Old MS Alerts

MS10-021 ...failed WinXP Update

FYI...

MS10-021 ...failed WinXP Update
- http://isc.sans.org/diary.html?storyid=8644
Last Updated: 2010-04-16 17:01:19 UTC - "... there is a general statement concerning the prevention of the update from installing "if certain abnormal conditions exist on 32-bit systems"... if you happened to be using WinXP and encountered an error while performing an update for MS10-021, Microsoft has provided a link here* to officially explain what the error means and what resolution steps can be taken..."
* http://www.microsoft.com/security/updates/015/

- http://www.microsoft.com/technet/security/bulletin/ms08-021.mspx
• V1.1 (April 9, 2008): Bulletin updated to add a Known Issues link to Microsoft Knowledge Base Article 948590, to add a Known Issues section to the FAQ, to update the uninstall registry path, and to update the Acknowledgments.
• V1.2 (April 11, 2008): Bulletin updated to remove a reference to unsupported software in the Vulnerability FAQs.
(See: "Known Issues"): http://support.microsoft.com/kb/948590

- http://news.bbc.co.uk/2/hi/technology/8624560.stm
16 April 2010

- http://www.theregister.co.uk/2010/04/16/ms_kernel_patch_bypasses_pwned_pcs/
16 April 2010

:sad::fear:
 
MS10-025 to be Re-released...

FYI...

MS10-025 Security Update to be Re-released
- http://blogs.technet.com/msrc/archive/2010/04/21/ms10-025-security-update-to-be-re-released.aspx
April 21, 2010 - "MS10-025* is a security update that only affects Windows 2000 Server customers who have installed Windows Media Services (this is a non-default configuration). Today we pulled the update because we found it does not address the underlying issue effectively. We are not aware of any active attacks seeking to exploit this issue and are targeting a re-release of the update for next week. Customers should review the bulletin for mitigations and workarounds and those with internet facing systems with Windows Media Services installed should evaluate and use firewall best practices to limit their overall exposure..."

Microsoft Security Bulletin MS10-025 - Critical
Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
* http://www.microsoft.com/technet/security/Bulletin/MS10-025.mspx
Published: April 13, 2010 | Updated: April 21, 2010
• V2.0 (April 21, 2010): Revised bulletin to inform customers that the original security update did not protect systems from the vulnerability described in this bulletin. Microsoft recommends that customers apply one of the workarounds described in this bulletin to help mitigate the impact to affected systems until a revised security update is made available.

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0478
CVSS v2 Base Score: 9.3 (HIGH)

:confused:
 
MS Security Intelligence Report - 2H09

FYI...

MS Security Intelligence Report - 2H09
- http://www.networkworld.com/community/node/60529
04/26/10 - "Conficker was far and away the most prevalent threat found on Windows machines in the second half of 2009 in the enterprise, Microsoft says. The company's security tools cleaned the Conficker worm from [25%] of enterprise Windows machines. That was one of the findings in Microsoft's semi-annual security report card, the Microsoft Security Intelligence Report*, published on Monday... both Conficker and Autorun were found to be the worms of choice for hackers that gained the ability of downloading malware onto a machine by gaining access through another hole... Scareware, also known as rogue security software, is a fake security warning that pretends to detect a threat and asks the user to install it and then proceeds to try to talk the user into paying for registration or other services. Microsoft says its security products cleaned scareware from 7.8 million computers in 2H09, up from 5.3 million computers in 1H09 — an increase of 46.5 percent... vulnerabilities against Microsoft continue to be a growing hacker favorite. Microsoft released 47 security bulletins in second half of 2009 that addressed 104 individual vulnerabilities compared to 27 in the first half that fixed about 84 holes. Of these nearly 81% were reported to Microsoft first adhering to its "responsible disclosure practices" compared to 79.5 in the first half. In straight numbers, this still leaves more holes discovered out in the wild before Microsoft can fix them. Hackers find more success in attacking applications than they do the operating systems or the browsers. Of those browser-based exploits, holes in Adobe reader account for the lion's share, according to Microsoft. Ironically, the Microsoft Security Intelligence Report, Volume 8, is available as a PDF..."

* http://www.microsoft.com/security/about/sir.aspx
"... (SIR v8) covers July 2009 through December 2009..."

