Old MS Alerts

Patch Watch ...

FYI... http://windowssecrets.com/category/patch-watch/

... Regularly updated problem-patch chart
>> http://windowssecrets.com/category/patch-watch/
2011-11-23 - "... table provides the status of problem Windows patches reported in previous Patch Watch columns. Patches listed... as safe to install will be removed from the next updated table...
[ i.e.] Microsoft Security Bulletin MS11-069 - Moderate
Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
* https://technet.microsoft.com/en-us/security/bulletin/ms11-069
'Published: Tuesday, August 09, 2011 | Updated: Wednesday, October 26, 2011 ...
Revisions:
• V1.0 (August 9, 2011): Bulletin published.
• V1.1 (August 23, 2011): Added an update FAQ to announce a detection change for KB2539636 that corrects an installation issue. This is a detection change only. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action.
• V1.2 (October 26, 2011): Corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems...'

Status recommendations: Skip* — patch not needed; Hold — do not install until its problems are resolved; Wait — hold off temporarily while the patch is tested; Optional — not critical, use if wanted; Install — OK to apply..."

:secret:
 
Last edited:
Duqu TrueType 0-day exploit - notes ...

FYI... Duqu TrueType 0-day exploit - notes ..

No Microsoft patch is available (yet)
> http://windowssecrets.com/newsletter/building-your-own-xp-service-pack-4/#inthe3
2011-12-01 - "... The workaround** denies access to t2embed.dll, causing the Duqu exploit to fail. But the Duqu Fix it also has an odd characteristic: it prompts Windows XP users to download two older Microsoft patches, MS10-001 (KB 972270) and MS10-076 (KB 982132) — patches most XP users have presumably already installed..."
** http://support.microsoft.com/kb/2639658#FixItForMe

Free Duqu detector from CrySyS
> http://windowssecrets.com/newsletter/building-your-own-xp-service-pack-4/#inthe2
2011-12-01 - "... To see whether your system is vulnerable to Duqu, you can obtain a free Duqu detector from CrySyS*..."
* http://www.crysys.hu/duqudetector.html

:fear:
 
MS Security Bulletin Advance Notification - December 2011

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms11-dec
December 08, 2011 - "This is an advance notification of security bulletins that Microsoft is intending to release on December 13, 2011...
(Total of -14-)

Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 2 - Critical - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 3 - Critical - Remote Code Execution - May require restart - Microsoft Windows

Bulletin 4 - Important - Information Disclosure - Requires restart - Microsoft Windows
Bulletin 5 - Important - Information Disclosure - May require restart - Microsoft Office
Bulletin 6 - Important - Information Disclosure - May require restart - Microsoft Office
Bulletin 7 - Important - Information Disclosure - May require restart - Microsoft Windows
Bulletin 8 - Important - Information Disclosure - May require restart - Microsoft Office
Bulletin 9 - Important - Information Disclosure - Requires restart - Microsoft Windows
Bulletin 10 -Important - Information Disclosure - May require restart - Microsoft Office

Bulletin 11 -Important - Elevation of Privilege - Requires restart- Microsoft Windows
Bulletin 12 -Important - Elevation of Privilege - Requires restart- Microsoft Windows
Bulletin 13 -Important - Elevation of Privilege - Requires restart- Microsoft Windows, Internet Explorer
Bulletin 14 -Important - Elevation of Privilege - May require restart - Microsoft Office
___

- https://www.computerworld.com/s/art...atches_next_week_will_fix_Duqu_and_BEAST_bugs
December 8, 2011 - "... Among the patches will be ones that plug the hole used by the Duqu intelligence-gathering Trojan, and fix the SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 bug popularized three months ago by the BEAST, for "Browser Exploit Against SSL/TLS," hacking tool..."

TrueType: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3402
Last revised: 11/07/2011
CVSS v2 Base Score: 9.3 (HIGH)
SSL/TLS: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389
Last revised: 11/24/2011
CVSS v2 Base Score: 4.3 (MEDIUM)
___

- https://isc.sans.edu/diary.html?storyid=12169
Last Updated: 2011-12-08 21:43:23 UTC - "... gifts we will be presented with next week..."

.
 
Last edited:
MS Security Bulletin Summary - December 2011

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms11-dec
December 13, 2011 - "This bulletin summary lists security bulletins released for December 2011...
(Total of -13- )

Critical - 3

Microsoft Security Bulletin MS11-087 - Critical
Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-087
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-090 - Critical
Cumulative Security Update of ActiveX Kill Bits (2618451)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-090
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-092 - Critical
Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-092
Critical - Remote Code Execution - May require restart - Microsoft Office

Important - 10

Microsoft Security Bulletin MS11-088 - Important
Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-088
Important - Elevation of Privilege - May require restart - Microsoft Office

Microsoft Security Bulletin MS11-089 - Important
Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-089
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS11-091 - Important
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-091
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS11-093 - Important
Vulnerability in OLE Could Allow Remote Code Execution (2624667)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-093
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-094 - Important
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-094
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS11-095 - Important
Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-095
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-096 - Important
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-096
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS11-097 - Important
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/security/bulletin/ms11-097
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-098 - Important
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-098
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-099 - Important
Cumulative Security Update for Internet Explorer (2618444)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-099
Important - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
___

Deployment Priority
- https://blogs.technet.com/cfs-files...iles/00-00-00-45-71/7343.2011_2D00_12-dep.png

Severity and Exploitability Index
- https://blogs.technet.com/cfs-files...iles/00-00-00-45-71/7343.2011_2D00_12-dep.png

- https://blogs.technet.com/b/msrc/ar...r-bulletins-are-released.aspx?Redirected=true
"... Why 13 bulletins and not 14, as we stated in the ANS announcement on Thursday? After that announcement, we discovered an apps-compatibility issue between one bulletin-candidate and a major third-party vendor... The issue addressed in that bulletin, which we have been monitoring and against which we have seen no active attacks in the wild, was discussed in Security Advisory 2588513*."
* https://technet.microsoft.com/en-us/security/advisory/2588513

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389
Last revised: 12/13/2011
CVSS v2 Base Score: 4.3 (MEDIUM)

- https://www.computerworld.com/s/art...BEAST_patch_at_last_minute_but_fixes_Duqu_bug
December 13, 2011 - "... scrubbed security update was to fix the SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 bug demonstrated in September 2011 by researchers who crafted a hacking tool dubbed BEAST... SAP... was the third-party vendor who reported compatibility problems...."
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=12193
Last Updated: 2011-12-14 02:29:09 UTC
___

Security Advisory updates:

Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/security/advisory/2639658
V2.0 (December 13, 2011): Advisory updated to reflect publication of security bulletin. MS11-087.

Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2269637
V13.0 (December 13, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-099, "Cumulative Security Update for Internet Explorer;" and MS11-094, "Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution."
___

Insecure library loading - verified Secunia List
- https://secunia.com/community/advisories/windows_insecure_library_loading/
Number of products affected: 293
Number of vendors affected: 113
Number of Secunia Advisories issued: 215
Solution Status ...
___

- https://secunia.com/advisories/46724/ - MS11-087
- https://secunia.com/advisories/47062/ - MS11-088
- https://secunia.com/advisories/47098/ - MS11-089
- https://secunia.com/advisories/47099/ - MS11-090
- https://secunia.com/advisories/47117/ - MS11-092
- https://secunia.com/advisories/47207/ - MS11-093
- https://secunia.com/advisories/47208/ - MS11-094
- https://secunia.com/advisories/47213/ - MS11-094
- https://secunia.com/advisories/47202/ - MS11-095
- https://secunia.com/advisories/47203/ - MS11-096
- https://secunia.com/advisories/47210/ - MS11-097
- https://secunia.com/advisories/47204/ - MS11-098
- https://secunia.com/advisories/47212/ - MS11-099
___

MSRT
- http://support.microsoft.com/?kbid=890830
December 13, 2011 - Revision: 96.0
(Recent additions)
- http://www.microsoft.com/security/pc-security/malware-families.aspx
... added this release...
• Helompy

Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: windows-kb890830-v4.3.exe - 14.5 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: windows-kb890830-x64-v4.3.exe - 14.8 MB

- https://blogs.technet.com/b/mmpc/archive/2011/12/13/msrt-december-win32-helompy.aspx?Redirected=true
13 Dec 2011
___

Dec. 2011 Security Bulletin Q&A:
- https://blogs.technet.com/b/msrc/ar...bulletin-webcast-q-amp-a.aspx?Redirected=true
Dec. 14, 2011

.
 
Last edited:
RE: Win7 SP1

FYI... Win7 SP1 goes "missing"...

'You do not have the option of downloading Windows 7 SP1 when you use Windows Update to check for updates'
- http://support.microsoft.com/kb/2498452
Last Review: April 24, 2012 - Revision: 11.0
"... To resolve this issue, follow the steps in the methods below..."
(See the site)

:sad:
 
Last edited:
Hash collision attacks ...

FYI...

- https://www.us-cert.gov/current/#multiple_vendors_vulnerable_to_hash
Dec. 29, 2011

- http://h-online.com/-1401863
Dec. 29, 2011
___

Microsoft Security Advisory (2659883)
Vulnerability in ASP.NET Could Allow Denial of Service
- https://technet.microsoft.com/en-us/security/advisory/2659883
December 28, 2011 - "Microsoft is aware of detailed information that has been published describing a new method to exploit hash tables. Attacks targeting this type of vulnerability are generically known as hash collision attacks. Attacks such as these are not specific to Microsoft technologies and affect other web service software providers. This vulnerability affects all versions of Microsoft .NET Framework and could allow for an unauthenticated denial of service attack on servers that serve ASP.NET pages. Sites that only serve static content or disallow dynamic content types listed in the mitigation factors below are not vulnerable.
The vulnerability exists due to the way that ASP.NET processes values in an ASP.NET form post causing a hash collision. It is possible for an attacker to send a small number of specially crafted posts to an ASP.NET server, causing performance to degrade significantly enough to cause a denial of service condition. Microsoft is aware of detailed information available publicly that could be used to exploit this vulnerability but is not aware of any active attacks.
Details of a workaround to help protect sites against this vulnerability are provided in this article. Individual implementations for sites using ASP.NET will vary and Microsoft strongly suggests customers evaluate the impact of the workaround for applicability to their implementations...
Workarounds - Configuration-based workaround
The following workaround configures the limit of the maximum request size that ASP.NET will accept from a client. Decreasing the maximum request size will decrease the susceptibility of the ASP.NET server to a denial of service attack..."
- http://support.microsoft.com/kb/2659883
December 28, 2011 - Revision: 2.0

- http://www.kb.cert.org/vuls/id/903934
2011-12-28

- https://isc.sans.edu/diary.html?storyid=12286
Last Updated: 2011-12-28 23:02:14 UTC ...(Version: 2)
___

- https://blogs.technet.com/b/srd/arc...11-asp-net-vulnerability.aspx?Redirected=true
27 Dec 2011 10:29 PM - "...if your website does need to accept user uploads, this workaround is likely to block legitimate requests. In that case, you should not use this workaround and instead wait for the comprehensive security update*..."
* Advanced Notification for out-of-band release to address Security Advisory 2659883
- https://blogs.technet.com/b/msrc/ar...ecurity-advisory-2659883.aspx?Redirected=true
28 Dec 2011 7:51 PM - "... The release is scheduled for December 29... The bulletin has a severity rating of Critical..."
___

- http://www.securitytracker.com/id/1026469
CVE Reference: CVE-2011-3414
Date: Dec 28 2011
Impact: Denial of service via network...

- http://www.ocert.org/advisories/ocert-2011-003.html
2011-12-28

- https://secunia.com/advisories/47323/ | https://secunia.com/advisories/47404/
- https://secunia.com/advisories/47405/ | https://secunia.com/advisories/47406/
- https://secunia.com/advisories/47407/ | https://secunia.com/advisories/47408/
- https://secunia.com/advisories/47411/ | https://secunia.com/advisories/47413/
- https://secunia.com/advisories/47414/ | https://secunia.com/advisories/47415/
Release Date: 2011-12-29

:fear::fear:
 
Last edited:
MS11-100 - .NET Framework ...

FYI...

Microsoft Security Bulletin MS11-100 - Critical
Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
- https://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx
December 29, 2011 - "This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site... This security update is rated Critical for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on -all- supported editions of Microsoft Windows...
Collisions in HashTable May Cause DoS Vulnerability
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3414 - 7.8 (HIGH)
Insecure Redirect in .NET Form Authentication Vulnerability
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3415 - 6.8
ASP.Net Forms Authentication Bypass Vulnerability
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3416 - 8.5 (HIGH)
ASP.NET Forms Authentication Ticket Caching Vulnerability
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3417 - 9.3 (HIGH)
12/30/2011
Affected Software: Windows XP (all editions), Windows Server 2003 (all editions), Windows Vista (all editions), Windows Server 2008 (all editions), Windows 7 (all editions), Windows Server 2008 R2 (all editions) ..."
• V1.1 (December 30, 2011): Added entry to the Update FAQ to address security-rated changes to functionality contained in this update and added mitigation for CVE-2011-3414.
___

MSRC: https://blogs.technet.com/b/msrc/ar...ecurity-advisory-2659883.aspx?Redirected=true
29 Dec 2011 - "... Consumers are -not- vulnerable unless they are running a Web server from their computer..."

MS SRD: https://blogs.technet.com/b/srd/arc...-security-update-is-live.aspx?Redirected=true
29 Dec 2011
___

- https://secunia.com/advisories/47323/
Last Update: 2012-01-02
Criticality level: Moderately critical
Impact: Security Bypass, Spoofing, DoS
Where: From remote...
Original Advisory: MS11-100 (KB2638420, KB2656351, KB2656352, KB2656353, KB2656355, KB2656356, KB2656358, KB2656362, KB2657424):
http://technet.microsoft.com/en-us/security/bulletin/MS11-100

- http://www.securitytracker.com/id/1026479
Updated: Dec 30 2011

:fear::spider:
 
Last edited:
MS Security Bulletin Advance Notification - January 2012

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms12-jan
January 05, 2012 - "This is an advance notification of security bulletins that Microsoft is intending to release on January 10, 2012...
(Total of -7-)

Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 2 - Important - Security Feature Bypass - Requires restart - Microsoft Windows
Bulletin 3 - Important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 4 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 5 - Important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 6 - Important - Information Disclosure - Requires restart - Microsoft Windows
Bulletin 7 - Important - Information Disclosure - May require restart - Microsoft Developer Tools and Software

.
 
MS Security Bulletin Summary - January 2012

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms12-jan
January 10, 2012 - "This bulletin summary lists security bulletins released for January 2012...
(Total of -7-)

Microsoft Security Bulletin MS12-004 - Critical
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-004
Critical - Remote Code Execution - Requires restart- Microsoft Windows

Microsoft Security Bulletin MS12-001 - Important
Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-001
Important - Security Feature Bypass - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-002 - Important
Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-002
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS12-003 - Important
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-003
Important - Elevation of Privilege - Requires restart- Microsoft Windows

Microsoft Security Bulletin MS12-005 - Important
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-005
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS12-006 - Important
Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-006
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-007 - Important
Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-007
Important - Information Disclosure - May require restart - Microsoft Developer Tools and Software
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=12361
Last Updated: 2012-01-10 18:38:36 UTC
___

Deployment Priority
- https://blogs.technet.com/cfs-files...27.20120110_5F00_Deployment_5F00_Priority.PNG

Severity and Exploitability Index
- https://blogs.technet.com/cfs-files...8.20120110_5F00_Severity_5F00_and_5F00_XI.PNG

- https://blogs.technet.com/b/msrc/ar...urity-bulletins-released.aspx?Redirected=true
___

- https://secunia.com/advisories/47356/ - MS12-001
- https://secunia.com/advisories/45189/ - MS12-002
- https://secunia.com/advisories/47479/ - MS12-003
- https://secunia.com/advisories/47485/ - MS12-004
- https://secunia.com/advisories/47480/ - MS12-005
- https://secunia.com/advisories/46168/ - MS12-006
- https://secunia.com/advisories/47483/ - MS12-007
- https://secunia.com/advisories/47516/ - MS12-007

- http://www.securitytracker.com/id/1026498 - MS12-006
___

MSRT
- http://support.microsoft.com/?kbid=890830
January 10, 2012 - Revision: 97.1
(Recent additions)
- http://www.microsoft.com/security/pc-security/malware-families.aspx
... added this release...
• Sefnit*

Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: windows-kb890830-v4.4.exe - 13.8 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: windows-kb890830-x64-v4.4.exe - 14.2 MB

* https://blogs.technet.com/b/mmpc/ar...ary-12-msrt-win32-sefnit.aspx?Redirected=true
10 Jan 2012 - "... Sefnit... often installed by different exploit kits including such as "Blackhole" (detected as Blacole), or distributed on file sharing networks with enticing "keygen" or "crack" styled file names..."

.
 
Last edited:
MS SSL/TLS advisory updated

FYI...

Microsoft Security Advisory (2588513)
Vulnerability in SSL/TLS Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/security/advisory/2588513
Published: Monday, September 26, 2011 | Updated: Tuesday, January 10, 2012 - "We have issued MS12-006* to address this issue..."
* https://technet.microsoft.com/en-us/security/bulletin/ms12-006

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389

* http://forums.spybot.info/showpost.php?p=419439&postcount=33

:fear:
 
MS Security Bulletin Advance Notification - Feb 2012

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms12-feb
February 09, 2012 - "This is an advance notification of security bulletins that Microsoft is intending to release on February 14, 2012...
(Total of -9-)

Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 2 - Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
Bulletin 3 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 4 - Critical - Remote Code Execution - May require restart - Microsoft .NET Framework, Microsoft Silverlight
Bulletin 5 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 6 - Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software
Bulletin 7 - important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 8 - Important - Remote Code Execution - May require restart - Microsoft Windows
Bulletin 9 - Important - Remote Code Execution - May require restart - Microsoft Office
___

- http://h-online.com/-1432804
10 Feb 2012 - "... a total of 21 vulnerabilities in products including Windows, Office and Internet Explorer, as well as in the .NET Framework and Silverlight..."

.
 
Last edited:
MS Security Bulletin Summary - February 2012

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms12-feb
February 14, 2012 - "This bulletin summary lists security bulletins released for February 2012...
(Total of -9-)

Critical -4-

Microsoft Security Bulletin MS12-008 - Critical
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-008
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-010 - Critical
Cumulative Security Update for Internet Explorer (2647516)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-010
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS12-013 - Critical
Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-013
Critical - Remote Code Execution - Requires restart - Microsoft Windows
- https://blogs.technet.com/b/srd/arc...out-the-msvcrt-dll-issue.aspx?Redirected=true

Microsoft Security Bulletin MS12-016 - Critical
Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-016
Critical - Remote Code Execution - May require restart - Microsoft .NET Framework, Microsoft Silverlight
___

Reliability Update 2 for the .NET Framework 4
- http://support.microsoft.com/kb/2600217
Last Review: Feb 18, 2012 - Revision: 3.0 - Reliability Update 2 for the Microsoft .NET Framework 4 is available to fix some stability, reliability, and performance issues..
___

Important -5-

Microsoft Security Bulletin MS12-009 - Important
Vulnerabilities in Ancillary Function Driver Could Allow Elevation of Privilege (2645640)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-009
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-011 - Important
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2663841)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-011
Important - Elevation of Privilege - May require restart - Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS12-012 - Important
Vulnerability in Color Control Panel Could Allow Remote Code Execution (2643719)
- https://technet.microsoft.com/en-us/security/bulletin/MS12-012
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS12-014 - Important
Vulnerability in Indeo Codec Could Allow Remote Code Execution (2661637)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-014
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS12-015 - Important
Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2663510)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-015
Important - Remote Code Execution - May require restart - Microsoft Office
___

Bulletin Deployment Priority
- https://blogs.technet.com/cfs-file....00-00-45-71/6646.February-2012-Deployment.png

Severity and Exploitability Index
- https://blogs.technet.com/cfs-file....iles/00-00-00-45-71/1134.February-2012-XI.png

- https://blogs.technet.com/b/msrc/ar...-february-2012-bulletins.aspx?Redirected=true
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=12586
Last Updated: 2012-02-14 20:41:30 UTC
___

- https://secunia.com/advisories/47237/ - MS12-008
- https://secunia.com/advisories/47911/ - MS12-009
- https://secunia.com/advisories/48028/ - MS12-010
- https://secunia.com/advisories/48031/ - MS12-010
- https://secunia.com/advisories/48029/ - MS12-011
- https://secunia.com/advisories/41874/ - MS12-012
- https://secunia.com/advisories/47949/ - MS12-013
- https://secunia.com/advisories/41114/ - MS12-014
- https://secunia.com/advisories/47946/ - MS12-015
- https://secunia.com/advisories/48030/ - MS12-016
___

MSRT
- http://support.microsoft.com/?kbid=890830
February 14, 2012 - Revision: 99.0
(Recent additions)
- http://www.microsoft.com/security/pc-security/malware-families.aspx
... added this release...
• Fareit
• Pramro

Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: windows-kb890830-v4.5.exe - 14.2 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: windows-kb890830-x64-v4.5.exe - 14.7 MB
___

MS Exchange 2010 SP2 - Update Rollup 1
- https://blogs.technet.com/b/exchang...ange-2010-service-pack-2.aspx?Redirected=true
13 Feb 2012 - "Earlier today the Exchange CXP team released Update Rollup 1 for Exchange Server 2010 SP2 to the Download Center*.
* http://www.microsoft.com/download/en/details.aspx?id=28809
This update contains a number of customer-reported and internally found issues since the release of RU1. See KB 2645995**: Description of Update Rollup 1 for Exchange Server 2010 Service Pack 2' for more details.
** http://support.microsoft.com/kb/2645995

.
 
Last edited:
MS Security Bulletin Advance Notification - March 2012

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms12-mar
March 08, 2012 - "This is an advance notification of security bulletins that Microsoft is intending to release on March 13, 2012.
(Total of -6-)

Bulletin 1 - Critical - Remote Code Execution - Requires restart - Microsoft Windows
Bulletin 2 - Important - Denial of Service - Requires restart - Microsoft Windows
Bulletin 3 - Important - Elevation of Privilege - Requires restart - Microsoft Windows
Bulletin 4 - Important - Elevation of Privilege - May require restart - Microsoft Visual Studio
Bulletin 5 - Important - Remote Code Execution - May require restart - Microsoft Expression Design
Bulletin 6 - Moderate - Denial of Service - May require restart - Microsoft Windows

.
 
MS Security Bulletin Summary - March 2012

FYI...

- https://technet.microsoft.com/en-us/security/bulletin/ms12-mar
March 13, 2012 - "This bulletin summary lists security bulletins released for March 2012...
(Total of -6-)

Critical -1-

Microsoft Security Bulletin MS12-020 - Critical
Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-020
Critical - Remote Code Execution - Requires restart - Microsoft Windows
> http://support.microsoft.com/kb/2671387
See: "Known issues and additional information about this security update..."

Important -4-

Microsoft Security Bulletin MS12-017 - Important
Vulnerability in DNS Server Could Allow Denial of Service (2647170)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-017
Important - Denial of Service - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-018 - Important
Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-018
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS12-021 - Important
Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-021
Important - Elevation of Privilege - May require restart - Microsoft Visual Studio

Microsoft Security Bulletin MS12-022 - Important
Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-022
Important - Remote Code Execution - May require restart - Microsoft Expression Design
> http://support.microsoft.com/kb/2651018
See: "Known issues with this security update..."

Moderate -1-

Microsoft Security Bulletin MS12-019 - Moderate
Vulnerability in DirectWrite Could Allow Denial of Service (2665364)
- https://technet.microsoft.com/en-us/security/bulletin/ms12-019
Moderate - Denial of Service - May require restart - Microsoft Windows
___

Bulletin Deployment Priority
- https://blogs.technet.com/cfs-file....-00-00-45-71/5734.March-2012-Deployment-2.png

Severity and Exploitability Index
- https://blogs.technet.com/cfs-file....00-45-71/4705.March-2012-Server_2D00_XI-1.png

- https://blogs.technet.com/b/msrc/ar...-2012-security-bulletins.aspx?Redirected=true
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=12775
Last Updated: 2012-03-13 17:29:20 UTC
___

MSRT
- http://support.microsoft.com/?kbid=890830
March 13, 2012 - Revision: 100.0
(Recent additions)
- http://www.microsoft.com/security/pc-security/malware-families.aspx
... added this release...
• Dorkbot
• Hioles
• Yeltminky
• Pluzoks.A

- https://blogs.technet.com/b/mmpc/ar...-march-2012-breaking-bad.aspx?Redirected=true
13 Mar 2012

Download:
- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=16
File Name: windows-kb890830-v4.6.exe - 14.8 MB
- https://www.microsoft.com/download/en/details.aspx?id=9905
x64 version of MSRT:
File Name: windows-kb890830-x64-v4.6.exe - 15.4 MB

.
 
Last edited:
MS advisories updated - 2012.03.13 ...

FYI...

Microsoft Security Advisory (2647518)
Update Rollup for ActiveX Kill Bits
- https://technet.microsoft.com/en-us/security/advisory/2647518
March 13, 2012

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2269637
• V15.0 (March 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-022*, "Vulnerability in Expression Design Could Allow Remote Code Execution."
* https://technet.microsoft.com/en-us/security/bulletin/ms12-022

.
 
RE: MS12-020 - Critical...

FYI... RE: MS12-020 - Critical...

- https://blogs.technet.com/b/srd/archive/201...Redirected=true
13 Mar 2012 - "... we anticipate that an exploit for code execution will be developed in the next 30 days... Remote Desktop Protocol is disabled by default, so a majority of workstations are unaffected by this issue. However, we highly encourage you to apply the update right away on any systems where you have enabled Remote Desktop... Enabling NLA* will prevent older clients (including Windows XP and Windows Server 2003) from connecting, by default..."
* See the URL above for MS Fixit's...
> http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2012-0002
Last revised: 03/14/2012 - "... Note that on Windows XP and Windows Server 2003, Remote Assistance can enable RDP..."
CVSS v2 Base Score: 9.3 (HIGH)

- http://www.symantec.com/security_response/threatconlearn.jsp
"... The Microsoft Remote Desktop Protocol (RDP) patch is especially critical. Although RDP is not enabled by default, when it is enabled many RDP servers are placed directly on the Internet. If RDP is being used, ensure it is patched as soon as possible. RDP should -not- be placed directly on the Internet. RDP should be remotely accessible only by trusted clients by way of a VPN or similar solution..."

- http://h-online.com/-1471581
14 March 2012 - "... some customers "need time to evaluate and test all bulletins before applying them", Microsoft has also provided a workaround and a no-reboot "Fix it" tool that enables Network-Level Authentication (NLA) to mitigate the problem..."

:fear::fear:
 
Last edited:
Ms12-020 - ms rdp ...

FYI...

MS12-020 - MS RDP ...
- https://isc.sans.edu/diary.html?storyid=12805
Last Updated: 2012-03-16 15:26:16 UTC - "... proof-of-concept is out..."

- https://isc.sans.edu/diary.html?storyid=12808
Last Updated: 2012-03-17 00:18:07 UTC

- http://atlas.arbor.net/briefs/index#-700023003
Severity: Extreme Severity
March 16, 2012 01:36

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0002
Last revised: 03/15/2012
CVSS v2 Base Score: 9.3 (HIGH)

> https://technet.microsoft.com/en-us/security/bulletin/ms12-020

:fear::fear:
 
Last edited:
RDP exploit watch: 5M RDP endpoints found on the Web

FYI...

RDP exploit watch: 5M RDP endpoints found on the Web
- http://atlas.arbor.net/briefs/index#-1324643596
Elevated Severity
March 19, 2012 22:10
"Research suggests that approximately five million remote desktop endpoints exist on the Internet.
Analysis: Every Internet connected organization should carefully assess the need for Remote Desktop and evaluate exposure to include patch status and strength of credentials. While convenient for users, remote access tools increase the attack surface and additional layers of security such as requiring VPN access, robust network ACL's, requiring stronger authentication and extensive host hardening should be considered. Additionally, it is important to institute proper monitoring to detect attacks and unauthorized access."
Source: https://www.zdnet.com/blog/security...million-rdp-endpoints-found-on-internet/10937
"... Dan Kaminsky has identified approximately five million internet-accessible RDP endpoints that are potentially sitting ducks for a network worm exploiting the MS12-020 vulnerability..."

- http://dankaminsky.com/2012/03/18/rdp/
March 18, 2012
___

- http://www.kb.cert.org/vuls/id/624051
Last Updated: 2012-03-19

:fear::fear:
 
Last edited:
Exploit for MS12-020 RDP bug moves to Metasploit

FYI...

Exploit for MS12-020 RDP bug moves to Metasploit
- http://atlas.arbor.net/briefs/index#1373529066
Elevated Severity
March 21, 2012
"A Denial of Service exploit for the Microsoft Remote Desktop security hole is now included in the Metasploit Framework, a popular penetration testing toolkit. This DoS exploit was already in the wild.
Analysis: Hopefully the increased press on this issue has encouraged robust patching and system hardening which will reduce the impact of this issue when a remote code execution exploit does become public. istherdpexploitoutyet.com is a website tracking the progress on this issue and offering links to research information. Be aware that this site does not offer any guarantees, and dangerous fake exploits for this bug have already appeared that will cause harm to those attempting to run them. Organizations that are exploited by this Denial of Service condition will see a "blue screen of death" involving RDPWD.SYS, as seen in the blog: http://community.websense.com/blogs...2/03/20/ms12-020-working-poc-in-the-wild.aspx
Source: http://threatpost.com/en_us/blogs/exploit-ms12-020-rdp-bug-moves-metasploit-032012 "

:fear::fear:
 
You must log in or register to reply here.
Back
Top