Old MS Alerts

0-day in IE - MS advisory...

FYI...

Microsoft Security Advisory (2488013)
Vulnerability in -IE- Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2488013.mspx
• V1.1 (December 31, 2010): Revised Executive Summary to reflect investigation of targeted attacks.
December 22, 2010 - "Microsoft is investigating new, public reports of a vulnerability in all supported versions of Internet Explorer. The main impact of the vulnerability is remote code execution. This advisory contains workarounds and mitigations for this issue. The vulnerability exists due to the creation of uninitialized memory during a CSS function within Internet Explorer. It is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted Web page to gain remote code execution. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs. Currently, Microsoft is unaware of any active exploitation of this vulnerability..."
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3971
Last revised: 12/23/2010
CVSS v2 Base Score: 9.3 (HIGH)

- http://blogs.technet.com/b/msrc/archive/2010/12/22/microsoft-releases-security-advisory-2488013.aspx
22 Dec 2010

- http://secunia.com/advisories/42510
Last Update: 2010-12-23
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched...

- http://www.securitytracker.com/id?1024922
Dec 23 2010

:fear::fear:
 
Last edited:
Multiple IE "0-days" ...

FYI...

- http://community.websense.com/blogs...y-different-exploit-in-internet-explorer.aspx
23 Dec 2010 - "... Two different new zero-day exploits were published on December 22...
1) ... The use of built-in protections of DEP and ASLR on the Windows platform and Internet Explorer doesn't guarantee to stop the exploit. It stems from the fact that the affected DLL mscorie.dll used by Internet Explorer wasn't compiled to support ASLR - this fact allows an attacker to also bypass DEP by using ROP (return to oriented programming) and successfully exploit the system...
2) ... The second vulnerability takes advantage of the Microsoft WMI Administrative Tools ActiveX Control. Internet Explorer is vulnerable only if Microsoft WMI administrative tools is installed..."

:confused::scratch:
 
Last edited:
Targeted attacks against MS Office vuln...

FYI...

Targeted attacks against MS Office vuln (CVE-2010-3333/MS10-087)
- http://blogs.technet.com/b/mmpc/arc...ice-vulnerability-cve-2010-3333-ms10-087.aspx
29 Dec 2010 - "... A few days before Christmas, we received a new sample (sha1: cc47a73118c51b0d32fd88d48863afb1af7b2578) that reliably exploits this vulnerability and is able to execute malicious shellcode which downloads other malware. The vulnerability can be triggered by utilizing a specially crafted RTF file with a size parameter that is bigger than the expected one. The vulnerability is present in Microsoft Word. It attempts to copy RTF data to the stack memory without validating the size, which will lead to overwriting the stack... We recommend customers that have not yet installed the security update MS10-087* to do so at their earliest convenience..."
* http://www.microsoft.com/technet/security/Bulletin/MS10-087.mspx
Updated: December 15, 2010
Version: 2.0

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3333
Last revised: 12/21/2010
CVSS v2 Base Score: 9.3 (HIGH)

:mad:
 
Last edited:
MS Security Advisory - Graphics Rendering Engine

FYI...

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2490606.mspx
January 04, 2011 - "Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time... Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs..."
[Impact of Workaround: Media files typically handled by the Graphics Rendering Engine will not be displayed properly...]
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3970
Last revised: 12/23/2010
CVSS v2 Base Score: 10.0 (HIGH)

- http://secunia.com/advisories/42779/
Release Date: 2011-01-05
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Solution: The vendor recommends restricting access to shimgvw.dll...
Original Advisory: Microsoft:
http://www.microsoft.com/technet/security/advisory/2490606.mspx
Metasploit: http://www.metasploit.com/redmine/p.../fileformat/ms11_xxx_createsizeddibsection.rb

- http://www.securitytracker.com/id?1024932
Jan 4 2011

- http://blogs.technet.com/b/msrc/archive/2011/01/04/microsoft-releases-security-advisory-2490606.aspx
4 Jan 2011 - "... Microsoft is actively working to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability... we are working to develop a security update to address this vulnerability. The circumstances around the issue do not currently meet the criteria for an out-of-band release; however, we are monitoring the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog..."

