Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

MS Security Bulletin Summary - March 2011


  • Please log in to reply
3 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 08 March 2011 - 12:12 PM

FYI...

- http://www.microsoft...n/MS11-mar.mspx
March 08, 2011 - "This bulletin summary lists security bulletins released for March 2011... (Total of -3-)

Microsoft Security Bulletin MS11-015 - Critical
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
- http://www.microsoft...n/ms11-015.mspx
Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-017 - Important
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)
- http://www.microsoft...n/MS11-017.mspx
Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-016 - Important
Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)
- http://www.microsoft...n/MS11-016.mspx
Remote Code Execution - May require restart - Microsoft Office
___

MS11-015: http://secunia.com/advisories/43626/
Highly critical - System access - From remote
MS11-016: http://secunia.com/advisories/41104/
Highly critical - System access - From remote
MS11-017: http://secunia.com/advisories/43628/
Highly critical - System access - From remote

MS11-015:
- http://www.securityt....com/id/1025169
- http://www.securityt....com/id/1025170
MS11-016:
- http://www.securityt....com/id/1025171
MS11-017:
- http://www.securityt....com/id/1025172
___

- http://blogs.technet...in-release.aspx
"8 Mar 2011
MS11-015. This bulletin resolves one Critical-level and one Important-level vulnerability affecting certain media files in all versions of Microsoft Windows. It has an Exploitability Index rating of 1 ...
MS11-016 is a DLL-preloading issue affecting Microsoft Groove 2007 Service Pack 2, which makes this an Office bulletin. Versions 2007 and 2010 of Groove are unaffected, as is Microsoft SharePoint Workspace 2010.
MS11-017 is also a DLL-preloading issue, in this instance in Microsoft Windows Remote Client Desktop. This security update is rated Important for Remote Desktop Connection 5.2 Client, Remote Desktop Connection 6.0 Client, Remote Desktop Connection 6.1 Client, and Remote Desktop Connection 7.0 Client..."

Deployment Priority
- http://blogs.technet...-deployment.png

Severity and Exploitability
- http://blogs.technet...ity_2D00_xi.png
___

MSRT
- http://support.micro...om/?kbid=890830
March 8, 2011 - Revision: 85.0
(Recent additions)
- http://www.microsoft...e-families.aspx
... added this release...
• Renocide

- http://blogs.technet...2-renocide.aspx
9 Mar 2011

Download:
- http://www.microsoft...;displaylang=en
File Name: windows-kb890830-v3.17.exe

To download the x64 version of MSRT, click here:
- http://www.microsoft...;displaylang=en
File Name: windows-kb890830-x64-v3.17.exe
___

ISC Analysis
- http://isc.sans.edu/...l?storyid=10510
Last Updated: 2011-03-08 18:17:20 UTC

.

Edited by AplusWebMaster, 09 March 2011 - 05:46 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

    Advertisements

Register to Remove


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 09 March 2011 - 08:53 PM

FYI...

Forefront update fails - KB2508823
- http://isc.sans.edu/...l?storyid=10522
Last Updated: 2011-03-09 23:13:29 UTC - "Included in this Patch Tuesday is a Forefront update KB2508823[1] (Client Version: 1.5.1996.0). We have received a number of reports that the KB2508823 update fails during the install. Once the update fails, the existing Forefront client is also removed. This leaves the machine without any anti-malware protection. We recommend you hold off deploying the update until confirmation from Microsoft. Microsoft have posted a similar warning here:
- http://blogs.technet...011-update.aspx
"Update 9 March 2011... you may want to hold off approving this update for the moment..."
___

- http://blogs.technet...011-update.aspx
"Update 10 March 2011... We have received reports of an installation issue with our March update of Forefront Client Security when the option of “install updates and shutdown” is used. We wanted to be clear on the issue and exactly what steps we are taking to rectify it.
Symptom: A computer attempts to use the install updates and shutdown Windows feature to update to the latest version of FCSv1. After restart, the computer does not have the Antimalware agent installed, but will still have the Security State Assessment(SSA) and Microsoft Operation Manager components installed.
The problem: This issue only occurs on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. It does not occur on Windows XP, Windows Server 2003 or Windows 2000. This issue was not introduced in the March Update. It is caused by a previously undetected problem in the October 2010 update. Please review the steps below for what options you should take. For the bug to occur, the system must have either the policy setting changing the default shutdown behavior or the user clicks on “Apply updates at Shutdown”. If the update is deployed or manually installed in other ways, this bug does not occur..."
(MS recommended steps to take at the URL above.)

[1] http://support.micro....com/kb/2508823

:( :huh:

Edited by AplusWebMaster, 11 March 2011 - 04:57 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 16 March 2011 - 02:48 PM

FYI...

MSRT 2011.03 results...
- http://blogs.technet...-aftermath.aspx
16 Mar 2011 - "On March 8th, we announced the release of our latest Malicious Software Removal Tool (MSRT), version that included detection and cleaning capabilities for a backdoor enabled worm we are calling Win32/Renocide... According to our telemetry, this new addition was among the top 5 detected threats (in the first week of release), both when it comes to infected machines and when classified based on number of detected files... The high tally of affected machines reflects Renocide's relative age; the botnet has been around since 2008 and has slowly but steadily increased its prevalence. Our first detection dates back to the first half of 2008... Sality leads in the threat count ranking due to the fact that it is a file infector..."
(Charts available at the URL above.)

:ph34r:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,472 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 07 April 2011 - 01:44 PM

FYI...

- http://www.microsoft...n/MS11-mar.mspx
• V1.1 (March 16, 2011): Removed an erroneous reference to Windows XP Home Edition SP3 and Windows XP Tablet PC Edition SP3 as not affected in the notes for MS11-015 under Affected Software and Download Locations. This is an informational change only. There were no changes to the security update files or detection logic. For customers who are running these editions of Windows XP and who have not already applied this update, Microsoft recommends applying the update immediately. Customers who have already applied the update do not need to take any action.

Microsoft Security Bulletin MS11-015 - Critical
Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
- http://www.microsoft...n/ms11-015.mspx
Remote Code Execution - May require restart - Microsoft Windows

:blink: <_<

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users