1 reply to this topic

[AplusWebMaster]

FYI...

- https://technet.micr...lletin/ms11-nov
November 08, 2011 - "This bulletin summary lists security bulletins released for November 2011... (Total of -4-)

Microsoft Security Bulletin MS11-083 - Critical
Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
- https://technet.micr...lletin/ms11-083
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-085 - Important
Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution
- https://technet.micr...lletin/ms11-085
Important - Remote Code Execution - May require restart - Microsoft Windows

Microsoft Security Bulletin MS11-086 - Important
Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)
- https://technet.micr...lletin/ms11-086
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS11-084 - Moderate
Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657)
- https://technet.micr...lletin/ms11-084
Moderate - Denial of Service - Requires restart - Microsoft Windows
___

Bulletin Deployment priority
- https://blogs.techne...ent-Graphic.png

Severity and exploitability index
- https://blogs.techne...ity-Graphic.png
___

- http://www.securityt....com/id/1026290 - MS11-083
- http://www.securityt....com/id/1026291 - MS11-084
- http://www.securityt....com/id/1026292 - MS11-085
- http://www.securityt....com/id/1026293 - MS11-085
- http://www.securityt....com/id/1026294 - MS11-086
Nov 8 2011
- https://secunia.com/advisories/46731/ - MS11-083
- https://secunia.com/advisories/46751/ - MS11-084
- https://secunia.com/advisories/46752/ - MS11-085
- https://secunia.com/advisories/46755/ - MS11-086
Nov 8 2011
___

Office updates...
- http://support.micro....com/kb/2639798
November 8, 2011 - "... -security- and nonsecurity updates. All the following are included in the November 8, 2011 update.
2553455 Description of the Office 2010 update
- http://support.micro....com/kb/2553455
2553310 Description of the Office 2010 update
- http://support.micro....com/kb/2553310
2553181 Description of the Office 2010 update
- http://support.micro....com/kb/2553181
2553290 Description of the OneNote 2010 update
- http://support.micro....com/kb/2553290
2553323 Description of the Outlook 2010 update
- http://support.micro....com/kb/2553323
982726 Description of the Outlook 2010 Junk Email Filter update
- http://support.microsoft.com/kb/982726
2596972 Description of the Outlook 2003 Junk Email Filter update...
- http://support.micro....com/kb/2596972
___

ISC Analysis
- https://isc.sans.edu...l?storyid=11971
Last Updated: 2011-11-08 22:18:48 UTC - Version: 2

Re-released: Microsoft Security Bulletin MS11-037 - Important
Vulnerability in MHTML Could Allow Information Disclosure (2544893)
- https://technet.micr...lletin/ms11-037
Published: Tuesday, June 14, 2011 | Updated: Tuesday, November 08, 2011
Version: 2.0 - FAQs: "... The new offering of this update provides systems running Windows XP or Windows Server 2003 with the same cumulative protection that is provided by this update for all other affected operating systems..."
- http://web.nvd.nist....d=CVE-2011-1894
Last revised: 09/07/2011
Overview: "The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka 'MHTML Mime-Formatted Request Vulnerability'..."
CVSS v2 Base Score: 4.3 (MEDIUM)
___

MSRT
- http://support.micro...om/?kbid=890830
November 8, 2011 - Revision: 95.0
(Recent additions)
- http://www.microsoft...e-families.aspx
... added this release...
• Carberp
• Cridex
• Dofoil

Download:
- http://www.microsoft...i...ng=en&id=16
File Name: windows-kb890830-v4.2.exe - 14.0 MB
- https://www.microsof...ls.aspx?id=9905
x64 version of MSRT:
File Name: windows-kb890830-x64-v4.2.exe - 14.0 MB

- https://blogs.techne...e...&GroupKeys=
8 Nov 2011

.

Edited by AplusWebMaster, 11 November 2011 - 05:31 AM.

[AplusWebMaster]

FYI...

MSRT November: Dofoil
- https://blogs.techne...e...&GroupKeys=
22 Nov 2011 - "... one of the three families added to the November release of the Microsoft Malicious Software Removal Tool is Win32/Dofoil. TrojanDownloader:Win32/Dofoil is a configurable downloader. Dofoil will attempt to receive control instructions from a remote server. The response contains encrypted configuration data containing download URLs and execution options... often seen as an attachment as part of a spam campaign, the MMPC has observed Win32/Dofoil distributed and installed via other mechanisms such as by exploit. In the wild Win32/Dofoil variants are employed to download rogue security software such as Trojan:Win32/FakeSysdef and spam capable malware such as Trojan:Win32/Danmec.L. Among observed spam campaigns, here is a small selection of spam lures employed during the last two months:
'IRS
From: pay.damages @irs.gov
Subject: IRS Notification ...'
'iTunes
From: account.sn.5890 @itunes.apple.com
Subject: Your iTunes Gift Certificate ...'
'Xerox
Subject: Fwd: Scan from a Xerox W. Pro #16389356 ...'
... reported variants of Win23/Dofoil on 13,488 unique machines this month. Forty-seven percent of these machines were running Windows XP, whilst approximately twenty-nine percent were running Windows 7. Looking at the geographic distribution* of the machines which reported a Win32/Dofoil detection...
* http://www.microsoft...BID54-GRAPH.png
... most prevalent in the United States, the MMPC observed those attempting to distribute Win32/Dofoil employing the use of localized lures targeting recipients in Germany, France Italy and Australia..."