- http://isc.sans.edu/diary.html?storyid=10201
Last Updated: 2011-01-04 19:26:17 UTC- "... it is possible to modify the access control list on shimgvw.dll to prevent rendering of thumbnails (this would affect all thumbnails, not just malicious ones). See the Microsoft advisory for details... This particular vulnerability was disclosed in December 2010 by Moti and Xu Hao at the "Power of Community" conference. The conference presentation outlines in some detail how to create a file to exploit this vulnerability. The thumbnail itself is stored in the file as a bitmap. The vulnerability is exploited by setting the number of color indexes in the color table to a negative number (biClrUsed). The published slides do provide hints on how to exploit this vulnerability including bypassing SafeSEH* and DEP ..."
(Might help...) ... f/ Vista SP1, Win7, Server2008 and Server2008R2
* http://support.microsoft.com/kb/956607#fixit4me
November 24, 2009 Revision: 3.0 - "... it helps protect applications regardless of whether they have been compiled with the latest improvements, such as the /SAFESEH option. We recommend that Windows users who are running any of the above operating systems enable this feature to improve the security profile of their systems...
• This wizard only applies to Vista SP1 and Server2008...
By default, SEHOP is enabled in Windows Server 2008 R2 and in Windows Server 2008.
By default, SEHOP is disabled in Windows 7 and in Windows Vista..."

:fear:
 
Last edited:
MS FixIt released for 0-day GRE vuln...

FYI...

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2490606.mspx
• V1.1 (January 5, 2011): Added a link* to the automated Microsoft Fix it solution for the Modify the Access Control List (ACL) on shimgvw.dll workaround.
* http://support.microsoft.com/kb/2490606#FixItForMe
January 19, 2011 - Revision: 3.0

[Impact of Workaround: Media files typically handled by the Graphics Rendering Engine will not be displayed properly...]
___

Current unpatched Windows/IE vulns
- http://isc.sans.edu/diary.html?storyid=10216
Last Updated: 2011-01-05 20:49:56 UTC

:fear:
 
Last edited:
MS Security Bulletin Advance Notification - Jan 2011

FYI...

MS Security Bulletin Advance Notification - Jan 2011
- http://www.microsoft.com/technet/security/Bulletin/MS11-jan.mspx
January 06, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on January 11, 2011..." (Total of -2-)

Bulletin 2 - Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 1 - Important - Remote Code Execution - May require restart - Microsoft Windows
___

MS to fix Windows holes, but not ones in IE
- http://news.cnet.com/8301-27080_3-20027620-245.html
January 6, 2011

- http://www.theregister.co.uk/2011/01/07/patch_tuesday_pre_alert/
7 January 2011 - "... it is probable that the bulletins due on Tuesday will not be the only security fixes from Microsoft this month..."

:fear:
 
Last edited:
MS Security Bulletin Summary - January 2011

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS11-jan.mspx
January 11, 2011 - "This bulletin summary lists security bulletins released for January 2011... (Total of -2-)

Critical -1-

Microsoft Security Bulletin MS11-002 - Critical
Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910)
- http://www.microsoft.com/technet/security/bulletin/MS11-002.mspx
Critical - Remote Code Execution- May require restart - Microsoft Windows
CVE-2011-0026, CVE-2011-0027

Important -1-

Microsoft Security Bulletin MS11-001 - Important
Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935)
- http://www.microsoft.com/technet/security/bulletin/MS11-001.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3145
Last revised: 08/30/2010
CVSS v2 Base Score: 9.3 (HIGH)
___

Deployment Priority
- http://blogs.technet.com/cfs-filesy...iles/00-00-00-45-71/6153.deploy_2D00_1101.png

Severity and Exploitabilty Index
- http://blogs.technet.com/cfs-filesy...0-00-00-45-71/6011.sev_2D00_exp_2D00_1101.png
___

- http://www.us-cert.gov/cas/techalerts/TA11-011A.html
January 11, 2011
Impact: A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.
Solution: Apply updates ...
References: http://www.microsoft.com/technet/security/bulletin/ms11-jan.mspx
___

- http://secunia.com/advisories/41122/
Release Date: 2010-08-26
Last Update: 2011-01-11
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Original Advisory: MS11-001 (KB2478935):
http://www.microsoft.com/technet/security/Bulletin/MS11-001.mspx

- http://secunia.com/advisories/42804/
Release Date: 2011-01-11
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Original Advisory: MS11-002 (KB2419632, KB2419635, KB2419640, KB2451910):
http://www.microsoft.com/technet/security/Bulletin/MS11-002.mspx
______

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=10252
Last Updated: 2011-01-11 18:26:51 UTC - "... Exploit(s) available..."
___

MSRT
- http://support.microsoft.com/?kbid=890830
January 11, 2011 - Revision: 83.0
(Recent additions)
- http://www.microsoft.com/security/malwareremove/families.aspx
... added this release...
• Lethic

Download:
- http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
File Name: windows-kb890830-v3.15.exe

To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en
File Name: windows-kb890830-x64-v3.15.exe

.
 
Last edited:
MS Security Advisories revised - 1.11.2011...

FYI...

Microsoft Security Advisory (2488013)
Vulnerability in -IE- Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2488013.mspx
• V1.3 (January 11, 2011): "Revised the workaround, Prevent the recursive loading of CSS style sheets in Internet Explorer, to add the impact for the workaround...
Impact of workaround: There are side effects to blocking the recursive loading of a cascading style sheet (CSS). Users may encounter some slight performance issues due to the increased checking that is required to block the loading of the CSS files...
Workaround: Microsoft Fix it: http://support.microsoft.com/kb/2488013#FixItForMe
January 12, 2011 - Revision: 3.0 - ... This Fixit solution adds a check to check whether a cascading style sheet is about to be loaded recursively. If this is the case, the Fixit solution cancels the loading of the cascading style sheet. This Fixit solution takes advantage of a feature that is typically used for application compatibility fixes. This feature can modify the instructions of a specific binary when it is loaded..."

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2269637.mspx
• V4.0 (January 11, 2011): Added Microsoft Security Bulletin MS11-001*, Vulnerability in Windows Backup Manager Could Allow Remote Code Execution, to the Updates relating to Insecure Library Loading section.
* http://www.microsoft.com/technet/security/bulletin/MS11-001.mspx

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft.com/technet/security/advisory/973811.mspx
• V1.10 (January 11, 2011): Updated the FAQ with information about a new release enabling Microsoft Office Live Meeting Service Portal to opt in to Extended Protection for Authentication.

.
 
Last edited:
IE drive-by bug...

FYI...

IE drive-by bug...
- http://www.theregister.co.uk/2011/01/12/ie_code_execution_bug/
12 January 2011 - "Microsoft on Tuesday warned that attackers have begun exploiting a critical vulnerability in Internet Explorer and rolled out a temporary fix* until a permanent patch is issued. The vulnerability in IE versions 6, 7 and 8, which involves the way the browser handles cascading style sheets, allows adversaries to perform drive-by malware attacks by luring victims to booby-trapped webpages. The exploits are triggered by recursive CSS pages, in which style sheets include their own addresses..."
* http://blogs.technet.com/b/srd/arch...nd-included-in-security-advisory-2488013.aspx
11 Jan 2011 - "... It’s important to note that the workaround will protect Internet Explorer only if the latest security updates have been applied, including MS10-090 which was released on December 14, 2010. You can find MS10-090 at http://www.microsoft.com/technet/security/bulletin/MS10-090.mspx
> To install the workaround, click here: http://download.microsoft.com/downl...79D-B14A-E5481222C59C/MicrosoftFixit50591.msi
> If you’d like to uninstall the workaround after you have installed it, click here: http://download.microsoft.com/downl...B9F-B54E-9AE1114EA331/MicrosoftFixit50592.msi ..."

