Sophos virus news
Norman virus news
Kaspersky virus news
Trendmicro
Panda Software
Symantec
Micrsoft TechNet Security Bulletin Feed
Micrsoft Security Advisories
Virus Alert information
US-CERT Technical Cyber Security Alerts
US-CERT Cyber Security Alerts
US-CERT Cyber Security Tips
SANS Internet Storm Center
Avira Security News
Avira Latest Threads
Security Focus
Sophos newsfeeds
| |||
| Panda Software | ||
|---|---|---|
 |
| Microsoft Security Bulletins |
| Last updated: Wed, 10 Mar 2010 22:53:50 GMT |
| Copyright: Copyright Microsoft Corporation 2005 |
| Microsoft Security Bulletins |
|---|
| XML MS10-017 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) Bulletin Severity Rating:Important - This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 09 Mar 2010 08:00:00 GMT MS10-016 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561) Bulletin Severity Rating:Important - This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and persuaded the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 09 Mar 2010 08:00:00 GMT MS10-015 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) Bulletin Severity Rating:Important - This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users. Published:Tue, 09 Feb 2010 08:00:00 GMT MS10-014 - Important: Vulnerability in Kerberos Could Allow Denial of Service (977290) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted. Published:Tue, 09 Feb 2010 08:00:00 GMT MS10-013 - Critical: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 09 Feb 2010 08:00:00 GMT MS10-012 - Important: Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468) Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities. Published:Tue, 09 Feb 2010 08:00:00 GMT MS10-011 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users. Published:Tue, 09 Feb 2010 08:00:00 GMT MS10-010 - Important: Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. Published:Tue, 09 Feb 2010 08:00:00 GMT MS10-009 - Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link. Published:Tue, 09 Feb 2010 08:00:00 GMT MS10-008 - Critical: Cumulative Security Update of ActiveX Kill Bits (978262) Bulletin Severity Rating:Critical - This security update addresses a privately reported vulnerability for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2. Published:Tue, 09 Feb 2010 08:00:00 GMT MS10-007 - Critical: Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler. Published:Tue, 09 Feb 2010 08:00:00 GMT MS10-006 - Critical: Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server. Published:Tue, 09 Feb 2010 08:00:00 GMT MS10-005 - Moderate: Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706) Bulletin Severity Rating:Moderate - This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 09 Feb 2010 08:00:00 GMT MS10-004 - Important: Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) Bulletin Severity Rating:Important - This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 09 Feb 2010 08:00:00 GMT MS10-003 - Important: Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 09 Feb 2010 08:00:00 GMT MS10-002 - Critical: Cumulative Security Update for Internet Explorer (978207) Bulletin Severity Rating:Critical - This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Thu, 21 Jan 2010 08:00:00 GMT MS10-001 - Critical: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 12 Jan 2010 08:00:00 GMT MS09-074 - Critical: Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Office Project. The vulnerability could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 08 Dec 2009 08:00:00 GMT MS09-073 - Important: Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft WordPad and Microsoft Office text converters. The vulnerability could allow remote code execution if a specially crafted Word 97 file is opened in WordPad or Microsoft Office Word. An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges. Published:Tue, 08 Dec 2009 08:00:00 GMT MS09-072 - Critical: Cumulative Security Update for Internet Explorer (976325) Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution; for more information about this issue, see the subsection, Frequently Asked Questions (FAQ) Related to This Security Update, in this section. Published:Tue, 08 Dec 2009 08:00:00 GMT MS09-071 - Critical: Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. On Windows Server 2008, the Internet Authentication Service is replaced