317 replies to this topic

[AplusWebMaster]

FYI...

MS Security Advisory (914457)
Possible Vulnerability in Windows Service ACLs
- http://www.microsoft...ory/914457.mspx
Published: February 7, 2006
Microsoft is aware of published information and proof-of-concept code that attempts to exploit overly permissive access controls on third-party (i.e., non-Microsoft) application services. This code also attempts to exploit default services of Windows XP Service Pack 1 and Windows Server 2003. If these attempts were successful, a user who has low user privileges could gain privilege escalation.
Microsoft has investigated these reports and the findings are summarized in the chart below. Microsoft has confirmed that customers who run Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 are not vulnerable to these issues because security-related changes were made to these service packs as part of our ongoing security improvement process. Users who run Windows XP Service Pack 1 and Windows Server 2003 Gold may be at risk, but the risk to Windows Server 2003 users is reduced.
Users are encouraged to contact their third-party software vendors whose products require services installation to determine if any non-default Windows services are affected.
Microsoft is not aware of any attacks attempting to use the reported vulnerabilities or of customer impact at this time. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.
Mitigating Factors:
• The latest Microsoft operating systems, including Windows XP Service Pack2 and Windows Server 2003 Service Pack 1 are not vulnerable to these issues.
• A malicious user who launches an attack based on the finder’s report would require at least authenticated user access to the affected operating systems
• Two of the four services identified in the paper (NetBT and SCardSvr) require an attacker to already be running in a privileged security context. Additionally, the two services that do allow an authenticated user to attack are vulnerable only on Windows XP Service Pack 1.
• Firewall best practices and standard default firewall configurations can help protect from attacks that originate outside the enterprise perimeter. Best practices also recommend that personal firewalls be used within a network and that systems connected to the Internet have a minimal number of ports exposed..."

[AplusWebMaster]

FYI...

MS Security Advisory (913333)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft...ory/913333.mspx
Published: February 7, 2006
"Microsoft is investigating new public reports of a vulnerability in older versions of Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user. The attacker could do this by one or more of the following actions:
• By hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site;
• By convincing a user to open a specially crafted e-mail attachment;
• By convincing a user to click on a link in an e-mail message that takes the user to a malicious Web site; or
• By sending a specially crafted e-mail message to Outlook Express users, which they view in the preview pane.
>>> Note This is not the same issue as the one addressed by Microsoft Security Bulletin MS06-001 (912919).
The vulnerability exists in:
• Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
• Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium.
The vulnerability does not exist in:
• Internet Explorer for Microsoft Windows XP Service Pack 1 and Windows XP Service Pack 2
• Internet Explorer for Microsoft Windows XP Professional x64 Edition
• Internet Explorer for Microsoft Windows Server 2003 and Windows Server 2003 Service Pack 1
• Internet Explorer for Windows Server 2003 for Itanium-based Systems
• Internet Explorer for Windows Server 2003 with Service Pack 1 for Itanium-based Systems
• Internet Explorer for Windows Server 2003 x64 Edition
• Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
• Internet Explorer 6 Service Pack 1 on Microsoft Windows 98
• Internet Explorer 6 Service Pack 1 on Microsoft Windows 98 Second Edition
• Internet Explorer 6 Service Pack 1 on Windows Millennium Edition
Microsoft has determined that an attacker who exploits this vulnerability would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems. In an e-mail based attack, customers would have to click a link to the malicious Web site, preview a malicious e-mail message, or open an attachment that exploited the vulnerability. In both Web-based and e-mail based attacks, the code would execute in the security context of the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft will continue to investigate these reports and provide additional guidance depending on customer needs..."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (914457)
Vulnerability in Windows Service ACLs
- http://www.microsoft...ory/914457.mspx
"...Revisions:
• February 7, 2006: Advisory published
• February 7, 2006: Added line breaks to Group Policy workaround security template for Windows XP Service Pack 1
• February 8, 2006: Added additional FAQ information for affected platforms and service start-up type properties
• February 14, 2006: Additional services identified, Windows XP Service Pack 2 and Windows 2000 clarification ..."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (906267)
A COM Object (Msdds.dll) Could Cause Internet Explorer to Unexpectedly Exit
- http://www.microsoft...ory/906267.mspx
Updated: February 21, 2006
"Microsoft has completed the investigation into a public report of a vulnerability affecting Internet Explorer. We have issued a security bulletin to address this issue*..."
* http://www.microsoft...n/MS05-052.mspx

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (914457)
Vulnerability in Windows Service ACLs
- http://www.microsoft...ory/914457.mspx
Updated: February 22, 2006
"...Revisions:
• February 7, 2006: Advisory published
• February 7, 2006: Added line breaks to Group Policy workaround security template for Windows XP Service Pack 1
• February 8, 2006: Added additional FAQ information for affected platforms and service start-up type properties
• February 14, 2006: Additional services identified, Windows XP Service Pack 2 and Windows 2000 clarification
• February 22, 2006: Added Microsoft Knowledge Base Article 914392* "

Best practices and guidance for writers of service discretionary access control lists
* http://support.microsoft.com/kb/914392

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (912945)
Non-Security Update for Internet Explorer
- http://www.microsoft...ory/912945.mspx
Published: February 28, 2006
"Microsoft is releasing a non-security update for Internet Explorer on February 28, 2006.
For more information about this update, see Microsoft Knowledge Base Article 912945*. This update is separate from the security update released on February 14, 2006 as part of Microsoft Security Bulletin MS06-004.
Microsoft Knowledge Base Article 912945* and the accompanying non-security update targets the following software:
• Internet Explorer for Microsoft Windows XP Service Pack 2
• Internet Explorer for Microsoft Windows Server 2003 Service Pack 1
Microsoft Security Bulletin MS06-004 and the accompanying security update released on February 14, 2006 targeted the following software:
• Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 ..."

* http://support.microsoft.com/kb/912945
Last Review : February 28, 2006
Revision: 5.0
INTRODUCTION
Microsoft is releasing a software update to Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2 and for Microsoft Windows Server 2003 Service Pack 1. This update changes the way in which Internet Explorer handles some Web pages that use ActiveX controls. Examples of programs that use ActiveX controls include the following:
- Adobe Reader
- Apple QuickTime Player
- Macromedia Flash
- Microsoft Windows Media Player
- Real Networks RealPlayer
- Sun Java Virtual Machine
After you install this update, you cannot interact with ActiveX controls from certain Web pages until these controls are enabled. To enable an ActiveX control, manually click the control. There are also techniques that Web developers can use to update their Web pages. For more information about these techniques, visit the following MSDN Web site:
http://msdn.microsoft.com/ieupdate
As part of this Internet Explorer update, Microsoft will release updates to the current versions of Windows XP and of Windows Server 2003. All client operating systems will be updated. These client operating systems include the following:
• Windows XP Starter Edition
• Windows XP Home Edition
• Windows XP Professional Edition
• Windows XP Tablet PC Edition
• Windows XP Media Center Edition
• Windows XP Professional for Embedded Systems
Additionally, updates for earlier versions of Internet Explorer will be released as part of the monthly security update packages.
MORE INFORMATION
Known issues
• Initial logon dialog boxes may reappear and reset to default configurations
This issue occurs if you deploy the hotfix version of this software update on 64-bit systems, such as a 64-bit version of Microsoft Windows Server 2003 with Service Pack 1 or a x64-bit version of Windows XP with Service Pack 2. In this case, the initial logon dialog boxes may appear for applications and for Windows components. Additionally, some settings reset to default. This behavior may cause the following issues:
• Applications ask users to opt in to privacy features.
• Default settings for Internet Explorer favorites are reset.
• Internet Explorer security zones are reset to default settings.
• Internet Explorer advanced settings are reset to default settings.
• Initial Windows Media Player dialog boxes appear.
This is a known issue and is expected to be fixed in the next update for Windows.
• Google Toolbar
You may experience an access violation in the Google Toolbar when you close a window that contains an inactive ActiveX control. Microsoft and Google technical teams have been working together to address this issue. Google is expected to fix this problem by using its automatic "servicing mechanism" for Google Toolbar users. This problem affects Google Toolbar versions before version 3.0.129.2. Visit the following Google Web site to download the latest version:
http://toolbar.google.com
• External script technique does not work when the "Disable Script Debugging in Internet Explorer" check box is cleared
Microsoft is investigating this problem and plans to fix it in a future cumulative update.
• ActiveX controls that use Java Platform, Standard Edition 1.3 or 1.4
After you click on an ActiveX applet control in a program that runs the applet control by using Java Platform, Standard Edition (J2SE) 1.3 or J2SE 1.4, the focus does not go to the applet control. You must click the control a second time to establish focus. The focus behavior works correctly in J2SE 1.5. To obtain the latest version of J2SE, visit the following Sun Microsystems, Inc. Web site:
http://java.sun.com/j2se
For recommended techniques to make sure that ActiveX controls function without user interaction, visit the following MSDN Web site:
http://msdn.microsoft.com/ieupdate
The following issues occur on Web sites that do not use the recommended techniques.
Note: All these issues are resolved by using the techniques that are described on the MSDN Web site.
• Scrolling
When you use the mouse wheel to scroll through a page that contains an interactive control, the control may not be displayed correctly. Microsoft is investigating this issue and plans to fix it in a future cumulative update.
• Abstract Window Toolkit
Access violations have been reported with Java programs that use Abstract Window Toolkit (AWT) classes in the user interface. Microsoft is investigating this issue and plans to fix it in a future cumulative update.
• Transparent Flash
A full-page ad disappears, but the focus rectangle remains. In this situation, the control is still there, but it is transparent. Therefore, the associated overlay window remains on the page.
• DHTML menus
When a DHTML menu is expanded, the menu may appear on top of an ActiveX control. If you click the menu in this situation, you enable the control instead of gaining access to the DHTML menu. The overlay window has the highest z-order. Therefore, this window receives the mouse-click message.
• Controls that prompt before they are loaded
When certain controls are loaded on a Web page, the controls are not correctly masked by the functionality of this update. These controls include controls that are used in Macromedia Shockwave Director, in QuickTime Player, and in Virtools Web Player. When Windows determines that a control is inactive, the system prompts the user before the control is loaded.
• CSS attributes on controls
Controls that are hidden or that have a display-mode setting of None, but that do have size dimensions, display the focus rectangle when you move the pointer over them.
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products..."

-----------------------------------------------------------

(Verrryyy interesting - a "Non-Security Update for IE" issued under an MS "Security Advisory"... only in America.)

.

Edited by AplusWebMaster, 28 February 2006 - 08:53 PM.

[AplusWebMaster]

Additional info to previous post/"MS Advisory":