:fear:
 
Win7 SP1

FYI...

Microsoft preps for SP1 for Windows 7?
- http://www.h-online.com/security/news/item/Microsoft-prepares-for-SP1-for-Windows-7-1168977.html
13 January 2011 - "An "important update", which may be a prerequisite for installing Service Pack 1, is now being offered to Windows 7 and Windows Server 2008 R2 users by Windows Update. Despite the publication date being given as '11.01.2011', it is not a new update – update number 976902* first put in an appearance back in October... The update is not yet being installed automatically. It may be that Update 976902 is required in order to install SP1 for Windows 7 and Windows Server 2008 R2 via Windows Update. This would not be unprecedented – when SP1 for Windows Vista was first released, it could only be installed via Windows Update if other patches, also distributed via Windows Update, had previously been installed. Service Pack 1 is scheduled for release shortly, indeed any day now. It contains a whole heap of patches and hot fixes. There is likely to be little new functionality, previously a standard feature of service packs. However, support for the Advanced Vector Extensions (AVX) instruction set extensions used by forthcoming generations of processors is set to be one new feature. Also new are RemoteFX (an extension to the existing Remote Desktop Services) and Dynamic Memory (intelligent allocation of main memory), both relevant only when running Server 2008 R2 on large networks. Users interested in trying out SP1 in advance can now download the release candidate, which, like all beta software, is not recommended for use in live environments."
* http://support.microsoft.com/kb/976902
January 11, 2011 Revision: 4.0 - "... This software update will be a prerequisite to install service packs. Additionally, this update improves reliability when you install or remove Windows 7 and Windows Server 2008 R2 updates and service packs..."

:spider:
___

Microsoft Windows SDK for Windows 7 and .NET Framework 4 GraphEdit Insecure Library Loading Vulnerability
- http://secunia.com/advisories/41202/
Release Date: 2010-09-02
Criticality level: Highly critical
Solution Status: Unpatched

:fear:
 
Last edited:
Outlook 2007 update - released 11 Jan 2011

FYI...

Outlook 2007 - update released 11 Jan 2011
Ref: http://blogs.office.com/b/microsoft...date-for-outlook-2007-have-been-released.aspx
13 Jan 2011 - "... Outlook 2007... update released on Tuesday, January 11..."

* http://support.microsoft.com/kb/2412171
Last Review: January 13, 2011 - Revision: 6.0

- http://support.microsoft.com/kb/2485531
Last Review: January 11, 2011 - Revision: 5.0 - "... To resolve this issue, install the -current- version of update 2412171* ..."

:scratch:
 
Last edited:
MS graphics advisory updated - 2011.01.19

FYI...

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2490606.mspx
• V1.2 (January 19, 2011): Clarified that the Modify the Access Control List (ACL) on shimgvw.dll workaround only applies to Windows XP and Windows Server 2003 systems and added a new workaround, Disable viewing of thumbnails in Windows Explorer on Windows Vista and Windows Server 2008 systems.
"... Workarounds:
• Modify the Access Control List (ACL) on shimgvw.dll on Windows XP and Windows Server 2003 systems...
Impact of Workaround: Media files typically handled by the Graphics Rendering Engine will not be displayed properly...
• Disable viewing of thumbnails in Windows Explorer on Windows Vista and Windows Server 2008 systems...
Impact of Workaround: Windows Explorer will not display thumbnail images..."

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3970
Original release date: 12/22/2010
Last revised: 01/19/2011
CVSS v2 Base Score: 9.3 (HIGH)

:lip:
 
Last edited:
IE 0-day... again...

FYI...