:fear:
 
MS Security Bulletin MS10-025 - re-released

FYI...

MS Security Bulletin MS10-025 - Critical
Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
- http://www.microsoft.com/technet/security/bulletin/ms10-025.mspx
Updated: April 27, 2010
• V3.0 (April 27, 2010): Revised bulletin to offer the re-released security update for Windows Media Services running on Microsoft Windows 2000 Server Service Pack 4. Microsoft recommends that customers running the affected software apply the re-released security update immediately."

:fear:
 
MS Security Advisory (983438)

FYI...

Microsoft Security Advisory (983438)
Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/983438.mspx
April 29, 2010 - "Microsoft is investigating new public reports of a possible vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment. We are actively working with partners in our Microsoft Active Protections Program (MAPP)* to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."
* http://www.microsoft.com/security/msrc/collaboration/mapp.aspx

- http://blogs.technet.com/msrc/archive/2010/04/29/security-advisory-983438-released.aspx
April 29, 2010 - "... Customers running SharePoint Server 2007 or SharePoint Services 3.0 are encouraged to review and apply the mitigations and workarounds discussed in the Security Advisory..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0817

:fear:
 
Last edited:
MSRT results - April 2010

FYI...

MSRT results - April 2010
- http://blogs.technet.com/mmpc/archive/2010/04/30/msrt-april-threat-reports-alureon.aspx
April 30, 2010 - "... results from the April edition of MSRT. As part of our ongoing updates to families already in MSRT, we have added support for more variants of the Win32/Alureon rootkit/infector, including the ones responsible for the issues widely reported with Microsoft Security Bulletin MS10-015...
Variant Computers Cleaned
Virus:Win32/Alureon.A 43,620
Virus:Win32/Alureon.B 7,297
Virus:Win32/Alureon.F 36,586
Virus:Win32/Alureon.G 102,549
Alureon Trojans and Droppers 72,917
Total 262,969
---
... although the Alureon family has been around for years, some variants (.A-.F) gained a lot of attention since they conflicted with Microsoft Security Bulletin MS10-015 and rendered machines unbootable after applying updates to ntoskrnl.exe. Within a few days, the rootkit authors updated Win32/Alureon.G to avoid the issue since it was attracting a lot of unwanted attention. Moreover, Microsoft also re-released Microsoft Security Bulletin MS10-015 with new heuristic checks included in the installer identifying symptoms of the rootkit, preventing the patch from being applied to the affected users while warning them of the issues. The recently released Microsoft Security Bulletin MS10-021 also demonstrates a similar behavior. The good news however, is that once MSRT April installs and cleans Alureon from the machine, these patches can be installed successfully to secure the machines...
Apart from tackling the Alureon variants, the newly added threat family for this month, Win32/Magania, was cleaned from 43,394 machines. In total, MSRT April cleaned malware infections from 3,168,563 machines since it was released on the 13th of this month. Below are the top six most prevalent threat families cleaned with MSRT in April.
Family Computers Cleaned
Frethog 831,289
Taterf 372,597
Alureon 262,969
Rimecud 250,603
Hamweq 225,104
Four out of the top five, Frethog, Taterf, Rimecud and Hamweq, are worms taking advantage of propagation mechanisms that traditionally lead to outbreaks. These worms use shared/mapped drives, removable devices, autorun behaviors, all of which are common attack surfaces that we’ve combated for years. We highly recommend reading the section “Protecting Against Malicious and Potentially Unwanted Software” in the latest edition of the Microsoft Security Intelligence Report* which provides great advice on preventing the spread of infections and tackling malware in general to ensure you and any users you may support stay fully protected."
* http://www.microsoft.com/security/portal/Threat/SIR.aspx

:fear:
 
Update on MS10-016 ...

FYI...

Update on MS10-016 for Microsoft Producer
- http://blogs.technet.com/msrc/archive/2010/05/03/update-on-ms10-016-for-microsoft-producer.aspx
May 03, 2010 - "... update on MS10-016*, a Windows Movie Maker bulletin we released in March 2010. At the time, we did not have an update for Microsoft Producer 2003. Today we have released a new version of Microsoft Producer that replaces the old version. We recommend that all customers using Producer 2003 upgrade to the new version located here*. For those customers who do not wish to upgrade to the new version, we recommend that you apply the workaround available as a Microsoft FixIt in KB975561**. The FixIt removes the file association from the application to prevent files from being opened in Producer when you double click on them. Users who apply the FixIt can still open their projects by first launching Producer and then opening the file from within the application. For more information, please review the security bulletin."
* http://www.microsoft.com/technet/security/bulletin/ms10-016.mspx
• V2.0 (May 3, 2010): Corrected installation switches for Movie Maker 2.6 on Windows Vista and Windows 7. Also, announced availability of Microsoft Producer. Microsoft recommends that users of Microsoft Producer 2003 upgrade to the new version, Microsoft Producer.

** http://support.microsoft.com/kb/975561

:fear:
 
MS10-024 patch - Windows SMTP Service DNS query Id vuln

FYI...

MS10-024 patch - Windows SMTP Service DNS query Id vuln
- http://www.theregister.co.uk/2010/05/05/secret_microsoft_patch/
5 May 2010 - "... "These vulnerabilities were fixed by the patches referenced in MS10-024 but were not disclosed in the vendor's security bulletin and did not have a unique vulnerability identifier assigned to them," the Core advisory stated*. "As a result, the guidance and the assessment of risk derived from reading the vendor's security bulletin may overlook or misrepresent actual threat scenarios."
Microsoft issued the following statement:
"The purpose of security bulletins is to help customers accurately assess their risk as part of their planning. We do not include comprehensive information about all variants addressed as part of our investigation, but the information we do provide around severity, and risk accurately pertains to the vulnerabilities discussed in the bulletin and any variants that are addressed as part of the investigation. In other words, no variant represents a greater severity than the vulnerability discussed in the bulletin."
* http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0058.html
May 04 2010

- http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx
Published: April 13, 2010 | Updated: April 15, 2010
Version: 1.2

:fear::fear:
 
MS Security Bulletin Advance Notification - May 2010

FYI...

- http://www.microsoft.com/technet/security/bulletin/ms10-may.mspx
May 06, 2010 - "This is an advance notification of security bulletins that Microsoft is intending to release on May 11, 2010...
(Total of -2-)

Critical (2)

Bulletin 1
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Vulnerability Impact: Microsoft Windows

Bulletin 2
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Office, Microsoft Visual Basic for Applications

- http://blogs.technet.com/msrc/archi...r-the-may-2010-security-bulletin-release.aspx
May 06, 2010

:fear:
 
MS Security Bulletin Summary - May 2010

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS10-may.mspx
May 11, 2010 - "This bulletin summary lists security bulletins released for May 2010...
(Total of -2-)

Critical -2-

Microsoft Security Bulletin MS10-030 - Critical
Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)
- http://www.microsoft.com/technet/security/bulletin/MS10-030.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Vulnerability Impact: Microsoft Windows
• V1.1 (May 12, 2010): Corrected restart requirements for Microsoft Windows 2000, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Also corrected the verification registry key for Microsoft Outlook Express 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4.

Microsoft Security Bulletin MS10-031 - Critical
Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)
- http://www.microsoft.com/technet/security/bulletin/ms10-031.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Vulnerability Impact: Microsoft Office, Microsoft Visual Basic for Applications

Deployment Priority
- http://blogs.technet.com/photos/msrcteam/images/3331833/original.aspx

Severity and Exploitability Index
- http://blogs.technet.com/photos/msrcteam/images/3331832/original.aspx
___

MS10-030 (KB978542) Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution
- http://secunia.com/advisories/39766/
MS10-031 (KB974945, KB976321, KB976380, KB976382, KB978213) Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution
- http://secunia.com/advisories/39663/
___

MS10-030: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0816

MS10-031: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0815
___

ISC Analysis
- http://isc.sans.org/diary.html?storyid=8776
Last Updated: 2010-05-11 18:05:49 UTC
___

MSRT
- http://support.microsoft.com/?kbid=890830
May 11, 2010 - Revision: 72.2
(Recent additions)
- http://www.microsoft.com/security/malwareremove/families.aspx
... added this release
Oficla*
* http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Oficla

Download:
- http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
File Name: windows-kb890830-v3.7.exe
Version: 3.7
Date Published: 5/11/2010
To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en
File Name: windows-kb890830-x64-v3.7.exe
___

.
 
Last edited:
MS Security Advisory 2028859

FYI...

Microsoft Security Advisory (2028859)
Vulnerability in Canonical Display Driver Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2028859.mspx
May 18, 2010 - "Microsoft is investigating a new public report of a vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."

- http://www.theregister.co.uk/2010/05/18/windows_7_security_bug/
18 May 2010 - "... users can prevent attacks by disabling the Windows Aero Theme. To turn it off, choose Start > Control Panel and click on Appearance and Personalization. Then click on Change the Theme. Then select one of the Basic and High Contrast Themes."

:fear:
 
Last edited:
MS Security Bulletin Advance Notification - June 2010

FYI...

MS Security Bulletin Advance Notification - June 2010

- http://blogs.technet.com/b/msrc/arc...0-security-bulletin-advance-notification.aspx
3 Jun 2010 - "... This month’s release includes ten bulletins addressing 34 vulnerabilities.
• Six of the bulletins affect Windows; of those, two carry a Critical severity rating and four are rated Important.
• Two bulletins, both with a severity rating of Important, affect Microsoft Office.
• One bulletin, again with a severity rating of Important, affects both Windows and Office.
• One bulletin, with a severity rating of Critical, affects Internet Explorer...
We will also be acting on two Security Advisories this month.
• We are closing Security Advisory 983438 (Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege) with the June bulletins.
• We are also addressing Security Advisory 980088 (Vulnerability in Internet Explorer Could Allow Information Disclosure)..."

- http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx
June 3, 2010 - "This is an advance notification of security bulletins that Microsoft is intending to release on June 8, 2010... (Total of -10-)

Critical -3-

Bulletin 2
Critical
Remote Code Execution
May require restart
Microsoft Windows

Bulletin 3
Critical
Remote Code Execution
May require restart
Microsoft Windows

Bulletin 4
Critical
Remote Code Execution
Requires restart
Microsoft Windows, Internet Explorer

Important -7-

Bulletin 1
Important
Elevation of Privilege
Requires restart
Microsoft Windows

Bulletin 5
Important
Remote Code Execution
May require restart
Microsoft Office

Bulletin 6
Important
Elevation of Privilege
May require restart
Microsoft Windows

Bulletin 7
Important
Remote Code Execution
May require restart
Microsoft Office

Bulletin 8
Important
Elevation of Privilege
May require restart
Microsoft Office, Microsoft Server Software

Bulletin 9
Important
Remote Code Execution
May require restart
Microsoft Windows

Bulletin 10
Important
Tampering
May require restart
Microsoft Windows

.
 
Last edited:
MS Security Bulletin Summary - June 2010

FYI...

MS Security Bulletin Summary - June 2010
- http://www.microsoft.com/technet/security/Bulletin/MS10-jun.mspx
June 08, 2010 - "This bulletin summary lists security bulletins released for June 2010... (Total of -10-)

Critical -3-

Microsoft Security Bulletin MS10-033 - Critical
Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
- http://www.microsoft.com/technet/security/bulletin/MS10-033.mspx
Critical
Remote Code Execution
May require restart
Microsoft Windows

Microsoft Security Bulletin MS10-034 - Critical
Cumulative Security Update of ActiveX Kill Bits (980195)
- http://www.microsoft.com/technet/security/bulletin/ms10-034.mspx
Critical
Remote Code Execution
May require restart
Microsoft Windows

Microsoft Security Bulletin MS10-035 - Critical
Cumulative Security Update for Internet Explorer (982381)
- http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx
Critical
Remote Code Execution
Requires restart
Microsoft Windows, Internet Explorer

Important -7-

Microsoft Security Bulletin MS10-032 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
- http://www.microsoft.com/technet/security/bulletin/ms10-032.mspx
Important
Elevation of Privilege
Requires restart
Microsoft Windows

Microsoft Security Bulletin MS10-036 - Important
Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
- http://www.microsoft.com/technet/security/bulletin/ms10-036.mspx
Important
Remote Code Execution
May require restart
Microsoft Office
...For XP systems w/Office XP, also see:
- http://support.microsoft.com/kb/983235
June 8, 2010 - Revision: 3.0 - MS10-036 - "... We are providing a Microsoft Fix it solution for users on Windows XP systems that have Microsoft Office XP installed... The Fix it solution applies to Office XP on Windows XP-based systems, and the Fix it solution addresses issues in Microsoft Word, Microsoft Excel, Microsoft PowerPoint, Microsoft Publisher, and Microsoft Visio..."

Microsoft Security Bulletin MS10-037 - Important
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
- http://www.microsoft.com/technet/security/bulletin/ms10-037.mspx
Important
Elevation of Privilege
May require restart
Microsoft Windows

Microsoft Security Bulletin MS10-038 - Important
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
- http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx
Important
Remote Code Execution
May require restart
Microsoft Office

Microsoft Security Bulletin MS10-039 - Important
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
- http://www.microsoft.com/technet/security/bulletin/ms10-039.mspx
Important
Elevation of Privilege
May require restart
Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS10-040 - Important
Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
- http://www.microsoft.com/technet/security/bulletin/MS10-040.mspx
Important
Remote Code Execution
May require restart
Microsoft Windows

Microsoft Security Bulletin MS10-041 - Important
Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
- http://www.microsoft.com/technet/security/bulletin/ms10-041.mspx
Important
Tampering
May require restart
Microsoft Windows, Microsoft .NET Framework
___

Severity and Exploitability Index
Deployment Priority
- http://blogs.technet.com/b/msrc/archive/2010/06/08/june-2010-security-bulletin-release.aspx
___

MSRT
- http://support.microsoft.com/?kbid=890830
June 8, 2010 - Revision: 73.0
(Recent additions)
- http://www.microsoft.com/security/malwareremove/families.aspx
... added this release
FakeInit *
* http://go.microsoft.com/fwlink/?LinkId=37020&Name=Win32/FakeInit
Download:
- http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
File Name: windows-kb890830-v3.8.exe
Version: 3.8
Date Published: 6/8/2010
To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en
File Name: windows-kb890830-x64-v3.8.exe
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=8929
Last Updated: 2010-06-08 18:24:24 UTC

.
 
Last edited:
MS Security Advisory updates...

FYI...

MS Security Advisory (2219475)
Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2219475.mspx
June 10, 2010 - "Microsoft is investigating new public reports of a possible vulnerability in the Windows Help and Support Center function that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. Microsoft is aware that proof of concept exploit code has been published for the vulnerability. However, Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary..."
- http://www.microsoft.com/technet/security/advisory/2219475.mspx
• V1.1 (June 11, 2010): Added a link to Microsoft Knowledge Base Article 2219475 to provide an automated Microsoft Fix it solution* for the workaround, Unregister the HCP Protocol. * http://support.microsoft.com/kb/2219475
• V1.2 (June 15, 2010): Revised Executive Summary to reflect awareness of limited, targeted active attacks that use published proof-of-concept exploit code.

- http://www.kb.cert.org/vuls/id/578319
Date Last Updated: 2010-06-10
- http://www.h-online.com/security/news/item/Windows-Help-used-as-attack-surface-1019381.html
10 June 2010

Microsoft Security Advisory (983438)
Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/983438.mspx
Updated: June 08, 2010 - "... We have issued MS10-039* to address this issue..."
* http://www.microsoft.com/technet/security/bulletin/ms10-039.mspx

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft.com/technet/security/advisory/973811.mspx
• V1.5 (June 8, 2010): Updated the FAQ with information about six non-security updates enabling .NET Framework to opt in to Extended Protection for Authentication.
See FAQ: "... updates released by Microsoft on June 8, 2010...", re: .NET Framework 2.0 ...

:fear::fear::fear:
 
Last edited:
CVE 2010-1885 exploit in the wild

FYI...

