Old MS Alerts

MS Security Advisory 2607712... updated

FYI...

- http://news.yahoo.com/second-firm-warns-concern-dutch-hack-215940770.html
Sep. 6, 2011 AMSTERDAM (AP) — "A company that sells certificates guaranteeing the security of websites, GlobalSign, says it is temporarily halting the issuance of new certificates over concerns it may have been targeted by hackers. GlobalSign, the Belgian-based subsidiary of Japan's GMO Internet Inc., is one of the oldest and largest such companies globally. It said in a statement Tuesday it does not know whether it has actually been hacked, but is taking threats by an anonymous hacker seriously in the wake of an attack on a smaller Dutch firm, DigiNotar, that came to light last week. The DigiNotar attack is believed to have allowed the Iranian government to spy on thousands of Iranian citizens' communications with Google email during the month of August."
> http://www.globalsign.com/company/press/090611-security-response.html
___

Microsoft Security Advisory (2607712)... updated
Fraudulent Digital Certificates Could Allow Spoofing
- https://www.microsoft.com/technet/security/advisory/2607712.mspx
Updated: September 06, 2011 - "Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar... For supported releases of Microsoft Windows, typically no action is required of customers to install this update, because the majority of customers have automatic updating enabled and this update will be downloaded and installed automatically...
Suggested Actions... Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information on how to manually apply the update, see Microsoft Knowledge Base Article 2607712*..."

Fraudulent digital certificates could allow spoofing
* http://www.microsoft.com/technet/security/advisory/2607712.mspx
September 6, 2011

- https://blogs.technet.com/b/msrc/archive/2011/09/06/microsoft-updates-security-advisory-2607712.aspx
6 Sep 2011

:fear:
 
Last edited:
MS Security Bulletin Advance Notification - September 2011

FYI...

MS Security Bulletin Advance Notification - September 2011
- https://technet.microsoft.com/en-us/security/bulletin/ms11-sep
September 08, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on September 13, 2011..." (Total of -5-)

Bulletin 1 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 2 - Important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 3 - Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software
Bulletin 4 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 5 - Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
___

- https://www.computerworld.com/s/art...plans_15_patches_for_Windows_Office_next_week
September 8, 2011 - "... patch 15 vulnerabilities in Windows, Excel, SharePoint Server and Groove..."

.
 
Last edited:
MS Security Bulletin Summary - September 2011

FYI...

MS Security Bulletin Summary - September 2011
- https://technet.microsoft.com/en-us/security/bulletin/ms11-sep
September 13, 2011 - "This bulletin summary lists security bulletins released for September 2011..." (Total of -5-)

Microsoft Security Bulletin MS11-070 - Important
Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-070
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-071 - Important
Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-071
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-072 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-072
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS11-073 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-073
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS11-074 - Important
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-074
Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
___

Microsoft Security Advisory (2607712)... updated
Fraudulent Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/en-us/security/advisory/2607712
Updated: Tuesday, September 13, 2011 - Version: 4.0
• V4.0 (September 13, 2011): Revised to announce the release of the 2616676 update that addresses the issue described in this advisory.
> http://support.microsoft.com/kb/2616676
September 13, 2011
___

Deployment Priority
- https://blogs.technet.com/cfs-files.../00-00-00-45-71/4382.0911_2D00_deployment.png

Severity and Exploitability Index
- https://blogs.technet.com/cfs-files...-00-45-71/6786.1109_2D00_severity_2D00_xi.png

> https://blogs.technet.com/b/msrc/ar...tar-certificates-and-september-bulletins.aspx
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=11551
Last Updated: 2011-09-13 20:02:31 UTC
___

- http://www.securitytracker.com/id/1026037 - MS11-070
- http://www.securitytracker.com/id/1026041 - MS11-071
- http://www.securitytracker.com/id/1026038 - MS11-072
- http://www.securitytracker.com/id/1026039 - MS11-073
- http://www.securitytracker.com/id/1026040 - MS11-074
Sep 13 2011

.
 
Last edited:
MS Security Advisory updates...

FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2269637
• V10.0 (September 13, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-071, "Vulnerability in Windows Components Could Allow Remote Code Execution;" and MS11-073, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution."
- https://technet.microsoft.com/en-us/security/bulletin/ms11-071
- https://technet.microsoft.com/en-us/security/bulletin/ms11-073

Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/en-us/security/advisory/2607712
• V4.0 (September 13, 2011): Revised to announce the release of the KB2616676 update that addresses the issue described in this advisory.
• V4.1 (September 13, 2011): Revised to announce the availability of the KB2616676 update for the Windows Developer Preview release. See the Update FAQ in this advisory for more information.
• V5.0 (September 19, 2011): Revised to announce the re-release of the KB2616676 update. See the Update FAQ in this advisory for more information.
- http://support.microsoft.com/kb/2616676
September 19, 2011 - Revision: 4.0

- https://blogs.technet.com/b/msrc/ar...te-protects-from-fraudulent-certificates.aspx
19 Sep 2011
___

- https://www.computerworld.com/s/article/9220121/Microsoft_fixes_SSL_kill_switch_blooper
September 19, 2011 - "... the update (MS) shipped to Windows XP and Server 2003 users last Tuesday was flawed..."

:fear:
 
Last edited:
MS Security Advisory 2588513

FYI...

Microsoft Security Advisory (2588513)
Vulnerability in SSL/TLS Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/security/advisory/2588513
September 26, 2011 - "Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not specific to the Windows operating system. This is an information disclosure vulnerability that allows the decryption of encrypted SSL/TLS traffic. This vulnerability primarily impacts HTTPS traffic, since the browser is the primary attack vector, and all web traffic served via HTTPS or mixed content HTTP/HTTPS is affected. We are not aware of a way to exploit this vulnerability in other protocols or components and we are not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Mitigating Factors:
The attack must make several hundred HTTPS requests before the attack could be successful.
TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected..."
(More detail at the URL above.)

- http://blogs.technet.com/b/srd/arch...ken-more-about-security-advisory-2588513.aspx
26 Sep 2011
___

- http://www.secureworks.com/research/blog/general/transitive-trust-and-ssl-cert/
Sep 9, 2011
___

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389
Last revised: 10/03/2011
CVSS v2 Base Score: 4.3 (MEDIUM)

- https://www.kb.cert.org/vuls/id/864643
Date Last Updated: 2011-09-29

:spider:
 
Last edited:
MS Security Bulletin Advance Notification - October 2011

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms11-oct
October 06, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on October 11, 2011..."
(Total of -8-)

Bulletin 1 - Critical - Remote Code Execution - May require restart - Microsoft .NET Framework, Microsoft Silverlight
Bulletin 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 3 - Important - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 4 - Important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 5 - Important - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 6 - Important - Remote Code Execution - May require restart - Microsoft Forefront Unified Access Gateway
Bulletin 7 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 8 - Important - Denial of Service - May require restart - Microsoft Host Integration Server ...

- https://blogs.technet.com/b/msrc/ar...on-for-the-october-2011-bulletin-release.aspx
6 Oct 2011 - "... eight security bulletins, two Critical and six Important, to address 23 vulnerabilities across Internet Explorer, .NET Framework & Silverlight, Microsoft Windows, Microsoft Forefront UAG, and Microsoft Host Integration Server..."

.
 
Last edited:
MS Security Bulletin Summary - October 2011

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms11-oct
October 11, 2011 - "This bulletin summary lists security bulletins released for October 2011..." (Total of -8-)

Critical -2-

Microsoft Security Bulletin MS11-078 - Critical
Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-078
Critical - Remote Code Execution - May require restart - Microsoft .NET Framework, Microsoft Silverlight

Microsoft Security Bulletin MS11-081 - Critical
Cumulative Security Update for Internet Explorer (2586448)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-081
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Important -6-

Microsoft Security Bulletin MS11-075 - Important
Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-075
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-076 - Important
Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-076
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-077 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-077
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-079 - Important
Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-079
Important - Remote Code Execution- May require restart - Microsoft Forefront United Access Gateway

Microsoft Security Bulletin MS11-080 - Important
Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-080
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-082 - Important
Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-082
Important - Denial of Service - May require restart - Microsoft Host Integration Server
___

Deployment Priority
- https://blogs.technet.com/cfs-files...-00-00-45-71/1638.October-2011-Deployment.jpg

