317 replies to this topic

[AplusWebMaster]

FYI...

Microsoft Security Advisory (925984)
Vulnerability in PowerPoint Could Allow Remote Code Execution
- http://www.microsoft...ory/925984.mspx
Published: September 27, 2006
"Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft PowerPoint 2000, Microsoft PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft PowerPoint 2004 for Mac, and Microsoft PowerPoint v. X for Mac. In order for this attack to be carried out, a user must first open a malicious PowerPoint file attached to an e-mail or otherwise provided to them by an attacker. As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources..."

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (926043)
Vulnerability in Windows Shell Could Allow Remote Code Execution
- http://www.microsoft...ory/926043.mspx
Published: September 28, 2006
"Microsoft is investigating new public reports of a vulnerability in supported versions of Microsoft Windows. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. We are also aware of proof of concept code published publicly. We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. We will continue to investigate these public reports. The ActiveX control called out in the public reports and in the Proof of Concept code is the Microsoft WebViewFolderIcon ActiveX control (Web View). The vulnerability exists in Windows Shell and is exposed by Web View. We are working on a security update currently scheduled for an October 10 release..."

(See/use the advisory's URL above for "Mitigating Factors" and "Workarounds".)

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (926043)
Vulnerability in Windows Shell Could Allow Remote Code Execution
- http://www.microsoft...ory/926043.mspx
Revisions:
• October 2, 2006: Advisory updated to advise customers that Web sites that attempt to use this vulnerability to perform limited attacks have been discovered..."

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (926043)
Vulnerability in Windows Shell Could Allow Remote Code Execution
- http://www.microsoft...ory/926043.mspx
Last Updated: 10/10/2006
"...We have issued MS06-057* to address this issue..."
* http://www.microsoft...n/ms06-057.mspx

Microsoft Security Advisory (925984)
Vulnerability in PowerPoint Could Allow Remote Code Execution
- http://www.microsoft...ory/925984.mspx
Last Updated: 10/10/2006
"...We have issued MS06-058** to address this issue..."
** http://www.microsoft...n/ms06-058.mspx

Microsoft Security Advisory (925059)
Vulnerability in Word Could Allow Remote Code Execution
- http://www.microsoft...ory/925059.mspx
Last Updated: 10/10/2006
"...We have issued MS06-060*** to address this issue..."
*** http://www.microsoft...n/ms06-060.mspx

(Also see : http://forums.tomcoy...showtopic=70838 )

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (917021)
Description of the Wi-Fi Protected Access 2 support for Wireless Group Policy in Windows XP Service Pack 2
- http://www.microsoft...ory/917021.mspx
Published: October 17, 2006
"...Overview
Purpose of Advisory: Notification of the availability of an update that enables Wi-Fi Protected Access 2 (WPA2) support for Wireless network Group Policy settings in Windows XP Service Pack 2. Clarification that this update also includes defense-in-depth changes that helps prevent systems from connecting with wireless networks other than those a user intends to connect to.
Advisory Status: Microsoft Knowledge Base Article and associated update were released.
Recommendation: Review the suggested actions and configure as appropriate...
> http://support.microsoft.com/kb/917021
Last Review: October 18, 2006
Revision:3.0...
...Related Software: Microsoft Windows XPSP2 ..."

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (927709)
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution
- http://www.microsoft...ory/927709.mspx
Published or Last Updated: 10/31/2006
"Microsoft is investigating public reports of a vulnerability in an ActiveX control in Visual Studio 2005 on Windows. We are aware of proof of concept code published publicly and of the possibility of limited attacks that are attempting to use the reported vulnerability. Customers who are running Visual Studio 2005 on Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. Visual Studio 2005 customers who are running Internet Explorer 7 with default settings, are not at risk until this control has been activated through the ActiveX Opt-in Feature in the Internet Zone. Customers would need to visit an attacker’s Web site to be at risk. We will continue to investigate these public reports. The ActiveX control is the WMI Object Broker control, which is included in WmiScriptUtils.dll.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. A security update will be released through our monthly release process or an out-of-cycle security update will be provided, depending on customer needs..."
(Also see "Mitigating Factors" at the URL above.)

- http://secunia.com/advisories/22603/
Release Date: 2006-11-01
Critical: Extremely critical
"...Solution: Microsoft has recommended various workarounds including setting the kill-bit for the affected ActiveX control (see the vendor's advisory for details)..."

EDIT/ADD:
- http://blogs.technet...709-posted.aspx
November 01, 2006
"...We are aware of the possibility of limited attacks that are attempting to use the reported vulnerability..."
- http://isc.sans.org/...hp?storyid=1813
Last Updated: 2006-11-01 20:45:19 UTC
"...This vulnerability is being **actively exploited**. The advisory states that Microsoft is planning an update for this problem and it should go out in the next monthly patch cycle..."
- http://www.kb.cert.org/vuls/id/854856
Date Last Updated: 11/01/2006
"...Solution: ...Disable the WMI Object Broker ActiveX control in Internet Explorer. The WMI Object Broker ActiveX control can be disabled in Internet Explorer by setting the kill bit for the following CLSID:
{7F5B7F63-F06F-4331-8A26-339E03C0AE3D}
More information about how to set the kill bit is available in Microsoft Support Document 240797*."
* http://support.microsoft.com/kb/240797

.

Edited by AplusWebMaster, 01 November 2006 - 03:03 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (927892)
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
- http://www.microsoft...ory/927892.mspx
Published: November 3, 2006
"Microsoft is investigating public reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows. We are aware of limited attacks that are attempting to use the reported vulnerability. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. Customers would need to visit an attacker’s Web site to be at risk. We will continue to investigate these public reports. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. A security update will be released through our monthly release process or an out-of-cycle security update will be provided, depending on customer needs..."

(Also see "Mitigating Factors" at the URL above.)

EDIT/ADD:
- http://secunia.com/advisories/22687/
Last update: 2006-11-06
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched...
Other References: US-CERT VU#585137:
http://www.kb.cert.org/vuls/id/585137

- http://www.frsirt.co...ories/2006/4334
Release Date: 2006-11-04
"...Solution:
Set a kill bit for the CLSID {88d969c5-f192-11d4-a65f-0040963251e5} :
http://support.microsoft.com/kb/240797
Or disable Active Scripting in the Internet and Local intranet security zones..."

EDIT/ADD:
- http://www.symantec....-110611-5730-99
Updated: November 6, 2006
"...Type: Trojan Horse, Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
> Bloodhound.Exploit.96 is a heuristic detection for web pages attempting to exploit the Microsoft XML Core Services setRequestHeader Vulnerability (as described in Microsoft Security Advisory 927892)."

.

Edited by AplusWebMaster, 07 November 2006 - 11:04 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (927892)
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
- http://www.microsoft...ory/927892.mspx
Last Updated: 11/14/2006
"...We have issued MS06-071* to address this issue...."
* http://www.microsoft...n/MS06-071.mspx

Microsoft Security Advisory (925444)
Vulnerability in the Microsoft DirectAnimation Path ActiveX Control Could Allow Remote Code Execution
- http://www.microsoft...ory/925444.mspx
Last Updated: 11/14/2006
"...We have issued MS06-067** to address this issue..."
** http://www.microsoft...n/ms06-067.mspx

Microsoft Security Advisory (925143)
Adobe Security Bulletin: APSB06-11 Flash Player Update to Address Security Vulnerabilities
- http://www.microsoft...ory/925143.mspx
Last Updated: November 14, 2006
"...We have issued MS06-069*** to address these issues..."
*** http://www.microsoft...n/ms06-069.mspx

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (928604)
Exploit Code Published Affecting the Workstation Service on Windows 2000
- http://www.microsoft...ory/928604.mspx
Published: November 16, 2006
"Microsoft is aware of public proof of concept code targeting the vulnerability addressed by security update MS06-070. At this time Microsoft has not seen any indications of active exploitation of the vulnerability Microsoft has activated its emergency response process and is continuing to investigate this public report. Microsoft continues to recommend that customers apply the November updates as soon as possible with additional urgency and consideration given to the update detailed in MS06-070*..."
* http://www.microsoft...n/ms06-070.mspx

[AplusWebMaster]

FYI...

Microsoft Security Advisory (929433)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
- http://www.microsoft...ory/929433.mspx
December 5, 2006
"Microsoft is investigating a new report of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006. In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker. As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources... Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs..."

> http://secunia.com/advisories/23232/
Last Update: 2006-12-17
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched...

- http://blogs.technet...ty-reports.aspx
December 15, 2006
"...Microsoft Security Advisory 929433 applies to all three issues..."

.

Edited by AplusWebMaster, 17 December 2006 - 11:21 AM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (927709)
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution
- http://www.microsoft...ory/927709.mspx
Updated: December 12, 2006
"...We have issued MS06-073* to address this issue..."
* http://www.microsoft...n/ms06-073.mspx

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (932114)
Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution
- http://www.microsoft...ory/932114.mspx
January 26, 2007
"Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000. In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker. As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources... Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs..."

> http://nvd.nist.gov/...e=CVE-2007-0515

MSRC blog:
- http://blogs.technet...114-posted.aspx
January 26, 2007 ~ "...We are currently investigating a report of a posting of proof of concept code which could allow an attacker to execute code on a user’s machine in their security context by convincing them to open a specially-crafted Word document..."

.

Edited by AplusWebMaster, 26 January 2007 - 08:31 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (932553)
Vulnerability in Microsoft Office Could Allow Remote Code Execution
- http://www.microsoft...ory/932553.mspx
February 2, 2007
"Microsoft is investigating new public reports of very limited Microsoft Excel “zero-day” attacks using a vulnerability in Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Mac. In order for this attack to be carried out, a user must first open a malicious Office file attached to an e-mail or otherwise provided to them by an attacker. While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable..."

.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (932553)
Vulnerability in Microsoft Office Could Allow Remote Code Execution
- http://www.microsoft...ory/932553.mspx
Last Updated: 2/13/2007 ~ "...We have issued MS07-015* to address this issue..."
* http://www.microsoft...n/MS07-015.mspx

Microsoft Security Advisory (932114)
Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution
- http://www.microsoft...ory/932114.mspx
Last Updated: 2/13/2007 ~ "...We have issued MS07-014** to address this issue..."
** http://www.microsoft...n/MS07-014.mspx

Microsoft Security Advisory (929433)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
- http://www.microsoft...ory/929433.mspx
Last Updated: 2/13/2007 ~ "...We have issued MS07-014** to address this issue..."


.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (933052)
Vulnerability in Microsoft Word Could Allow Remote Code Execution
- http://www.microsoft...ory/933052.mspx
February 14, 2007 ~ "Microsoft is investigating new public reports of very limited, targeted attacks against Microsoft Word “zero-day” using a vulnerability in Microsoft Office 2000 and Microsoft Office XP. In order for this attack to be carried out, a user must first open a malicious Office file attached to an e-mail or otherwise provided to them by an attacker. As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources..."

> http://secunia.com/advisories/24122/

.