Old MS Alerts

[AplusWebMaster]

MS Security Bulletin Summary - May 2011

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS11-may.mspx
May 10, 2011 - "This bulletin summary lists security bulletins released for May 2011. (Total of -2-)...

Microsoft Security Bulletin MS11-035 - Critical
Vulnerability in WINS Could Allow Remote Code Execution (2524426)
- http://www.microsoft.com/technet/security/bulletin/MS11-035.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-036 - Important
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814)
- http://www.microsoft.com/technet/security/bulletin/MS11-036.mspx
Important - Remote Code Execution - May require restart - Microsoft Office
___

Deployment Priority
- http://blogs.technet.com/cfs-filesy...onents-weblogfiles/00-00-00-45-71/3731.DP.png

Severity and Exploitability Index
- http://blogs.technet.com/cfs-filesy...blogfiles/00-00-00-45-71/2275.Severity-XI.png
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=10855
Last Updated: 2011-05-10 16:58:08 UTC
___

- http://www.securitytracker.com/id/1025512 - MS11-035
- http://www.securitytracker.com/id/1025513 - MS11-036
May 10 2011
___

MSRT
- http://support.microsoft.com/?kbid=890830
May 10, 2011 - Revision: 87.0
(Recent additions)
- http://www.microsoft.com/security/pc-security/malware-families.aspx
... added this release...
• Ramnit

Download:
- http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
File Name: windows-kb890830-v3.19.exe - 12.6MB

To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en
File Name: windows-kb890830-x64-v3.19.exe - 13.1MB

.

 

[AplusWebMaster]

MSIR Vol. 10 released

FYI...

MSIR Vol. 10 released
- http://blogs.technet.com/b/mmpc/arc...t-security-intelligence-report-volume-10.aspx
11 May 2011 - "... in-depth regional threat intelligence for 117 countries based on data from more than 600 million machines worldwide. The report highlights a polarization of cybercriminal behavior and an increasing trend of cybercriminals using "marketing-like" approaches and deception methods to target consumers... key data points that indicate these tactics are on the rise:
• Rogue Security Software – Rogue security software was detected and blocked on almost 19 million systems in 2010, and the top five families were responsible for approximately 13 million of these detections.
• Phishing – Phishing using social networking as the lure increased 1,200 percent – from a low of 8.3 percent of all phishing in January to a high of 84.5 percent in December 2010. Phishing that targeted online gaming sites reached a high of 16.7 percent of all phishing in June.
• Adware – Global detections of adware when surfing websites increased 70 percent from the second quarter to the fourth quarter of 2010. This increase was almost completely caused by the detection of a pair of new Adware families, JS/Pornpop and Win32/ClickPotato, which are the two most prevalent malware in many countries.
... notable that Windows 7 operating systems are infected only about half as often as Vista, and Vista half as often as Windows XP..."
___

- http://www.theinquirer.net/inquirer/news/2070600/criminals-hit-oracle-flaws-hard-javascript-exploits
May 12 2011 - "... In Microsoft's latest security intelligence report, the firm revealed that in the third quarter of 2010 the number of Java attacks increased to fourteen times the number of attacks it saw in the previous quarter... Java attacks surpassed every other exploitation category that the Microsoft Malware Protection tracked..."
___

Java - most common target for attacks
- http://www.h-online.com/security/ne...lligence-Report-1244298.html?view=zoom;zoom=1

- http://www.h-online.com/security/ne...lligence-Report-1244298.html?view=zoom;zoom=4

- http://www.h-online.com/security/ne...lligence-Report-1244298.html?view=zoom;zoom=5

:fear:

 

[AplusWebMaster]

MS11-018 re-released - IE7 on XP and Server 2003

FYI...

MS11-018 re-released for IE7 on XP and Server 2003
- http://blogs.technet.com/b/msrc/arc...ed-for-ie7-on-windows-xp-and-server-2003.aspx
16 May 2011 - "... we re-released MS11-018. If you are using Internet Explorer 7 on supported editions of Windows XP and Windows Server 2003 you may be offered this re-release. For more details, please see the security bulletin, MS11-018*..."
* http://www.microsoft.com/technet/security/Bulletin/MS11-018.mspx
• V2.0 (May 16, 2011): Bulletin rereleased to reoffer the update for Internet Explorer 7 on supported editions of Windows XP and Windows Server 2003. This is a detection change only. There were no changes to the binaries. Only affected customers will be offered the update. Customers who have installed the update manually and customers running configurations not targeted by the change to detection logic do not need to take any action.