Severity and Exploitability Index
- https://blogs.technet.com/cfs-files...0-45-71/5126.October-2011-_2D00_-Severity.png
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=11779
Last Updated: 2011-10-11 18:17:17 UTC... (Version: 2)
___

- https://secunia.com/advisories/46403/ - MS11-075
- https://secunia.com/advisories/46404/ - MS11-076
- https://secunia.com/advisories/46405/ - MS11-077
- https://secunia.com/advisories/46406/ - MS11-078
- https://secunia.com/advisories/46402/ - MS11-079
- https://secunia.com/advisories/46401/ - MS11-080
- https://secunia.com/advisories/46400/ - MS11-081 - IE
Updated 2011-10-17 - CVE Reference(s): CVE-2011-1993, CVE-2011-1995, CVE-2011-1996, CVE-2011-1997, CVE-2011-1998, CVE-2011-1999, CVE-2011-2000, CVE-2011-2001
CVSS v2 Base Score: 9.3 (HIGH)
- https://secunia.com/advisories/46399/ - MS11-082
___

MSRT
- http://support.microsoft.com/?kbid=890830
October 11, 2011 - Revision: 94.0
(Recent additions)
- http://www.microsoft.com/security/pc-security/malware-families.aspx
... added this release...
• EyeStye (aka 'SpyEye')
• Poison

Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: windows-kb890830-v4.1.exe
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: windows-kb890830-x64-v4.1.exe

.
 
Last edited:
MS Security Advisory updated...

FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2269637
Updated: Tuesday, October 11, 2011
• V11.0: Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-075, "Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution;" and MS11-076, "Vulnerability in Windows Media Center Could Allow Remote Code Execution."

:fear:
 
MS Updates - October 2011 revisited ...

FYI... NOW available thru MS Updates:

MS Updates - October 2011 revisited ...

A Compatibility View list update is available for Windows IE8
- http://support.microsoft.com/kb/2598845
October 26, 2011 - Revision: 2.1 - "An update is available for the Internet Explorer 8 Compatibility View list. This update is dated October 25, 2011. This Compatibility View list update makes websites that are designed for older browsers look better in Internet Explorer 8..."

A Jump List that contains more than 999 items is not displayed in Windows 7 or in Windows Server 2008 R2
- http://support.microsoft.com/kb/2607576
October 25, 2011 - Revision: 1.0

The values of the 32-bit versions of two registry entries are incorrect in 64-bit versions of Windows 7 or of Windows Server 2008 R2
- http://support.microsoft.com/kb/2603229
October 25, 2011 - Revision: 1.0

MS08-069: Security update for XML Core Services 4.0
- http://support.microsoft.com/kb/954430
October 3, 2011 - Revision: 6.0

Microsoft XML Core Services 4.0 SP2
- http://support.microsoft.com/kb/973688
January 19, 2011 - Revision: 4.0

.
 
Update on Zbot - MSRT removals

FYI...

Update on Zbot / MSRT removals
- https://blogs.technet.com/b/mmpc/archive/2011/10/31/update-on-the-zbot-spot.aspx
31 Oct 2011 - "... prior to the September 2011 release, MSRT consistently detected about -90%- of PWS:Win32/Zbot variants in the wild. For the month of September 2011, we detected and removed PWS:Win32/Zbot from around 185,000 distinct Windows computers, a stark increase to the months beforehand... For October so far, we've removed Zbot from over 88,000 computers and we expect that number to grow to around 100,000... These increased numbers are also likely a result of new functionality we've seen in Zbot recently. It seems that some variants now automatically spread via the Windows autorun functionality; something that is very common with other prolific malware families, so it's not very surprising we're seeing it now - but is surprising we hadn't seen it before now. Regarding autorun, Microsoft released a security update in February of 2011* that changed its default behavior - the result was an overall decline in threats utilizing autorun as a spreading mechanism. There is a Microsoft Knowledge Base article that discusses how to disable autorun in Windows, here** ..."

* http://support.microsoft.com/kb/971029

** http://support.microsoft.com/kb/967715

:fear::fear:
 
MSRT report 2011.11.01 ...

FYI...

