317 replies to this topic

[AplusWebMaster]

FYI...

Microsoft Security Advisory (971492)
Vulnerability in Internet Information Services Could Allow Elevation of Privilege
- http://www.microsoft...ory/971492.mspx
May 18, 2009 - "Microsoft is investigating new public reports of a possible vulnerability in Microsoft Internet Information Services (IIS). An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication. We are not aware of attacks that are trying to use this vulnerability or of customer impact at this time. Microsoft is investigating the public reports...
Workarounds:
- Disable WebDAV...
- Alternate method to disable WebDAV on IIS 5.0 and IIS 5.1...
- Alternate method to disable WebDAV on IIS 5.1 and IIS 6.0...
- Change file system ACLs to deny access to the anonymous user account...

- http://web.nvd.nist....d=CVE-2009-1676
Last revised: 05/20/2009
CVSS v2 Base Score: 7.6 (HIGH)

> http://blogs.technet...ion-bypass.aspx
May 18, 2009

- http://atlas.arbor.n...ndex#1027953690
May 18, 2009

Edited by AplusWebMaster, 21 May 2009 - 11:46 AM.
Added MS Technet, CVE links...

[AplusWebMaster]

FYI...

Microsoft Security Advisory (971778)
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
- http://www.microsoft...ory/971778.mspx
May 28, 2009 - "Microsoft is investigating new public reports of a new vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted QuickTime media file. Microsoft is aware of limited, active attacks that use this exploit code. While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not vulnerable... Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."

- http://www.theregist..._vulnerability/
28 May 2009 22:37 GMT - "... Microsoft has offered several work-arounds until a patch is available. The most straight-forward of them involves visiting this link* and clicking on the "Fix it" icon. (We got an error when using Firefox, but it worked fine with Internet Explorer)..."
* http://support.micro...ixItForMeAlways
June 3, 2009 (Get the Enable Workaround "FixIt" here. MUST be run in Admin mode.)

> http://web.nvd.nist....d=CVE-2009-1537
Last revised: 06/09/2009
CVSS v2 Base Score: 9.3 (HIGH)
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service...

- http://secunia.com/advisories/35268/2/
Release Date: 2009-05-29
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched...
Solution: Disable the parsing of QuickTime content in quartz.dll. Please see the vendor's advisory for more information. Do not browse untrusted websites or follow untrusted links. Do not open untrusted media files...

Edited by AplusWebMaster, 08 July 2009 - 04:44 PM.
Simplification of "FixIt"; Updated CVE ref...

[AplusWebMaster]

FYI...

Microsoft Security Advisory (971888)
Update for DNS Devolution
- http://www.microsoft...ory/971888.mspx
Published or Last Updated: 6/9/2009

Microsoft Security Advisory (971492)
Vulnerability in Internet Information Services Could Allow Elevation of Privilege
- http://www.microsoft...ory/971492.mspx
Published: May 18, 2009 | Updated: June 9, 2009 - "... We have issued MS09-020 to address this issue..." - http://www.microsoft...n/MS09-020.mspx

Microsoft Security Advisory (969898)
Update Rollup for ActiveX Kill Bits
- http://www.microsoft...ory/969898.mspx
June 9, 2009 - "Microsoft is releasing a new set of ActiveX kill bits with this advisory.
The update includes a kill bit from a previously published Microsoft Cumulative Update:
• Microsoft Visual Basic 6.0 Service Pack 6 Cumulative Update (KB957924)
- http://www.microsoft...;displaylang=en
The update also includes kill bits for the following third-party software:
• Derivco. This security update sets a kill bit for an ActiveX control developed by Derivco. Derivco has released a security update that addresses a vulnerability in the affected component. For more information and download locations, see the security release from Derivco. This kill bit is being set at the request of the owner of the ActiveX controls...
• eBay Advanced Image Upload Component. This security update sets a kill bit for an ActiveX control developed by eBay. eBay has released a security update that addresses a vulnerability in the affected component. For more information and download locations, see the security release from eBay. This kill bit is being set at the request of the owner of the ActiveX controls...
• HP Virtual Room v7.0. This security update sets a kill bit for an ActiveX control developed by Research In Motion (RIM). RIM has released a security update that addresses a vulnerability in the affected component. For more information and download locations, see the security release from HP. This kill bit is being set at the request of the owner of the ActiveX controls..."

Microsoft Security Advisory (945713)
Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure
- http://www.microsoft...ory/945713.mspx
Published: December 3, 2007 | Updated: June 9, 2009 - "... We have issued MS09-008 to address the WPAD issue and have released configuration guidance and updates for DNS devolution in Microsoft Security Advisory 971888. The vulnerabilities addressed are DNS Server Vulnerability in WPAD Registration Vulnerability CVE-2009-0093 and WPAD WINS Server Registration Vulnerability CVE-2009-0094..."
- http://www.microsoft...n/MS09-008.mspx
- http://www.microsoft...ory/971888.mspx
- http://web.nvd.nist....d=CVE-2009-0093
- http://web.nvd.nist....d=CVE-2009-0094

[AplusWebMaster]

FYI...

Microsoft Security Advisory (972890)
Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution
- http://www.microsoft...ory/972890.mspx
July 06, 2009 - "Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention. We are aware of attacks attempting to exploit the vulnerability.
Our investigation has shown that there are no by-design uses for this ActiveX Control in Internet Explorer which includes all of the Class Identifiers within the msvidctl.dll that hosts this ActiveX Control. For Windows XP and Windows Server 2003 customers, Microsoft is recommending removing support for this ActiveX Control within Internet Explorer using all the Class Identifiers listed in the Workaround section. Though unaffected by this vulnerability, Microsoft is recommending that Windows Vista and Windows Server 2008 customers remove support for this ActiveX Control within Internet Explorer using the same Class Identifiers as a defense-in-depth measure. Customers may prevent the Microsoft Video ActiveX Control from running in Internet Explorer, either manually using the instructions in the Workaround section or automatically using the solution found in Microsoft Knowledge Base Article 972890*..."
* http://support.micro...2890#FixItForMe
July 6, 2009 (Get the Enable Workaround "FixIt" here. MUST be run in Admin mode.)

- http://web.nvd.nist....d=CVE-2008-0015
Last revised: 07/09/2009
CVSS v2 Base Score: 9.3 (HIGH)
Impact Type: Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service ...

- http://securitylabs....Blogs/3434.aspx
07.09.2009

Edited by AplusWebMaster, 10 July 2009 - 02:21 PM.
Simplification of "FixIt"; CVE ref, Websense link...

[AplusWebMaster]

FYI...

Microsoft Security Advisory (973472)
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
- http://www.microsoft...ory/973472.mspx
July 13, 2009 - "Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention. We are aware of attacks attempting to exploit the vulnerability. Customers may prevent the Microsoft Office Web Components from running in Internet Explorer either manually, using the instructions in the Workaround section, or automatically, using the solution found in Microsoft Knowledge Base Article 973472*..."
* http://support.micro...3472#FixItForMe
July 13, 2009 - Revision: 1.2

- http://secunia.com/advisories/35800/2/
Release Date: 2009-07-13
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Solution: Set the kill-bit for the affected ActiveX control.
Provided and/or discovered by: Reported as a 0-day...

- http://isc.sans.org/...ml?storyid=6778
Last Updated: 2009-07-14 01:35:23 UTC ...(Version: 8) - "... This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets... we are seeing active exploit pages... Start working on this ASAP. The impact is remote code execution with the privileges of the logged in user running Internet Explorer, and might not require user intervention. As in browse to a nasty web site and be pwn3d..."

- http://web.nvd.nist....d=CVE-2009-1136

Edited by AplusWebMaster, 15 July 2009 - 01:30 PM.
Added Secunia advisory; ISC link - updated...

[AplusWebMaster]

FYI...

Microsoft Security Advisory (972890)
Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution
- http://www.microsoft...ory/972890.mspx
Published: July 06, 2009 | Updated: July 14, 2009 - "... We have issued MS09-032 to address this issue..."
- http://www.microsoft...n/ms09-032.mspx

Microsoft Security Advisory (971778)
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
- http://www.microsoft...ory/971778.mspx
Published: May 28, 2009 | Updated: July 14, 2009 - "... We have issued MS09-028 to address this issue..."
- http://www.microsoft...n/ms09-028.mspx

Edited by AplusWebMaster, 15 July 2009 - 11:44 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (973882)
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
- http://www.microsoft...ory/973882.mspx
July 28, 2009 - "Microsoft is releasing this security advisory to provide information about our ongoing investigation into vulnerabilities in the public and private versions of Microsoft's Active Template Library (ATL). This advisory also provides guidance as to what developers can do to help ensure that the controls and components they have built are not vulnerable to the ATL issues; what IT Professionals and consumers can do to mitigate potential attacks that use the vulnerabilities; and what Microsoft is doing as part of its ongoing investigation into the issue described in this advisory. This security advisory will also provide a comprehensive listing of all Microsoft Security Bulletins and Security Updates related to the vulnerabilities in ATL. Microsoft's investigation into the private and public versions of ATL is ongoing, and we will release security updates and guidance as appropriate as part of the investigation process...
Updates related to ATL: Updates released on July 28, 2009...

Microsoft Security Bulletin MS09-034 - Critical
Cumulative Security Update for Internet Explorer (972260)
- http://www.microsoft...n/ms09-034.mspx
July 28, 2009

Microsoft Security Bulletin MS09-035 - Moderate
Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
- http://www.microsoft...n/ms09-035.mspx
July 28, 2009
__

- http://isc.sans.org/...ml?storyid=6874
Last Updated: 2009-07-28 17:19:30 UTC ...(Version: 2)

[AplusWebMaster]

FYI...

Microsoft Security Advisory (973882)
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
- http://www.microsoft...ory/973882.mspx
Published: July 28, 2009 | Updated: August 11, 2009 - "...Updates related to ATL:
- Updates released on August 11, 2009
• MS09-037 - Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
http://www.microsoft...n/ms09-037.mspx
• MS09-035 - Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution
Published: July 28, 2009 | Updated: August 11, 2009
http://www.microsoft...n/ms09-035.mspx
- Updates released on July 28, 2009
• MS09-035 - Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution
• MS09-034 - Cumulative Security Update for Internet Explorer
http://www.microsoft...n/ms09-034.mspx
- Update released on July 14, 2009
• MS09-032 - Cumulative Security Update of ActiveX Kill Bits
http://www.microsoft...n/ms09-032.mspx
___

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft...ory/973811.mspx
Published: August 11, 2009 - "Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA). The update itself does not directly provide protection against specific attacks such as credential forwarding, but allows applications to opt-in to Extended Protection for Authentication. This advisory briefs developers and system administrators on this new functionality and how it can be deployed to help protect authentication credentials... Apply the updates associated with security bulletin MS09-042...
http://www.microsoft...n/ms09-042.mspx

Microsoft Security Advisory (973472)
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
- http://www.microsoft...ory/973472.mspx
Published: July 13, 2009 | Updated: August 11, 2009 - "... We have issued MS09-043* to address this issue..."
* http://www.microsoft...n/ms09-043.mspx

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (973882)
Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution
- http://www.microsoft...ory/973882.mspx
• V3.0 (August 25, 2009): Advisory revised to provide details about the Windows Live Messenger* 14.0.8089 release and to communicate the removal of the Windows Live Hotmail "Attach Photo" feature.

* http://download.live.com/messenger

[AplusWebMaster]

FYI...

Microsoft Security Advisory (967940)
Update for Windows Autorun
- http://www.microsoft...ory/967940.mspx
• V1.1 (August 25, 2009): Summary revised to notify users of an update to Autorun that restricts AutoPlay functionality to CD-ROM and DVD-ROM media, available for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 from Microsoft Knowledge Base Article 971029*.
* http://support.microsoft.com/kb/971029

[AplusWebMaster]

FYI...

