6 replies to this topic

[AplusWebMaster]

FYI...

- http://www.microsoft...n/MS10-apr.mspx
April 13, 2010 - "This bulletin summary lists security bulletins released for April 2010... (Total of -11-)

Critical -5-

Microsoft Security Bulletin MS10-019 - Critical
Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
- http://www.microsoft...n/MS10-019.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-020 - Critical
Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
- http://www.microsoft...n/MS10-020.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-025 - Critical
Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
- http://www.microsoft...n/MS10-025.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-026 - Critical
Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
- http://www.microsoft...n/MS10-026.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-027 - Critical
Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
- http://www.microsoft...n/MS10-027.mspx
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows

Important -5-

Microsoft Security Bulletin MS10-021 - Important
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
- http://www.microsoft...n/MS10-021.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-022 - Important
Vulnerability in VBScript Could Allow Remote Code Execution (981169)
- http://www.microsoft...n/MS10-022.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows

Microsoft Security Bulletin MS10-023 - Important
Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
- http://www.microsoft...n/ms10-023.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office

]Microsoft Security Bulletin MS10-024 - Important
Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
- http://www.microsoft...n/ms10-024.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Denial of Service
Restart Requirement: Requires restart
Affected Software: Microsoft Windows, Microsoft Exchange

Microsoft Security Bulletin MS10-028 - Important
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
- http://www.microsoft...n/ms10-028.mspx
Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office

Moderate -1-

Microsoft Security Bulletin MS10-029 - Important
Vulnerabilities in Windows ISATAP Component Could Allow Spoofing (978338)
- http://www.microsoft...n/ms10-029.mspx
Maximum Severity Rating: Moderate
Vulnerability Impact: Spoofing
Restart Requirement: Requires restart
Affected Software: Microsoft Windows
___

ISC Analysis
- http://isc.sans.org/...ml?storyid=8626
Last Updated: 2010-04-13 17:32:12 UTC
___

Deployment priority
- http://blogs.technet...9/original.aspx

Severity and Exploitability Index
- http://blogs.technet...0/original.aspx
___

MS10-019 (KB981210, KB978601, KB979309) MS Windows Authentication Verification Two Vulnerabilities
- http://secunia.com/advisories/39371/
MS10-020 (KB980232) MS Windows SMB Client Multiple vulns
- http://secunia.com/advisories/39372/
MS10-021 (KB979683) MS Windows Kernel Privilege Escalation and Denial of Service vulns
- http://secunia.com/advisories/39373/
MS10-021 (KB979683) MS Windows Kernel Denial of Service vulns
- http://secunia.com/advisories/39374/
MS10-022 (KB981169, KB981350, KB981350, KB981349): Vuln in VBScript Could Allow Remote Code Exec
- http://secunia.com/advisories/38727/
MS10-023 (KB980466, KB980469, KB980470) MS Office Publisher File Parsing Buffer Overflow Vulnerability
- http://secunia.com/advisories/39375/
MS10-024 (KB976703, KB981832) MS Exchange Server 2000 Information Disclosure vuln
- http://secunia.com/advisories/39253/
MS10-024 (KB976323, KB976702, KB981407, KB981832) MS Exchange/Windows SMTP Service 2 vulns
- http://secunia.com/advisories/39376/
MS10-025 (KB980858) MS Windows Media Services Buffer Overflow Vulnerability
- http://secunia.com/advisories/39377/
MS10-026 (KB977816) MS Windows MPEG Layer-3 Codecs Buffer Overflow
- http://secunia.com/advisories/39379/
MS10-027 (KB979402) - Windows Media Player Hosted Media Content Handling vuln
- http://secunia.com/advisories/39380/
MS10-028 (KB980094, KB979356, KB979364, KB979365) MS Office Visio 2 Memory Corruption vulns
- http://secunia.com/advisories/39381/
MS10-029 (KB978338) MS Windows ISATAP Component IP Address Spoofing Vulnerability
- http://secunia.com/advisories/39382/
___

MSRT
- http://support.micro...om/?kbid=890830
April 13, 2010 - Revision: 71.0
(Recent additions)
- http://www.microsoft...e/families.aspx
... added this release
• Magania: http://www.microsoft.....Win32/Magania

- http://go.microsoft....k/?LinkId=40587
File Name: windows-kb890830-v3.6.exe
Version: 3.6

.