MSRT: Poison and EyeStye*, by the numbers (*aka SpyEye)
- https://blogs.technet.com/b/mmpc/archive/2011/11/01/poison-and-eyestye-by-the-numbers.aspx
1 Nov 2011 - "The latest MSRT release included coverage for two more malware families, one being Win32/EyeStye... the other being Win32/Poison... As of October 25, the MSRT has removed Win32/Poison from a little over 16,000 computers... we have disinfected EyeStye from more than half a million unique machines... (605,825 at the time of writing)...
Top 10 Families in MSRT:
- http://www.microsoft.com/security/portal/blog-images/BID047-003.png
... most of the computers found to be infected with EyeStye were located in western Europe, with the largest number of detections found in Germany:
Geographical distribution of EyeStye:
- http://www.microsoft.com/security/portal/blog-images/BID047-004.png ..."

- https://www.microsoft.com/download/en/details.aspx?displaylang=en&id=27871
PDF report Win32/Poison - 19 pgs.

:fear::fear:
 
MS11-081 updated for IE7 hotfix...

FYI...

Microsoft Security Bulletin MS11-081 - Critical
Cumulative Security Update for Internet Explorer (2586448)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-081
Updated: Wednesday, November 02, 2011 - Version: 1.2
• V1.2 (November 2, 2011): Announced the release of a hotfix to resolve a known issue affecting IE7 customers after the KB2586448 security update is installed. See the Update FAQ for details.

> http://support.microsoft.com/kb/2586448
November 2, 2011 - Revision: 2.0

Some drop-down lists and combo boxes do not appear in IE7 after you install security update 2586448
>> http://support.microsoft.com/kb/2628724
November 2, 2011 - Revision: 6.2
"... If you cannot upgrade to a newer version of Internet Explorer, a supported hotfix is now available from Microsoft for Internet Explorer 7. However, it is intended to correct -only- the problem that is described in this article. Apply it only to systems that are experiencing this specific problem..."

:fear::fear:
 
MS Security Bulletin Advance Notification - November 2011

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms11-nov
November 03, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on November 8, 2011... (Total of -4-)

Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 2 - Important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 3 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 4 - Moderate - Denial of Service - Requires restart - Microsoft Windows ..."

.
 
MS Advisory for vuln related to Duqu malware

FYI...

Microsoft Security Advisory (2639658)
Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/security/advisory/2639658
• V1.0 (November 3, 2011): Advisory published.
• V1.1 (November 3, 2011): Added localization notation to the Workarounds section.
• V1.2 (November 4, 2011): Revised the workaround, Deny access to T2EMBED.DLL, to improve support for non-English versions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Customers with non-English versions of Microsoft Windows should reevaluate the applicability of the revised workaround for their environment.
• V1.3 (November 8, 2011): Added link to MAPP Partners with Updated Protections in the Executive Summary.

November 03, 2011 - "Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs...
Workarounds: Deny access to T2EMBED.DLL
Note: See Microsoft Knowledge Base Article 2639658* to use the automated Microsoft Fix it solution to enable or disable this workaround to deny access to t2embed.dll..."
- http://support.microsoft.com/kb/2639658#FixItForMe
November 3, 2011 - Revision: 1.0
Impact of Workaround. Applications that rely on embedded font technology will fail to display properly.

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3402
Last revised: 11/07/2011
CVSS v2 Base Score: 9.3 (HIGH)
___

- https://www.computerworld.com/s/art..._engine_patched_last_month_Microsoft_confirms
November 4, 2011 - "... the Windows kernel vulnerability exploited by the Duqu Trojan is within the TrueType parsing engine, the same component it last patched just last month... So far during 2011, Microsoft has patched 56 different kernel vulnerabilities with updates issued in February, April, June, July, August and October. In April alone, the company fixed 30 bugs, then quashed 15 more in July..."
___

- https://secunia.com/advisories/46724/
Release Date: 2011-11-07
Criticality level: Extremely critical
Impact: System access
Where: From remote...
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3402
... Reported as a 0-day.
Solution: Apply the Microsoft Fix it.*...
* http://support.microsoft.com/kb/2639658#FixItForMe

- http://www.securitytracker.com/id/1026271
Updated: Nov 4 2011
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs...
... A remote user can create a specially crafted document that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with kernel level privileges. The vulnerability resides in the Win32k.sys kernel driver in the parsing of TrueType fonts...