by Network Policy Server (NPS). An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service or Network Policy Server are only affected when using PEAP with MS-CHAP v2 authentication. Published:Tue, 08 Dec 2009 08:00:00 GMT MS09-070 - Important: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726) Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities. Published:Tue, 08 Dec 2009 08:00:00 GMT MS09-069 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system. Published:Tue, 08 Dec 2009 08:00:00 GMT MS09-068 - Important: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 10 Nov 2009 08:00:00 GMT MS09-067 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 10 Nov 2009 08:00:00 GMT |
 |
| Last updated: Fri, 12 Mar 2010 21:42:11 GMT |
| Copyright: © 2005 Microsoft Corporation. All rights reserved. |
| Latest Security Advisories |
|---|
| XML Microsoft Security Advisory (981374): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 3/12/2010 Revision Note: V1.2 (March 12, 2010): Added an automated Microsoft Fix it solution to apply or undo the workaround for disabling the peer factory class on Windows XP or Windows Server 2003. Advisory Summary:Microsoft is investigating new, public reports of a vulnerability in Internet Explorer 6 and Internet Explorer 7. Our investigation has shown that the latest version of the browser, Internet Explorer 8, is not affected. The main impact of the vulnerability is remote code execution. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue. Published:Fri, 12 Mar 2010 08:00:00 GMT Microsoft Security Advisory (973811): Extended Protection for Authentication - 3/9/2010 Revision Note: V1.3 (March 9, 2010): Updated the FAQ to announce the rerelease of the update that enables Internet Information Services to opt in to Extended Protection for Authentication. For more information, see Known issues in Microsoft Knowledge Base Article 973917. Advisory Summary:Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA). Published:Tue, 09 Mar 2010 08:00:00 GMT Microsoft Security Advisory (981169): Vulnerability in VBScript Could Allow Remote Code Execution - 3/1/2010 Revision Note: V1.0 (March 1, 2010): Advisory published. Advisory Summary:Microsoft is investigating new public reports of a possible vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. The main impact of the vulnerability is remote code execution. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time. Published:Mon, 01 Mar 2010 08:00:00 GMT Microsoft Security Advisory (980088): Vulnerability in Internet Explorer Could Allow Information Disclosure - 2/10/2010 Revision Note: V1.1 (February 10, 2010): Specified the mitigation offered by Protected Mode. Also clarified an FAQ and workaround pertaining to Protected Mode. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue. Published:Wed, 10 Feb 2010 08:00:00 GMT Microsoft Security Advisory (979682): Vulnerability in Windows Kernel Could Allow Elevation of Privilege - 2/9/2010 Revision Note: V2.0 (February 9, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-015 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-015. The vulnerability addressed is the Windows Kernel Exception Handler Vulnerability - CVE-2010-0232. Published:Tue, 09 Feb 2010 08:00:00 GMT Microsoft Security Advisory (977377): Vulnerability in TLS/SSL Could Allow Spoofing - 2/9/2010 Revision Note: V1.0 (February 9, 2010): Advisory published. Advisory Summary:Microsoft is investigating public reports of a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer(SSL)protocols. At this time, Microsoft is not aware of any attacks attempting to exploit the reported vulnerability. Published:Tue, 09 Feb 2010 08:00:00 GMT Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 1/21/2010 Revision Note: V2.0 (January 21, 2010): Advisory updated to reflect publication of security bulletin Advisory Summary:Microsoft has completed the investigation the public reports of this vulnerability. We have issued MS10-002 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-002. The vulnerability addressed is the HTML Object Memory Corruption Vulnerability - CVE-2010-0249. Published:Thu, 21 Jan 2010 08:00:00 GMT Microsoft Security Advisory (979267): Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution - 1/12/2010 Revision Note: V1.0 (January 12, 2010): Advisory published. Advisory Summary:Security