Microsoft updates IE after patent spat
- http://news.com.com/...g=st.util.print
Story last modified Tue Feb 28 17:38:18 PST 2006
"... Microsoft is modifying IE to shield itself from liability in a long-running patent dispute with Eolas Technologies and the University of California. Microsoft expects a second trial in the case to start sometime this year after a federal appeals court last March partially reversed a lower-court decision that exposed it to more than $500 million in damages. In September, the U.S. Patent Office upheld the validity of the patent at issue in the case. Microsoft is delivering the IE update in phases. The company last December said it would make the tweaks and a month later made the update available on MSDN, its Web site for developers. The update is now available to the general public as an optional download via Windows Update and Microsoft's Download Center Web site. "Microsoft expects the vast majority of existing IE customers will download the update as part of ongoing security updates in the next four to six months," the Microsoft representative said. The update is available for IE 6 on Windows XP with Service Pack 2 and Windows Server 2003 with SP 1, the Microsoft representative said."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (916208)
Adobe Security Bulletin: APSB06-03 Flash Player Update to Address Security Vulnerabilities
- http://www.microsoft...ory/916208.mspx
Published: March 14, 2006
"Microsoft is aware of recent security vulnerabilities in Macromedia Flash Player from Adobe, a third party software application that also was redistributed with Microsoft Windows XP Service Pack 1, Windows XP Service Pack 2, Windows 98, Windows 98 SE, and Windows Millennium Edition. The Microsoft Security Response Center is in communication with Adobe and is aware that Adobe has made updates that are available on their Web site...
Suggested Actions
• Review the Adobe Security Bulletin
Review the Adobe Security Bulletin and follow Adobe’s guidance as appropriate*..."

* http://www.macromedi.../apsb06-03.html

----------------------------------------
Also see:
- http://secunia.com/advisories/19218/
Release Date: 2006-03-15
Critical: Highly critical

.

Edited by AplusWebMaster, 15 March 2006 - 02:44 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (912945)
Non-Security Update for Internet Explorer
- http://www.microsoft...ory/912945.mspx
Updated: March 23, 2006
"Microsoft is releasing a non-security update for Internet Explorer on February 28, 2006.
Update 912945 is available on the Download Center and on Windows Update as an optional update. For more information about this update, see Microsoft Knowledge Base Article 912945. This update is separate from the security update released on February 14, 2006 as part of Microsoft Security Bulletin MS06-004.
Microsoft Knowledge Base Article 912945 and the accompanying non-security update targets the following software:
• Internet Explorer for Microsoft Windows XP Service Pack 2
• Internet Explorer for Microsoft Windows Server 2003 Service Pack 1
Microsoft Security Bulletin MS06-004 and the accompanying security update released on February 14, 2006 targeted the following software:
• Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 ...

What is the scope of the advisory?
The intent of this advisory is twofold:
• To call out the fact that two distinct updates are released for different versions of Internet Explorer on February 14 and February 28 and explain the difference between the two.
• To make customers aware of issues they might experience with Microsoft Baseline Security Analyzer (MBSA) 1.2 and Systems Management Server (SMS) 2.0 when deploying the non-security update released on February 28, 2006..."

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (917077)
Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution
- http://www.microsoft...ory/917077.mspx
March 23, 2006
"Microsoft has confirmed new public reports of a vulnerability in Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user. We have seen examples of proof of concept code but we are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time...
Mitigating Factors:
• In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.
• This vulnerability could not be exploited automatically through e-mail or while viewing e-mail in the preview pane while using Outlook or Outlook Express Customers would have to click on a link that would take them to a malicious Web site, or open an attachment that could exploit the vulnerability.
• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights...
FAQs...
- Is this a security vulnerability that requires Microsoft to issue a security update? Yes. Microsoft will release an update for this issue in an upcoming security update release.
- What causes this threat? When Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects, system memory may be corrupted in such a way that an attacker could execute arbitrary code. Specifically, the public postings discuss a potential behavior in Internet Explorer in the way that HTML objects may handle an unexpected createTextRange() method call to an HTML object. A Web page that is specially crafted to exploit this vulnerability will cause Internet Explorer to fail. As a result of this, system memory may be corrupted in such a way that an attacker could execute arbitrary code..."

[AplusWebMaster]

FYI...

MS Security Advisory 917077 (updated)
- http://www.microsoft...ory/917077.mspx
Updated: March 28, 2006
"...Microsoft has been carefully monitoring the attempted exploitation of the vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement. Although the issue is serious and malicious attacks are being attempted, Microsoft’s intelligence sources indicate that the attacks are limited in scope at this time...
Microsoft is completing development of a cumulative security update for Internet Explorer that addresses the recent “createTextRange” vulnerability. The security update is now being finalized through testing to ensure quality and application compatibility and is on schedule to be released as part of the April security updates on April 11, 2006, or sooner as warranted.
Customers who follow the suggested actions and workarounds in this advisory are less likely to be compromised by exploitation of this vulnerability. Users should take care not to visit unfamiliar or un-trusted Web sites that could potentially host the malicious code...

• March 28, 2006: Advisory updated with information regarding additional security software protections, current limited scope of attacks, and the status of the Internet Explorer security update."

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (917077) updated (again)
Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution
- http://www.microsoft...ory/917077.mspx
Updated: March 29, 2006
"...Will the security update addressing this issue contain the changes detailed in Microsoft Security Advisory 912945 – Non-Security Update for Internet Explorer?
Yes. However, to help enterprise customers who need more time to prepare for the update, Microsoft will be releasing a Compatibility Update, to be available the same day as the next IE Security Update. Once deployed, the Compatibility Update will temporarily return IE to the previous functionality for handling ActiveX controls. This Compatibility Update will function until an IE security update is released following the April security release, at which time the changes to the way Internet Explorer handles ActiveX controls will be permanent...
Revisions:
• March 29, 2006: Advisory updated with an additional FAQ regarding Microsoft Security Advisory 912945*.

("ActiveX" changes * http://www.microsoft...ory/912945.mspx )

[AplusWebMaster]

FYI...

Microsoft Security Advisory (917077)
Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution
- http://www.microsoft...ory/917077.mspx
Updated: April 3, 2006
"...Microsoft will be releasing a Compatibility Patch (deployed like a Hotfix), to be available the same day as the Internet Explorer April Security Update. Once deployed, the patch will temporarily return Internet Explorer to the previous functionality for handling ActiveX controls. This patch will function until the June Internet Explorer cumulative Update is released at which time the changes to the way Internet Explorer handles ActiveX controls will be permanent..."
Revisions:
• April 3, 2006: Advisory updated to clarify that the Compatibility Patch will be replaced in the June update cycle..."

Microsoft Security Advisory (912945)
Non-Security Update for Internet Explorer
- http://www.microsoft...ory/912945.mspx
Updated: April 3, 2006
"...Microsoft will be releasing a Compatibility Patch. This Compatibility Patch will be available the same day as the next Internet Explorer Security Update. As soon as it is deployed, the Compatibility Patch will temporarily return Internet Explorer to the previous functionality for handling ActiveX controls. This Compatibility Patch will function until an Internet Explorer update is released as part of the June update cycle, at which time the changes to the way Internet Explorer handles ActiveX controls will be permanent..."
Revisions:
• April 3, 2006: Advisory updated to clarify that the Compatibility Patch will be replaced in the June update cycle..."

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (919637)
Vulnerability in Word Could Allow Remote Code Execution
- http://www.microsoft...ory/919637.mspx
Published: May 22, 2006
"Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word XP and Microsoft Word 2003. In order for this attack to be carried out, a user must first open a malicious Word document attached to an e-mail or otherwise provided to them by an attacker. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.
Microsoft is completing development of a security update for Microsoft Word that addresses this vulnerability. The security update is now being finalized through testing to ensure quality and application compatibility and is on schedule to be released as part of the June security updates on June 13, 2006, or sooner as warranted.
Microsoft is concerned that this new report of a vulnerability in Word was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed..."

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (919637)
Vulnerability in Word Could Allow Remote Code Execution
- http://www.microsoft...ory/919637.mspx
Updated: June 2, 2006
...Revisions:
• V1.1 (June 2, 2006): Advisory revised to update the “Frequently Asked Questions” section and provide additional clarity around “Step 2 Append /safe to the WINWORD.EXE command line” for “Enterprise Customers using group policy” section under “Always use Microsoft Word in Safe Mode”.