Old MS Alerts

[AplusWebMaster]

MS Access ActiveX vuln...

FYI...

- http://securitylabs.websense.com/content/Blogs/3148.aspx
08.01.2008 - "...We've been closely monitoring this exploit since its release, and are now tracking several hundred occurrences in the wild, found mostly in China. There is currently no patch available, but Microsoft has several workarounds listed in their advisory. We recommend setting the killbit for this ActiveX control on all workstations where it is installed.
Vulnerable ActiveX CLSIDs:
* F0E42D50-368C-11D0-AD81-00A0C90DC8D9
* F0E42D60-368C-11D0-AD81-00A0C90DC8D9
* F2175210-368C-11D0-AD81-00A0C90DC8D9
This vulnerability is a simple design flaw, and does not require any complicated exploit code. Attackers are able to compromise remote systems simply by calling methods provided by the Snapshot Viewer ActiveX control. This is very similar to the November 9, 2005 ADODB.Stream vulnerability, which was widely taken advantage of because it was easy to exploit. Luckily, the vulnerable ActiveX control does NOT appear in a default Microsoft Windows installation. It does appear, however, to be included by default with Microsoft Office 2000 - 2003."

- http://www.symantec.com/security_response/threatconlearn.jsp
"The ThreatCon is at level 2. On August 1, 2008, a new attack vector for the Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability (BID 30114) was identified being exploited in the wild. This vulnerability is currently unpatched. Microsoft Access ActiveX Control Arbitrary File Download Vulnerability ( http://www.securityfocus.com/bid/30114 ) Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access ( http://www.microsoft.com/technet/security/advisory/955179.mspx ) The new attack vector allows an attacker to install a vulnerable version of the ActiveX control on target systems that did not originally contain the associated software. This is possible because the control is digitally signed and marked safe for scripting by Microsoft. This is known to affect users of Internet Explorer 6. Note that Internet Explorer 7 requires user interaction to confirm the installation of the ActiveX control. As a result of this discovery, we urge all Microsoft Windows users, even those whose systems do not currently have the vulnerable control installed, to set the kill bit on the three CLSIDs associated with Snapshot Viewer.
F0E42D50-368C-11D0-AD81-00A0C90DC8D9
F0E42D60-368C-11D0-AD81-00A0C90DC8D9
F2175210-368C-11D0-AD81-00A0C90DC8D9
For instructions on how to set the kill bit on an ActiveX control, please see the following article: Microsoft Knowledge Base Article 240797 (Microsoft) Microsoft ( http://support.microsoft.com/kb/240797 )."

:fear:

 

[AplusWebMaster]

FYI...

Microsoft Security Advisory (954960)
...WSUS Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954960.mspx
Updated: August 12, 2008

Some computers do not receive updates from the WSUS server
* http://support.microsoft.com/kb/954960
Last Review: August 12, 2008
Revision: 5.0

:fear:

 

[AplusWebMaster]

MS Security Bulletin Advance Notification - August 2008

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx
August 7, 2008 - "This is an advance notification of security bulletins that Microsoft is intending to release on August 12, 2008... (Total of 12)

Critical (7)

Windows 1 Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

IE Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer...

Media Player Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Access Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Excel Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

PowerPoint Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Office Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

---

Important (5)

Windows 2 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows...

Windows 3 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

OE Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows, Outlook Express, Windows Mail...

Messenger Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows, Windows Messenger...

Word Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution
Affected Software: Microsoft Office...

- http://blogs.technet.com/msrc/archive/2008/08/07/august-2008-advance-notification.aspx
August 07, 2008 - "...we are planning to release high-priority, non-security updates on Windows Update and Windows Server Update Services (WSUS) as well as high-priority, non-security updates on Microsoft Update and Windows Server Update Services (WSUS). You can get additional information, in the “Other Information” section of the Advanced Notification..."

//

 

[AplusWebMaster]

MS Security Bulletin Summary - August 2008

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx
August 12, 2008 - "This bulletin summary lists security bulletins released for August 2008..." (Total 11)

Critical (6)

Microsoft Security Bulletin MS08-046
Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
- http://www.microsoft.com/technet/security/bulletin/MS08-046.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)
- http://www.microsoft.com/technet/security/bulletin/MS08-045.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer...

Microsoft Security Bulletin MS08-041
Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
- http://www.microsoft.com/technet/security/bulletin/MS08-041.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-043
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
- http://www.microsoft.com/technet/security/bulletin/MS08-043.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-051
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
- http://www.microsoft.com/technet/security/bulletin/MS08-051.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Microsoft Security Bulletin MS08-044
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
- http://www.microsoft.com/technet/security/bulletin/MS08-044.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Important (5)

Microsoft Security Bulletin MS08-047
Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)
- http://www.microsoft.com/technet/security/bulletin/MS08-047.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-049
Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
- http://www.microsoft.com/technet/security/bulletin/MS08-049.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-048
Security Update for Outlook Express and Windows Mail (951066)
- http://www.microsoft.com/technet/security/bulletin/MS08-048.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows, Outlook Express, Windows Mail...

Microsoft Security Bulletin MS08-050
Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
- http://www.microsoft.com/technet/security/bulletin/MS08-050.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Windows, Windows Messenger...

Microsoft Security Bulletin MS08-042
Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)
- http://www.microsoft.com/technet/security/bulletin/MS08-042.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

---

ISC Analysis
- http://isc.sans.org/diary.html?storyid=4876
Last Updated: 2008-08-12 19:06:35 UTC

---
Revised (4):

Microsoft Security Bulletin MS08-022 – Critical
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
- http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx
• V2.0 (August 12, 2008): Added known issues link. Also added an entry to the section, Frequently Asked Questions (FAQ) Related to this Security Update, about the known issues and solutions. The solutions include a deployment change for this security update for one issue and a workaround for another. Customers who have successfully updated their systems do not need to reinstall this update.

Microsoft Security Bulletin MS08-033 – Critical
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
- http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx
• V2.1 (August 12, 2008): Added known issues link. Also added an entry to the section, Frequently Asked Questions (FAQ) Related to this Security Update, about the known issues and solutions. The solutions include a change to Microsoft Baseline Security Analyzer (MBSA) 2.1 to correctly detect this update.

Microsoft Security Bulletin MS07-047 - Important
Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
- http://www.microsoft.com/technet/security/Bulletin/MS07-047.mspx
• V2.0 (August 12, 2008): Added Windows XP Service Pack 3 as affected software. This is a detection change only; there were no changes to the binaries. Customers who have successfully updated their systems do not need to reinstall this update.

Microsoft Security Bulletin MS08-040 – Important
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
- http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx
• V1.6 (August 12, 2008): Added entry to the Frequently Asked Questions (FAQ) Related to this Security Update to communicate a change in the installation code for the security update for SQL Server 2005 Service Pack 2. This is an installation code change only. There were no changes to the security update binaries.

//

 

[AplusWebMaster]

Cumulative Security Update of -ActiveX- Kill Bits

FYI...

Microsoft Security Advisory (953839)
Cumulative Security Update of -ActiveX- Kill Bits
- http://www.microsoft.com/technet/security/advisory/953839.mspx
August 12, 2008 - "Microsoft is releasing a new set of ActiveX kill bits with this advisory. The update includes kill bits for the following third-party software:
• Aurigma Image Uploader. Aurigma has issued an advisory and an update that addresses vulnerabilities...
http://blogs.aurigma.com/post/2008/03/Official-security-bulletin.aspx ...
• HP Instant Support. HP has issued an advisory and an update that addresses vulnerabilities. Please see the advisory from HP for more information...
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01422264 ...
...Customers who are interested in learning more about this update should review Microsoft Knowledge Base Article 953839
- http://support.microsoft.com/kb/953839
August 12, 2008

- http://www.microsoft.com/technet/security/advisory/953839.mspx
• August 13, 2008: Updated to include links to HP’s Advisories
"...HP has issued -2- advisories..."
* http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01422264
** http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01439758

:fear:

 

[AplusWebMaster]

MS08-051 - v2.0 patch...

FYI...

MS08-051 V2.0 Patch issued August 20, 2008
- http://isc.sans.org/diary.html?storyid=4918
Last Updated: 2008-08-22 00:30:51 UTC - "Microsoft has posted new update packages, labeled Version 2, for Microsoft Office PowerPoint 2003 Service Pack 2 and Microsoft Office PowerPoint 2003 Service Pack 3" described in MS08-051*, Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution... Others should check with their patch management vendors. The original patch "contained incorrect versions of the binaries. While these versions did protect against the vulnerabilities discussed in the bulletin, they lacked other important security and reliability updates..."

* http://www.microsoft.com/technet/security/bulletin/ms08-051.mspx
• V2.0 (August 20, 2008): ...Customers who manually installed Version 1 of this update from Microsoft Download Center need to reinstall Version 2 of this update. Customers who have installed this update using Microsoft Update or Office Update do not need to reinstall..."

:fear:

 

[AplusWebMaster]

MS Security Bulletin Advance Notification - September 2008

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms08-sep.mspx
September 4, 2008 - "...This is an advance notification of security bulletins that Microsoft is intending to release on September 9, 2008 (Total of -4-)...

Critical (4)

Windows Media Player Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows.

Windows Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer, .NET Framework, Messenger, Office, SQL Server, Visual Studio.

Windows Media Encoder Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows.

Office Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

 

[AplusWebMaster]

Gotcha: IE8 Lock-In With XP SP3

FYI...

Gotcha: IE8 Lock-In With XP SP3
- http://www.wservernews.com/?id=690
Sep 1, 2008 - "...Redmond on its IE blog* warned XP SP3 users that in some circumstances they will not be able to uninstall either SP3 or IE8. This heads-up was similar to an earlier warning in May, when XP SP3 had just been released. Redmond said then that you wouldn't be able to downgrade from IE7 to the older IE6 browser without uninstalling SP3. Jane Maliouta, an IE program manager, gave specifics about this new gotcha, which impacts you when you downloaded and installed IE8 Beta 1 prior to updating XP to SP3. If you then upgrade IE8 to Beta 2, which Redmond unveiled on the 28th, you will be stuck with both IE8 and Windows XP SP3. You will get a warning dialog:
"If you continue, XP SP3 and IE8 Beta 2 will become permanent, you will still be able to upgrade to later IE8 builds as they become available, but you won't be able to uninstall them."
So how to get around this lock-in? First uninstall XP SP3, then uninstall IE8 Beta 1; then reinstall XP SP3 and follow that by installing IE8 Beta 2. Dang, that's a hassle..."
* http://blogs.msdn.com/ie/archive/2008/08/27/upgrading-to-internet-explorer-8-beta-2.aspx

:thud: :fear:

 

[AplusWebMaster]

MS Security Bulletin Summary - September 2008

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-sep.mspx
September 9, 2008 - "The security bulletins for this month are as follows, in order of severity: (Total of -4-)

Critical (4)

Microsoft Security Bulletin MS08-054
Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
- http://www.microsoft.com/technet/security/Bulletin/ms08-054.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-052
Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
- http://www.microsoft.com/technet/security/Bulletin/ms08-052.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Visual Studio...

Microsoft Security Bulletin MS08-053
Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
- http://www.microsoft.com/technet/security/Bulletin/ms08-053.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-055
Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)
- http://www.microsoft.com/technet/security/Bulletin/ms08-055.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

---
ISC Analysis:
- http://isc.sans.org/diary.html?storyid=5009
Last Updated: 2008-09-09 17:46:41 UTC

- http://blogs.technet.com/swi/
Sep. 9, 2008

---
MS08-052
- http://secunia.com/advisories/31675/

MS08-053
- http://secunia.com/advisories/31724/

MS08-054
- http://secunia.com/advisories/31726/

MS08-055
- http://secunia.com/advisories/31744/

---
Revisions...

MS08-052:
- http://www.microsoft.com/technet/security/Bulletin/ms08-052.mspx
• V2.0 (September 12, 2008): Bulletin updated to add Microsoft Office Project 2002 Service Pack 2, all Office Viewer software for Microsoft Office 2003, and all Office Viewer software for 2007 Microsoft Office System as Affected Software...

MS08-053:
- http://www.microsoft.com/technet/security/Bulletin/ms08-053.mspx
• V1.1 (September 10, 2008): Corrected the "Installing without user intervention" and "Installing without restarting" switches in the Security Update Deployment sections for Windows Vista and Windows Server 2008. Also changed "C:\Program Files" to "%programfiles%" in the Workarounds for Windows Media Encoder Buffer Overrun Vulnerability - CVE-2008-3008 commands.

MS08-054:
- http://www.microsoft.com/technet/security/Bulletin/ms08-054.mspx
• V1.1 (September 10, 2008): Removed erroneous entry from Mitigating Factors for Windows Media Player Sampling Rate Vulnerability - CVE-2008-2253.

MS08-055:
- http://www.microsoft.com/technet/security/Bulletin/ms08-055.mspx
• V1.1 (September 10, 2008): Corrected the installation switches and deployment information for OneNote 2007, and added to the list of non-affected software. Also, updated FAQ entries explaining why this update is offered to systems with non-affected software.

:-(

 

[AplusWebMaster]

MS08-053 exploit in the wild

FYI...

- http://www.symantec.com/security_response/threatconlearn.jsp
Sep. 19, 2008 - "The ThreatCon is currently at Level 1. Symantec is currently monitoring in-the-wild attacks leveraging the recently patched Windows Media Player ActiveX vulnerability associated with MS08-053. On September 15, 2008, the DeepSight honeynet observed active exploitation of this flaw as part of a web exploit kit. Successful exploitation of this, or any of the other targeted vulnerabilities, will install malicious code on victim computers. For details on the vulnerability, see the following: Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability ( http://www.securityfocus.com/bid/31065 ) We strongly urge all users to apply the patches made available in the MS08-053 security bulletin immediately. Those who cannot do so should set the kill bit on the associated CLSID (A8D3AD02-7508-4004-B2E9-AD33F087F43C) until patches can be applied. For more information and patches, see the Microsoft bulletin: Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution ( http://www.microsoft.com/technet/security/bulletin/MS08-053.mspx ) ."

:fear:

 

[AplusWebMaster]

MS Bulletin Advance Notification - October 2008

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-oct.mspx
October 9, 2008 - "This is an advance notification of security bulletins that Microsoft is intending to release on October 14, 2008... (Total of -11-)

Critical (4)

AD Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

IE Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer...

HIS Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Host Integration Server...

Excel Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Important (6)

Windows 1 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows...

Windows 2 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows...

Windows 3 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Windows 4 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Windows 5 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege...
Affected Software: Microsoft Windows...

Windows 6 Bulletin
Maximum Severity Rating: Important
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Moderate (1)

Office Bulletin
Maximum Severity Rating: Moderate
Impact of Vulnerability: Information Disclosure...
Affected Software: Microsoft Office...

//

 

[AplusWebMaster]

Microsoft Security Advisory (951306) - update

FYI...

Microsoft Security Advisory (951306)
Vulnerability in Windows Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/951306.mspx
Published: April 17, 2008 | Updated: October 9, 2008
"Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2, Windows XP Professional Service Pack 3, and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability.
Microsoft is aware that exploit code has been published on the Internet for the vulnerability addressed by this advisory. Our investigation of this exploit code has verified that it does not affect customers who have applied the workarounds listed...
Revisions:
• April 17, 2008: Advisory published
• April 23, 2008: Added clarification to impact of workaround for IIS 6.0
• August 27, 2008: Added Windows XP Professional Service Pack 3 as affected software.
• October 9, 2008: Added information regarding the public availability of exploit code...

:fear:

 

[AplusWebMaster]

MS e-mail spoofs with malware...

FYI...

MS e-mail spoofs with malware
- http://blogs.technet.com/msrc/archive/2008/10/13/microsoft-security-e-mail-spoofs-with-malware.aspx
October 13, 2008 - "... While malicious e-mails posing as Microsoft security notifications with attached malware aren’t new (we’ve seen this problem for several years) this particular one is a bit different in that it claims to be signed by our own Steve Lipner and has what appears to be a PGP signature block attached to it. While those are clever attempts to increase the credibility of the mail, I can tell you categorically that this is -not- a legitimate e-mail: it is a piece of malicious spam and the attachment is malware. Specifically, it contains Backdoor:Win32/Haxdoor... we never, ever, ever send attachments with our security notification e-mails. And, as a matter of company policy, Microsoft will never send you an executable attachment. If you get an e-mail that claims to be a security notification with an attachment, delete it. It is always a spoof..."

:fear::fear:

 

[AplusWebMaster]

MS Security Bulletin Summary - October 2008

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS08-oct.mspx
October 14, 2008
"This bulletin summary lists security bulletins released for October 2008...

Critical (4)

Microsoft Security Bulletin MS08-060
Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
- http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)
- http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows, Internet Explorer...

Microsoft Security Bulletin MS08-059
Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
- http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Host Integration Server...

Microsoft Security Bulletin MS08-057
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
- http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Office...

Important (6)

Microsoft Security Bulletin MS08-066
Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
- http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-061
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
- http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-062
Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
- http://www.microsoft.com/technet/security/Bulletin/MS08-062.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-063
Vulnerability in SMB Could Allow Remote Code Execution (957095)
- http://www.microsoft.com/technet/security/Bulletin/MS08-063.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-064
Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
- http://www.microsoft.com/technet/security/Bulletin/MS08-064.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Microsoft Windows...

Microsoft Security Bulletin MS08-065
Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
- http://www.microsoft.com/technet/security/Bulletin/MS08-065.mspx
Maximum Severity Rating: Important
Impact of Vulnerability: Elevation of Privilege
Affected Software: Microsoft Windows...

Moderate (1)

Microsoft Security Bulletin MS08-056
Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
- http://www.microsoft.com/technet/security/Bulletin/MS08-056.mspx
Maximum Severity Rating: Moderate
Impact of Vulnerability: Information Disclosure
Affected Software: Microsoft Office...

---

ISC Anaylsis
- http://isc.sans.org/diary.html?storyid=5180
Last Updated: 2008-10-14 18:30:09 UTC

 

[AplusWebMaster]

Cumulative Security Update of ActiveX Kill Bits

FYI...

Microsoft Security Advisory (956391)
Cumulative Security Update of ActiveX Kill Bits
- http://www.microsoft.com/technet/security/advisory/956391.mspx
October 14, 2008 - "Microsoft is releasing a new set of ActiveX kill bits with this advisory...
This update sets the kill bits for the following third-party software:
• Microgaming Download Helper...
• System Requirements Lab...
• PhotoStockPlus Uploader Tool...
This update sets the kill bits for ActiveX controls addressed in previous Microsoft Security Bulletins. These kill bits are being set in this update as a defense in depth measure:
• Unsafe Functions in Office Web Components (328130), MS02-044.
• Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103), MS08-017.
• Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617), MS08-041.
• Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593), MS08-052.
For more information about installing this update, see Microsoft Knowledge Base Article 956391*."
* http://support.microsoft.com/kb/956391
Last Review: October 14, 2008

:spider:

 

[AplusWebMaster]

MS out-of-band patch - Critical

FYI...

MS out-of-band patch - Critical
- http://isc.sans.org/diary.html?storyid=5227
Last Updated: 2008-10-23 12:16:16 UTC - "Microsoft has just released an advance notification* of an out-of-band update to be released on 23rd of October. They will hold a special webcast on the 23rd at 1:00 pm PT to discuss the release. The patch will be released at 10.00 am. The information in the bulletin mentions a remote code exploit, but no further details are provided, however a restart will be required. Microsoft rates the issue as -critical- for 2000/XP/2003 and important for vista/2008. If we get more information we'll update this diary."
* http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx
Critical (1)
Microsoft Security Bulletin to be issued: October 23, 2008
Windows Bulletin
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...

>>> http://forums.spybot.info/showthread.php?p=246351#post246351

:fear:

 

[AplusWebMaster]

MS08-067 released...

FYI...

