4 replies to this topic

[AplusWebMaster]

FYI...

- http://www.microsoft...n/MS11-apr.mspx
April 12, 2011 - "This bulletin summary lists security bulletins released for April 2011...(Total of -17-)

Critical

Microsoft Security Bulletin MS11-018 - Critical
Cumulative Security Update for Internet Explorer (2497640)
- http://www.microsoft...n/MS11-018.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Microsoft Security Bulletin MS11-019 - Critical
Vulnerabilities in SMB Client Could Allow Remote Code Execution (2511455)
- http://www.microsoft...n/MS11-019.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-020 - Critical
Vulnerability in SMB Server Could Allow Remote Code Execution (2508429)
- http://www.microsoft...n/MS11-020.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-027 - Critical
Cumulative Security Update of ActiveX Kill Bits (2508272)
- http://www.microsoft...n/MS11-027.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-028 - Critical
Vulnerability in .NET Framework Could Allow Remote Code Execution (2484015)
- http://www.microsoft...n/MS11-028.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-029 - Critical
Vulnerability in GDI+ Could Allow Remote Code Execution (2489979)
- http://www.microsoft...n/MS11-029.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-030 - Critical
Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)
- http://www.microsoft...n/ms11-030.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-031 - Critical
Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)
- http://www.microsoft...n/MS11-031.mspx
Critical - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-032 - Critical
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2507618)
- http://www.microsoft...n/MS11-032.mspx
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Important

Microsoft Security Bulletin MS11-021 - Important
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279)
- http://www.microsoft...n/ms11-021.mspx
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS10-022 - Important
Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
- http://www.microsoft...n/MS10-022.mspx
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Server Software

Microsoft Security Bulletin MS11-023 - Important
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293)
- http://www.microsoft...n/MS11-023.mspx
Important - Remote Code Execution - May require restart - Microsoft Office

Microsoft Security Bulletin MS11-024 - Important
Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution (2527308)
- http://www.microsoft...n/MS11-024.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-025 - Important
Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution (2500212)
- http://www.microsoft...n/MS11-025.mspx
Important - Remote Code Execution - May require restart - Microsoft Developer Tools and Software

Microsoft Security Bulletin MS11-026 - Important
Vulnerability in MHTML Could Allow Information Disclosure (2503658)
- http://www.microsoft...n/ms11-026.mspx
Important - Information Disclosure - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-033 - Important
Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2485663)
- http://www.microsoft...n/MS11-033.mspx
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-034 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2506223)
- http://www.microsoft...n/ms11-034.mspx
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

Deployment Priority
- http://blogs.technet...nt-Priority.png

Severity and Exploitability index
- http://blogs.technet...ility-Index.png
___

ISC Analysis
- http://isc.sans.edu/...l?storyid=10693
Last Updated: 2011-04-13 00:13:23 UTC ...(Version: 3)
___

- http://www.securityt....com/id/1025327 - MS11-018
- http://www.securityt....com/id/1025328 - MS11-019
- http://www.securityt....com/id/1025329 - MS11-020
- http://www.securityt....com/id/1025337 - MS11-021
- http://www.securityt....com/id/1025340 - MS11-022

- http://www.securityt....com/id/1025343 - MS11-023
- http://www.securityt....com/id/1025347 - MS11-024
- http://www.securityt....com/id/1025346 - MS11-025
- http://www.securityt....com/id/1025330 - MS11-027
- http://www.securityt....com/id/1025331 - MS11-028

- http://www.securityt....com/id/1025335 - MS11-029
- http://www.securityt....com/id/1025332 - MS11-030
- http://www.securityt....com/id/1025333 - MS11-031
- http://www.securityt....com/id/1025334 - MS11-032
- http://www.securityt....com/id/1025344 - MS11-033
- http://www.securityt....com/id/1025345 - MS11-034
___

MSRT
- http://support.micro...om/?kbid=890830
April 12, 2011 - Revision: 86.0
(Recent additions)
- http://www.microsoft...e-families.aspx
... added this release...
• Afcore:
- http://blogs.technet...n32-afcore.aspx
13 Apr 2011 - "... added the Win32/Afcore family of trojans to its detections. This malware is -aka- Coreflood* ..."
* http://forums.whatth...=...st&p=724559

Download:
- http://www.microsoft...;displaylang=en
File Name: windows-kb890830-v3.18.exe - 12.2MB

To download the x64 version of MSRT, click here:
- http://www.microsoft...;displaylang=en
File Name: windows-kb890830-x64-v3.18.exe - 12.6MB

.

Edited by AplusWebMaster, 14 April 2011 - 05:01 AM.

[AplusWebMaster]

FYI...

TDL rootkit vuln/fix...
- http://sunbeltblog.b...x-in-patch.html
April 14, 2011 - "... It appears that at least part of this vulnerability has been patched. From the Technet blog:
- http://blogs.technet...ty-updates.aspx
12 Apr 2011 - "... The second advisory, KB 2506014*, hardens Windows against kernel-mode rootkits. This specifically breaks the hiding mechanism used by the current Alureon/TDL4 rootkit family..."
[MS11-034 - "30 of this month’s 64 vulnerabilities being addressed in this bulletin..."]
Update April 13: Corrected the MS11-028 bulletin severity and affected products. Also moved this bulletin up higher in priority due to this correction.
*Update April 15: Corrected the MS11-032 bulletin exploitability due to a rating error. Also moved MS11-032 higher in priority order.
* http://www.microsoft...ry/2506014.mspx

> http://support.micro....com/kb/2506014
April 12, 2011 - Revision: 3.0
___

- http://blog.trendmic...the-hard-drive/
April 15, 2011 - "... patch specifically breaks the hiding mechanism used by the current Alureon/TDL4 rootkit family. More information can be found in the security bulletin for MS11-034*..."

* http://www.microsoft...n/ms11-034.mspx
Acknowledgments...
• Tarjei Mandt of Norman for reporting the Vulnerability Type 1: Win32k Use After Free Vulnerability
CVE-2011-0662, CVE-2011-0665, CVE-2011-0666, CVE-2011-0667, CVE-2011-0670, CVE-2011-0671, CVE-2011-0672, CVE-2011-0674, CVE-2011-0675, CVE-2011-1234, CVE-2011-1235, CVE-2011-1236, CVE-2011-1237, CVE-2011-1238, CVE-2011-1239, CVE-2011-1240, CVE-2011-1241, CVE-2011-1242
[ALL] ...CVSS Severity: 7.2 (HIGH)
• Tarjei Mandt of Norman for reporting the Vulnerability Type 2: Win32k Null Pointer De-reference Vulnerability
CVE-2011-0673, CVE-2011-0676, CVE-2011-0677, CVE-2011-1225, CVE-2011-1226, CVE-2011-1227, CVE-2011-1228, CVE-2011-1229, CVE-2011-1230, CVE-2011-1231, CVE-2011-1232, CVE-2011-1233
[ALL] ...CVSS Severity: 7.2 (HIGH)

Edited by AplusWebMaster, 17 April 2011 - 10:41 AM.

[AplusWebMaster]

FYI...

MS11-020 - PATCH NOW
- http://isc.sans.edu/...l?storyid=10714
Last Updated: 2011-04-15 12:22:18 UTC - "Based on notifications received from Microsoft... The Remote Code Exploit is possible -without- authentication, so this presents a serious risk to internal networks. Think Downadup/Conficker, or think lateral movement if that will help motivate patching. Also note that this patch requires a reboot of your system..."
- http://isc.sans.edu/...l?storyid=10693
Last Updated: 2011-04-15 12:10:35 UTC ... (Version: -4-)

- http://www.microsoft...n/MS11-020.mspx
April 12, 2011
- http://support.micro....com/kb/2508429
April 12, 2011

- http://web.nvd.nist....d=CVE-2011-0661
Last revised: 04/14/2011
CVSS v2 Base Score: 10.0 (HIGH)

Edited by AplusWebMaster, 15 April 2011 - 06:53 AM.

[AplusWebMaster]

FYI...

MS11-022 - Known issues...
- http://support.micro....com/kb/2464588
Last Review: April 14, 2011
• Presentations that contain layouts with a background images may cause an error when opened in PowerPoint 2003. A dialog will notify you that some contents (text, images or objects) have corrupted; the specific content lost will be what is specified in the layout, not the actual slide content itself. Items that were removed will display a blank box or a box containing “cleansed”.
Workarounds for this issue:
Remove background images from layouts in presentations that have to be accessed and edited from PowerPoint 2003.
After the error message is displayed, save a copy of the presentation and perform edits on the copy.
Microsoft is researching this problem and will post more information in this article when the information becomes available..."

- http://support.micro....com/kb/2464588
Last Review: April 19, 2011 - Revision: 3.0
"... Removal information
To remove this security update, use the Add or Remove Programs item or use the Programs and Features item in Control Panel.
Note: When you remove this security update, you may be prompted to insert the disc that contains Microsoft Office PowerPoint 2003. Additionally, you may not have the option to uninstall this security update from the Add or Remove Programs item or the Programs and Features item in Control Panel. There are several possible causes for this issue.
For more information about the removal, click the following article number to view the article in the Microsoft Knowledge Base:
- http://support.microsoft.com/kb/903771
903771 Information about the ability to uninstall Office updates ..."

Edited by AplusWebMaster, 20 April 2011 - 09:41 AM.

[AplusWebMaster]

FYI...

PowerPoint 2003 hotfix package
- http://support.micro...b/2543241/en-us
Last Review: April 26, 2011 - Revision: 3.0 -
"Issues that this hotfix package fixes:
When you open presentations that contain layouts with background images in PowerPoint 2003, an error may occur. When the error occurs, you receive a message that states that some contents (text, images, or objects) have corrupted. You can determine what content has been lost by viewing the layout, but not by viewing the slide content. Items that were removed will display a blank box or a box that contains "cleansed"... this hotfix is intended to correct only the problems that are described in this article. Apply this hotfix -only- to systems that are experiencing the problems described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix...
Prerequisites: You -must- have Microsoft Office 2003 Service Pack 3 installed to apply this hotfix package...
This hotfix replaces security update 2464588, which is described in bulletin MS11-022*..."
* http://www.microsoft...n/MS11-022.mspx