317 replies to this topic

[AplusWebMaster]

FYI...

Microsoft Security Advisory (919637)
Vulnerability in Word Could Allow Remote Code Execution
- http://www.microsoft...ory/919637.mspx
Published: May 10, 2005 | Updated: June 13, 2006
"• June 13, 2006: Advisory updated to reference released security bulletin."

Microsoft Security Advisory (914784)
Update to Improve Kernel Patch Protection
- http://www.microsoft...ory/914784.mspx
Published: June 13, 2006
"An update is available for Kernel patch protection included with X64-based Windows operating systems...For more information about the updates included in this release, see..."
- http://support.microsoft.com/kb/914784
Last Review: June 13, 2006
Revision: 1.0

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (921365)
Vulnerability in Excel Could Allow Remote Code Execution
- http://www.microsoft...ory/921365.mspx
Published: June 19, 2006
"Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Excel 2003, Excel Viewer 2003, Excel 2002, Excel 2000, Microsoft Excel 2004 for Mac, and Microsoft Excel v. X for Mac. In order for this attack to be carried out, a user must first open a malicious Excel file attached to an e-mail or otherwise provided to them by an attacker. Opening the Excel document out of email will prompt the user to be careful about opening the attachment. As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live Safety Center today for up-to-date removal of malicious software that attempts to exploit this vulnerability. Microsoft is also actively sharing information with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks...
Mitigating Factors for Microsoft Excel Remote Code Execution Vulnerability:
• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
• On Excel 2002 and Excel 2003, the vulnerability could not be exploited automatically through e-mail. For an attack to be successful a user must accept a prompt confirming that they Open, Save or Cancel the attachment that is sent in an e-mail message before the exploit could occur.
• This vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
Note: Excel 2000 does not prompt the user to Open, Save, or Cancel before opening a document..."

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (921365)
Vulnerability in Excel Could Allow Remote Code Execution
- http://www.microsoft...ory/921365.mspx
Updated: June 21, 2006
• (June 21, 2006): Advisory revised to provide additional clarity around the “Impact of Workaround” under “On Excel 2003, prevent Excel Repair mode by modifying the Access Control List (ACL) to the Excel Resiliency registry key” in the “Workarounds for Microsoft Excel Remote Code Vulnerability” section and to update the “Advisory Status”.

Microsoft Security Advisory (921923)
Proof of Concept Code Published Affecting the Remote Access Connection Manager Service
- http://www.microsoft...ory/921923.mspx
Published: June 23, 2006
"Microsoft is aware that detailed exploit code has been published on the Internet for the vulnerability that is addressed by Microsoft security bulletin MS06-025...
Mitigating Factors:
• Customers who have installed the MS06-025 security update are not affected by this vulnerability.
• Windows 2000 systems are primarily at risk from this vulnerability. Customers running Windows 2000 should deploy MS06-025 as soon as possible or disable the RASMAN service.
• On Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1 the attacker would need to have valid logon credentials in order to exploit the vulnerability.
• This issue does not affect Windows 98, Windows 98 SE, or Windows Millennium Edition..."

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (921365)
Vulnerability in Excel Could Allow Remote Code Execution
- http://www.microsoft...ory/921365.mspx
Updated: July 11, 2006
"...We have issued MS06-037* to address this issue...'

* http://www.microsoft...n/ms06-037.mspx


.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (922970)
Vulnerability in PowerPoint Could Allow Remote Code Execution
- http://www.microsoft...ory/922970.mspx
Published: July 17, 2006
"Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft PowerPoint 2000, Microsoft PowerPoint 2002 and Microsoft PowerPoint 2003. In order for this attack to be carried out, a user must first open a malicious PowerPoint document attached to an e-mail or otherwise provided to them by an attacker. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.
Microsoft is completing development of a security update for Microsoft PowerPoint that addresses this vulnerability. The security update is now being finalized through testing to ensure quality and application compatibility and is on schedule to be released as part of the August security updates on August 8, 2006, or sooner as warranted...
Mitigating Factors...
• Note: PowerPoint 2000 does not prompt the user to Open, Save, or Cancel before opening a document.
• Use PowerPoint Viewer 2003 to open and view files. PowerPoint Viewer 2003 does not contain the vulnerable code and is not susceptible to this attack. You can download PowerPoint Viewer 2003 for free*... "
Workarounds...
Do not open or save Microsoft Office files that you receive from un-trusted sources or that you received unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a file..."

* http://www.microsoft...;displaylang=en

.

[AplusWebMaster]

FYI...

MS Security Advisory (922437)
Exploit Code Published Affecting the Server Service
- http://www.microsoft...ory/922437.mspx
Updated: August 13, 2006
"Microsoft is aware of public reports regarding an attack known as Win32/Graweg exploiting the vulnerability addressed by security update MS06-040. Microsoft’s initial investigation of Win32/Graweg verified that it only affects users running Windows 2000 that have not applied the update detailed in MS06-040. Microsoft has activated its emergency response process and is continuing to investigate this issue. The Microsoft Security Response Alliance partners as well as our own internal teams have determined that there is not widespread customer impact and have rated Win32/Graweb as a Low threat. At this time it does not appear to be a self-replicating internet-wide worm. Microsoft continues to recommend that customers apply the August updates as soon as possible with additional urgency and consideration given to the update detailed in MS06-040. Customers can ensure that the updates are being installed by enabling the Automatic Updates feature in Windows or by using their deployment infrastructure in their enterprise or small business. Customers who believe that they are infected or are not sure whether they are infected by Win32/Graweb should visit http://Safety.live.com and choose "Protection Scan"..."
======================================

Microsoft Security Advisory (922970)
Vulnerability in PowerPoint Could Allow Remote Code Execution
- http://www.microsoft...ory/922970.mspx
• V 2.0 (Aug 11, 2006): Advisory updated to reference released security bulletin (MS06-048).

Edited by AplusWebMaster, 14 August 2006 - 05:23 AM.

[AplusWebMaster]

FYI...

(No MS06-042 re-release today...)

Microsoft Security Advisory (923762)
Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit
- http://www.microsoft...ory/923762.mspx
Published: August 22, 2006
"On August 15, 2006 Microsoft announced that it would be re-releasing MS06-042 Tuesday, August 22, 2006 to address an issue affecting Internet Explorer 6 Service Pack 1 customers discussed in Microsoft Knowledge Base Article 923762. Due to an issue discovered in final testing, Microsoft will not be re-releasing MS06-042 today. This update will be re-released for Internet Explorer 6 Service Pack 1 when it meets an appropriate level of quality for broad distribution.

Microsoft is also aware of public reports that this issue can lead to a buffer overrun condition for Internet Explorer 6 Service Pack 1 customers that have applied MS06-042. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. Microsoft is aggressively investigating the public reports. Only customers using Internet Explorer 6.0 SP1 are affected, all other customers should continue their deployments of MS06-042. Customers using Internet Explorer 6.0 SP 1 should continue their deployment of MS06-042 and follow the existing guidance provided in Knowledge Base article 923762 and the Suggested Actions section of this Security Advisory..."

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (923762)
Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit
- http://www.microsoft...ory/923762.mspx
Updated: August 24, 2006
• August 24, 2006: Advisory updated to direct customers to the revised version of Microsoft Security Bulletin MS06-042* that includes new updates for Internet Explorer 6 Service Pack 1.
* http://www.microsoft...n/ms06-042.mspx


.

Edited by AplusWebMaster, 24 August 2006 - 06:02 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (925059)
Vulnerability in Word Could Allow Remote Code Execution
- http://www.microsoft...ory/925059.mspx
Published: September 6, 2006
"Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000. In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker...
Mitigating Factors for Microsoft Word Remote Code Execution Vulnerability...
• Users who have installed and are using the Office Document Open Confirmation Tool for Office 2000* will be prompted with Open, Save, or Cancel before opening a document.
* http://www.microsoft...E6-C9538E9F2A2F ...
Workarounds for Microsoft Word Remote Code Vulnerability...
• Use Word Viewer 2003 to open and view files. Word Viewer 2003 does not contain the vulnerable code and is not susceptible to this attack. To download the Word Viewer 2003 for free, visit the following website**:
** http://www.microsoft...89-AB826E7B8FDF ...

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (925143)
Adobe Security Bulletin: APSB06-11 Flash Player Update to Address Security Vulnerabilities
- http://www.microsoft...ory/925143.mspx
Purpose of Advisory: To make customers aware of a security bulletin and updates that are available from Adobe for Flash Player.
See: http://www.adobe.com.../apsb06-11.html

Microsoft Security Advisory (922582)
Update for Windows
- http://www.microsoft...ory/922582.mspx
Published: September 12, 2006
"Today we are announcing the availability of an update that does not address a security vulnerability, but is a high priority for customers in keeping their systems updated. The update addresses the following issue:
You may receive error code 0x80070002 when you try to update a computer running on Microsoft Windows that has a minifilter-based application installed..."

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (925444)
Vulnerability in the Microsoft DirectAnimation Path ActiveX Control Could Allow Remote Control Execution
- http://www.microsoft...ory/925444.mspx
Published: September 14, 2006
"Microsoft is investigating new public reports of vulnerability in Microsoft Internet Explorer on Windows 2000 Service Pack 4, on Windows XP Service Pack 1, and on Windows XP Service Pack 2. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. We are also aware of proof of concept code published publicly but we are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. We will continue to investigate these public reports. The ActiveX control is the Microsoft DirectAnimation Path ActiveX control, which is included in Daxctle.ocx. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. A security update will be released through our monthly release process or an out-of-cycle security update will be provided, depending on customer needs...
Overview
Purpose of Advisory: To provide customers with initial notification of the publicly disclosed vulnerability. For more information see the “Suggested Actions” section of the security advisory for more information.
Advisory Status: Issue Confirmed, Security Update Planned ..."

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (925568)
Vulnerability in Vector Markup Language Could Allow Remote Code Execution
- http://www.microsoft...ory/925568.mspx
Published: September 19, 2006
"Microsoft has confirmed new public reports of a vulnerability in the Microsoft Windows implementation of Vector Markup Language (VML) Microsoft is also aware of the public release of detailed exploit code that could be used to exploit this vulnerability. Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the user's system. Microsoft is aware that this vulnerability is being actively exploited. A security update to address this vulnerability is now being finalized through testing to ensure quality and application compatibility Microsoft’s goal is to release the update on Tuesday, October 10, 2006, or sooner depending on customer needs...
Workarounds -
Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified..."

(More detail at the MS Advisory URL.)

.

[AplusWebMaster]

Updated:

Microsoft Security Advisory (925568)
Vulnerability in Vector Markup Language Could Allow Remote Code Execution
- http://www.microsoft...ory/925568.mspx
"• September 21, 2006: Advisory updated with new CVE reference, un-register vgx.dll workaround updated, and Outlook Express mitigation added."

(Use the URL above to review updated detail.)

Also see: http://www.us-cert.g.../TA06-262A.html
Revised - September 21, 2006

.

[AplusWebMaster]

Updated (again):

Microsoft Security Advisory (925568)
Vulnerability in Vector Markup Language Could Allow Remote Code Execution
- http://www.microsoft...ory/925568.mspx
"• September 22, 2006: Advisory updated with third party security updates FAQ, un-register vgx.dll workaround updated, and ISA Server workaround added."

(Use the URL above to review updated detail.)

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (925568)
Vulnerability in Vector Markup Language Could Allow Remote Code Execution
- http://www.microsoft...ory/925568.mspx
Updated: September 26, 2006
"...We have issued MS06-055* to address this issue..."
* http://www.microsoft...n/ms06-055.mspx

.