317 replies to this topic

[AplusWebMaster]

FYI...

MS FixIt released for IE 0-day...
MS Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2794220
V1.1 (December 31, 2012): Added link to Microsoft Fix it* solution, "MSHTML Shim Workaround," that prevents exploitation of this issue.
* http://support.micro...4220#FixItForMe
Last Review: Dec 31, 2012 - Rev 1.0
Applies to: IE8, IE7, IE6...

- https://blogs.techne...Redirected=true
31 Dec 2012

- https://web.nvd.nist...d=CVE-2012-4792 - 9.3 (HIGH)
___

- https://windowssecre...er-to-remember/
Jan 2, 2013
> http://www.microsoft...ins/201212.aspx

Edited by AplusWebMaster, 03 January 2013 - 05:39 AM.

[AplusWebMaster]

FYI...

MS Security Advisory (2798897)
Fraudulent Digital Certificates Could Allow Spoofing
- http://technet.micro...dvisory/2798897
Jan 03, 2013 - "Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. To help protect customers from the fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) and is providing an update for all supported releases of Microsoft Windows that removes the trust of certificates that are causing this issue... see Microsoft Knowledge Base Article 2677070 for details..."
* http://support.micro....com/kb/2677070
___

- http://h-online.com/-1777291
4 Jan 2013 - "... Mozilla will be adding the two SubCA certificates to its certificate blacklist during its next update, which is due on 8 January... Chrome has also been updated and no longer trusts the SubCA certificates; the company says that when it updates Chrome later in the month it will no longer show Extended Validation status for TURKTRUST issued certificates."

Edited by AplusWebMaster, 04 January 2013 - 08:25 AM.

[AplusWebMaster]

FYI...

IE FixIt negated with bypass ...
- http://www.securityt....com/id/1027930
CVE Reference: https://web.nvd.nist...d=CVE-2012-4792 - 9.3 (HIGH)
Updated: Jan 4 2013
Original Entry Date: Dec 30 2012
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Version(s): IE6,7,8
... the vendor has provided the Microsoft Fix it solution, "MSHTML Shim Workaround"... the Microsoft Fix it solution can be bypassed using a variation of the original exploit http://blog.exodusin...-cve-2012-4792/
The vendor's advisory is available at:
http://technet.micro...dvisory/2794220

Mitigation: Use an alternative browser until a full patch is released for this issue.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://technet.micro...advisory/973811
• V1.14 (January 8, 2013): Updated the FAQ and Suggested Actions with information about attacks against NTLMv1 (NT LAN Manager version 1) and LAN Manager (LM) network authentication. Microsoft Fix it solutions for Windows XP and Windows Server 2003 are available to help protect against these attacks. Applying these Microsoft Fix it solutions enables NTLMv2 settings required for users to take advantage of Extended Protection for Authentication.

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.micro...dvisory/2755801
• V6.0 (January 8, 2013): Added KB2796096* to the Current update section.
* http://support.micro....com/kb/2796096

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2798897)
Fraudulent Digital Certificates Could Allow Spoofing
- http://technet.micro...dvisory/2798897
V1.1 (January 14, 2013): Corrected the disallowed certificate list effective date to "Monday, December 31, 2012 (or later)" in the FAQ entry, "After applying the update, how can I verify the certificates in the Microsoft Untrusted Certificates Store?"

Microsoft Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2794220
V2.0 (January 14, 2013): Advisory updated to reflect publication of security bulletin.
MS13-008: http://forums.whatth...=...st&p=809670

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2819682)
Security Updates for Microsoft Windows Store Applications
- http://technet.micro...dvisory/2819682
March 26, 2013 - "Microsoft is announcing the availability of security updates for Windows Store applications running on Windows 8, Windows RT, and Windows Server 2012 (Windows Server 2012 Server Core installations are not affected). The updates address vulnerabilities that are detailed in the Knowledge Base articles associated with each update..."
> http://support.micro....com/kb/2832006
March 26, 2013 - Revision: 1.0
Applies to:
Windows RT
Windows 8
Windows 8 Enterprise
Windows 8 Pro
Windows Server 2012 Datacenter
Windows Server 2012 Essentials
Windows Server 2012 Foundation
Windows Server 2012 Standard
___

- https://secunia.com/advisories/52779/
Release Date: 2013-03-27
Impact: Spoofing
Where: From remote...
Original Advisory:
- http://technet.micro...dvisory/2819682
- http://support.micro....com/kb/2832006

Edited by AplusWebMaster, 27 March 2013 - 07:40 AM.

[AplusWebMaster]

FYI...

MS - End of Support ...
- https://blogs.techne...Redirected=true
8 Apr 2013 - "...
Outlook 2003 will transition out of extended support on 8th of April 2014
Exchange Server 2003 will transition out of extended support on 8th of April 2014
Windows XP will transition out of extended support on 8th of April 2014
Exchange 2010 SP2 will transition out of support on 8th April 2014
And as non Exchange specific item, please also note Windows 2003:
Windows Server 2003 will transition out of extended support on 14th of July 2015 ..."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2847140
May 03, 2013 - "Microsoft is investigating public reports of a vulnerability in IEv8. Microsoft is aware of attacks that attempt to exploit this vulnerability. Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.
This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."

- https://blogs.techne...Redirected=true
3 May 2013 - "... impacts Internet Explorer 8... This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message..."
___

- http://arstechnica.c...ns-researchers/
May 4, 2013

- http://www.invincea....a-ie8-zero-day/
May 3, 2013 - "... driveby download exploit of IE8... to install the Poison Ivy backdoor Trojan..."

- https://www.virustot...777fb/analysis/
File name: stub.EXE
Detection ratio: 26/46
Analysis date: 2013-05-02

- http://www.securityt....com/id/1028514
CVE Reference: https://web.nvd.nist...d=CVE-2013-1347
May 4 2013
Vendor Confirmed: Yes
Version(s): 8
Versions 6, 7, 9, and 10 are not affected.
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: No solution was available at the time of this entry.
The vendor's advisory is available at:
http://technet.micro...dvisory/2847140

- https://secunia.com/advisories/53314/
Release Date: 2013-05-05
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 8.x ...
Reported as a 0-day...

Edited by AplusWebMaster, 06 May 2013 - 04:53 AM.

[AplusWebMaster]

FYI...

IE8 0-Day update ...
- https://isc.sans.edu...l?storyid=15734
Last Updated: 2013-05-06 14:33:57 UTC - "... a Metasploit module was released to exploit the recent Internet Explorer 8 vulnerability. The vulnerability has also been assigned CVE-2013-1347..."
- https://web.nvd.nist...d=CVE-2013-1347 - 10.0 (HIGH)
Last revised: 05/06/2013 - "... as exploited in the wild in May 2013."

- http://technet.micro...dvisory/2847140
May 03, 2013

[AplusWebMaster]

FYI...

Fix it for IEv8 available
- http://support.micro...7140#FixItForMe
Last Review: May 9, 2013 - Revision: 2.0 - "... CVE-2013-1347 MSHTML Shim Workaround... To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard..." Microsoft Fix it 50992

- https://blogs.techne...Redirected=true
8 May 2013 - "... applying the Fix it does not require a reboot. We encourage all customers using Internet Explorer 8 to apply this Fix it to help protect their systems..."

- http://technet.micro...dvisory/2847140
• V1.1 (May 8, 2013): Added link to Microsoft Fix it solution, "CVE-2013-1347 MSHTML Shim Workaround," that prevents exploitation of this issue.

- http://www.securityt....com/id/1028514
"... This is currently being actively exploited in targeted attacks. Solution: ... As a workaround apply the Microsoft Fix it solution "CVE-2013-1347 MSHTML Shim Workaround" to mitigate the vulnerability..."

Edited by AplusWebMaster, 09 May 2013 - 12:34 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2847140
Updated: Tuesday, May 14, 2013 Version: 2.0 - "... We have issued MS13-038* to address this issue..."
* https://technet.micr...lletin/ms13-038

Microsoft Security Advisory (2820197)
Update Rollup for ActiveX Kill Bits
- http://technet.micro...dvisory/2820197
May 14, 2013 - "... This update includes kill bits to prevent the following ActiveX controls from being run in Internet Explorer:
• Honeywell Enterprise Buildings Integrator. The following Class Identifier relates to a request by Honeywell to set a kill bit for an ActiveX control that is vulnerable. The class identifier (CLSIDs) for this ActiveX control is:
{0d080d7d-28d2-4f86-bfa1-d582e5ce4867}
• SymmetrE and ComfortPoint Open Manager. The following Class Identifier relates to a request by Honeywell to set a kill bit for an ActiveX control that is vulnerable. The class identifier (CLSIDs) for this ActiveX control is:
{29e9b436-dfac-42f9-b209-bd37bafe9317} ..."

Microsoft Security Advisory (2846338)
Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution
- http://technet.micro...dvisory/2846338
May 14, 2013 - "... Only x64-based versions of the Malware Protection Engine are affected... The Microsoft Malware Protection Engine is a part of several Microsoft antimalware products. See the Affected Software section for a list of affected products..."

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- http://technet.micro...dvisory/2755801
Updated: Tuesday, May 14, 2013 - "... update addresses the vulnerabilities described in Adobe Security bulletin APSB13-14*..."
* https://www.adobe.co.../apsb13-14.html
"... Flash Player 11.7.700.202 for Windows 8..."

Edited by AplusWebMaster, 14 May 2013 - 01:34 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2854544)
Update to Improve Cryptography and Digital Certificate Handling in Windows
- http://technet.micro...dvisory/2854544
June 11, 2013 - "... Microsoft released an update (2813430) for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT..."
* http://support.micro....com/kb/2813430

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- http://technet.micro...dvisory/2755801
June 11, 2013 - Version: 13.0

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2861855)
Updates to Improve Remote Desktop Protocol Network-level Authentication
- http://technet.micro...dvisory/2861855
August 13, 2013

Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- http://technet.micro...dvisory/2862973
August 13, 2013

Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- http://technet.micro...dvisory/2854544
Published: June 11, 2013 | Updated: August 13, 2013

Microsoft security advisories: RDP and MD5 deprecation in Microsoft root certificates
- https://isc.sans.edu...l?storyid=16361
Last Updated: 2013-08-13 18:12:43

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2862973)
Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
- https://technet.micr...dvisory/2862973
V1.1 (August 27, 2013): Revised advisory to announce that the 2862973 update is available from the Microsoft Update Catalog.

Microsoft Security Advisory (2854544)
Updates to Improve Cryptography and Digital Certificate Handling in Windows
- https://technet.micr...dvisory/2854544
V1.1 (August 13, 2013): Added the 2862966 and 2862973 updates to the Available Updates and Release Notes section.
V1.2 (August 27, 2013): Revised advisory to announce that the 2862973 update is available from the Microsoft Update Catalog.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (2887505)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.micro...dvisory/2887505
September 17, 2013 - "Microsoft is investigating public reports of a vulnerability in all supported versions of Internet Explorer. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. Applying the Microsoft Fix it solution, "CVE-2013-3893 MSHTML Shim Workaround," prevents the exploitation of this issue. See the Suggested Actions section of this advisory for more information. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."
* http://support.micro...7505#FixItForMe
"Notes about this Fix it solution:
- You must restart Internet Explorer after you apply this Fix it solution.
- The Fix it solution that is described in this section applies only (to) 32-bit versions of Internet Explorer.
- You must have security update 2870699 installed for this Fix it to provide effective protection against this issue. For more information about security update 2870699... view the article in the Microsoft Knowledge Base: 2870699 MS13-069: Cumulative security update for Internet Explorer: September 10, 2013
This Fix it solution is not intended to be a replacement for any security update..."
Last Review: September 18, 2013 - Revision: 2.2
Applies to:
Internet Explorer 11
Internet Explorer 10
Windows Internet Explorer 9
Windows Internet Explorer 8
Windows Internet Explorer 7
Microsoft Internet Explorer 6.0"

MS13-069: http://support.micro....com/kb/2870699
Last Review: September 18, 2013 - Revision: 2.0

- https://blogs.techne...Redirected=true
17 Sep 2013
___

- https://atlas.arbor.net/briefs/
High Severity
September 20, 2013 21:24
The latest Internet Explorer vulnerability is being used in targeted attacks and it's just a matter of time before larger-scale attacks take place.
Analysis: Once exploit code of this nature reaches the public, or semi-public sources, those that are paying attention (both "whitehat" and "blackhat" researchers, typically) have the information for defense and for offense. While this exploit code is not yet known to have been leveraged in any exploit kit and only in the context of targeted attacks, it is just a matter of time before the exploit becomes weaponized and expands past it's current use in targeted attacks and is use for cybercrime related activities. EMET is helpful, as is providing other hardening techniques such as whitelisting and application sandboxing where appropriate. 0day exploits are a fact of life, and there is evidence to suggest that this particular vulnerability has been exploited in the wild for some time.
Source: http://www.net-secur...cle.php?id=1885
19 Sep 2013 - "... The simplest way to avoid this risk is to use a browser other than Internet Explorer..."

- https://secunia.com/advisories/54884/
Release Date: 2013-09-18
Criticality: Extremely Critical
Impact: System access
Solution Status: Partial Fix...
CVE Reference: https://web.nvd.nist...d=CVE-2013-3893 - 9.3 (HIGH)
Provided and/or discovered by: Reported as a 0-day...

- http://community.web...-2013-3893.aspx
18 Sep 2013 - "... close to 70% of Windows-based PCs are vulnerable..."
___

- http://www.fireeye.c...-2013-3893.html
Sep 21, 2013 - "... Despite the targeted nature of these attacks, the exploit identifies numerous language packs (en, zh, fr, de, ja, pt, ko, ru) and software versions, which is uses to specify the correct ROP chain. Commented-out code suggests that the exploit initially targeted IE8 XP users, and IE8 and IE9 Windows 7 users who also had MS Office 2007 installed. In our tests, we observed that the exploit ran -successfully- on systems running both MS Office 2007 and 2010..."

- http://community.web...y-reported.aspx
26 Sep 2013 - "... attacks utilizing the most recent Internet Explorer zero-day (CVE-2013-3893) are more prevalent than previously thought... We have seen the CVE-2013-3893 exploit targeting Japanese firms in the financial industry, being hosted on a Taiwanese IP address (hxxp: //220.229.238.123 /tn/images/index.html) as of September 25th..."

- https://www.virustot...23/information/

Edited by AplusWebMaster, 29 September 2013 - 01:56 PM.