Advisory Published:Tue, 12 Jan 2010 08:00:00 GMT Microsoft Security Advisory (977981): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 12/8/2009 Revision Note: V2.0 (December 8, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed investigating public reports of this vulnerability. We have issued Microsoft Security Bulletin MS09-072 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-072. The vulnerability addressed is the HTML Object Memory Corruption Vulnerability - CVE-2009-3672. Published:Tue, 08 Dec 2009 08:00:00 GMT Microsoft Security Advisory (974926): Credential Relaying Attacks on Integrated Windows Authentication - 12/8/2009 Revision Note: V1.0 (December 8, 2009): Advisory published. Advisory Summary:This advisory addresses the potential for attacks that affect the handling of credentials using Integrated Windows Authentication (IWA), and the mechanisms Microsoft has made available for customers to help protect against these attacks. Published:Tue, 08 Dec 2009 08:00:00 GMT Microsoft Security Advisory (954157): Security Enhancements for the Indeo Codec - 12/8/2009 Revision Note: V1.0 (December 8, 2009): Advisory published. Advisory Summary:Microsoft is announcing the availability of an update that provides security mitigations to the Indeo codec on supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. Published:Tue, 08 Dec 2009 08:00:00 GMT Microsoft Security Advisory (977544): Vulnerability in SMB Could Allow Denial of Service - 11/13/2009 Revision Note: V1.0 (November 13, 2009): Advisory published. Advisory Summary:Microsoft is investigating new public reports of a possible denial of service vulnerability in the Server Message Block (SMB) protocol. This vulnerability cannot be used to take control of or install malicious software on a user?s system. However, Microsoft is aware that detailed exploit code has been published for the vulnerability. Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary. Published:Fri, 13 Nov 2009 08:00:00 GMT Microsoft Security Advisory (975497): Vulnerabilities in SMB Could Allow Remote Code Execution - 10/13/2009 Revision Note: V2.0 (October 13, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Security Advisory Published:Tue, 13 Oct 2009 07:00:00 GMT Microsoft Security Advisory (975191): Vulnerabilities in the FTP Service in Internet Information Services - 10/13/2009 Revision Note: V3.0 (October 13, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this issue. We have released MS09-053 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-053. The vulnerabilities addressed are the IIS FTP Service DoS Vulnerability (CVE-2009-2521) and the IIS FTP Service RCE and DoS Vulnerability (CVE-2009-3023). Published:Tue, 13 Oct 2009 07:00:00 GMT Microsoft Security Advisory (973882): Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution - 10/13/2009 Revision Note: V4.0 (October 13, 2009): Advisory revised to add an entry in the Updates related to ATL section to communicate the release of Microsoft Security Bulletin MS09-060, "Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution." Advisory Summary:Security Advisory Published:Tue, 13 Oct 2009 07:00:00 GMT Microsoft Security Advisory (967940): Update for Windows Autorun - 8/25/2009 Revision Note: V1.1 (August 25, 2009): Summary revised to notify users of an update to Autorun that restricts AutoPlay functionality to CD-ROM and DVD-ROM media, available for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 from Microsoft Knowledge Base Article 971029. Advisory Summary:Microsoft is announcing the availability of an update that corrects a functionality feature that can help customers in keeping their systems protected. The update corrects an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected. Published:Tue, 25 Aug 2009 07:00:00 GMT Microsoft Security Advisory (973472): Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution - 8/11/2009 Revision Note: V2.0 (August 11, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation of a privately reported vulnerability in Microsoft Office Web Components. We have issued MS09-043 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-043. The vulnerability addressed is the Office Web Components HTML Script Vulnerability - CVE-2009-1136. Published:Tue, 11 Aug 2009 07:00:00 GMT Microsoft Security Advisory (972890): Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution - 7/14/2009 Revision Note: V2.0 (July 14, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-032 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-032. The vulnerability addressed is the Microsoft Video ActiveX Control Vulnerability - CVE-2008-0015. Published:Tue, 14 Jul 2009 07:00:00 GMT Microsoft Security Advisory (971778): Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution - 7/14/2009 Revision Note: V2.0 (July 14, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-028 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-028. The vulnerability addressed is the DirectX NULL Byte Overwrite Vulnerability - CVE-2009-1537. Published:Tue, 14 Jul 2009 07:00:00 GMT Microsoft Security Advisory (969898): Update Rollup for ActiveX Kill Bits - 6/17/2009 Revision Note: V1.1 (June 17, 2009): Added an entry to Frequently Asked Questions to communicate that for the purpose of automatic updating, this update does not replace the Cumulative Security Update of ActiveX Kill Bits (950760) that is described in Microsoft Security Bulletin MS08-032. Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory. Published:Wed, 17 Jun 2009 07:00:00 GMT Microsoft Security Advisory (960715): Update Rollup for ActiveX Kill Bits - 6/17/2009 Revision Note: V1.2 (June 17, 2009): Added an entry to Frequently Asked Questions to communicate that for the purpose of automatic updating, this update does not replace the Cumulative Security Update of ActiveX Kill Bits (950760) that is described in Microsoft Security Bulletin MS08-032. Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory. Published:Wed, 17 Jun 2009 07:00:00 GMT Microsoft Security Advisory (956391): Update Rollup for ActiveX Kill Bits - 6/17/2009 Revision Note: V1.3 (June 17, 2009): Added an entry to Frequently Asked Questions to communicate that for the purpose of automatic updating, this update does not replace the Cumulative Security Update of ActiveX Kill Bits (950760) that is described in Microsoft Security Bulletin MS08-032. Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory. Published:Wed, 17 Jun 2009 07:00:00 GMT Microsoft Security Advisory (971888): Update for DNS Devolution - 6/9/2009 Revision Note: Advisory published. Advisory Summary:Microsoft is announcing the availability of an update to DNS devolution that can help customers in keeping their systems protected. Customers whose domain name has three or more labels , such as "contoso.co.us", or who do not have a DNS suffix list configured, or for whom the following mitigating factors do not apply may inadvertently be allowing client systems to treat systems outside of the organizational boundary as though they were internal to the organization's boundary. Published:Tue, 09 Jun 2009 07:00:00 GMT Microsoft Security Advisory (971492): Vulnerability in Internet Information Services Could Allow Elevation of Privilege - 6/9/2009 Revision Note: V2.0 (June 9, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-020 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-020. The vulnerability addressed is the IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability - CVE-2009-1535. Published:Tue, 09 Jun 2009 07:00:00 GMT Microsoft Security Advisory (945713): Vulnerability in Web Proxy Auto-Discovery (WPAD) Could Allow Information Disclosure - 6/9/2009 Revision Note: V2.0 (June 9, 2009): Advisory updated to reflect publication of security bulletin MS09-008 and Microsoft Security Advisory 971888. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-008 to address the WPAD issue and have released configuration guidance and updates for DNS devolution in Microsoft Security Advisory 971888. For more information about this issue, including download links for an available security update, please review MS09-008 and Microsoft Security Advisory 971888. The vulnerabilities addressed are the WPAD server registration vulnerabilities in WINS and DNS - CVE-2009-0094 and CVE-2009-0093. Published:Tue, 09 Jun 2009 07:00:00 GMT |
 |
| VirusAlert, de Nederlandstalige bron voor informatie over computervirussen. De ideale aanvulling op antivirussoftware. Dagelijks informatie over computervirussen en hoax-berichten. In het geval van een high-risk virus ontvangt u informatie via de gratis nieuwsbrief. Hieronder informatie over de laatste 10 virussen. |
| VirusAlert |
|---|