Microsoft Security Advisory (2501696)
Vulnerability in MHTML Could Allow Information Disclosure
- http://www.microsoft.com/technet/security/advisory/2501696.mspx
January 28, 2011 - "Microsoft is investigating new public reports of a vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities. Microsoft is aware of published information and proof-of-concept code that attempts to exploit this vulnerability. At this time, Microsoft has not seen any indications of active exploitation of the vulnerability. The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user... we recommend that customers apply one or more of the client-side workarounds provided in the Suggested Actions section of this advisory to help block potential attack vectors regardless of the service...
CVE Reference: CVE-2011-0096
Suggested Actions:
• Enable the MHTML protocol lockdown ...
• Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones...
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone...
Additional Suggested Actions:
• Review the Microsoft Knowledge Base Article that is associated with this advisory - For more information about this issue, see Microsoft Knowledge Base Article: http://support.microsoft.com/kb/2501696#FixItForMe
January 28, 2011 - Revision: 1.0 - ...The fixit solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this fixit solution as a workaround option for some scenarios..."

- http://blogs.technet.com/b/srd/arch...the-mhtml-script-injection-vulnerability.aspx
28 Jan 2011

- http://blogs.technet.com/b/msrc/archive/2011/01/28/microsoft-releases-security-advisory-2501696.aspx
28 Jan 2011
___

- http://secunia.com/advisories/43093/
Release Date: 2011-01-29
Impact: Cross Site Scripting
Where: From remote ...
Solution: Enable MHTML protocol lockdown (either manually or using the available automated "Microsoft Fix it" solution). > http://support.microsoft.com/kb/2501696#FixItForMe
___

- http://isc.sans.edu/diary.html?storyid=10318
Last Updated: 2011-01-28 18:47:54 UTC

:fear::fear:
 
Last edited:
MS Security Bulletin Advance Notification - February 2011

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS11-feb.mspx
February 03, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on February 8, 2011... (Total of -12-)

Critical -3-

Bulletin 1 - Critical - Remote Code Execution - Requires restart
Microsoft Windows, Internet Explorer

Bulletin 2 - Critical - Remote Code Execution - Requires restart
Microsoft Windows

Bulletin 3 - Critical - Remote Code Execution - Requires restart
Microsoft Windows

Important -9-

Bulletin 4 - Important - Remote Code Execution - May require restart
Microsoft Windows

Bulletin 5 - Important - Denial of Service - Requires restart
Microsoft Windows

Bulletin 6 - Important - Remote Code Execution - May require restart
Microsoft Office

Bulletin 7 - Important - Information Disclosure - May require restart
Microsoft Windows

Bulletin 8 - Important - Elevation of Privilege - Restart required
Microsoft Windows

Bulletin 9 - Important - Elevation of Privilege - Restart required
Microsoft Windows

Bulletin 10 - Important - Elevation of Privilege - Restart required
Microsoft Windows

Bulletin 11 - Important - Elevation of Privilege - Restart required
Microsoft Windows

Bulletin 12 - Important - Elevation of Privilege - Restart required
Microsoft Windows
___

- http://blogs.technet.com/b/msrc/arc...-february-2011-security-bulletin-release.aspx
Feb. 3, 2011 - "... we'll be addressing issues related to two recent Security Advisories, 2490606 (a public vulnerability affecting the Windows Graphics Rendering Engine) and 2488013 (a public vulnerability affecting Internet Explorer). Additionally, we will be addressing an issue affecting FTP service in IIS 7.0 and 7.5..."

- http://isc.sans.edu/diary.html?storyid=10357
Last Updated: 2011-02-04 18:42:28 UTC
.
 
Last edited:
RE: MS Security Bulletin Advance Notification - February 2011...

FYI...

- http://www.computerworld.com/s/arti...takes_second_shot_at_fixing_Outlook_2007_bugs
Feb 7, 2011 - "Microsoft will take yet another crack this month at fixing a December update for Outlook 2007... The company reissued the update on Jan. 11, saying it had solved the problems... Apparently not*..."
* http://msexchangeteam.com/archive/2011/02/01/457903.aspx
Feb. 01, 2011 - "... we recommend that you test them in a non-production environment before deploying them in production..."

