317 replies to this topic

[AplusWebMaster]

FYI...

More IE 0-Day exploit attacks...
- http://blog.trendmic...tacks-continue/
Jan. 21, 2010 - "Trend Micro has identified new malware samples that exploit the still-unpatched Internet Explorer (IE) vulnerability. These samples have been detected as JS_ELECOM.C and HTML_COMLE.CXC . Further analysis... the new scripts are versions of JS_DLOADER.FIS (the only difference being the encryption techniques used), which was widely used in the recent and still ongoing attacks targeting major organizations like Google and Adobe. In line with this, Microsoft announced that it will release an out-of-band security update to fix the issue. It is highly advised that users immediately download the security patch once released..."
More here*...
* http://threatinfo.tr...ads_HYDRAQ.html

Malware-laced PDF files using "Operation Aurora" attacks (IE 0-day) subject as lure...
- http://www.f-secure....s/00001863.html
January 21, 2010 - "... (SPAM) PDF file attachment which exploits the CVE-2009-4324 vulnerability in Adobe Reader (patched last week)..."

>>> http://forums.whatth..._...st&p=626675

Edited by AplusWebMaster, 22 January 2010 - 12:00 AM.

[AplusWebMaster]

FYI...

“Aurora” exploit code: from Targeted Attacks to Mass Infection
- http://www.eset.com/...-mass-infection
January 25, 2010 - "Last Thursday, Microsoft released an out-of-band update to fix the latest vulnerability in Internet Explorer. Since then, malware operators have been exploiting this vulnerability to install malware on thousands of PCs. So far, we have detected more than 650 different versions of the exploit code which is detected as Trojan.JS/Exploit.CVE-2010-0249... We have also identified more than 220 unique distribution points for the exploit code, mostly located in Asia. The countries which are seeing the majority of the attacks are China, Korea and Taiwan... At the time of analysis, the list of files to download and execute included 7 links, mostly online game password stealers. To sum up, if you happen to browse to a web page delivering the latest CVE-2010-0249 exploit code, and if you haven’t patched and are not using an up to date antivirus, you will end up with 8 different pieces of malware on your PC within seconds..."

- http://www.microsoft...ory/979352.mspx
"... issued MS10-002* to address this issue..."
* http://forums.whatth..._...st&p=626675

- http://blogs.technet...in-release.aspx
Jan 21, 2010 - "... We are also aware that the vulnerability can be exploited by including an ActiveX control in a Microsoft Access, Word, Excel, or PowerPoint file. Customers would have to open a malicious file to be at risk of exploitation... To be clear, applying the update for Internet Explorer addresses the issue across all products that may use mshtml.dll. Customers should install the update to be protected..."

products that use mshtml.dll
- http://support.micro...m/search/?adv=1
You have searched on: All products
1920 results ...

Edited by AplusWebMaster, 26 January 2010 - 08:05 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (980088)
Vulnerability in Internet Explorer Could Allow Information Disclosure
- http://www.microsoft...ory/980088.mspx
February 03, 2010 - "Microsoft is investigating a publicly reported vulnerability in Internet Explorer for customers running Windows XP or who have disabled Internet Explorer Protected Mode. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue... The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites...
Workarounds: Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified...
Windows XP... Enable Internet Explorer Network Protocol Lockdown using automated Microsoft Fix It
See Microsoft Knowledge Base Article 980088* to use the automated Microsoft Fix it solution to enable or disable this workaround...
* http://support.microsoft.com/kb/980088
Impact of workaround. HTML content from UNC paths in the Internet / Local Intranet / Restricted zones will no longer automatically run script or ActiveX controls..."

(More detail at the URL above.)

- http://blogs.technet...8-released.aspx
February 03, 2010 - "... At this time we are not aware of any attacks seeking to use the vulnerability..."

- http://web.nvd.nist....d=CVE-2010-0255
Last revised: 02/05/2010
CVSS v2 Base Score: 9.3 (HIGH)

- http://secunia.com/advisories/38416/2/
Release Date: 2010-02-04
Critical: Moderately critical
Impact: Exposure of system information, Exposure of sensitive information
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 5.01, 6.x, 7.x, 8.x
Solution: Enable Network Protocol Lockdown for Windows XP, and Protected Mode on Windows Vista and later. Please see the vendor's advisory for more information...

- http://www.securityfocus.com/bid/38056
- http://www.symantec....eatconlearn.jsp
"... The vulnerability is trivially exploitable and is likely to be exploited in the wild..."

Edited by AplusWebMaster, 06 February 2010 - 11:44 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (979682)
Vulnerability in Windows Kernel Could Allow Elevation of Privilege
- http://www.microsoft...ory/979682.mspx
Updated: February 09, 2010 - "... We have issued MS10-015* to address this issue..."
* http://blogs.technet...tion-logic.aspx
• V1.2 (March 2, 2010): Added an item to the Frequently Asked Questions (FAQ) About this Security Update to announce the offering of revised packages on Windows Update. Customers who have already successfully updated their systems do not need to take any action.
• V1.3 (March 17, 2010): Added verification registry keys for the revised packages released March 2, 2010 for Microsoft Windows 2000, Windows XP, and Windows Server 2003. This is an informational change only.

Microsoft Security Advisory (977377)
Vulnerability in TLS/SSL Could Allow Spoofing
- http://www.microsoft...ory/977377.mspx
2/9/2010 - "Microsoft is investigating public reports of a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. At this time, Microsoft is not aware of any attacks attempting to exploit the reported vulnerability. As an issue affecting an Internet standard, we recognize that this issue affects multiple vendors... The TLS and SSL protocols are implemented in several Microsoft products, both client and server, and this advisory will be updated as our investigation continues... As part of this security advisory, Microsoft is making available a workaround which enables system administrators to disable TLS and SSL renegotiation functionality. However, as renegotiation is required functionality for some applications, this workaround* is not intended for wide implementation and should be tested extensively prior to implementation..."
* http://support.microsoft.com/kb/977377

- http://secunia.com/advisories/38365/2/
Release Date: 2010-02-09
Critical: Less critical
Solution Status: Unpatched
Original Advisory:
http://www.microsoft...ory/977377.mspx

Edited by AplusWebMaster, 22 March 2010 - 10:47 AM.

[AplusWebMaster]

FYI...

New win32hlp and IE issue
- http://blogs.technet...orer-issue.aspx
February 28, 2010 - "On Friday 2/26/2010, an issue was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box. We are not aware of any attacks seeking to exploit this issue at this time and in the current state of our investigation, we have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue. The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system. To help customers better understand unsafe file types, we have published a white paper on the topic which you can find by clicking this link*. Once we have completed our investigation, we will take appropriate action to protect customers..."
* http://www.microsoft...be-0542b3aa4bfe

- http://secunia.com/advisories/38727/
Release Date: 2010-03-01
Criticality level: Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Systems affected: XP Home, XP Professional
Solution: Avoid pressing F1 on untrusted websites. Disable Active Scripting support

Also:
- http://isc.sans.org/...ml?storyid=8329
"Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it is time to update."

Edited by AplusWebMaster, 01 March 2010 - 07:57 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (981169)
Vulnerability in VBScript Could Allow Remote Code Execution
- http://www.microsoft...ory/981169.mspx
March 01, 2010 - "Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. The main impact of the vulnerability is remote code execution. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time.
The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user. On systems running Windows Server 2003, Internet Explorer Enhanced Security Configuration is enabled by default, which helps to mitigate against this issue. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers...
Affected Software:
Microsoft Windows 2000 SP4, Windows XP SP2, Windows XP SP3, and Windows XP Pro x64 Edition SP2, Windows Server 2003 SP2, Windows Server 2003 SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition SP2..."

IE 0-day using .hlp files
- http://isc.sans.org/...ml?storyid=8332
Last Updated: 2010-03-01 23:12:47 UTC

- http://preview.tinyurl.com/ybnajys
March 01, 2010 - MSRC Engineering

- http://securitytrack...ar/1023668.html
Mar 2 2010

- http://secunia.com/advisories/38916/
Release Date: 2010-03-11
Solution: Avoid pressing F1 inside documents or images placed in untrusted directories...

Edited by AplusWebMaster, 11 March 2010 - 10:57 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (981374)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft...ory/981374.mspx
March 09, 2010 | Updated: March 10, 2010 - "Microsoft is investigating new, public reports of a vulnerability in Internet Explorer 6 and Internet Explorer 7. Our investigation has shown that the latest version of the browser, Internet Explorer 8, is not affected. The main impact of the vulnerability is remote code execution. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue..."
- http://blogs.technet...4-released.aspx
KB 981374 - http://support.microsoft.com/kb/981374
See "APPLIES TO"...
• V1.1 (March 10, 2010): Restated the mitigation concerning the e-mail vector. Added a new workaround for disabling the peer factory class in iepeers.dll.