NOTE: "... The vulnerability cannot be exploited automatically via email unless the user opens an attachment sent in an email message..."
Per: https://isc.sans.edu/diary.html?storyid=11950

U.S.CERT: Critical alert
- https://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf
November 1, 2011

:fear::fear:
 
Last edited:
MS Security Bulletin Summary - November 2011

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms11-nov
November 08, 2011 - "This bulletin summary lists security bulletins released for November 2011...
(Total of -4-)

Microsoft Security Bulletin MS11-083 - Critical
Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-083
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-085 - Important
Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/bulletin/ms11-085
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-086 - Important
Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-086
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-084 - Moderate
Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-084
Moderate - Denial of Service - Requires restart - Microsoft Windows
___

Bulletin Deployment priority
- https://blogs.technet.com/cfs-files...-71/3301.November-2011-Deployment-Graphic.png

Severity and exploitability index
- https://blogs.technet.com/cfs-files...45-71/6136.November-2011-Severity-Graphic.png
___

- http://www.securitytracker.com/id/1026290 - MS11-083
- http://www.securitytracker.com/id/1026291 - MS11-084
- http://www.securitytracker.com/id/1026292 - MS11-085
- http://www.securitytracker.com/id/1026293 - MS11-085
- http://www.securitytracker.com/id/1026294 - MS11-086
Nov 8 2011
- https://secunia.com/advisories/46731/ - MS11-083
- https://secunia.com/advisories/46751/ - MS11-084
- https://secunia.com/advisories/46752/ - MS11-085
- https://secunia.com/advisories/46755/ - MS11-086
Nov 8 2011
___

Office updates...
- http://support.microsoft.com/kb/2639798
November 8, 2011 - "... -security- and nonsecurity updates. All the following are included in the November 8, 2011 update.
2553455 Description of the Office 2010 update
- http://support.microsoft.com/kb/2553455
2553310 Description of the Office 2010 update
- http://support.microsoft.com/kb/2553310
2553181 Description of the Office 2010 update
- http://support.microsoft.com/kb/2553181
2553290 Description of the OneNote 2010 update
- http://support.microsoft.com/kb/2553290
2553323 Description of the Outlook 2010 update
- http://support.microsoft.com/kb/2553323
982726 Description of the Outlook 2010 Junk Email Filter update
- http://support.microsoft.com/kb/982726
2596972 Description of the Outlook 2003 Junk Email Filter update...
- http://support.microsoft.com/kb/2596972
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=11971
Last Updated: 2011-11-08 22:18:48 UTC - Version: 2

Re-released: Microsoft Security Bulletin MS11-037 - Important
Vulnerability in MHTML Could Allow Information Disclosure (2544893)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-037
Published: Tuesday, June 14, 2011 | Updated: Tuesday, November 08, 2011
Version: 2.0 - FAQs: "... The new offering of this update provides systems running Windows XP or Windows Server 2003 with the same cumulative protection that is provided by this update for all other affected operating systems..."
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1894
Last revised: 09/07/2011
Overview: "The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka 'MHTML Mime-Formatted Request Vulnerability'..."
CVSS v2 Base Score: 4.3 (MEDIUM)
___

MSRT
- http://support.microsoft.com/?kbid=890830
November 8, 2011 - Revision: 95.0
(Recent additions)
- http://www.microsoft.com/security/pc-security/malware-families.aspx
... added this release...
• Carberp
• Cridex
• Dofoil

Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: windows-kb890830-v4.2.exe - 14.0 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: windows-kb890830-x64-v4.2.exe - 14.0 MB

- https://blogs.technet.com/themes/bl...gPostName=msrt-november-11-carberp&GroupKeys=
8 Nov 2011

.
 
Last edited:
MS Advisory updates - TrueType Font Parsing + Insecure Lib Load

FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2269637
• V12.0 (November 8, 2011): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS11-085*, "Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution."
* https://technet.microsoft.com/en-us/security/bulletin/ms11-085

Microsoft Security Advisory (2639658)
Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/security/advisory/2639658
• V1.4 (November 11, 2011): Revised impact statement for the workaround, Deny access to T2EMBED.DLL, to address applications that rely on T2EMBED.DLL for functionality.
"... vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability..."
> http://support.microsoft.com/kb/2639658#FixItForMe

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3402
Last revised: 11/07/2011
CVSS v2 Base Score: 9.3 (HIGH)

- http://labs.m86security.com/2011/11/truetype-but-not-truly-safe-the-new-zero-day-event/
November 8th, 2011
___

A simple test of the Duqu workaround...
- http://blogs.computerworld.com/19256/a_simple_test_insures_the_duqu_workaround_is_working
November 12, 2011

:fear: :spider:
 
Last edited:
MS Advisory - digital certificates

FYI...

Microsoft Security Advisory (2641690)
Fraudulent Digital Certificates Could Allow Spoofing
* http://technet.microsoft.com/security/advisory/2641690
November 10, 2011 - "... The majority of customers have automatic updating enabled and will not need to take any action because the KB2641690 update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually..."

- http://support.microsoft.com/kb/2641690
November 10, 2011 Rev 1.0 - "Microsoft has released a Microsoft security advisory about this issue for IT professionals. This update is released for all supported versions of Microsoft Windows. This update revokes the trust of the following DigiCert Sdn. Bhd intermediate certificates by putting them in the Microsoft Untrusted Certificate Store:
Digisign Server ID – (Enrich) issued by Entrust.net Certification Authority (2048)
Digisign Server ID (Enrich) issued by GTE CyberTrust Global Root
The security advisory* contains additional security-related information..."

- https://blogs.technet.com/themes/bl...pdates-untrusted-certificate-store&GroupKeys=
10 Nov 2011
___

- https://www.us-cert.gov/current/#fraudulent_digital_certificates_could_allow
November 10, 2011

:fear:
 
Last edited:
MS re-release - KB 2641690

FYI...

Microsoft Security Advisory (2641690)
Fraudulent Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/en-us/security/advisory/2641690
• V2.0 (November 16, 2011): Revised to announce the re-release of the KB261690 update. See the Update FAQ in this advisory for more information. Also, added link to Microsoft Knowledge Base Article 2641690* under Known Issues in the Executive Summary.
* http://support.microsoft.com/kb/2641690
November 16, 2011 - Revision: 5.1
"... Before November 16, 2011, Microsoft Windows Server Update Services (WSUS) server customers experienced problems with the versions of update 2641690 for Windows XP x64 and for Windows Server 2003. On November 16, 2011, we re-released update 2641690 to address this issue for Windows XP x64 and for all editions of Windows Server 2003. Most systems have automatic updating enabled. If you do have automatic updating enabled, you do not have to take any action because update 2641690 will be installed automatically. All releases of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2 are not affected by this issue..."

:fear::spider:
 
MSRT November - Dofoil

FYI...

MSRT November: Dofoil
- https://blogs.technet.com/themes/bl...eblogPostName=msrt-november-dofoil&GroupKeys=
22 Nov 2011 - "... one of the three families added to the November release of the Microsoft Malicious Software Removal Tool is Win32/Dofoil. TrojanDownloader:Win32/Dofoil is a configurable downloader. Dofoil will attempt to receive control instructions from a remote server. The response contains encrypted configuration data containing download URLs and execution options... often seen as an attachment as part of a spam campaign, the MMPC has observed Win32/Dofoil distributed and installed via other mechanisms such as by exploit. In the wild Win32/Dofoil variants are employed to download rogue security software such as Trojan:Win32/FakeSysdef and spam capable malware such as Trojan:Win32/Danmec.L. Among observed spam campaigns, here is a small selection of spam lures employed during the last two months:
'IRS
From: pay.damages @irs.gov
Subject: IRS Notification ...'
'iTunes
From: account.sn.5890 @itunes.apple.com
Subject: Your iTunes Gift Certificate ...'
'Xerox
Subject: Fwd: Scan from a Xerox W. Pro #16389356 ...'
... reported variants of Win23/Dofoil on 13,488 unique machines this month. Forty-seven percent of these machines were running Windows XP, whilst approximately twenty-nine percent were running Windows 7. Looking at the geographic distribution* of the machines which reported a Win32/Dofoil detection...
* http://www.microsoft.com/security/portal/blog-images/BID54-GRAPH.png
... most prevalent in the United States, the MMPC observed those attempting to distribute Win32/Dofoil employing the use of localized lures targeting recipients in Germany, France Italy and Australia..."

:fear::mad:
 
You must log in or register to reply here.
Back
Top