- http://www.theinquirer.net/inquirer/news/2024285/microsoft-finally-fix-internet-explorer-flaw
Feb 04 2011 - "... Microsoft will fix 22 vulnerabilities in next week's Patch Tuesday security fixes, although -not- the Windows Internet Explorer zero-day vulnerability that was discovered recently*... Qualys said it has seen limited exploits for these on the wild, so the update is highly recommended..."
* http://support.microsoft.com/kb/2501696#FixItForMe
Vuln in MHTML "FixIt" - January 28, 2011

:surrender:
 
MS Security Bulletin Summary - February 2011

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS11-feb.mspx
February 08, 2011 - "This bulletin summary lists security bulletins released for February 2011...
(Total of -12-)

Critical -3-

Microsoft Security Bulletin MS11-003 - Critical
Cumulative Security Update for Internet Explorer (2482017)
- http://www.microsoft.com/technet/security/Bulletin/MS11-003.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS11-006 - Critical
Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
- http://www.microsoft.com/technet/security/Bulletin/MS11-006.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-007 - Critical
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)
- http://www.microsoft.com/technet/security/Bulletin/MS11-007.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Important -9-

Microsoft Security Bulletin MS11-004 - Important
Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)
- http://www.microsoft.com/technet/security/bulletin/ms11-004.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-005 - Important
Vulnerability in Active Directory Could Allow Denial of Service (2478953)
- http://www.microsoft.com/technet/security/Bulletin/MS11-005.mspx
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-008 - Important
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)
- http://www.microsoft.com/technet/security/bulletin/ms11-008.mspx
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS11-009 - Important
Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792)
- http://www.microsoft.com/technet/security/Bulletin/MS11-009.mspx
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-010 - Important
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)
- http://www.microsoft.com/technet/security/Bulletin/MS11-010.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-011 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)
- http://www.microsoft.com/technet/security/bulletin/ms11-011.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-012 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628)
- http://www.microsoft.com/technet/security/bulletin/ms11-012.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-013 - Important
Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)
- http://www.microsoft.com/technet/security/bulletin/ms11-013.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-014 - Important
Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)
- http://www.microsoft.com/technet/security/Bulletin/MS11-014.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

Deployment Priority
- http://blogs.technet.com/cfs-filesy...les/00-00-00-45-71/6813.deploy_2D00_feb11.png

Severity and Exploitabilty Index
- http://blogs.technet.com/cfs-filesy...-71/5504.severity_2D00_exploit_2D00_feb11.png
___

MSRT
- http://support.microsoft.com/?kbid=890830
February 8, 2011 - Revision: 84.0
(Recent additions)
- http://www.microsoft.com/security/malwareremove/families.aspx
... added this release...
• Cycbot

- http://blogs.technet.com/b/mmpc/archive/2011/02/09/another-round-of-bots-for-msrt.aspx
9 Feb 2011

Download:
- http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
File Name: windows-kb890830-v3.16.exe

To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en
File Name: windows-kb890830-x64-v3.16.exe
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=10375
Last Updated: 2011-02-09 21:20:21 UTC (Version: 5)

Q&A: February 2011 Security Bulletin Release
- http://blogs.technet.com/b/msrc/p/february-2011-security-bulletin-q-a.aspx
February 9, 2011

.
 
Last edited:
MS Security advisory - Autorun ...

FYI...