.

 

[AplusWebMaster]

MS EMET v2.1 released

FYI...

MS EMET v2.1 released
- http://blogs.technet.com/b/srd/archive/2011/05/18/new-version-of-emet-is-now-available.aspx
18 May 2011 - "... new version of the Enhanced Mitigation Experience Toolkit (EMET) with brand new features and mitigations. Users can click here* to download the tool free... new features:
• EMET is an officially-supported product through the online forum
• “Bottom-up Rand” new mitigation randomizes (8 bits of entropy) the base address of bottom-up allocations (including heaps, stacks, and other memory allocations) once EMET has enabled this mitigation.
• Export Address Filtering is now available for 64 bit processes. EAF filters all accesses to the Export Address Table which blocks most of the existing shellcodes
• Improved command line support for enterprise deployment and configuration
• Ability to export/import EMET settings
• Improved SEHOP (structured exception handler overwrite protection) mitigation
• Minor bug fixes..."
* http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e127dfaf-f8f3-4cd5-8b08-115192c491cb

.

 

[AplusWebMaster]

MSRT detections - May 10–20, 2011

FYI...

MSRT detections - May 10–20, 2011
- http://blogs.technet.com/b/mmpc/archive/2011/06/08/may-msrt-by-the-numbers.aspx
Family Count Note
Sality 202,351 Classic parasitic virus
Taterf 77,236 Worm
Rimecud 65,149 Worm
Vobfus 59,918 Worm
Alureon 58,884 Evolved parasitic virus
Parite 53,778 Evolved parasitic virus
Ramnit 52,549 Evolved parasitic virus
Brontok 50,392 Worm
Cycbot 50,209 Trojan ...
(Top 25 detections listed at the URL above.)

.

 

[AplusWebMaster]

MS Bulletin Advance Notification - June 2011

FYI...

MS Bulletin Advance Notification - June 2011
- http://www.microsoft.com/technet/security/Bulletin/MS11-jun.mspx
June 9, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on June 14, 2011...

Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 2 - Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight
Bulletin 3 - Critical - Remote Code Execution - Requires restart - Microsoft Forefront Threat Management Gateway
Bulletin 4 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 5 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 6 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 7 - Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework
Bulletin 8 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 9 - Critical - Remote Code Execution - May require restart - Microsoft Windows, Internet Explorer

Bulletin 10 - Important - Information Disclosure - May require restart - Microsoft Windows
Bulletin 11 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 12 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 13 - Important - Denial of Service - Requires restart - Microsoft Windows
Bulletin 14 - Important - Denial of Service - Requires restart - Microsoft Windows
Bulletin 15 - Important - Information Disclosure - May require restart - Microsoft Office, Microsoft SQL Server, Microsoft Visual Studio
Bulletin 16 - Important - Elevation of Privilege

- http://blogs.technet.com/b/msrc/arc...-service-and-10-immutable-laws-revisited.aspx
June 9, 2011 - "... 16 bulletins (nine Critical in severity, seven Important) addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studios, Silverlight and ISA..."
___

> http://www.theinquirer.net/inquirer/news/2078079/microsoft-adobe-roll-patches-windows-reader
Jun 10 2011 - "... The pre-notification also indicates that all versions of Excel in Microsoft Office will be updated on both Windows and Mac OS X. Internet Explorer versions 6, 7, 8 and 9 will also be patched... The same day, 14 June is also the date for Adobe to release a patch as part of its regular quarterly update cycle... The Adobe patches will address critical vulnerabilities in Adobe Reader X, Reader 9.4.3 and its earlier versions..."

.

 

[AplusWebMaster]

Vista SP1 support ends July 12, 2011

FYI...

Vista SP1 support ends July 12, 2011
- http://www.h-online.com/security/news/item/Support-for-Windows-Vista-coming-to-an-end-1259389.html
13 June 2011 - "... From 10 April, 2012, the Home editions of Windows Vista will no longer be supported. The Business and Enterprise editions of Vista with their comparatively wider range of features will be supported until 2017. However, Vista Ultimate, which has the widest range of features, is counted as a Home edition, and Microsoft's support for this edition will also end in April 2012. Irrespective of this, another support period will end before then, as Microsoft will only continue to support Windows Vista if the current Service Pack has been installed; this applies to all editions from Starter to Ultimate. When a new Service Pack for Windows is released, users have two years to install it, as the support of the previous Service Pack is discontinued after that time. And that is what is about to happen to Vista with SP1: from 12 July, patches will only be released for versions of Vista that have SP2 installed.
After April 2012, affected Vista users can either switch to Windows 7 – Windows 8 will probably not be ready yet – or to Windows XP. Contrary to Microsoft's rules, all versions of XP, including XP Home, will be supported until at least 2014."

- http://windows.microsoft.com/en-us/windows/products/lifecycle
Desktop operating systems | Date of availability | Support retired
Windows Vista SP1 | Feb. 4, 2008 | July 12, 2011
___

"How to..." install Vista SP2
- http://windows.microsoft.com/en-US/...w-to-install-Windows-Vista-Service-Pack-2-SP2

.

 

[AplusWebMaster]

MS Security Bulletin Summary - June 2011

FYI...

June 2011 Security Bulletin - Q&A
- http://blogs.technet.com/b/msrc/p/june-2011-security-bulletin-q-a.aspx
June 15, 2011
___

- http://www.microsoft.com/technet/security/Bulletin/MS11-jun.mspx
June 14, 2011 - "This bulletin summary lists security bulletins released for June 2011..." (Total of -16-)

Critical

Microsoft Security Bulletin MS11-038 - Critical
Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
- http://www.microsoft.com/technet/security/Bulletin/MS11-038.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-039 - Critical
Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
- http://www.microsoft.com/technet/security/Bulletin/MS11-039.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight

Microsoft Security Bulletin MS11-040 - Critical
Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
- http://www.microsoft.com/technet/security/bulletin/MS11-040.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Forefront Threat Management Gateway

Microsoft Security Bulletin MS11-041 - Critical
Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
- http://www.microsoft.com/technet/security/bulletin/MS11-041.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-042 - Critical
Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
- http://www.microsoft.com/technet/security/Bulletin/MS11-042.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-043 - Critical
Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
- http://www.microsoft.com/technet/security/Bulletin/MS11-043.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-044 - Critical
Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
- http://www.microsoft.com/technet/security/Bulletin/MS11-044.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS11-050 - Critical
Cumulative Security Update for Internet Explorer (2530548)
- http://www.microsoft.com/technet/security/Bulletin/MS11-050.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS11-052 - Critical
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2544521)
- http://www.microsoft.com/technet/security/Bulletin/MS11-052.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows, Internet Explorer

Important

Microsoft Security Bulletin MS11-037 - Important
Vulnerability in MHTML Could Allow Information Disclosure (2544893)
- http://www.microsoft.com/technet/security/bulletin/ms11-037.mspx
Important - Information Disclosure - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-045 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
- http://www.microsoft.com/technet/security/bulletin/MS11-045.mspx
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS11-046 - Important
Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
- http://www.microsoft.com/technet/security/bulletin/MS11-046.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-047 - Important
Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
- http://www.microsoft.com/technet/security/bulletin/MS11-047.mspx
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-048 - Important
Vulnerability in SMB Server Could Allow Denial of Service (2536275)
- http://www.microsoft.com/technet/security/Bulletin/MS11-048.mspx
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-049 - Important
Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
- http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx
Important - Information Disclosure - May require restart - Microsoft Office, Microsoft SQL Server, Microsoft Visual Studio

Microsoft Security Bulletin MS11-051 - Important
Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
- http://www.microsoft.com/technet/security/bulletin/ms11-051.mspx
Important - Elevation of Privilege - May require restart - Microsoft Windows
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=11050
Last Updated: 2011-06-14 20:37:35 UTC
___

Deployment Priority
- http://blogs.technet.com/cfs-filesy...0-00-00-45-71/2654.deployment_2D00_201106.png

Severity and Exploitabilty Index
- http://blogs.technet.com/cfs-filesy...0-45-71/7220.severity_2D00_xi_2D00_201106.png
___

MSRT
- http://support.microsoft.com/?kbid=890830
June 14, 2011 - Revision: 88.0
(Recent additions)
- http://www.microsoft.com/security/pc-security/malware-families.aspx
... added this release...
• Rorpian
• Yimfoca
• Nuqel

Download:
- http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
File Name: windows-kb890830-v3.20.exe - 12.9MB

To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en
File Name: windows-kb890830-x64-v3.20.exe - 13.3MB

.

 

[AplusWebMaster]

MS11-050 exploit in-the-wild ...

FYI...

- http://www.symantec.com/security_response/threatconlearn.jsp
"The ThreatCon is currently at Level 2: Elevated... On June 16, 2011, one of the issues fixed in Microsoft's June update, CVE-2011-1255, described in MS11-050 was found to be exploited in-the-wild. Customers are advised to install all applicable updates as soon as possible..."
- http://www.symantec.com/connect/blogs/exploit-june-ms-tuesday-vulnerability-wild

MS11-050 - Critical - Cumulative Security Update for Internet Explorer (2530548)
- http://www.microsoft.com/technet/security/Bulletin/MS11-050.mspx

- http://www.securityfocus.com/bid/48206/exploit
Updated: Jun 17 2011 - Symantec has discovered in-the-wild exploitation of the issue. The exploit is not publicly available.
___

- http://labs.m86security.com/2011/06/0-day-exploit-used-in-a-targeted-attack-cve-2011-1255/
June 26, 2011

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1255
Last revised: 06/29/2011
CVSS v2 Base Score: 9.3 (HIGH)

:fear:

 

[AplusWebMaster]

MS Office file validation ...

FYI...

Microsoft Security Advisory (2501584)
Office File Validation for Microsoft Office
- http://www.microsoft.com/technet/security/advisory/2501584.mspx
Updated: 6/30/2011 - "Microsoft is announcing the availability of the Office File Validation feature for supported editions of Microsoft Office 2003 and Microsoft Office 2007. The feature, previously only available for supported editions of Microsoft Office 2010, is designed to make it easier for customers to protect themselves from Office files that may contain malformed data, such as unsolicited Office files received from unknown or known sources, by scanning and validating files before they are opened. The Office File Validation feature described in this advisory applies when opening an Office file using Microsoft Excel 2003, Microsoft PowerPoint 2003, Microsoft Word 2003, Microsoft Publisher 2003, Microsoft Excel 2007, Microsoft PowerPoint 2007, Microsoft Word 2007, or Microsoft Publisher 2007. Office File Validation helps detect and prevent a kind of exploit known as a file format attack. File format attacks exploit the integrity of a file, and occur when the structure of a file is modified with the intent of adding malicious code...
Affected Software: Microsoft Office 2003 SP3, Microsoft Office 2007 SP2 ...
Microsoft revised this advisory to announce that as of June 28, 2011, the Office File Validation Add-in described in Microsoft Knowledge Base Article 2501584* is available through the Microsoft Update service...
Suggested Actions: Consult TechNet article, Office File Validation for Office 2003 and Office 2007, for information on deployment, installation, and configuration of the Office File Validation feature for Microsoft Office 2003 and Microsoft Office 2007**..."

* http://support.microsoft.com/kb/2501584

** http://technet.microsoft.com/en-us/library/53782285-736e-4d00-b458-6170054287af.aspx

.

 

[AplusWebMaster]

MS Office 2010 SP1 available

FYI...

MS Office 2010 SP1 available
- http://blogs.technet.com/b/office_sustained_engineering/
June 29, 2011 - "... Today SP1 is available from the Download center. The Downloads Table below provides links to the new packages for SP1. If you have installed all Office Automatic Updates, you will also see SP1 available as a manual download from Microsoft Update. After a 90 day grace period, SP1 will be offered as an automatic update through Microsoft Update..."

- http://technet.microsoft.com/en-us/office/ee748587.aspx

- http://support.microsoft.com/kb/2460049

.

 

[AplusWebMaster]

MS to retire Office XP, Vista SP1 next week

FYI...

MS to retire Office XP, Vista SP1 next week
- https://www.computerworld.com/s/article/9218164/Microsoft_to_retire_Office_XP_Vista_SP1_next_week
July 5, 2011 - "Microsoft will retire 2001's Office XP and the first service pack for Windows Vista next week, according to the company's published schedule. Both Office XP and Vista Service Pack 1 (SP1) will exit all support July 12, this month's Patch Tuesday. That date will be the last time Microsoft issues security updates for the aging suite and Vista SP1... Microsoft generally patches security vulnerabilities in its products throughout the entire 10-year stretch. Although Office XP's support expires next week, Vista users can continue to receive security updates by upgrading to SP2... Office 2003, the follow-up to Office XP, will receive security updates until April 2014. Office 2007 and Office 2010 will get patches until April 2017 and October 2020, respectively. Office XP and Vista SP1 were last patched three weeks ago when Microsoft issued 16 security updates that fixed 34 flaws."

Office XP
- http://support.microsoft.com/lifecycle/?p1=2533

:fear:

 

[AplusWebMaster]

MS Security Bulletin Advance Notification - July 2011

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS11-jul.mspx
July 07, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on July 12, 2011... (Total 0f -4-)

Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows

Bulletin 2 - Important - Elevation of Privilege - Requires restart - Microsoft Windows

Bulletin 3 - Important - Elevation of Privilege - Requires restart - Microsoft Windows

Bulletin 4 - Important - Remote Code Execution - May require restart - Microsoft Office ..."

.

 

[AplusWebMaster]

MS Security Bulletin Summary - July 2011

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS11-jul.mspx
July 12, 2011 - "This bulletin summary lists security bulletins released for July 2011... (Total of -4-)

Critical

Microsoft Security Bulletin MS11-053 - Critical
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (2566220)
- http://www.microsoft.com/technet/security/Bulletin/MS11-053.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Important

Microsoft Security Bulletin MS11-054 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)
- http://www.microsoft.com/technet/security/bulletin/ms11-054.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
"This security update resolves -15- privately reported vulnerabilities in Microsoft Windows..."

Microsoft Security Bulletin MS11-056 - Important
Vulnerabilities in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2507938)
- http://www.microsoft.com/technet/security/bulletin/ms11-056.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
"This security update resolves -5- privately reported vulnerabilities in the Microsoft Windows Client/Server Run-time Subsystem (CSRSS)..."

Microsoft Security Bulletin MS11-055 - Important
Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2560847)
- http://www.microsoft.com/technet/security/Bulletin/MS11-055.mspx
Important - Remote Code Execution - May require restart - Microsoft Office

- http://www.microsoft.com/technet/security/advisory/2269637.mspx
• V8.0 (July 12, 2011): Added the update in Microsoft Knowledge Base Article 2533623 and the update in Microsoft Security Bulletin MS11-055, "Vulnerability in Microsoft Visio Could Allow Remote Code Execution," to the Updates relating to Insecure Library Loading section. The update in Microsoft Knowledge Base Article 2533623 implements Application Programming Interface (API) enhancements in Windows to help developers correctly and securely load external libraries.
- http://support.microsoft.com/kb/2533623
Last Review: July 12, 2011 - Revision: 2.1
___

- http://krebsonsecurity.com/2011/07/microsoft-fixes-scary-bluetooth-flaw-21-others/
July 12th, 2011 - "... updates to fix at least -22- security flaws in its Windows operating systems and other software..."
___

ISC Analysis
- http://isc.sans.edu/diary.html?storyid=11191
Last Updated: 2011-07-13 15:07:26 UTC ...(Version: 2)
___

Deployment Priority
- http://blogs.technet.com/cfs-filesy...0-00-00-45-71/7418.201107_2D00_deployment.png

Severity and Exploitability Index
- http://blogs.technet.com/cfs-filesy...0-45-71/7367.201107_2D00_severity_2D00_xi.png
___

- http://www.securitytracker.com/id/1025760 - MS11-053
- http://www.securitytracker.com/id/1025761 - MS11-054
- http://www.securitytracker.com/id/1025762 - MS11-056
- http://www.securitytracker.com/id/1025763 - MS11-055
July 12 2011
___

Q&A - MSRC July 2011 Security Bulletin Release
- http://blogs.technet.com/b/msrc/p/july-2011-security-bulletin-q-a.aspx
July 13, 2011
___

MSRT
- http://support.microsoft.com/?kbid=890830
July 12, 2011 - Revision: 89.0
(Recent additions)
- http://www.microsoft.com/security/pc-security/malware-families.aspx
... added this release...
• Tracur
• Dursg

Download:
- http://www.microsoft.com/downloads/...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
File Name: windows-kb890830-v3.21.exe 13.0MB

To download the x64 version of MSRT, click here:
- http://www.microsoft.com/downloads/...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en
File Name: windows-kb890830-x64-v3.21.exe 13.0MB

- http://blogs.technet.com/b/mmpc/arc...ly-2011-targeting-web-redirector-malware.aspx
12 Jul 2011

.

 

[AplusWebMaster]

July MSRT on web redirector malware

FYI...

July MSRT on web redirector malware
- http://blogs.technet.com/b/mmpc/archive/2011/07/28/july-msrt-on-web-redirector-malware.aspx
28 Jul 2011 - "... Since the release of MSRT on July 12, we have removed 516,517 Win32/Tracur threats from 242,517 computers making this malware the top threat on the list. Another 91,041 instances of Win32/Dursg were removed from 73,166 computers... The big number of Tracur threats can be accounted to its dropped files. Tracur will drop modified copies of itself in the <system folder> using file names derived from existing Windows DLL names with an appended string “32”, such as hal32.dll, olecli3232.dll, olecli3232.exe, and authz32.dll. Checking the origin of detections for Tracur*, United States has the highest percentage of infections with 80%, followed by Japan, France, and Canada, accounting for 3% of detections each...
* http://www.microsoft.com/security/portal/blog-images/BID11-012-001b.png
For Dursg**, United States has 56% of the detected infections, followed by Turkey, Canada, and United Kingdom..."
** http://www.microsoft.com/security/portal/blog-images/BID11-012-002.png

:fear::fear:

 

[AplusWebMaster]

MS Security Bulletin Advance Notification - August 2011

FYI...

- http://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx
August 04, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on August 9, 2011..." (Total of -13-)

Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 3 - Important - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 4 - Important - Remote Code Execution - May require restart - Microsoft Office
Bulletin 5 - Important - Elevation of Privilege - May require restart - Microsoft Windows
Bulletin 6 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 7 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 8 - Important - Denial of Service - Requires restart - Microsoft Windows
Bulletin 9 - Important - Denial of Service - Requires restart - Microsoft Windows
Bulletin 10 - Important - Information Disclosure - May require restart - Microsoft .NET Framework, Microsoft Developer Tools
Bulletin 11 - Important - Information Disclosure - May require restart - Microsoft Developer Tools
Bulletin 12 - Moderate - Information Disclosure - May require restart - Microsoft .NET Framework
Bulletin 13 - Moderate - Denial of Service - Requires restart - Microsoft Windows ..."

.

 

[AplusWebMaster]

MS Security Bulletin Summary - August 2011

FYI...

- https://www.microsoft.com/technet/security/Bulletin/MS11-aug.mspx
August 09, 2011 - "This bulletin summary lists security bulletins released for August 2011... (Total of -13-)

Critical - 2

Microsoft Security Bulletin MS11-057 - Critical
Cumulative Security Update for Internet Explorer (2559049)
- https://www.microsoft.com/technet/security/bulletin/MS11-057.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS11-058 - Critical
Vulnerabilities in DNS Server Could Allow Remote Code Execution (2562485)
- https://www.microsoft.com/technet/security/bulletin/ms11-058.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Important - 9

Microsoft Security Bulletin MS11-059 - Important
Vulnerability in Data Access Components Could Allow Remote Code Execution (2560656)
- https://www.microsoft.com/technet/security/bulletin/ms11-059.mspx
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-060 - Important
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978)
- https://www.microsoft.com/technet/security/bulletin/ms11-060.mspx
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS11-061 - Important
Vulnerability in Remote Desktop Web Access Could Allow Elevation of Privilege (2546250)
- https://www.microsoft.com/technet/security/bulletin/ms11-061.mspx
Important - Elevation of Privilege - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-062 - Important
Vulnerability in Remote Access Service NDISTAPI Driver Could Allow Elevation of Privilege (2566454)
- https://www.microsoft.com/technet/security/bulletin/ms11-062.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-063 - Important
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2567680)
- https://www.microsoft.com/technet/security/bulletin/ms11-063.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-064 - Important
Vulnerabilities in TCP/IP Stack Could Allow Denial of Service (2563894)
- https://www.microsoft.com/technet/security/bulletin/ms11-064.mspx
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-065 - Important
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (2570222)
- https://www.microsoft.com/technet/security/bulletin/ms11-065.mspx
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-066 - Important
Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943)
- https://www.microsoft.com/technet/security/bulletin/ms11-066.mspx
Important - Information Disclosure - May require restart - Microsoft .NET Framework, Microsoft Developer Tools

Microsoft Security Bulletin MS11-067 - Important
Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230)
- https://www.microsoft.com/technet/security/bulletin/ms11-067.mspx
Important - Information Disclosure - May require restart - Microsoft Developer Tools

Moderate - 2

Microsoft Security Bulletin MS11-068 - Moderate
Vulnerability in Windows Kernel Could Allow Denial of Service (2556532)
- https://www.microsoft.com/technet/security/bulletin/ms11-068.mspx
Moderate - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-069 - Moderate
Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
- https://www.microsoft.com/technet/security/bulletin/ms11-069.mspx
Moderate - Information Disclosure - May require restart - Microsoft .NET Framework
___

Severity and Exploitability Index
- https://blogs.technet.com/cfs-files...ogfiles/00-00-00-45-71/2860.aug11_2D00_xi.png

Deployment Priority
- https://blogs.technet.com/cfs-files...les/00-00-00-45-71/6567.aug11_2D00_deploy.png
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=11341
Last Updated: 2011-08-09 19:35:25 UTC
___

MSRT
- http://support.microsoft.com/?kbid=890830
August 9, 2011 - Revision: 90.0 - "... The Malicious Software Removal Tool runs in quiet mode. If it detects malicious software on your computer, the next time that you log on to your computer as a computer administrator, a balloon will appear in the notification area to make you aware of the detection..."

(Recent additions)
- http://www.microsoft.com/security/pc-security/malware-families.aspx
... added this release...
• FakeSysdef
• Hiloti

Download:
- http://www.microsoft.com/security/pc-security/malware-removal.aspx
File Name: windows-kb890830-v3.22.exe
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: windows-kb890830-x64-v3.22.exe

MSRT August '11 ...
- https://blogs.technet.com/b/mmpc/archive/2011/08/10/msrt-august-11-fakesysdef.aspx
10 Aug 2011

.

 

[AplusWebMaster]

MS Security Advisories... 2011.08.09

FYI...

Microsoft Security Advisory (2562937)
Update Rollup for ActiveX Kill Bits
- https://www.microsoft.com/technet/security/advisory/2562937.mspx
August 09, 2011 - "Microsoft is releasing a new set of ActiveX kill bits with this advisory. This update sets the kill bits for the following third-party software:
• CheckPoint SSL VPN On-Demand applications...
• ActBar... IBM...
• EBI R Web Toolkit... Honeywell..."

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://www.microsoft.com/technet/security/advisory/2269637.mspx
August 09, 2011 - "... Update released on August 9, 2011
• MS11-059*, "Vulnerability in Data Access Components Could Allow Remote Code Execution," provides support for a vulnerable component of Microsoft Windows that is affected by the Insecure Library Loading class of vulnerabilities described in this advisory..."
* https://www.microsoft.com/technet/security/bulletin/ms11-059.mspx

.

 

[AplusWebMaster]

MS11-043 re-released...

FYI...

MS11-043 re-released... Critical
Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
- https://www.microsoft.com/technet/security/bulletin/MS11-043.mspx
Published: June 14, 2011 | Updated: August 09, 2011
• "V2.0 (August 9, 2011): Bulletin rereleased to reoffer the update on all supported operating systems to address a stability issue. Customers who have already successfully updated their systems should reinstall this update."

- http://support.microsoft.com/kb/2536276
Last Review: August 9, 2011 - Revision: 3.0

:fear:

 

[AplusWebMaster]

MS Security Advisory (2607712)

FYI...

Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
- https://www.microsoft.com/technet/security/advisory/2607712.mspx
August 29, 2011 V2.0 - "Microsoft is aware of at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store, on all supported releases of Microsoft Windows. Although this is not a vulnerability in a Microsoft product, Microsoft is taking action to protect customers. Microsoft has been able to confirm that one digital certificate affects all subdomains of google.com and may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. Microsoft is continuing to investigate how many more certificates have been fraudulently issued. As a precautionary measure, Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List. All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Users of these operating systems will be presented with an invalid certificate error when they browse to a Web site or try to install programs signed by the DigiNotar root certificate. In those cases users should follow the instructions in the message. Microsoft will release a future update to address this issue for all supported editions of Windows XP and Windows Server 2003. Microsoft is continuing to investigate this issue and may release future updates to help protect customers..."

- https://blogs.technet.com/b/msrc/ar...osoft-releases-security-advisory-2607712.aspx

- https://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
"... We have received reports of these certificates being used in the wild... we are releasing new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9), Thunderbird (3.1.13, and 6.0.1) and SeaMonkey (2.3.2) shortly..."
___

- http://h-online.com/-1333088
30 August 2011

:fear: