317 replies to this topic

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2719615)
Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
- https://technet.micr...dvisory/2719615
June 12, 2012
0-day... CVE Reference: http://web.nvd.nist....d=CVE-2012-1889 - 9.3 (HIGH)
> http://support.micro...9615#FixItForMe

- https://secunia.com/advisories/49456/
Release Date: 2012-06-12
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
... vulnerability is reportedly being actively exploited.
Solution: Apply Microsoft Fix it solution.
Reported as a 0-day.
Original Advisory: Microsoft:
http://technet.micro...dvisory/2719615

- http://googleonlines...lity-under.html
June 12, 2012 - "... attacks are being distributed both via malicious web pages intended for Internet Explorer users and through Office documents. Users running Windows XP up to and including Windows 7 are known to be vulnerable..."
___

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.micr...dvisory/2269637
• V16.0 (June 12, 2012) - "... Updates relating to Insecure Library Loading section: MS12-039..."
___

An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
- http://support.micro....com/kb/2677070
Last Review: June 13, 2012 - Revision: 2.0

> https://blogs.techne...Redirected=true
___

> http://forums.whatth...howtopic=123485

Edited by AplusWebMaster, 13 June 2012 - 10:12 AM.

[AplusWebMaster]

FYI...

Further insight into Security Advisory 2719615
- https://blogs.techne...Redirected=true
13 Jun 2012 - "During our regular Update Tuesday bulletin cycle this week, we released Security Advisory 2719615*, which provides guidance concerning a remote code execution issue affecting MSXML Code Services. As part of that Advisory, we've built a Fix it workaround that blocks the potential attack vector in Internet Explorer. Fix its are a labor-saving mechanism that helps protect customers from a specific issue in advance of a comprehensive security update. We encourage customers to read more about SA2716915's one-click, no-reboot-required Fix it in an in-depth post on the SRD blog**."
* http://technet.micro...dvisory/2719615

** http://blogs.technet...-fixing-it.aspx

Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing
- https://technet.micr...dvisory/2718704
"... update revokes the trust of the following intermediate CA certificates:
Microsoft Enforced Licensing Intermediate PCA (2 certificates)
Microsoft Enforced Licensing Registration Authority CA (SHA1) ..."
• V1.1 (June 13, 2012): Advisory revised to notify customers that Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices are not affected by the issue.

[AplusWebMaster]

FYI...

FixIt NOW - 0-day XML Core Services...
> https://isc.sans.edu...l?storyid=13489
Last Updated: 2012-06-16 15:58:47 UTC - "... metasploit module (public release) for this vulnerability. Users are encouraged to patch*..."

* http://support.micro...9615#FixItForMe
June 12, 2012 - Revision: 3.0

> http://web.nvd.nist....d=CVE-2012-1889 - 9.3 (HIGH)

- https://secunia.com/advisories/49456/
Last Update: 2012-06-22
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
... vulnerability is currently being actively exploited...

- http://h-online.com/-1619732
18 June 2012

- https://www.us-cert....y_advisory_for5
updated June 25, 2012

- http://nakedsecurity...le-exploit-kit/
June 29, 2012 - "... CVE-2012-1889 exploiting code very similar to that published to Metasploit was seen within the landing page of a Blackhole exploit kit..."

Edited by AplusWebMaster, 04 July 2012 - 12:12 PM.

[AplusWebMaster]

FYI...

MS Security Advisories - 2012.07.10 ...

Microsoft Security Advisory (2728973)
Unauthorized Digital Certificates Could Allow Spoofing
- https://technet.micr...dvisory/2728973
July 10, 2012

- https://blogs.techne...Redirected=true
July 10, 2012 - "... we’ve chosen to -deprecate- the Windows Gadget Gallery effective immediately, and to provide a Fix it to help sysadmins disable Gadgets and the Sidebar across their enterprises..."
Microsoft Security Advisory (2719662)
Vulnerabilities in Gadgets Could Allow Remote Code Execution
- https://technet.micr...dvisory/2719662
July 10, 2012 - "... Applying the automated Microsoft Fix It* solution described in Microsoft Knowledge Base Article 2719662 disables the Windows Sidebar experience and all Gadget functionality..."
* http://support.micro...9662#FixItForMe
Last Review: July 13, 2012 - Revision: 2.0

- https://isc.sans.edu...l?storyid=13651
Last Updated: 2012-07-10 22:10:12 UTC - "... insecure gadgets allow random code to be executed with the rights of the logged on user..."

Microsoft Security Advisory (2719615)
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
- https://technet.micr...dvisory/2719615
Published: Tuesday, June 12, 2012 | Updated: Tuesday, July 10, 2012
"... We have issued MS12-043 to address this issue..."
- http://support.micro...2479#FixItForMe
July 10, 2012
Fix it solution for MSXML version 5 - Microsoft Fix it 50908
> http://go.microsoft....?linkid=9813081

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.micr...dvisory/2269637
July 10, 2012 - v17.0: Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-046

> http://forums.whatth...=...st&p=790313

Edited by AplusWebMaster, 14 July 2012 - 10:20 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2737111)
Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
- https://technet.micr...dvisory/2737111
July 24, 2012 - "Microsoft is investigating new public reports of vulnerabilities in third-party code, Oracle Outside In libraries, that affect Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint, which ship that component. Customers that apply the workarounds described in this advisory are not exposed to the vulnerabilities described in Oracle Critical Patch Update Advisory - July 2012. The vulnerabilities exist due to the way that files are parsed by the third-party, Oracle Outside In libraries. In the most severe case of Microsoft Exchange Server 2007 and Microsoft Exchange Server 2010, it is possible under certain conditions for the vulnerabilities to allow an attacker to take control of the server process that is parsing a specially crafted file. An attacker could then install programs; view, change, or delete data; or take any other action that the server process has access to do. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers..."
• V1.1 (July 25, 2012): Revised the workaround titles for clarity. There were no changes to the workaround steps.

More info...
- https://blogs.techne...Redirected=true
24 Jul 2012

Microsoft Exchange Server...
- https://secunia.com/advisories/50019/
Release Date: 2012-07-25
Criticality level: Highly critical
Impact: DoS, System access
Where: From remote...
... more information: https://secunia.com/advisories/49936/
Solution: ... vendor recommends to apply workarounds... see the vendor's advisory...
Original Advisory: Microsoft: http://technet.micro...dvisory/2737111

Microsoft SharePoint and FAST Search Server vuln...
- https://secunia.com/advisories/50049/
Release Date: 2012-07-25
Criticality level: Moderately critical
Impact: DoS, System access
Where: From remote...
... more information: https://secunia.com/advisories/49936/
Solution: ... vendor recommends to apply workarounds... see the vendor's advisory...
Original Advisory: Microsoft: http://technet.micro...dvisory/2737111
___

- http://www.kb.cert.org/vuls/id/118913
Last revised: 27 Jul 2012

- http://h-online.com/-1653568
26 July 2012

> http://forums.whatth...=...st&p=791577

.

Edited by AplusWebMaster, 28 July 2012 - 09:16 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2737111)
Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
- https://technet.micr...dvisory/2737111
• V2.0 (August 14, 2012): Advisory updated to reflect publication of security bulletin for Microsoft Exchange.
... MS12-058* addresses this issue for Microsoft Exchange.
* https://technet.micr...lletin/ms12-058

Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- https://technet.micr...dvisory/2661254
August 14, 2012 - Ref:
> http://support.micro....com/kb/2661254
... Update for minimum certificate key length
August 14, 2012 - Revision: 1.6

>> http://forums.whatth...howtopic=124052

.

Edited by AplusWebMaster, 15 August 2012 - 08:17 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2743314)
Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure
- https://technet.micr...dvisory/2743314
August 20, 2012 - "Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). The MS-CHAP v2 protocol is widely used as an authentication method in Point-to-Point Tunneling Protocol (PPTP)-based VPNs. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary..."
- http://support.micro....com/kb/2744850
Last Review: August 20, 2012 - Revision: 1.4

- http://h-online.com/-1672257
22 August 2012
___

Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- https://blogs.techne...Redirected=true
14 Aug 2012 - "... an update was released that, once applied, will block RSA certificates with keys less than 1024 bits. The software update was released to the Download Center. The security advisory is located at:
http://technet.micro...dvisory/2661254 .
The KB article is available at http://support.micro....com/kb/2661254 *.
The update is available now to allow organizations to assess the impact of this update and to reissue certificates with larger key sizes, if necessary, before the update is sent out through Windows Update. Previous blogs may have mentioned it being released to Windows Update this month. That is no longer the case. The update is planned to be sent out through Windows Update on October 9, 2012..."
* http://support.micro....com/kb/2661254
Last Review: August 21, 2012 - Revision: 2.1

Edited by AplusWebMaster, 22 August 2012 - 08:09 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2736233)
Update Rollup for ActiveX Kill Bits
- https://technet.micr...dvisory/2736233
Sep 11, 2012 - "... This update sets the kill bits for the following third-party software:
Cisco Secure Desktop... relates to a request by Cisco to set a kill bit for an ActiveX control that is vulnerable...
Cisco Hostscan... relates to a request by Cisco to set a kill bit for an ActiveX control that is vulnerable...
Cisco AnyConnect Secure Mobility Client... relates to a request by Cisco to set a kill bit for an ActiveX control that is vulnerable..."
- http://support.micro....com/kb/2736233

Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- https://technet.micr...dvisory/2661254
V1.2 (September 11, 2012): Clarified that applications and services that use RSA keys for cryptography and call into the CertGetCertificateChain function could be impacted by this update. Examples of these applications and services include but are not limited to encrypted email, SSL/TLS encryption channels, signed applications, and private PKI environments.
- http://support.micro....com/kb/2661254
Last Review: September 12, 2012 - Revision: 3.0

Edited by AplusWebMaster, 13 September 2012 - 07:39 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
* http://technet.micro...dvisory/2757760
17 Sep 2012 (see "Workarounds" [install EMET**, etc.] ) - "... To download EMET, visit the following Microsoft website:
https://www.microsof...s.aspx?id=29851 ..."

** http://support.micro....com/kb/2458544

- https://blogs.techne...Redirected=true
17 Sep 2012 - "... we released Security Advisory 2757760* to address an issue that affects Internet Explorer 9 and earlier versions if a user views a website hosting malicious code. Internet Explorer 10 is not affected. We have received reports of only a small number of targeted attacks and are working to develop a security update to address this issue. In the meantime, customers using Internet Explorer are protected when they deploy the following workarounds and mitigations included in the advisory:
• Deploy the Enhanced Mitigation Experience Toolkit (EMET)
This will help prevent exploitation by providing mitigations to help protect against this issue and should not affect usability of websites.
• Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
Deploying EMET will help to prevent a malicious website from successfully exploiting the issue described in Security Advisory 2757760*. EMET in action is unobtrusive and should not affect customers’ Web browsing experience. We are monitoring the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog..."
___

- https://www.net-secu...ld.php?id=13614
18 Sep 2012 - "... The Rapid7 team got right on it and created a module exploiting the vulnerability for the Metasploit exploit toolkit during the weekend, and advised IE users to switch to other browsers such as Chrome or Firefox until Microsoft patches the flaw security update becomes available. Microsoft has reacted fast by issuing a security advisory yesterday, in which it confirms the existence of the flaw in Internet explorer 9 and all previous versions (IE10 is not affected), and offers instructions on steps the users can take to mitigate - but not yet remove - the threat:
• Deploy the Enhanced Mitigation Experience Toolkit (EMET) and configure it for Internet Explorer
• Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone.
These steps could bring additional problems to the users, such as being bombarded by a slew of security warnings, so until Microsoft releases a definitive patch for the hole, maybe it would be easier for IE users to take Rapid7's advice and switch to another browser for the time being."

Edited by AplusWebMaster, 18 September 2012 - 06:55 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.micr...dvisory/2757760
V1.1 (Sep 18, 2012): Assigned Common Vulnerability and Exposure number CVE-2012-4969 to the issue. Also -corrected- instructions in the EMET workaround.

- http://web.nvd.nist....d=CVE-2012-4969 - 9.3 (HIGH)
"... function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012..."

- https://blogs.techne...Redirected=true
18 Sep 2012 - "We will release a Fix it in the next few days to address an issue in Internet Explorer... It will not affect your ability to browse the Web, and it will provide full protection against this issue until an update is available. It won’t require a reboot of your computer. This Fix it will be available for everyone to download and install within the next few days..."

Edited by AplusWebMaster, 19 September 2012 - 05:21 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory 2757760 - FixIt available
Vulnerability in Internet Explorer could allow remote code execution
- https://technet.micr...dvisory/2757760
V1.2 (Sep 19, 2012): Added link to Microsoft Fix it solution, "Prevent Memory Corruption via ExecCommand in Internet Explorer," that prevents exploitation of this issue.
"... use the automated Microsoft Fix it solution to enable or disable this workaround..."
> http://support.micro...7760#FixItForMe
Last Review: September 20, 2012 - Revision: 2.0
"... click the Fix it button or link under the Enable heading..."
Microsoft Fix it 50939

Edited by AplusWebMaster, 20 September 2012 - 09:32 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.micr...dvisory/2757760
V2.0 (Sep 21, 2012): Advisory updated to reflect publication of security bulletin.
"... We have issued MS12-063* to address this issue..."
* https://technet.micr...lletin/ms12-063
Sep 21, 2012 - "... rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows..."

- https://blogs.techne...Redirected=true
21 Sep 2012

- http://atlas.arbor.n...ndex#1229731326
Severity: Extreme Severity
Sep 21, 2012
MS12-063 patches the recent 0day security hole in Internet Explorer along with other security holes.
Analysis: The exploit for one of the now-patched security holes was first found and reported last week and was apparently used in targeted attacks. One of the actions of at least one group of attackers was the installation of the Poison Ivy Remote Access Trojan (RAT). The exploit for this issue was soon revealed to the public and a Metasploit module was developed, allowing anyone to gain access to the exploit code for any purpose...

> https://update.microsoft.com/
___

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- https://technet.micr...dvisory/2755801
Sep 21, 2012 - "... availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10... The update addresses the vulnerabilities described in Adobe security bulletins APSB12-18 and APSB12-19. As of the release of this update, CVE-2012-1535* is known to be under active attack. For more information about this update, including download links, see Microsoft Knowledge Base Article 2755399**... Customers with Windows 8 Release Preview and Windows Server 2012 Release Candidate are encouraged to apply the update to their systems. The update is only available on Windows Update**..."
** http://go.microsoft....k/?LinkId=21130

* http://web.nvd.nist....d=CVE-2012-1535 - 9.3 (HIGH)
Last revised: 08/15/2012
** http://support.micro....com/kb/2755399
Sep 21, 2012
- https://blogs.techne...Redirected=true
21 Sep 2012

- http://atlas.arbor.n...ndex#1045103976
Severity: Elevated Severity
Sep 21, 2012
Microsoft releases a security update to Flash player.
Analysis: This patch resolves security issues patched by Adobe in August 2012 for Internet Explorer 10 on Windows 8. This includes the following CVE's: CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168, CVE-2012-4171. Attacks on the CVE-2012-1535 vulnerability are actively underway...

Edited by AplusWebMaster, 22 September 2012 - 07:17 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.micro...dvisory/2749655
October 09, 2012 - "... For more information about the update, please see Microsoft Knowledge Base Article 2749655*..."
* http://support.micro....com/kb/2749655

Security Advisory 2749655 and timestamping
- https://blogs.techne...Redirected=true
9 Oct 2012 - "... due to a clerical error, a subset of binaries processed by the PRSS lab between June 12, 2012 and August 14, 2012 were digitally signed in an incorrect manner... we are re-releasing an initial batch of four security updates -- MS12-053, MS12-054, MS12-055, and MS12-058 -- with new digital signatures, each of which has been timestamped with a proper timestamping certificate. We are continuing our investigation and expect to re-release additional bulletins as needed in months to come..."
___

Microsoft Security Advisory (2737111)
Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
- http://technet.micro...dvisory/2737111
• V3.0 (October 9, 2012): Advisory updated to reflect publication of security bulletin* for Microsoft FAST Search Server 2010 for SharePoint.
* http://technet.micro...lletin/ms12-067

Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- http://technet.micro...dvisory/2661254
• V2.0 (October 9, 2012): Revised advisory to re-release the KB2661254 update for Windows XP and to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. Customers who previously applied the KB2661254 update do not need to take any action. See advisory FAQ for details.

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe -Flash- Player in IE 10
* https://technet.micr...dvisory/2755801
Updated: Oct 08, 2012 - "... Microsoft recommends that customers apply the current update -immediately- using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered..."
• V2.0 (October 8, 2012): Added KB2758994** to the Current update section.
** http://support.micro....com/kb/2758994

Edited by AplusWebMaster, 09 October 2012 - 03:35 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://technet.micro...dvisory/2269637
V18.0 (November 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-074*, "Vulnerabilities in .NET Framework Could Allow Remote Code Execution."
* http://technet.micro...lletin/ms12-074

Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.micro...dvisory/2749655
V1.2 (November 13, 2012): Added the KB2687626 update, described in MS12-046*, to the list of available re-releases (List of available re-releases at the URL above).
* http://technet.micro...lletin/ms12-046
V2.0 (November 13, 2012): Re-released bulletin to replace the KB2598361 update with the KB2687626** update for Microsoft Office 2003 Service Pack 3 to address an issue with digital certificates described in Microsoft Security Advisory 2749655. See the update FAQ for details.
** http://support.micro....com/KB/2687626
November 13, 2012 - Revision: 2.0

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.micro...dvisory/2749655
V2.0 (December 11, 2012): Added the KB2687627 and KB2687497 updates described in MS12-043, the KB2687501 and KB2687510 updates described in MS12-057, the KB2687508 update described in MS12-059, and the KB2726929 update described in MS12-060* to the list of available rereleases.
* http://technet.micro...lletin/ms12-060
V2.0 (December 11, 2012): Re-released bulletin to replace the KB2687323 update with the KB2726929 update for Windows common controls on all affected variants of Microsoft Office 2003, Microsoft Office 2003 Web Components, and Microsoft SQL Server 2005.

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.micro...dvisory/2755801
V5.0 (December 11, 2012): Added KB2785605* to the Current update section.
* http://support.micro....com/kb/2785605
Dec 11, 2012 - Revision: 1.0
___

The following bulletins have undergone a major revision increment. Please see the appropriate bulletin for more details.

- http://technet.micro...lletin/MS12-043
- http://technet.micro...lletin/MS12-050
V2.1 (December 12, 2012): Clarified that the update for Microsoft SharePoint Services 2.0 is available from the Microsoft Download Center only.
- http://technet.micro...lletin/MS12-057
- http://technet.micro...lletin/MS12-059
- http://technet.micro...lletin/MS12-060

Edited by AplusWebMaster, 14 December 2012 - 09:33 PM.