Microsoft Security Advisory (967940)
Update for Windows Autorun
- http://www.microsoft.com/technet/security/advisory/967940.mspx
Published: February 24, 2009 | Updated: February 08, 2011 - "... availability of updates to the Autorun feature that help to restrict AutoPlay functionality to only CD and DVD media on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Restricting AutoPlay functionality to only CD and DVD media can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a USB flash drive, network shares, or other non-CD and non-DVD media containing a file system with an Autorun.inf file...
FAQS: ...After installing the initial update described in Microsoft Knowledge Base Article 967715, the default registry setting to disable Autorun on network drives is properly enforced. After installing the 971029 update*, customers may experience the following AutoPlay behavior:
• Many existing devices in market, and many upcoming devices, use the Autorun feature with the AutoPlay dialog box to present and install software when DVDs, CDs, and USB flash drives are inserted. The AutoPlay behavior with CD and DVD media is not affected by this update.
• Users who install this update will no longer receive a setup message that prompts them to install programs that are delivered by USB flash drives. Users will have to manually install the software. To do this, users click Open folder to view the files, browse to the software's setup program, and then double-click the setup program to run the program manually.
• Some USB flash drives have firmware that present these USB flash drives as CD drives when you insert them into computers. The AutoPlay behavior with these USB flash drives is not affected by this update..."

• V2.0 (February 8, 2011): Summary and update FAQ revised to notify users that the 971029 update to Autorun that restricts AutoPlay functionality to CD and DVD media will be offered via automatic updating.

- http://blogs.technet.com/b/msrc/arc...into-the-security-advisory-967940-update.aspx
8 Feb 2011

* http://support.microsoft.com/kb/971029
Last Review: February 8, 2011 - Revision: 4.0

- http://support.microsoft.com/kb/967715
Last Review: September 9, 2010 - Revision: 6.2

Virus families using Autorun / MMPC charts - MSE detections
- http://www.microsoft.com/security/portal/blog-images/20110207_image1.jpg
MSRT - major virus families using Autorun
- http://www.microsoft.com/security/portal/blog-images/20110207_image2.jpg
Also see Table 1: Top Families, 2H 2010, by Number of Detections
- http://blogs.technet.com/b/mmpc/arc...-the-romance-between-malware-and-autorun.aspx
8 Feb. 2011

(Optional MS update) Restrict USB Autorun: Update for Windows (KB971029)
- http://www.f-secure.com/weblog/archives/00002096.html
February 9, 2011
___

Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2490606.mspx
Updated: February 08, 2011 - "... We have issued MS11-006* to address this issue..."
* http://www.microsoft.com/technet/security/Bulletin/MS11-006.mspx

Microsoft Security Advisory (2488013)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2488013.mspx
Updated: February 08, 2011 - "... We have issued MS11-003** to address this issue..."
** http://www.microsoft.com/technet/security/Bulletin/MS11-003.mspx

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2269637.mspx
Published: August 23, 2010 | Updated: February 08, 2011 - Version: 5.0
... Update released on February 8, 2011
• Microsoft Security Bulletin MS11-003**, "Cumulative Security Update for Internet Explorer," provides support for a vulnerable component of Internet Explorer that is affected by the Insecure Library Loading class of vulnerabilities described in this advisory.

:fear:
 
Last edited:
Win7 SP1 release date - 2011.02.22

FYI...

Win7 SP1 release date - 2011.02.22
- http://blogs.technet.com/b/windowss...ws-7-sp1-releases-to-manufacturing-today.aspx
9 Feb 2011 - "... pleased to announce the Release to Manufacturing (RTM) of Windows Server 2008 R2 Service Pack 1 (SP1), along with Windows 7 SP1. SP1 will be made generally available for download on February 22... On February 22, both will be available to all customers through Windows Update..."

.
 
Last edited:
Autorun advisory updated - again.

FYI... Autorun advisory updated - again.

Microsoft Security Advisory (967940)
Update for Windows Autorun
- http://www.microsoft.com/technet/security/advisory/967940.mspx
Updated: February 22, 2011
Version: 2.1
• V2.1 (February 22, 2011): Summary revised to notify users of a change in the deployment logic for updates described in this advisory. This change is intended to minimize the user interaction required to install the updates on systems configured for automatic updating.

:blink:
 
You must log in or register to reply here.
Back
Top