| XML backdoor.Arugizer W32.Scrshotvid Infostealer.Saluni trojan.Wuwo W32.Zimuse W32.Spyrat W32.Buzus Trojan.Ramvicrype W32.Exkowen W32.Perz W32.Stiraut |
| US-CERT Technical Cyber Security Alerts provide timely information about current security issues, vulnerabilities, and exploits. |
| US-CERT Technical Cyber Security Alerts |
|---|
| XML TA10-068A: Microsoft Updates for Multiple Vulnerabilities TA10-055A: Malicious Activity Associated with "Aurora" Internet Explorer Exploit TA10-040A: Microsoft Updates for Multiple Vulnerabilities TA10-021A: Microsoft Internet Explorer Vulnerabilities TA10-013A: Adobe Reader and Acrobat Vulnerabilities TA10-012B: Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities TA10-012A: Oracle Updates for Multiple Vulnerabilities TA09-343A: Adobe Flash Vulnerabilities Affect Flash Player and Adobe AIR TA09-342A: Microsoft Updates for Multiple Vulnerabilities TA09-314A: Microsoft Updates for Multiple Vulnerabilities |
US-CERT Alerts
| US-CERT Cyber Security Tips describe and offer advice about common security issues for non-technical computer users. Tips are restricted to a single topic, although complex issues may span multiple tips. Each tip builds upon the knowledge, both terminology and content, of those published prior to it. |
| US-CERT Cyber Security Tips |
|---|
| XML ST05-003: Securing Wireless Networks ST04-022: Understanding Your Computer: Web Browsers ST04-021: Understanding Your Computer: Operating Systems ST04-020: Protecting Portable Devices: Data Security ST04-019: Understanding Encryption ST04-018: Understanding Digital Signatures ST04-017: Protecting Portable Devices: Physical Security ST04-016: Recognizing and Avoiding Spyware ST04-015: Understanding Denial-of-Service Attacks ST04-014: Avoiding Social Engineering and Phishing Attacks |
| SANS Internet Storm Center, InfoCON: green |
|---|
| XML Reminder: Daylight Saving Time starts tonight in several countries. See http://www.timeanddate.com/time/dst2010.html for more details., (Sun, Mar 14th) Evil Sports Sites, (Sat, Mar 13th) One of our regular readers submitted a Google query to us that points to yet another temptation that the criminals are taking advantage of - the March Madness basketball tournaments here in the USA. I'm sure that other sporting events are just as popular with the scammers and crooks. If you want to check out the fun, put this into your browser: http://www.google.com/search?q=big+ten+tournament+2010+wiki We trust that you are not crazy enough to click on the links that Google marks as hazardous to your computer's health, but if you do and you net something really cool that you'd like to analyze, please let us know what you uncover. Use the comment feature below or send us a note via our contact form. Thanks Melvin for the info! Marcus H. Sachs Director, SANSInternet Storm Center Firebug 1.5.3 is out. See http://blog.getfirebug.com/2010/03/12/firebug-1-5-3/ , (Sat, Mar 13th) A new version of Safari is out. Looks like for Mac and Windows. Plenty of security fixes (mostly for Windows Safari users http://support.apple.com/kb/HT4070 ), (Thu, Mar 11th) Firefox 3.6 is being pushed out to users. http://www.mozilla.com/en-US/firefox/3.6/releasenotes/, (Fri, Mar 12th) Interesting SKYPE SPIM., (Thu, Mar 11th) Earlier this week Jared sent us an interesting SKYPE spim. Isuspect this was sent using the Skype IMbot discussed in the previous diary. This one was a social engineering attempt to get the recipient to load scareware or fakeAV. Like most of these sites it had some java that is intended to simulate an antivirus scan. The scan is free of course. Everyone that gets scanned by this junk is infected. Getting cleaned of your viruses costs since you have to buy the commercial version to clean your infection. They have nice little functions like hideActiveXDialog and a doUpdatePercents which simply counts off tics to make it appear they are scanning the system. Then they throw up a banner2.jpg which is a warning that you have a bunch of scarey viruses including System Soap Pro, AntiLamer Light, MC 30 day, SoftEther, I-Worm.NetSky.q, I-Worm.Bagle.n, Tofger-A, Zinx-A, B-S Spy 1.90 and KrAIMer 1.1 Some of those names are known malware others appear to have been made up to insult anyone that gets this message. Who came up with System Soap, AntiLamer, SoftEther or BS spy. Here is the text that