Microsoft Security Advisory (975191)
Vulnerability in Internet Information Services FTP Service Could Allow for Remote Code Execution
- http://www.microsoft...ory/975191.mspx
September 01, 2009 - "Microsoft is investigating new public reports of a vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, and Microsoft Internet Information Services (IIS) 6.0. The vulnerability could allow remote code execution on affected systems that are running the FTP service and are connected to the Internet. Microsoft is aware that detailed exploit code has been published on the Internet for this vulnerability. Microsoft is -not- currently aware of active attacks that use this exploit code or of customer impact at this time...
(See:)
Workarounds...
Additional Suggested Actions..."
* http://support.microsoft.com/kb/975191
September 2, 2009

> http://secunia.com/advisories/36443/2/
Release Date: 2009-09-01

- http://www.microsoft...ory/975191.mspx
"... Microsoft is currently aware of limited attacks that use this exploit code..."
Workarounds...
• Do not allow FTP write access to anonymous users...
• Do not allow FTP access to anonymous users...
• Modify NTFS file system permissions to disallow directory creation by FTP users...
• Upgrade to FTP Service 7.5 - FTP Service 7.5 is available for Windows Vista and Windows Server 2008. This version of FTP Service is not affected by the vulnerabilities in this advisory...
• Disable the FTP Service...
---
• V2.0 (September 3, 2009): Advisory revised to add CVE-2009-2521 and to provide more information on affected software, mitigations, and workarounds.

- http://web.nvd.nist....d=CVE-2009-3023
Last revised: 09/04/2009
CVSS v2 Base Score: 9.0 (HIGH)

- http://web.nvd.nist....d=CVE-2009-2521
Last revised: 09/04/2009

Edited by AplusWebMaster, 05 September 2009 - 05:17 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (975497)
Vulnerabilities in SMB Could Allow Remote Code Execution
- http://www.microsoft...ory/975497.mspx
September 08, 2009 - "Microsoft is investigating new public reports of a possible vulnerability in Microsoft Server Message Block (SMB) implementation. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time... Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs...
Workarounds...
• Disable SMB v2... modify the registry key...
• Block TCP ports 139 and 445 at the firewall..."

- http://web.nvd.nist....d=CVE-2009-3103
Last revised: 09/09/2009

- http://www.symantec....d-possibly-more
September 15, 2009

Edited by AplusWebMaster, 15 September 2009 - 09:01 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (975497)
Vulnerabilities in SMB Could Allow Remote Code Execution
- http://www.microsoft...ory/975497.mspx
Updated: September 17, 2009 - "...Workarounds:
• Disable SMB v2... See Microsoft Knowledge Base Article 975497* to use the automated Microsoft Fix it solution to enable or disable this workaround...
* http://support.microsoft.com/kb/975497

• V1.1 (September 17, 2009): Clarified the FAQ, What is SMBv2? Added a link to Microsoft Knowledge Base Article 975497 to provide an automated Microsoft Fix it solution* for the workaround, Disable SMB v2...

- http://blogs.technet...nerability.aspx
September 18, 2009

Edited by AplusWebMaster, 20 September 2009 - 10:18 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (975497)
Vulnerabilities in SMB Could Allow Remote Code Execution
- http://www.microsoft...ory/975497.mspx
• V1.2 (September 23, 2009): Clarified the FAQ, What is Server Message Block Version 2 (SMBv2)? Also clarified the impact of the workaround, Disable SMB v2.
(See: "Workarounds... Impact of Workaround...")
"... Some of the applications or services that could be impacted are listed..."

[AplusWebMaster]

FYI...

October 2009 Bulletin Release Advance Notification
- http://blogs.technet...in-release.aspx
October 08, 2009 - "... Among the updates this month, we are closing out two current security advisories:
· Vulnerabilities in SMB Could Allow Remote Code Execution (975497)
http://www.microsoft...ory/975497.mspx
· Vulnerabilities in the FTP Service in Internet Information Services (975191)
http://www.microsoft...ory/975191.mspx
Usually we do not go into this level of detail in the advance notification but we felt that it is important guidance so customers can plan accordingly and deploy these updates as soon as possible..."

- http://forums.whatth...09_t107591.html
October 13, 2009
.

Edited by AplusWebMaster, 13 October 2009 - 12:03 PM.