Microsoft Security Bulletin MS08-067
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
- http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
October 23, 2008 - "...This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit..."
Maximum Severity Rating: Critical
Impact of Vulnerability: Remote Code Execution...
Affected Software: Microsoft Windows...
Exploitability Index: 1 - Consistent exploit code likely...

- http://blogs.technet.com/msrc/archive/2008/10/23/ms08-067-released.aspx
October 23, 2008
- http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx

---
MS08-067 - exploit in the wild
- http://www.symantec.com/security_response/threatconlearn.jsp
Oct. 23, 2008 - "The ThreatCon is currently at Level 2: Elevated. The DeepSight Threat Analysis Team has updated the ThreatCon to Level 2. Microsoft has released an out-of-band security bulletin to address a Critical flaw in the Server Service (SVRSVC). The vulnerability occurs because of a failure in processing malformed RPC packets sent to the service. By default this issue can be exploited without authentication on Windows 2000, Windows XP, and Windows 2003. Both Windows Vista and Windows Server 2008 are vulnerable, but require authentication by default.
MS08-067 - Vulnerability in Server Service Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
According to the bulletin this vulnerability is being actively exploited in the wild..."
---

- http://securitylabs.websense.com/content/Alerts/3218.aspx
10.23.2008

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4250
10.23.2008

- http://secunia.com/advisories/32326
Release Date: 2008-10-23
Critical: Highly critical
Impact: System access...

- http://isc.sans.org/diary.html?storyid=5227
Last Updated: 2008-10-23 20:58:46 UTC ...Version: 3
"...we believe that client computers need to be updated with all due haste..."

:fear:

 

[AplusWebMaster]

Microsoft Security Advisory (958963)

FYI...

Microsoft Security Advisory (958963)
Exploit Code Published Affecting the Server Service
- http://www.microsoft.com/technet/security/advisory/958963.mspx
October 27, 2008 - "Microsoft is aware that detailed exploit code demonstrating code execution has been published on the Internet for the vulnerability that is addressed by security update MS08-067*. This exploit code demonstrates code execution on Windows 2000, Windows XP, and Windows Server 2003. Microsoft is aware of limited, targeted active attacks that use this exploit code. At this time, there are no self-replicating attacks associated with this vulnerability. Microsoft has activated its Software Security Incident Response Process (SSIRP) and is continuing to investigate this issue. Our investigation of this exploit code has verified that it does not affect customers who have installed the updates detailed in MS08-067 on their computers. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows..."
* http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

:fear:

 

[AplusWebMaster]

Vista updates ...

FYI...

Vista updates KB957200 and KB953155
- http://isc.sans.org/diary.html?storyid=5258
Last Updated: 2008-10-30 14:02:45 UTC - "...A few readers are writing in to ask about two recent updates appearing in their queue: KB957200 and KB953155.

KB957200* is listed as a reliability update and according to Microsoft: "this update resolves some performance and reliability issues in Windows Vista. By applying this update, you can achieve better performance and responsiveness in various scenarios. After you install this item, you may have to restart your computer."
* http://support.microsoft.com/kb/957200/en-us

KB953155** is a security update related to MS08-062..."
** http://support.microsoft.com/kb/953155/en-us
Last Review: October 14, 2008
- http://www.microsoft.com/technet/security/bulletin/ms08-062.mspx
Updated: October 29, 2008
Version: 2.2...
"...There were no changes to the security update binaries..."

:fear:

 

[AplusWebMaster]

Proof of concept binaries for MS08-067 ...

FYI...

- http://www.f-secure.com/weblog/archives/00001525.html
October 31, 2008 - " We are seeing the first Proof of Concept binaries that target the MS08-067 vulnerability on the following English localized systems:
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows 2003 Service Pack 2
The payload is encrypted as normal. It's function is to add the guest account to the administrators group, thus allowing unlimited access to the machine. We detect the binaries as follows:
Backdoor:W32/Agent.DIN
Backdoor:W32/Agent.DIO
Backdoor:W32/Agent.DIP
We'll continue to keep an eye on the events."

:fear: :fear: