4 replies to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...lletin/ms11-oct
October 11, 2011 - "This bulletin summary lists security bulletins released for October 2011..." (Total of -8-)

Critical -2-

Microsoft Security Bulletin MS11-078 - Critical
Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
- https://technet.micr...lletin/ms11-078
Critical - Remote Code Execution - May require restart - Microsoft .NET Framework, Microsoft Silverlight

Microsoft Security Bulletin MS11-081 - Critical
Cumulative Security Update for Internet Explorer (2586448)
- https://technet.micr...lletin/ms11-081
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer

Important -6-

Microsoft Security Bulletin MS11-075 - Important
Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
- https://technet.micr...lletin/ms11-075
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-076 - Important
Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
- https://technet.micr...lletin/ms11-076
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-077 - Important
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
- https://technet.micr...lletin/ms11-077
Important - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-079 - Important
Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
- https://technet.micr...lletin/ms11-079
Important - Remote Code Execution- May require restart - Microsoft Forefront United Access Gateway

Microsoft Security Bulletin MS11-080 - Important
Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
- https://technet.micr...lletin/ms11-080
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-082 - Important
Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)
- https://technet.micr...lletin/ms11-082
Important - Denial of Service - May require restart - Microsoft Host Integration Server
___

Deployment Priority
- https://blogs.techne...-Deployment.jpg

Severity and Exploitability Index
- https://blogs.techne...0_-Severity.png
___

ISC Analysis
- https://isc.sans.edu...l?storyid=11779
Last Updated: 2011-10-11 18:17:17 UTC... (Version: 2)
___

- https://secunia.com/advisories/46403/ - MS11-075
- https://secunia.com/advisories/46404/ - MS11-076
- https://secunia.com/advisories/46405/ - MS11-077
- https://secunia.com/advisories/46406/ - MS11-078
- https://secunia.com/advisories/46402/ - MS11-079
- https://secunia.com/advisories/46401/ - MS11-080
- https://secunia.com/advisories/46400/ - MS11-081 - IE
Updated 2011-10-17 - CVE Reference(s): CVE-2011-1993, CVE-2011-1995, CVE-2011-1996, CVE-2011-1997, CVE-2011-1998, CVE-2011-1999, CVE-2011-2000, CVE-2011-2001
CVSS v2 Base Score: 9.3 (HIGH)
- https://secunia.com/advisories/46399/ - MS11-082
___

MSRT
- http://support.micro...om/?kbid=890830
October 11, 2011 - Revision: 94.0
(Recent additions)
- http://www.microsoft...e-families.aspx
... added this release...
• EyeStye (aka 'SpyEye')
• Poison

Download:
- http://www.microsoft...i...ng=en&id=16
File Name: windows-kb890830-v4.1.exe
- https://www.microsof...ls.aspx?id=9905
x64 version of MSRT:
File Name: windows-kb890830-x64-v4.1.exe

.

Edited by AplusWebMaster, 18 October 2011 - 03:03 AM.

[AplusWebMaster]

FYI... NOW available thru MS Updates:

MS Updates - October 2011 revisited ...

A Compatibility View list update is available for Windows IE8
- http://support.micro....com/kb/2598845
October 26, 2011 - Revision: 2.1 - "An update is available for the Internet Explorer 8 Compatibility View list. This update is dated October 25, 2011. This Compatibility View list update makes websites that are designed for older browsers look better in Internet Explorer 8..."

A Jump List that contains more than 999 items is not displayed in Windows 7 or in Windows Server 2008 R2
- http://support.micro....com/kb/2607576
October 25, 2011 - Revision: 1.0

The values of the 32-bit versions of two registry entries are incorrect in 64-bit versions of Windows 7 or of Windows Server 2008 R2
- http://support.micro....com/kb/2603229
October 25, 2011 - Revision: 1.0

MS08-069: Security update for XML Core Services 4.0
- http://support.microsoft.com/kb/954430
October 3, 2011 - Revision: 6.0

Microsoft XML Core Services 4.0 SP2
- http://support.microsoft.com/kb/973688
January 19, 2011 - Revision: 4.0

.

[AplusWebMaster]

FYI...

Update on Zbot / MSRT removals
- https://blogs.techne...-zbot-spot.aspx
31 Oct 2011 - "... prior to the September 2011 release, MSRT consistently detected about -90%- of PWS:Win32/Zbot variants in the wild. For the month of September 2011, we detected and removed PWS:Win32/Zbot from around 185,000 distinct Windows computers, a stark increase to the months beforehand... For October so far, we've removed Zbot from over 88,000 computers and we expect that number to grow to around 100,000... These increased numbers are also likely a result of new functionality we've seen in Zbot recently. It seems that some variants now automatically spread via the Windows autorun functionality; something that is very common with other prolific malware families, so it's not very surprising we're seeing it now - but is surprising we hadn't seen it before now. Regarding autorun, Microsoft released a security update in February of 2011* that changed its default behavior - the result was an overall decline in threats utilizing autorun as a spreading mechanism. There is a Microsoft Knowledge Base article that discusses how to disable autorun in Windows, here** ..."

* http://support.microsoft.com/kb/971029

** http://support.microsoft.com/kb/967715

[AplusWebMaster]

FYI...

MSRT: Poison and EyeStye*, by the numbers (*aka SpyEye)
- https://blogs.techne...he-numbers.aspx
1 Nov 2011 - "The latest MSRT release included coverage for two more malware families, one being Win32/EyeStye... the other being Win32/Poison... As of October 25, the MSRT has removed Win32/Poison from a little over 16,000 computers... we have disinfected EyeStye from more than half a million unique machines... (605,825 at the time of writing)...
Top 10 Families in MSRT:
- http://www.microsoft.../BID047-003.png
... most of the computers found to be infected with EyeStye were located in western Europe, with the largest number of detections found in Germany:
Geographical distribution of EyeStye:
- http://www.microsoft.../BID047-004.png ..."

- https://www.microsof...i...en&id=27871
PDF report Win32/Poison - 19 pgs.

[AplusWebMaster]

FYI...

Microsoft Security Bulletin MS11-081 - Critical
Cumulative Security Update for Internet Explorer (2586448)
- https://technet.micr...lletin/ms11-081
Updated: Wednesday, November 02, 2011 - Version: 1.2
• V1.2 (November 2, 2011): Announced the release of a hotfix to resolve a known issue affecting IE7 customers after the KB2586448 security update is installed. See the Update FAQ for details.

> http://support.micro....com/kb/2586448
November 2, 2011 - Revision: 2.0

Some drop-down lists and combo boxes do not appear in IE7 after you install security update 2586448
>> http://support.micro....com/kb/2628724
November 2, 2011 - Revision: 6.2
"... If you cannot upgrade to a newer version of Internet Explorer, a supported hotfix is now available from Microsoft for Internet Explorer 7. However, it is intended to correct -only- the problem that is described in this article. Apply it only to systems that are experiencing this specific problem..."