Edited by AplusWebMaster, 15 April 2010 - 06:10 AM.

[AplusWebMaster]

FYI...

MS10-021 ...failed WinXP Update
- http://isc.sans.org/...ml?storyid=8644
Last Updated: 2010-04-16 17:01:19 UTC - "... there is a general statement concerning the prevention of the update from installing "if certain abnormal conditions exist on 32-bit systems"... if you happened to be using WinXP and encountered an error while performing an update for MS10-021, Microsoft has provided a link here* to officially explain what the error means and what resolution steps can be taken..."
* http://www.microsoft...ty/updates/015/

- http://www.microsoft...n/ms08-021.mspx
• V1.1 (April 9, 2008): Bulletin updated to add a Known Issues link to Microsoft Knowledge Base Article 948590, to add a Known Issues section to the FAQ, to update the uninstall registry path, and to update the Acknowledgments.
• V1.2 (April 11, 2008): Bulletin updated to remove a reference to unsupported software in the Vulnerability FAQs.
(See: "Known Issues"): http://support.microsoft.com/kb/948590

- http://news.bbc.co.u...ogy/8624560.stm
16 April 2010

- http://www.theregist...sses_pwned_pcs/
16 April 2010

Edited by AplusWebMaster, 16 April 2010 - 12:23 PM.

[AplusWebMaster]

FYI...

MS10-025 Security Update to be Re-released
- http://blogs.technet...e-released.aspx
April 21, 2010 - "MS10-025* is a security update that only affects Windows 2000 Server customers who have installed Windows Media Services (this is a non-default configuration). Today we pulled the update because we found it does not address the underlying issue effectively. We are not aware of any active attacks seeking to exploit this issue and are targeting a re-release of the update for next week. Customers should review the bulletin for mitigations and workarounds and those with internet facing systems with Windows Media Services installed should evaluate and use firewall best practices to limit their overall exposure..."

Microsoft Security Bulletin MS10-025 - Critical
Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
* http://www.microsoft...n/MS10-025.mspx
Published: April 13, 2010 | Updated: April 21, 2010
• V2.0 (April 21, 2010): Revised bulletin to inform customers that the original security update did not protect systems from the vulnerability described in this bulletin. Microsoft recommends that customers apply one of the workarounds described in this bulletin to help mitigate the impact to affected systems until a revised security update is made available.

- http://web.nvd.nist....d=CVE-2010-0478
CVSS v2 Base Score: 9.3 (HIGH)

[AplusWebMaster]

FYI...

MS Security Bulletin MS10-025 - Critical
Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
- http://www.microsoft...n/ms10-025.mspx
Updated: April 27, 2010
• V3.0 (April 27, 2010): Revised bulletin to offer the re-released security update for Windows Media Services running on Microsoft Windows 2000 Server Service Pack 4. Microsoft recommends that customers running the affected software apply the re-released security update immediately."

[AplusWebMaster]

FYI...

MSRT results - April 2010
- http://blogs.technet...ts-alureon.aspx
April 30, 2010 - "... results from the April edition of MSRT. As part of our ongoing updates to families already in MSRT, we have added support for more variants of the Win32/Alureon rootkit/infector, including the ones responsible for the issues widely reported with Microsoft Security Bulletin MS10-015...
Variant Computers Cleaned
Virus:Win32/Alureon.A 43,620
Virus:Win32/Alureon.B 7,297
Virus:Win32/Alureon.F 36,586
Virus:Win32/Alureon.G 102,549
Alureon Trojans and Droppers 72,917
Total 262,969
---
... although the Alureon family has been around for years, some variants (.A-.F) gained a lot of attention since they conflicted with Microsoft Security Bulletin MS10-015 and rendered machines unbootable after applying updates to ntoskrnl.exe. Within a few days, the rootkit authors updated Win32/Alureon.G to avoid the issue since it was attracting a lot of unwanted attention. Moreover, Microsoft also re-released Microsoft Security Bulletin MS10-015 with new heuristic checks included in the installer identifying symptoms of the rootkit, preventing the patch from being applied to the affected users while warning them of the issues. The recently released Microsoft Security Bulletin MS10-021 also demonstrates a similar behavior. The good news however, is that once MSRT April installs and cleans Alureon from the machine, these patches can be installed successfully to secure the machines...
Apart from tackling the Alureon variants, the newly added threat family for this month, Win32/Magania, was cleaned from 43,394 machines. In total, MSRT April cleaned malware infections from 3,168,563 machines since it was released on the 13th of this month. Below are the top six most prevalent threat families cleaned with MSRT in April.
Family Computers Cleaned
Frethog 831,289
Taterf 372,597
Alureon 262,969
Rimecud 250,603
Hamweq 225,104
Four out of the top five, Frethog, Taterf, Rimecud and Hamweq, are worms taking advantage of propagation mechanisms that traditionally lead to outbreaks. These worms use shared/mapped drives, removable devices, autorun behaviors, all of which are common attack surfaces that we’ve combated for years. We highly recommend reading the section “Protecting Against Malicious and Potentially Unwanted Software” in the latest edition of the Microsoft Security Intelligence Report* which provides great advice on preventing the spread of infections and tackling malware in general to ensure you and any users you may support stay fully protected."
* http://www.microsoft...Threat/SIR.aspx

Edited by AplusWebMaster, 01 May 2010 - 06:00 AM.

[AplusWebMaster]

FYI...

Update on MS10-016 for Microsoft Producer
- http://blogs.technet...t-producer.aspx
May 03, 2010 - "... update on MS10-016*, a Windows Movie Maker bulletin we released in March 2010. At the time, we did not have an update for Microsoft Producer 2003. Today we have released a new version of Microsoft Producer that replaces the old version. We recommend that all customers using Producer 2003 upgrade to the new version located here*. For those customers who do not wish to upgrade to the new version, we recommend that you apply the workaround available as a Microsoft FixIt in KB975561**. The FixIt removes the file association from the application to prevent files from being opened in Producer when you double click on them. Users who apply the FixIt can still open their projects by first launching Producer and then opening the file from within the application. For more information, please review the security bulletin."
* http://www.microsoft...n/ms10-016.mspx
• V2.0 (May 3, 2010): Corrected installation switches for Movie Maker 2.6 on Windows Vista and Windows 7. Also, announced availability of Microsoft Producer. Microsoft recommends that users of Microsoft Producer 2003 upgrade to the new version, Microsoft Producer.

** http://support.microsoft.com/kb/975561

[AplusWebMaster]

FYI...

MS10-024 patch - Windows SMTP Service DNS query Id vuln
- http://www.theregist...icrosoft_patch/
5 May 2010 - "... "These vulnerabilities were fixed by the patches referenced in MS10-024 but were not disclosed in the vendor's security bulletin and did not have a unique vulnerability identifier assigned to them," the Core advisory stated*. "As a result, the guidance and the assessment of risk derived from reading the vendor's security bulletin may overlook or misrepresent actual threat scenarios."
Microsoft issued the following statement:
"The purpose of security bulletins is to help customers accurately assess their risk as part of their planning. We do not include comprehensive information about all variants addressed as part of our investigation, but the information we do provide around severity, and risk accurately pertains to the vulnerabilities discussed in the bulletin and any variants that are addressed as part of the investigation. In other words, no variant represents a greater severity than the vulnerability discussed in the bulletin."
* http://archives.neoh...10-05/0058.html
May 04 2010

- http://www.microsoft...n/MS10-024.mspx
Published: April 13, 2010 | Updated: April 15, 2010
Version: 1.2