News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
October 22, 2014, 20:31:36
Pages: 1 ... 14 15 [16] 17 18 ... 21   Go Down
  Print  
Topic: MS Security Advisories  (Read 132075 times)
0 Members and 1 Guest are viewing this topic.
« Reply #225 on: September 15, 2011, 09:33:37 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2269637
V10.0 (September 13, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-071, "Vulnerability in Windows Components Could Allow Remote Code Execution;" and MS11-073, "Vulnerabilities in Microsoft Office Could Allow Remote Code Execution."
- https://technet.microsoft.com/en-us/security/bulletin/ms11-071
- https://technet.microsoft.com/en-us/security/bulletin/ms11-073

Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/en-us/security/advisory/2607712
V4.0 (September 13, 2011): Revised to announce the release of the KB2616676 update that addresses the issue described in this advisory.
V4.1 (September 13, 2011): Revised to announce the availability of the KB2616676 update for the Windows Developer Preview release. See the Update FAQ in this advisory for more information.
V5.0 (September 19, 2011): Revised to announce the re-release of the KB2616676 update. See the Update FAQ in this advisory for more information.
- http://support.microsoft.com/kb/2616676
September 19, 2011 - