317 replies to this topic

[AplusWebMaster]

FYI...per http://www.theregist...ity_advisories/
May 10, 2005
"...Information will be distributed as needed in the form of security advisories, which will be released as needed. Potential topics of the advisories include guidance on publicly disclosed, but yet unpatched, vulnerabilities, notification when code is released to exploit a software flaw, and information on Microsoft updates that are not security patches but which do provide some security benefits..."

- http://www.microsoft...ry/default.mspx

Current Security Advisories:
May 2005

Security Advisory (892313)
- http://www.microsoft...ory/892313.mspx
Default Setting in Windows Media Player Digital Rights Management Could Allow a User To Open A Web Page Without Requesting Permission

Security Advisory (842851)
- http://www.microsoft...ory/842851.mspx
Clarification Of The Tar Pit Feature Provided For Exchange Server 2003 In Windows Server 2003 Service Pack 1 ..."

Edited by AplusWebMaster, 30 December 2006 - 09:17 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (899480)
- http://www.microsoft...ory/899480.mspx
Vulnerability in TCP Could Allow Connection Reset
Published: May 18, 2005
"...Various TCP implementations could allow a remote attacker to set arbitrary timer values for a TCP connection. An attacker who successfully exploited this vulnerability could cause the affected system to reset existing TCP connections. Those connections would have to be reestablished for communication to continue. This denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights. We do not consider this to be a significant threat to the security of the Internet. This is similar to other TCP connection reset issues.

Changes made during the development of Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and the MS05-019 security update eliminated this vulnerability. If you have installed any of these updates, these updates already help protect you from this vulnerability and no additional action is required.

Mitigating Factors:
• Customers who have installed Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, or the MS05-019 security update are not affected by this vulnerability.
• For an attacker to try to exploit this vulnerability, they must first predict or learn the IP address and port information of the source and of the destination of an existing TCP network connection. Protocols or programs that maintain long sessions and that have predictable TCP/IP information are at an increased risk for this issue.
• This attack would have to be performed on each TCP connection that was targeted for reset. Many applications will automatically restore connections that have been reset.
• This issue does not affect Windows 98, Windows 98 SE, or Windows Millennium Edition.
• This attack requires the TCP Timestamp Option registry setting to be enabled. This setting is enabled by default. However, this option can be disabled. Systems that have disabled this setting are not affected by this vulnerability. For more information about this setting, visit the following Web site:
- http://www.microsoft...entry/58800.asp

Customers should note that the MS05-019 security bulletin is currently scheduled to be re-released in June of 2005..."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (902333)
Browser Windows Without Indications of Their Origins may be Used in Phishing Attempts
- http://www.microsoft...ory/902333.mspx
Published: June 21, 2005

[AplusWebMaster]

FYI...

Microsoft Security Advisory (891861)
Release of Update Rollup 1 for Windows 2000 Service Pack 4 (SP4)
- http://www.microsoft...ory/891861.mspx
Published: June 28, 2005
"...Should I install Update Rollup 1 even if I have kept my Windows 2000 SP4 systems up to date?
Yes. Update Rollup 1 contains additional important fixes in files that have not previously been part of individual security updates, as described in the Knowledge Base Article. In addition, the Update Rollup 1 contains additional enhancements that increase system security, reliability, reduce support costs, and support the current generation of PC hardware. In some cases, the individual binary files released in previous individual security updates may have been updated via individual hotfixes to address minor compatibility issues introduced in those prior security updates that affected individual customers. The latest versions of those files are included in the Update Rollup.
Therefore, even if a system is fully up to date with prior security releases, Windows Update will still detect and apply the Update Rollup. Customers who use managed security update deployment solutions should evaluate the need to deploy Update Rollup 1 within their infrastructure..."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (903144)
A COM Object (javaprxy.dll) Could Cause Internet Explorer to Unexpectedly Exit
- http://www.microsoft...ory/903144.mspx
Published: June 30, 2005
"...Suggested Actions
• Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX controls in these zones..."

- http://secunia.com/advisories/15891/
Release Date: 2005-07-01
Critical: Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Workaround
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x ...
Solution:
The vendor recommends setting Internet and Local intranet security zone settings to "High"..."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (903144)
- http://www.microsoft...ory/903144.mspx
Updated: July 1, 2005: Advisory updated with additional mitigations and workarounds

[AplusWebMaster]

FYI...

Microsoft Security Advisory (903144)
- http://www.microsoft...ory/903144.mspx
• July 5, 2005: Advisory updated with Microsoft Download Center information for the registry key update that disables Javaprxy.dll in Internet Explorer

[AplusWebMaster]

FYI...

Microsoft Security Advisory (904797)
Vulnerability in Remote Desktop Protocol (RDP) Could Lead to Denial of Service
- http://www.microsoft...ory/904797.mspx
Published: July 16, 2005
"...Our initial investigation has revealed that a denial of service vulnerability exists that could allow an attacker to send a specially crafted Remote Desktop Protocol (RDP) request to an affected system. Our investigation has determined that this is limited to a denial of service, and therefore an attacker could not use this vulnerability to take complete control of a system. Services that utilize the Remote Desktop Protocol are not enabled by default, however if a service were enabled, an attacker could cause this system to restart.
Note Remote Desktop is enabled by default on Windows XP Media Center Edition...

Workarounds
Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.

Block TCP port 3389 at the firewall.
This port is used to initiate a connection with the affected component. Blocking it at the network perimeter firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. Additionally, on Windows XP and Windows Server 2003, the Windows Firewall can help protect individual machines. By default, the Windows Firewall does not allow connections to this port. For information on how to disable the Windows Firewall exception for Remote Desktop on these platforms, please visit the following Web site.

Disable Terminal Services or the Remote Desktop feature if they are not required.
If these services are no longer required on a system, you should consider disabling them as a security best practice. Disabling unused and unneeded services helps to reduce your exposure to security vulnerabilities.

For information on how to disable Remote Desktop via Group Policy, Customers should review Microsoft Knowledge Base Article 306300. http://support.micro...om/?kbid=306300

Secure Remote Desktop Connections by using an IPsec policy.
Specific configurations would be dependent upon the individual environment. For information about Internet Protocol Security (IPsec), visit the following Web site.

Secure Remote Desktop Connections by employing a Virtual Private Network (VPN) connection..."

[AplusWebMaster]

FYI...

Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
- http://www.microsoft...ory/899588.mspx
Published: August 11, 2005 | Updated: August 14, 2005
"Microsoft is actively analyzing and providing guidance on a malicious worm identified as “Worm:Win32/Zotob.A”, which is currently circulating on the Internet. The worm is a malicious attack which exploits the Windows Plug and Play vulnerability addressed in Microsoft Security Bulletin MS05-039 on August 9, 2005. Our initial investigation has revealed that the worm attacks Windows 2000-based systems.
Other versions of Windows, including Windows XP Service Pack 2 and Windows Server 2003, are not impacted by “Zotob.A”. Customers can protect against this worm by installing the security updates provided by the Microsoft Security Bulletin MS05-039 immediately..."
- http://www.microsoft...n/MS05-039.mspx

[AplusWebMaster]

FYI...

A COM Object (Msdds.dll) Could Cause Internet Explorer to Unexpectedly Exit (906267)
- http://www.microsoft...ory/906267.mspx
Published or Last Updated: 8/18/2005
"Microsoft is investigating new public reports of a possible vulnerability in Internet Explorer. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time. Microsoft is aggressively investigating the public reports. The Microsoft DDS Library Shape Control (Msdds.dll) is a COM object that could, when called from a Web page displayed in Internet Explorer, cause Internet Explorer to unexpectedly exit. This condition could potentially allow remote code execution if a user visited a malicious Web site. This COM Object is not marked safe for scripting and is not intended for use in Internet explorer..."
- http://www.kb.cert.org/vuls/id/740372

[AplusWebMaster]

FYI...

- http://www.microsoft...ory/906267.mspx
Published: August 18, 2005 | Updated: August 19, 2005
"...Mitigating Factors:
• The Microsoft DDS Library Shape Control (Msdds.dll) does not ship in Windows.
• The Microsoft DDS Library Shape Control (Msdds.dll) does not ship in the .NET Framework.
• Customers who do not have Msdds.dll on their systems are not affected by this vulnerability.
• The affected versions of Msdds.dll are 7.0.9064.9112 and 7.0.9446.0. Customers who have Msdds.dll with version 7.0.9955.0, 7.10.3077.0, or higher on their systems are not affected by this vulnerability.
• Customers who use Microsoft Office 2003 are not affected by this vulnerability.
• Customers who use Microsoft Access 2003 are not affected by this vulnerability.
• Customers who use Microsoft Office XP Service Pack 3 are not by default affected by this vulnerability. See Frequently Asked Question “I am running Microsoft Office XP Service Pack 3, am I affected by this vulnerability?” for additional details.
• Customers who use Microsoft Access 2002 Service Pack 3 are not by default affected by this vulnerability. See Frequently Asked Question “I am running Microsoft Office XP Service Pack 3, am I affected by this vulnerability?” for additional details.
• Customers who use Microsoft Visual Studio 2003 are not affected by this vulnerability.
• Customers who use Microsoft Visual Studio 2002 Service Pack 1 are not affected by this vulnerability..."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (906574) - Clarification of Simple File Sharing and ForceGuest
- http://www.microsoft...ory/906574.mspx
August 23, 2005
"Microsoft has issued this Security Advisory to clarify information of the issue addressed in Security Bulletin MS05-039 for non-default configurations of Windows XP Service Pack 1. This feature is known as “Simple File Sharing and ForceGuest.” If you are using Windows XP Service Pack 2, enabling Simple File Sharing and ForceGuest does not increase your level of exposure to the MS05-039 security vulnerability. Also, customers that have applied the security update included with MS05-039 are not impacted by this issue. We recommend that customers continue to follow our Protect Your PC guidance of enabling a firewall, getting software updates and installing ant-virus software. Customers can learn more about these steps by visiting the Protect Your PC Web site.
If Simple File Sharing is enabled on a Microsoft Windows XP system that is not joined to a domain, then all users who access this system through the network are forced to use the Guest account. This is the “Network access: Sharing and security model for local accounts” security policy setting, and is also known as ForceGuest.
Windows XP mitigates several security vulnerabilities by preventing users who do not have a valid logon credential from accessing the system remotely. An example of this is the vulnerability that is addressed in Microsoft Security Bulletin MS05-039. However, when you enable Simple File Sharing, the Guest account is also enabled and given permission to access the system through the network. Because the Guest account is a valid account when it is enabled, and is given permission to access the system through the network, an attacker could use the Guest account as if they had a valid user account..."

[AplusWebMaster]

FYI...

...Msdds.dll Advisory (906267)
- http://www.microsoft...ory/906267.mspx
Revisions:
• August 18, 2005: Advisory published
• August 19, 2005: Advisory updated to include additional mitigating factors and also to include steps on how to restrict Web sites to only your trusted Web sites in the “Workarounds section”.
• August 25, 2005: Advisory updated to include additional mitigating factors. Msdds.dll file versions have also been revised: updated file version from 7.0.9446.0 to 7.0.9466.0 and added file version 7.0.9064.9143..."

[AplusWebMaster]

FYI...

MS Security Advisory (897663) - Windows Firewall Exception May Not Display in the User Interface
- http://www.microsoft...ory/897663.mspx
Published: August 31, 2005
"Microsoft has received a report of an unexpected behavior in the way that the Windows Firewall User Interface handles malformed entries in the Windows Registry. By creating malformed Windows Firewall exception entries in the Windows Registry, an exception could be created in the firewall that would not be displayed in the Windows Firewall User Interface. However, this exception is displayed by the command line firewall administration tools.
It is important to note that this is not a vulnerability. Administrative privileges are required to access the associated section of the Windows Registry that contains this configuration information. By using documented methods to manage and create Windows Firewall exceptions, it is unlikely that a malformed registry entry will be produced which would exhibit this behavior. It is more likely that an attacker who has already compromised the system would create such malformed registry entries with intent to confuse a user.
Microsoft plans to include an update to address this concern as part of a future service pack on the affected supported platforms...
Related Software:
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition ..."

[AplusWebMaster]

Fix (for XPSP2 only, per above advisory) available:
- http://support.microsoft.com/kb/897663
Revision: 3.1
"...RESOLUTION
To resolve this issue in Windows XP Service Pack 2, install Update for Windows XP (KB897663). This update will make sure that a firewall exception created through the registry is listed in the Windows Firewall interface the same as if the exception was created in the interface itself. To download and install Update for Windows XP (KB897663), visit the following Web site:
http://www.microsoft...B9-1C988698C888

Prerequisites
Because of file dependencies, this update requires Windows XP Service Pack 2..."