- http://blog.trendmic...-cve-2010-0806/
03/11/2010 - "... malicious JavaScript file as JS_SHELLCODE.CD... exploits CVE-2010-0806*"
* http://web.nvd.nist....d=CVE-2010-0806
Last revised: 03/11/2010
CVSS v2 Base Score: 9.3 (HIGH)

IE 0-day - IE6, IE7...
- http://www.krebsonse...-explorer-0day/
March 9, 2010

- http://secunia.com/advisories/38860/
Last Update: 2010-03-10
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: MS IE6, IE7 ...

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft...ory/973811.mspx
August 11, 2009 | Updated: March 09, 2010 - "This advisory was released to announce to customers the release of a non-security update to make available a new feature, Extended Protection for Authentication, on the Windows platform..."
•V1.3 (March 9, 2010): Updated the FAQ to announce the rerelease (see "Affected Software") of the update that enables Internet Information Services to opt in to Extended Protection for Authentication. For more information, see Known issues in Microsoft Knowledge Base Article 973917*
* ( http://support.microsoft.com/kb/973917 )
- http://support.microsoft.com/kb/973811

Edited by AplusWebMaster, 12 March 2010 - 04:29 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (981374)
Vulnerability in Internet Explorer Could Allow Remote Code Execution - IEv6-IEv7
- http://www.microsoft...ory/981374.mspx
Published: March 09, 2010 | Updated: March 12, 2010
• V1.2 (March 12, 2010): Added an automated Microsoft Fix it solution* to apply or undo the workaround for disabling the peer factory class on Windows XP or Windows Server 2003. (See "Workarounds")
* http://support.microsoft.com/kb/981374

- http://blogs.technet...ory-981374.aspx
March 12, 2010 - "... we are working hard to produce an update which is now in testing..."

- http://www.sophos.co...cle/110399.html

Edited by AplusWebMaster, 17 March 2010 - 08:26 PM.

[AplusWebMaster]

FYI...

IE 0-Day status: IEv6, IEv7...
- http://securitylabs....Blogs/3585.aspx
03.19.2010 - "... Internet Explorer zero-day exploits are not new to the world: we have been suffering from them since the beginning of IE... Just a week after the exploit code was exposed to the world we have seen many variants come out..."

- http://www.microsoft...ory/981374.mspx
Updated: March 12, 2010
• V1.2 (March 12, 2010): Added an automated Microsoft Fix it* solution to apply or undo the workaround for disabling the peer factory class on Windows XP or Windows Server 2003.
* http://support.microsoft.com/kb/981374
Last Review: March 13, 2010 - Revision: 4.0

- http://web.nvd.nist....d=CVE-2010-0806
Last revised: 03/16/2010
CVSS v2 Base Score: 9.3 (HIGH)
___

- http://secunia.com/advisories/38860
Last Update: 2010-03-30
Criticality level: Extremely critical
Impact: Exposure of sensitive information, System access
Where: From remote
Software: MS IE 5.01, 6.x, 7.x, 8.x
Solution: Apply patches.
Advisory: MS10-018 (KB980182):
http://www.microsoft...n/ms10-018.mspx

- http://www.microsoft...ory/981374.mspx
Updated: March 30, 2010 - "... We have issued MS10-018* to address this issue..."
* http://forums.whatth...=...st&p=644461

Edited by AplusWebMaster, 30 March 2010 - 02:34 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (981169)
Vulnerability in VBScript Could Allow Remote Code Execution
- http://www.microsoft...ory/981169.mspx
Updated: 4/13/2010 - "... We have issued MS10-022* to address this issue..."

Microsoft Security Advisory (977544)
Vulnerability in SMB Could Allow Denial of Service
- http://www.microsoft...ory/981169.mspx
Updated: 4/13/2010 - "... We have issued MS10-020* to address this issue..."

* http://forums.whatth...10_t111545.html

[AplusWebMaster]

FYI...

Microsoft Security Advisory (983438)
Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege
- http://www.microsoft...ory/983438.mspx
April 29, 2010 - "Microsoft is investigating new public reports of a possible vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment. We are actively working with partners in our Microsoft Active Protections Program (MAPP)* to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."
* http://www.microsoft...ation/mapp.aspx

- http://blogs.technet...8-released.aspx
April 29, 2010 - "... Customers running SharePoint Server 2007 or SharePoint Services 3.0 are encouraged to review and apply the mitigations and workarounds discussed in the Security Advisory..."

- http://web.nvd.nist....d=CVE-2010-0817

Edited by AplusWebMaster, 30 April 2010 - 06:14 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2028859)
Vulnerability in Canonical Display Driver Could Allow Remote Code Execution
- http://www.microsoft...ry/2028859.mspx
May 18, 2010 - "Microsoft is investigating a new public report of a vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."

- http://www.theregist...7_security_bug/
18 May 2010 - "... users can prevent attacks by disabling the Windows Aero Theme. To turn it off, choose Start > Control Panel and click on Appearance and Personalization. Then click on Change the Theme. Then select one of the Basic and High Contrast Themes."

Edited by AplusWebMaster, 19 May 2010 - 06:01 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (983438)
Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege
- http://www.microsoft...ory/983438.mspx
Updated: June 08, 2010 - "... We have issued MS10-039* to address this issue..."
* http://www.microsoft...n/ms10-039.mspx

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://www.microsoft...ory/973811.mspx
• V1.5 (June 8, 2010): Updated the FAQ with information about six non-security updates enabling .NET Framework to opt in to Extended Protection for Authentication.
See FAQ: "... updates released by Microsoft on June 8, 2010...", re: .NET Framework 2.0 ...

.

[AplusWebMaster]

FYI...

MS Security Advisory (2219475)
Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution
- http://www.microsoft...ry/2219475.mspx
June 10, 2010 - "Microsoft is investigating new public reports of a possible vulnerability in the Windows Help and Support Center function that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. Microsoft is aware that proof of concept exploit code has been published for the vulnerability. However, Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary..."
- http://www.microsoft...ry/2219475.mspx
• V1.1 (June 11, 2010): Added a link to Microsoft Knowledge Base Article 2219475 to provide an automated Microsoft Fix it solution* for the workaround, Unregister the HCP Protocol. * http://support.micro....com/kb/2219475
• V1.2 (June 15, 2010): Revised Executive Summary to reflect awareness of limited, targeted active attacks that use published proof-of-concept exploit code.

- http://securitytrack...un/1024084.html
Jun 10 2010

- http://www.kb.cert.org/vuls/id/578319
Date Last Updated: 2010-06-10

- http://www.h-online....ce-1019381.html
10 June 2010

Edited by AplusWebMaster, 15 June 2010 - 04:03 PM.

[AplusWebMaster]

FYI...

CVE 2010-1885 exploit in the wild
- http://www.sophos.co...oslabs/?p=10045
June 15, 2010 - "The recent Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) is being exploited in the wild... Today, we got the first pro-active detection (Sus/HcpExpl-A) on malware that is spreading via a compromised website. This malware downloads and executes an additional malicious component... on the victim’s computer, by exploiting this vulnerability. More details about CVE 2010-1885 can be found in our report here*."
* http://www.sophos.co...cle/111188.html

...automated Microsoft Fix it solution* for the workaround, Unregister the HCP Protocol.
- http://support.micro....com/kb/2219475
Last Review: June 14, 2010 - Revision: 2.1

- http://web.nvd.nist....d=CVE-2010-1885
... Windows XP and Windows Server 2003 ...
Last revised: 06/18/2010
CVSS v2 Base Score: 9.3 (HIGH)

- http://atlas.arbor.n...dex#-2114420025
Severity: High Severity
... active exploitation on the Internet. This affects Window users, especially Windows XP and Server 2003. Mitigations and workarounds have been described by Microsoft.
Analysis: This is a major issue for all Windows users, and we encourage sites to update as soon as possible once a fix is released, or to apply the mitigations.

- http://securitytrack...un/1024084.html
Jun 10 2010

- http://blog.trendmic...exploits-loose/
June 15, 2010

- http://www.avast.com...score-the-adult
28 June 2010 - "... HTML:Script-inf... infection is widespread and accounts for 20% of all infected UK pages. The infection takes advantage of a two week old Microsoft Windows vulnerability... CVE-2010-1885..."

- http://pandalabs.pan...ed-in-the-wild/
06/28/10 - "... cyber criminals are quick to adapt new exploit methods and in this case it literally took one day before we started seeing examples being exploited in the wild..."

Edited by AplusWebMaster, 30 June 2010 - 08:02 AM.