was sent out to entice victims to pay for this LAME fake AV. WINDOWS REQUIRES IMMEDIATE ATTENTION URGENT SYSTEM SCAN NOTIFICATION ! PLEASE READ CAREFULLY !! hxxp://www.onlineck.org For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser ! FULL DETAILS OF SCAN RESULT BELOW **************************************** WINDOWS REQUIRES IMMEDIATE ATTENTION ATTENTION ! Security Center has detected malware on your computer ! Affected Software: Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Impact of Vulnerability: Remote Code Execution / Virus Infection / Unexpected shutdowns Recommendation: Users running vulnerable version should install a repair utility immediately Your system IS affected, download the patch from the address below ! Failure to do so may result in severe computer malfunction. http://www.onlineck.org/ For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser! New version of foxit pdf reader available. http://www.foxitsoftware.com/downloads/index.php, (Thu, Mar 11th) Cert write up on Skype IMBot Logic and Functionality., (Thu, Mar 11th) CERT.at has provided a good technical analysis of a Skype IMBot. The authors, Christian Wojner, L. Aaron Kaplan, did a good job of analysis of this IMBot. They also swapped notes with Aaron Hackworth of secureworks.com. Such public/private collaboration I find to be very encouraging. This is a fairly new vector. I have seen other IM based malware using skype IM so its not brand new but not too common yet either. The malware detects many Reverse Engineering applications and attempts to make the system unbootable if any type of RE is detected. It uses a new (novel) method to hide its processes/files. It scans local networks for 445 probably to exploit one of the many Microsoft vulnerabilities that can be exploited via that service. It uses conficker like encryption. It had logic to infect usb drives. I really enjoyed this analysis as it included some interesting approaches and pointed to functionality that appeared to be in the bot but they were unable to trigger within their RE environment. http://cert.at/static/downloads/papers/cert.at-an_analysis_of_the_skype_imbot_logic_and_functionality_1.2.pdf One a day keeps the hackers away. Read our discussion of the top 25 coding errors in the appsec streetfighter blog http://appsecstreetfighter.com ., (Thu, Mar 11th) ------ Johannes B. Ullrich, Ph.D. SANS Technology Institute What's My Firewall Telling Me? (Part 4), (Wed, Mar 10th) Theres been a lot of discussion about the recent stories on parsing firewall logs - Marks story at http://isc.sans.org/diary.html?storyid=8293 , Daniels story at http://isc.sans.org/diary.html?storyid=8347 , and Kyles at http://isc.sans.org/diary.html?storyid=8362 have covered a number of methods and tools for plumbing the depths of your firewall logs. In these stories, its been stressed that theres gold in them there logs! Reviewing your logs is legally required under several regulatory frameworks, and just plain makes sense reviewing inbound and outbound traffic is an excellent way to find stuff being sent or received that shouldnt be happening, finding malware or finding violations of corporate policies. But, you say, thats all great, but many firewall logs are over 500MB per day, and if you're not a command line guru with grep, uniq, sort, awk or perl, what do you do? Or what if the firewall log output is just so much scrambled eggs to you? How are you supposed to plow through all that text and data for the few pearls that you can expect to find that might indicate a problem? For me, the answer is easy, use tools that summarize Netflow data. Netflow is a facility that is available on many network devices that examines all the traffic through the device interfaces, and summarizes it by source and destination IP address, as well as source and destination port and how much data was sent or received.. It then sends this summarized data to a server application called a Netflow Collector. Netflow is generally associated with Cisco gear, but there is an RFC equivalent in sFlow (RFC 3176) that is implemented by many other vendors, or a Juniper specific version in jFlow. Continuing on, the Netflow collector then stashes this data into a database, and then gives you a nice web front-end to the data, allowing you to slice and dice the addresses and associated values in prepackaged reports, or do ad-hoc queries. So if you want to see why internet bandwidth was maxed out last Tuesday over lunch, who the culprit was and what they were doing, its a piece of easy! It sounds complicated, but in practice its generally about 4-5 lines of config on the device (router, switch or firewall - check your documentation for specifics), and a GUI setup on the server. There are lots of Netflow Collector apps out there, I wont start the religious war of stating that one is better than another I use any one of 7 or 8 different ones, depending on which client Im working with that day. Lets take a look at a typical lets review the firewall activity session that you might have as part of your daily routine. This data is from a client site where I set Netflow up last week, I was going through an orientation session with the client IT Team (which is also the Incident Handling team at this organization), as well as using the tool in response to widespread user complaints about internet performance issues. Lets start at the TCP applications (aka sort data by TCP destination port)screen in this example were just looking at the data from the last hour, for the inside interface of the firewall. On the face of it, all looks well, all the usual suspects are there, but lets dig a bit deeper lets take a closer look at SMTP. The SMTP traffic looks pretty much as we expected lots and lots of mail being sent from the mail server ( 10.0.0.73 ). But hey whats that station 10.0.0.233? - should there be another SMTPsender? After some digging, it turns out we had a workstation using a personal POP/SMTP email client from work this was a clear violation of the Acceptable Use Policy at this organization. Lets go back to the main screen, and dig into the TCP_App section, which is the bit bucket that this particular Netflow application puts things into when it doesnt recognize what the target tcp port is. Jackpot! What we have here is a number of stations, all running peer-to-peer applications (each line is a different target ip address). This was no surprise two days after the Oscars, but this is another clear violation of this Organizations Acceptable Use Policy, and one of the best ways to introduce malware into the Organization as well. Not only that, it takes LOTS of bandwidth and LOTS of address translation resources (aka memory)at the firewall sessions like this can easily affect Internet performance for the entire corporation. Depending on the country, this might be a great way to get sued under copyright infringement as well ! Now lets look at the data a bit differently lets look at session totals over the last hour by IPaddress, sorted by volume. Take a look at that first line thats a station on the inside, using an anonymizer proxy out on the internet (tcp/8080). OUCH thats someone who is not only violating policy, theyre knowingly trying to cloak their actions. Theyre also the heaviest user in the last hour. Again, were 2 days after the Oscars, so its no mystery what that 200mb session is all about. But on any other week, there would be a real chance of finding some call the cops type illegal activity going on with proxy sessions like this. Needless to say, after this short exploration, we're working on a egress filter for this firewall. The we trust our usersposition not only ignores the fact that even if you trust your users, trusting your users' malware should be part of your business model, but as you can see from this, you can't trust (all of)your users either. You can see from this that using a good Netflow Collector application will give you a great window into the traffic transiting your firewall or router, pretty much as granular as you want to be. We collected all this data in about 10 minutes, running a tutorial for the IT group at the same time. I still use grep, awk and the rest more than I use Netflow, but a good Netflow app can give you nice management style reports, historical queries into your router or firewall data and really granular analysis with almost no time investment. If you're not a CLIperson, Netflow can go a long way towards getting you really deep into your firewall activity. =============== Rob VandenBrink, Metafore ============== |
 |
| Free content directory of security related articles. All items are available for publication and can be reprinted free of charge as long as the author box remains intact. Build content for your website quickly and easily! Webmasters can take the articles included in this section and incorporate them on their website at no charge whatsoever, as long as the about the author box remains intact. |
| Avira - Latest Security News |
|---|
| Last updated: Tue, 09 Mar 2010 13:59:56 +0200 |
| XML Avira protects from PDF Exploit 9 March 2010 - Malicious PDF files abuse a vulnerability in Adobe Reader and Acrobat which was recently fixed by Adobe Complete Article - Avira protects from PDF Exploit Published:Tue, 09 Mar 2010 00:00 +0200 Fake anti-virus solutions imitate Avira 12 February 2010 – Cybercriminals are imitating the look of Avira products to help them spread their fraudulent and useless pseudo security solutions Complete Article - Fake anti-virus solutions imitate Avira Published:Fri, 12 Feb 2010 00:00 +0200 Infected Firefox Add-on: Avira protects 09 February 2010 – On the servers of the Mozilla Foundation an infected Firefox Add-on was available for download which Avira antimalware solutions already detected Complete Article - Infected Firefox Add-on: Avira protects Published:Wed, 10 Feb 2010 00:00 +0200 Cybercriminals phishing for Skype logins 02 February 2010 – Avira is issuing a warning against phishing mails that are being used by criminals in an attempt to access Skype logins Complete Article - Cybercriminals phishing for Skype logins Published:Tue, 02 Feb 2010 00:00 +0200 Avira protects from Zimuse worm 26 January 2010 – The worm Zimuse is overwriting the master boot record from the hard disk so that the system won’t start anymore Complete Article - Avira protects from Zimuse worm Published:Tue, 26 Jan 2010 00:00 +0200 |
 |
| Use Avira's Latest Threats RSS to keep track of the newest multi-language malware descriptions posted on our website automatically. For details, plese visit our website: www.avira.com. |
| Avira - Latest Threats Descriptions |
|---|
| Last updated: Fri, 05 Mar 2010 11:29:57 +0100 |
| XML Worm/IrcBot.26624 Danger Level: Medium Threat VDF version: 7.00.01.68 Published date: Thu, 04 Mar 2010 18:18 +0100 Complete description for this threat can be found here. Published:Thu, 04 Mar 2010 18:18 +0100 EXP/Pdfka.bmq Danger Level: Low to Medium Threat VDF version: 7.10.04.82 Published date: Thu, 04 Mar 2010 17:50 +0100 Complete description for this threat can be found here. Published:Thu, 04 Mar 2010 17:50 +0100 W32/Expiro.C Danger Level: Medium Threat VDF version: 7.00.05.147 Published date: Thu, 04 Mar 2010 09:49 +0100 Complete description for this threat can be found here. Published:Thu, 04 Mar 2010 09:49 +0100 Worm/Autorun.fbn Danger Level: Medium Threat VDF version: 7.01.02.76 Published date: Thu, 04 Mar 2010 08:13 +0100 Complete description for this threat can be found here. Published:Thu, 04 Mar 2010 08:13 +0100 Worm/Autorun.abji Danger Level: Medium Threat VDF version: 7.01.02.121 Published date: Thu, 04 Mar 2010 07:54 +0100 Complete description for this threat can be found here. Published:Thu, 04 Mar 2010 07:54 +0100 |
 |
| SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs. |
| SecurityFocus Vulnerabilities |
|---|
| XML Vuln: Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability Vuln: MoinMoin Multiple Unspecified Security Vulnerabilities MoinMoin Multiple Unspecified Security Vulnerabilities Vuln: Linux Kernel Subsystem Connector Missing Capability Check Security Bypass Vulnerabilities Linux Kernel Subsystem Connector Missing Capability Check Security Bypass Vulnerabilities Vuln: Linux Kernel PI Futex Invalid Pointer Dereference Local Denial of Service Vulnerability Linux Kernel PI Futex Invalid Pointer Dereference Local Denial of Service Vulnerability Bugtraq: VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow Vulnerability VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow Vulnerability Bugtraq: [XSS] I found a xss in phpmyadmin 3.3.0 when we create new database in interface! [XSS] I found a xss in phpmyadmin 3.3.0 when we create new database in interface! Bugtraq: [SECURITY] [DSA 2014-1] New moin packages fix several vulnerabilities [SECURITY] [DSA 2014-1] New moin packages fix several vulnerabilities Bugtraq: [USN-911-1] MoinMoin vulnerabilities [USN-911-1] MoinMoin vulnerabilities More rss feeds from SecurityFocus News, Infocus, Columns, Vulnerabilities, Bugtraq ... |