CVE 2010-1885 exploit in the wild
- http://www.sophos.com/blogs/sophoslabs/?p=10045
June 15, 2010 - "The recent Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) is being exploited in the wild... Today, we got the first pro-active detection (Sus/HcpExpl-A) on malware that is spreading via a compromised website. This malware downloads and executes an additional malicious component... on the victim’s computer, by exploiting this vulnerability. More details about CVE 2010-1885 can be found in our report here*."
* http://www.sophos.com/support/knowledgebase/article/111188.html

- http://support.microsoft.com/kb/2219475
Last Review: July 13, 2010 - Revision: 3.0 - "... We have released security bulletin MS10-042* to address this issue..."
* http://www.microsoft.com/technet/security/bulletin/MS10-042.mspx

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1885
... Windows XP and Windows Server 2003 ...
Last revised: 07/20/2010
CVSS v2 Base Score: 9.3 (HIGH)

- http://atlas.arbor.net/briefs/index#-2114420025
Severity: High Severity
... active exploitation on the Internet. This affects Window users, especially Windows XP and Server 2003. Mitigations and workarounds have been described by Microsoft.
Analysis: This is a major issue for all Windows users, and we encourage sites to update as soon as possible once a fix is released, or to apply the mitigations.

- http://securitytracker.com/alerts/2010/Jun/1024084.html
Jun 10 2010

- http://blog.trendmicro.com/microsoft-help-center-zero-day-exploits-loose/
June 15, 2010

- http://www.avast.com/pr-legitimate-websites-outscore-the-adult
28 June 2010 - "... HTML:Script-inf... infection is widespread and accounts for 20% of all infected UK pages. The infection takes advantage of a two week old Microsoft Windows vulnerability... CVE-2010-1885..."

- http://pandalabs.pandasecurity.com/hcp-vulnerability-exploited-in-the-wild/
06/28/10 - "... cyber criminals are quick to adapt new exploit methods and in this case it literally took one day before we started seeing examples being exploited in the wild..."

:fear::fear::fear:
 
Last edited:
Microsoft Alerts

FYI...

How to obtain the latest Windows XP service pack
- http://support.microsoft.com/kb/322389

- http://windows.microsoft.com/en-us/windows/help/learn-how-to-install-windows-xp-service-pack-3-sp3

- http://blogs.technet.com/b/lifecycl...ws-vista-with-no-service-packs-installed.aspx
"... Windows XP SP2 reached the end of support on July 13, 2010..."

- http://www.microsoft.com/downloads/...A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en
File Name: WindowsXP-KB936929-SP3-x86-ENU.exe
Download Size: 316.4 MB
Knowledge Base (KB) Articles: http://support.microsoft.com/?kbid=936929
Last Review: March 9, 2010 - Revision: 8.0

:fear::fear::fear:
 
Last edited:
CVE-2010-1885 attack status...

FYI...

CVE-2010-1885 attack status...
- http://blogs.technet.com/b/mmpc/arc...pport-center-vulnerability-cve-2010-1885.aspx
30 Jun 2010 - "... attacks have picked up and are no longer limited to specific geographies or targets, and we would like to ensure that customers are aware of this broader distribution. If you have not yet considered the countermeasures listed in the Microsoft Security Advisory (2219475*), you should consider them. As of today, over 10,000 distinct computers have reported seeing this attack at least one time. The following list shows some of the payloads we've detected:
• Trojan:Win32/Swrort.A
• TrojanDownloader:Win32/Obitel.gen!A
• Spammer:Win32/Tedroo.AB
• Trojan:Win32/Oficla.M
• TrojanSpy:Win32/Neetro.A
• Virus:JS/Decdec.A ..."

* http://support.microsoft.com/kb/2219475
Last Review: July 13, 2010 - Revision: 3.0 - "... We have released security bulletin MS10-042* to address this issue..."
* http://www.microsoft.com/technet/security/bulletin/MS10-042.mspx

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1885
Last revised: 07/20/2010
CVSS v2 Base Score: 9.3 (HIGH)

- http://krebsonsecurity.com/2010/07/microsoft-warns-of-uptick-in-attacks-on-unpatched-windows-flaw/
July 5, 2010

- http://community.websense.com/blogs/securitylabs/archive/2010/07/05/article-alley-compromised.aspx
5 Jul 2010 - "... Articlealley .com has been compromised and injected with obfuscated code. Article Alley is a free article directory that aims to help authors promote and syndicate their content. It allows authors and promoters to get their articles out on the Web with the potential of being read by millions of readers. This site was compromised from the root domain, and as a result all subsequent sub-pages were infected by the attack.... attack is targeting the Microsoft Help and Support Center 0-day vulnerability CVE-2010-1885..."
(Screenshots available at the Websense URL above.)

