317 replies to this topic

[AplusWebMaster]

FYI...

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft...ory/961051.mspx
Published: December 10, 2008 - "Microsoft is investigating new public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008... Our investigation of these attacks so far has verified that they are not successful against customers who have applied the workarounds listed in this advisory...
Suggested Actions... Workarounds:
Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors...
• Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones...
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone...
• Enable DEP for Internet 7..."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft...ory/961051.mspx
Revisions:
• December 10, 2008: Advisory published
• December 11, 2008: Revised to include Microsoft Internet Explorer 5.01 Service Pack 4, Internet Explorer 6 Service Pack 1, Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 as potentially vulnerable software. Also added more workarounds...
- Workarounds...
• Use ACL to disable OLEDB32.DLL...
• Unregister OLEDB32.DLL...
• Disable Data Binding support in Internet Explorer 8...

[AplusWebMaster]

FYI...

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft...51.mspx?pf=true
• December 12, 2008: Revised to correct operating systems that support Windows Internet Explorer 8 Beta 2. Also added more workarounds and a reference to Microsoft Security Advisory (954462*).

- http://support.microsoft.com/kb/961051
Last Review: December 13, 2008 - Revision: 2.0

Rise in SQL injection attacks exploiting unverified user data input
* http://support.microsoft.com/kb/954462
June 24, 2008

> http://forums.whatth...iew=getlastpost

Edited by AplusWebMaster, 13 December 2008 - 01:40 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft...ory/961051.mspx
• December 15, 2008: Updated the workarounds, Disable XML Island functionality and Disable Row Position functionality of OLEDB32.dll.
...Registry Editor...

- http://support.microsoft.com/kb/961051
Last Review: December 14, 2008 - Revision: 3.0

[AplusWebMaster]

FYI...

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://www.microsoft...ory/961051.mspx
December 17, 2008 - "Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-078* to address this issue. For more information about this issue, including download links for an available security update, please review MS08-078. The vulnerability addressed is the Pointer Reference Memory Corruption Vulnerability - CVE-2008-4844**..."

* http://www.microsoft...n/ms08-078.mspx

** http://web.nvd.nist....d=CVE-2008-4844

[AplusWebMaster]

FYI...

Microsoft Security Advisory (961040)
Vulnerability in SQL Server Could Allow Remote Code Execution
- http://www.microsoft...ory/961040.mspx
December 22, 2008 - "Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue. Microsoft is aware that exploit code has been published on the Internet for the vulnerability addressed by this advisory. Our investigation of this exploit code has verified that it does not affect systems that have had the workarounds* listed below applied. Currently, Microsoft is not aware of active attacks that use this exploit code or of customer impact at this time. In addition, due to the mitigating factors for default installations of MSDE 2000 and SQL Server 2005 Express, Microsoft is not currently aware of any third-party applications that use MSDE 2000 or SQL Server 2005 Express which would be vulnerable to remote attack. However, Microsoft is actively monitoring this situation to provide customer guidance as necessary...
* Workarounds...
Deny permissions on the sp_replwritetovarbin extended stored procedure..."

- http://support.microsoft.com/kb/961040
December 23, 2008

- http://isc.sans.org/...ml?storyid=5545
Last Updated: 2008-12-23 14:13:19 UTC
___

- http://www.microsoft...ory/961040.mspx
Updated: February 10, 2009 - "...We have issued MS09-004* to address this issue... The vulnerability addressed is the SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability
- http://web.nvd.nist....d=CVE-2008-5416 ..."

* http://www.microsoft...n/ms09-004.mspx

Edited by AplusWebMaster, 11 February 2009 - 05:36 AM.
Added ISC diary link...

[AplusWebMaster]

FYI...

Microsoft Security Advisory (961509)
Research proves feasibility of collision attacks against MD5
- http://www.microsoft...ory/961509.mspx
December 30, 2008 - "Microsoft is aware that research was published at a security conference proving a successful attack against X.509 digital certificates signed using the MD5 hashing algorithm. This attack method could allow an attacker to generate additional digital certificates with different content that have the same digital signature as an original certificate. The MD5 algorithm had previously shown a vulnerability, but a practical attack had not yet been demonstrated. This new disclosure does not increase risk to customers significantly, as the researchers have not published the cryptographic background to the attack, and the attack is not repeatable without this information. Microsoft is not aware of any active attacks using this issue and is actively working with certificate authorities to ensure they are aware of this new research and is encouraging them to migrate to the newer SHA-1 signing algorithm. While this issue is not a vulnerability in a Microsoft product, Microsoft is actively monitoring the situation and has worked with affected Certificate Authorities to keep customers informed and to provide customer guidance as necessary...
Mitigating Factors...
• Most public Certificate Authority roots no longer use MD5 to sign certificates, but have upgraded to the more secure SHA-1 algorithm. Customers should contact their issuing Certificate Authority for guidance.
• When visited, Web sites that use Extended Validation (EV) certificates show a green address bar in most modern browsers. These certificates are always signed using SHA-1 and as such are not affected by this newly reported research...
Suggested Actions...
• Do not sign digital certificates with MD5
Certificate Authorities should no longer sign newly generated certificates using the MD5 algorithm, as it is known to be prone to collision attacks. Several alternative and more secure technologies are available, including SHA-1, SHA-256, SHA-384 or SHA-512.
Impact of action: Older hardware-based solutions may require upgrading to support these newer technologies...

[AplusWebMaster]

FYI...

Microsoft Security Advisory (960715)
Update Rollup for ActiveX Kill Bits
- http://www.microsoft...ory/960715.mspx
Published: February 10, 2009 - "Microsoft is releasing a new set of ActiveX kill bits with this advisory. The update includes kill bits for previously published Microsoft security bulletins:
• MS08-070 - Critical
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
- http://www.microsoft...n/ms08-070.mspx
For more information about installing this update, see:
Update Rollup for ActiveX Kill Bits
- http://support.microsoft.com/kb/960715
February 10, 2009

The update also includes kill bits for the following third-party software:
• Akamai Download Manager...
...Further details can be found in the security release issued by Akamai:
- http://www.akamai.co...t/security.html

• Research in Motion (RIM) AxLoader...
...Further details can be found in the security release issued by RIM:
- http://www.blackberr...ernalId=KB16248

Edited by AplusWebMaster, 12 February 2009 - 01:54 PM.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (968272)
Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution
- http://www.microsoft...ory/968272.mspx
February 24, 2009 - "Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability...
• Users who have installed and are using the Office Document Open Confirmation Tool* for Office 2000 will be prompted with Open, Save, or Cancel before opening a document.
* http://www.microsoft...E6-C9538E9F2A2F

- http://www.securityf...d/33870/exploit
"Symantec has detected active in-the-wild exploit attempts. This issue is detected as 'Trojan.Mdropper.AC'**

Trojan.Mdropper.AC
** http://preview.tinyurl.com/dbz42c
Updated: February 24, 2009 - "Systems Affected: Windows Vista, Windows XP
When the Trojan executes, it may exploit the Microsoft Excel Unspecified Remote Code Execution Vulnerability (BID 33870).
It then drops the following file: %Temp%\rundll.exe (a copy of Downloader)
The Trojan may then attempt to download more files on to the compromised computer from the following locations:
* [http://]61.59.24.55/sb.php?id=[19 RANDOM ASCII CHARACTERS]
* [http://]61.59.24.45/sb.php?id=[19 RANDOM ASCII CHARACTERS]
* [http://]61.221.40.63/sb.php?id=[19 RANDOM ASCII CHARACTERS] ..."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (967940)
Update for Windows Autorun
- http://www.microsoft...ory/967940.mspx
02/24/2009 - "Microsoft is announcing the availability of an update that corrects a functionality feature that can help customers in keeping their systems protected. The update corrects an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected. When functioning as expected, the NoDriveTypeAutoRun registry key can be used to selectively disable Autorun functionality (e.g. AutoPlay, double click, and contextual menu features associated with Autorun) for drives on a user's system and network. Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file. We encourage Windows customers to review and install this update. This update is available through automatic updating and from the download center. For more information about this issue, including download links for this non-security update, see Microsoft Knowledge Base Article 967715*."
* http://support.microsoft.com/kb/967715

Edited by AplusWebMaster, 27 February 2009 - 01:00 PM.

[AplusWebMaster]

FYI...

- http://isc.sans.org/...ml?storyid=6010
Last Updated: 2009-03-13 03:07:43 UTC - "...Microsoft should really fix this vulnerability and pay more attention to local privilege escalation vulnerabilities. While MS released an advisory with suggested workarounds (available at http://www.microsoft...ory/951306.mspx *), I don’t think enough people know about this..."
* Microsoft Security Advisory (951306)
Vulnerability in Windows Could Allow Elevation of Privilege...
Revisions:
• April 17, 2008: Advisory published
• April 23, 2008: Added clarification to impact of workaround for IIS 6.0
• August 27, 2008: Added Windows XP Professional Service Pack 3 as affected software.
• October 9, 2008: Added information regarding the public availability of exploit code.

[AplusWebMaster]

FYI...

Microsoft Security Advisory (969136)
Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution
- http://www.microsoft...ory/969136.mspx
April 2, 2009 - "Microsoft is investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability... Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."

- http://secunia.com/advisories/34572/
Release Date: 2009-04-03
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...

- http://www.cve.mitre...e=CVE-2009-0556

Edited by AplusWebMaster, 03 April 2009 - 11:25 AM.
Added CVE ref...

[AplusWebMaster]

FYI...

April 14: MS Support ends for...
- http://www.wservernews.com/
Apr. 10, 2009 - "Next Tuesday (14-Apr-2009), Redmond will no longer offer mainstream support for a bunch of Service Packs flavors, WinXP (Service Pack 0) and W2K3 SP1 among them. They said they will continue to provide free security fixes for XP until 2014. Windows XP still accounts for about 63 percent of all Internet-connected computers, according to March 2009 statistics from Hitslink, while Windows Vista makes up about 24 percent. Here are the Hitslink market share numbers:
http://marketshare.h...e.aspx?qprid=10
Support for WinXP Service Pack 2 is until July 13, 2010. Existing XP users are encouraged to upgrade to the latest SP3. More about this at the "Windows Service Pack Road Map" at Microsoft:
- http://www.microsoft...rvicepacks.mspx ...
... list of products and versions where the support will end on April 14, 2009...
- http://preview.tinyurl.com/s870 ..."

[AplusWebMaster]

FYI...

Microsoft Security Advisory (968272)
Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution
- http://www.microsoft...ory/968272.mspx
Published: February 24, 2009 | Updated: April 14, 2009 - "... We have issued MS09-009 to address this issue..."
- http://www.microsoft...n/MS09-009.mspx

Microsoft Security Advisory (960906)
Vulnerability in WordPad Text Converter Could Allow Remote Code Execution
- http://www.microsoft...ory/960906.mspx
Published: December 9, 2008 | Updated: April 14, 2009 - "... We have issued MS09-010 to address this issue..."
- http://www.microsoft...n/MS09-010.mspx

Microsoft Security Advisory (953818)
Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform
- http://www.microsoft...ory/953818.mspx
Published: May 30, 2008 | Updated: April 14, 2009 - "... Customers running Safari on Windows should review this advisory. We have issued Microsoft Security Bulletin MS09-014, Cumulative Security Update for Internet Explorer (963027), and MS09-015, Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426), to address this issue. For more information about this issue, including download links for security updates, please review MS09-014 and MS09-015.
- http://www.microsoft...n/ms09-014.mspx
- http://www.microsoft...n/ms09-015.mspx
Apple Support has released a security advisory that addresses the vulnerability in Apple’s Safari 3.1.2 for Windows. Please see Apple security advisory About the security content of Safari 3.1.2 for Windows for more information.
- http://support.apple.com/kb/HT2092
Mitigating Factors:
• Customers who have changed the default location where Safari downloads content to the local drive are not affected by this blended threat..."

Microsoft Security Advisory (951306)
Vulnerability in Windows Could Allow Elevation of Privilege
- http://www.microsoft...ory/951306.mspx
Published: April 17, 2008 | Updated: April 14, 2009 - "... We have issued MS09-012 to address this issue..."
- http://www.microsoft...n/ms09-012.mspx

Edited by AplusWebMaster, 22 April 2009 - 07:11 AM.
Added additional links...

[AplusWebMaster]

FYI...

Microsoft Security Advisory (969136)
Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution
- http://www.microsoft...ory/969136.mspx
Updated: May 12, 2009 - "...We have issued MS09-017* to address this issue..."
* http://www.microsoft...n/ms09-017.mspx

- http://web.nvd.nist....d=CVE-2009-0556

// At least one of the vulnerabilities is actively being exploited in the wild.

Edited by AplusWebMaster, 13 May 2009 - 09:44 AM.