Important
Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105)
- http://www.microsoft.com/technet/security/bulletin/MS10-097.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS10-098 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673)
- http://www.microsoft.com/technet/security/bulletin/ms10-098.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS10-099 - Important
Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591)
- http://www.microsoft.com/technet/security/bulletin/ms10-099.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS10-100 - Important
Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962)
- http://www.microsoft.com/technet/security/bulletin/MS10-100.mspx
Important - Elevation of Privilege - May require restart - Microsoft Windows

Microsoft Security Bulletin MS10-101 - Important
Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559)
- http://www.microsoft.com/technet/security/bulletin/ms10-101.mspx
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS10-102 - Important
Vulnerability in Hyper-V Could Allow Denial of Service (2345316)
- http://www.microsoft.com/technet/security/bulletin/ms10-102.mspx
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS10-103 - Important
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)
- http://www.microsoft.com/technet/security/bulletin/ms10-103.mspx
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS10-104 - Important
Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005)
- http://www.microsoft.com/technet/security/bulletin/MS10-104.mspx
Important - Remote Code Execution - May require restart - Microsoft SharePoint

Microsoft Security Bulletin MS10-105 - Important
Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
- http://www.microsoft.com/technet/security/bulletin/ms10-105.mspx
Important - Remote Code Execution - May require restart - Microsoft Office

Moderate -1-

Microsoft Security Bulletin MS10-106 - Moderate
Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132)
- http://www.microsoft.com/technet/security/bulletin/MS10-106.mspx
Moderate - Denial of Service - May require restart - Microsoft Exchange
___

Deployment Priority
- http://blogs.technet.com/cfs-filesy...-00-00-45-71/0676.2010_2D00_12-deployment.png

Severity and Exploitabilty Index
- http://blogs.technet.com/cfs-filesy...00-00-45-71/6445.2010_2D00_12-severity-xi.png
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=10081
Last Updated: 2010-12-14 18:52:39 UTC
___

- http://www.us-cert.gov/cas/techalerts/TA10-348A.html
December 14, 2010
Impact: A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
Solution: Apply updates ..."
___

MSRT
- http://support.microsoft.com/?kbid=890830
December 14, 2010 - Revision: 82.0
(Recent additions)
- http://www.microsoft.com/security/malwareremove/families.aspx
... added this release...
• Qakbot

Download:
- http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
File Name: windows-kb890830-v3.14.exe

To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en
File Name: windows-kb890830-x64-v3.14.exe

.
 
Last edited:
MS Security Advisories updated

FYI...

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft.com/technet/security/advisory/973811.mspx
• V1.8 (December 14, 2010): Updated the FAQ with information about a non-security update enabling Microsoft Outlook to opt in to Extended Protection for Authentication.
• V1.9 (December 17, 2010): Removed the FAQ entry, originally added December 14, 2010, about a non-security update enabling Microsoft Outlook to opt in to Extended Protection for Authentication.

Microsoft Security Advisory (2458511)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
12/14/2010 - "We have issued MS10-090* to address this issue..."

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
• V3.0 (December 14, 2010) Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section:
MS10-093*, "Vulnerability in Windows Movie Maker Could Allow Remote Code Execution;"
MS10-094*, "Vulnerability in Windows Media Encoder Could Allow Remote Code Execution;"
MS10-095*, "Vulnerability in Microsoft Windows Could Allow Remote Code Execution;"
MS10-096*, "Vulnerability in Windows Address Book Could Allow Remote Code Execution;" and
MS10-097*, "Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution."

* http://forums.spybot.info/showpost.php?p=391031&postcount=73

.
 
Last edited:
Patch issues w/Outlook 2007 ...

FYI...

Patch issues with Outlook 2007
- http://isc.sans.edu/diary.html?storyid=10117
Last Updated: 2010-12-20 14:47:33 UTC - "Last week on December 14, Microsoft released an update (KB 2412171) for Microsoft Outlook 2007, and several of our readers wrote in indicating it caused problems with Outlook after applying the update. On December 16, Microsoft removed the update from Microsoft Update. Microsoft identified 3 issues with this update. If you are experiencing similar issues with the patch like those listed in this Microsoft Blog and you are using Windows XP, Vista and 7, Microsoft listed the steps to remove the patch here*."
* http://blogs.msdn.com/b/outlook/arc...-with-the-recent-update-for-outlook-2007.aspx
___

> http://support.microsoft.com/kb/2485531
Last Review: December 21, 2010 - Revision: 4.0
___

- http://support.microsoft.com/kb/2412171
Last Review: December 18, 2010 - Revision: 3.1
___

[Symptoms related to Outlook 2007 bug injected by bad M$ Update KB 2412171]
- http://www.us-cert.gov/current/#microsoft_releases_blog_entry_regarding
December 20, 2010
• Outlook fails to connect if Secure Password Authentication (SPA) is configured for an account and the mail server does not support SPA.
Noticeable performance issues when switching between folders if a Microsoft Exchange Server account is not configured in Outlook.
• AutoArchive cannot be configured for IMAP, POP3, or Outlook Live Connector accounts if there is no Exchange Server account configured in the same Outlook provide...
> http://blogs.msdn.com/b/outlook/arc...-with-the-recent-update-for-outlook-2007.aspx

:sad::fear:
 
Last edited:
MS WMI Admin Tool ActiveX vuln

FYI...

MS WMI Admin Tool ActiveX vuln
- http://www.us-cert.gov/current/#microsoft_wmi_administrative_tool_activex
December 22, 2010 - "... vulnerability affecting the WBEMSingleView.ocx ActiveX control. This control is part of the Microsoft WMI Administrative Tools package. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to set the kill bit for CLSID 2745E5F5-D234-11D0-847A00C04FD7BB08 to help mitigate the risks until a fix is available from the vendor... Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#725596* ..."
* http://www.kb.cert.org/vuls/id/725596
Last Updated: 2010-12-22

- http://secunia.com/advisories/42693/
Last Update: 2010-12-23
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft WMI Administrative Tools 1.x, Microsoft WMI Object Viewer ActiveX Control 1.x...
Solution: Set the kill-bit for the affected ActiveX control...

:fear::fear:
 
Last edited:
0-Day IIS 7.5 DoS - processing FTP requests

FYI...

- http://blogs.technet.com/b/srd/arch...nticated-denial-of-service-vulnerability.aspx
swiblog / 22 Dec 2010 6:58 PM - "... the IIS FTP Service is not installed by default, and even after installation, it is not enabled by default..."

0-Day IIS 7.5 DoS (processing FTP requests)
- http://isc.sans.edu/diary.html?storyid=10126
Last Updated: 2010-12-22 22:05:34 UTC - "A 0-day exploit has been published at exploit-db (see US-Cert advisory*) that takes advantage of a memory corruption vulnerability in IIS 7.5's FTP service. This bug will work pre-authentication.
From the looks of it, it is a pure remote exploit that's chief use would be denial of service. As with any memory corruption bugs, it is theoretically possible to use this to gain access to the server with the permissions of the user that is running IIS... Some defenses would be limiting FTP services that are internet-facing (especially if IIS), using firewalls to limit access to the server and configuring perimeter devices to check for memory attacks..."
* http://www.kb.cert.org/vuls/id/842372

- http://secunia.com/advisories/42713
Last Update: 2010-12-23
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Information Services (IIS) 7.x
Solution: Restrict traffic to the FTP service.

- http://www.securitytracker.com/id?1024921
Updated: Dec 23 2010

:sad::fear:
 
Last edited:
You must log in or register to reply here.
Back
Top