:fear::mad:
 
Last edited:
MS Security Bulletin Advance Notification - July 2010

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS10-jul.mspx
July 8, 2010 - "This is an advance notification of security bulletins that Microsoft is intending to release on July 13, 2010..." (Total of -4-)

(Critical -3-)

Bulletin 1 - Critical
Remote Code Execution
May require restart
Microsoft Windows

Bulletin 2 - Critical
Remote Code Execution
Requires restart
Microsoft Windows

Bulletin 3 - Critical
Remote Code Execution
May require restart
Microsoft Office

(Important -1-)

Bulletin 4 - Important
Remote Code Execution
May require restart
Microsoft Office

- http://blogs.technet.com/b/msrc/arc...10-bulletin-release-advance-notification.aspx
8 Jul 2010 - "... We will close out two Security Advisories this month.
• We are closing Security Advisory 2028859 (Vulnerability in Canonical Display Driver Could Allow Remote Code Execution) in the July bulletins.
• We are also closing Security Advisory 2219475 (Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution) with a comprehensive update that addresses the issue currently under attack...
Also, July marks the end of Microsoft support for the Windows 2000 and Windows XP SP2 platforms. Customers should actively seek out either a supported operating system or the latest service pack in order to keep receiving necessary security updates..."

.
 
Last edited:
MS Security Bulletin Summary - July 2010

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS10-jul.mspx
July 13, 2010 - "This bulletin summary lists security bulletins released for July 2010...
(Total of -4-)

(Critical -3-)

Microsoft Security Bulletin MS10-042 - Critical
Vulnerability in Help and SupportCenter Could Allow Remote Code Execution (2229593)
- http://www.microsoft.com/technet/security/bulletin/MS10-042.mspx
Critical
Remote Code Execution
May require restart
Microsoft Windows
- http://blogs.technet.com/b/mmpc/arc...pport-center-vulnerability-cve-2010-1885.aspx
"... As of midnight on July 12 (GMT), over 25,000 distinct computers in over 100 countries/regions have reported this attack attempt at least one time..." (See chart).

Microsoft Security Bulletin MS10-043 - Critical
Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)
- http://www.microsoft.com/technet/security/bulletin/MS10-043.mspx
Critical
Remote Code Execution
Requires restart
Microsoft Windows

Microsoft Security Bulletin MS10-044 - Critical
Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)
- http://www.microsoft.com/technet/security/bulletin/MS10-044.mspx
Critical
Remote Code Execution
May require restart
Microsoft Office

(Important -1-)

Microsoft Security Bulletin MS10-045 - Critical
Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)
- http://www.microsoft.com/technet/security/bulletin/MS10-045.mspx
Important
Remote Code Execution
May require restart
Microsoft Office
___

Severity and Exploitability index
- http://blogs.technet.com/cfs-filesy...eblogFiles/00-00-00-45-71/7737.se83773621.png

Deployment priority
- http://blogs.technet.com/cfs-filesy...WeblogFiles/00-00-00-45-71/6253.dp3897663.png
___

MSRT
- http://support.microsoft.com/?kbid=890830
July 13, 2010 - Revision: 76.0
(Recent additions)
- http://www.microsoft.com/security/malwareremove/families.aspx
• Bubnix
added this release
* http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32/Bubnix
Download:
- http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
File Name: windows-kb890830-v3.9.exe
Version: 3.9
Date Published: 7/13/2010
To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en
File Name: windows-kb890830-x64-v3.9.exe
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=9166
Last Updated: 2010-07-13 17:30:42 UTC
"... no more patches for XPSP2 after today..."

'Same for W2K systems.

W2K: http://support.microsoft.com/lifecycle/?p1=3071 - 7/13/2010
XPSP2: http://support.microsoft.com/lifecycle/?p1=6794 - 7/13/2010
XP : http://support.microsoft.com/lifecycle/?p1=3221 - 4/8/2014
- http://support.microsoft.com/lifecycle/

.
 
Last edited:
You must log in or register to reply here.
Back
Top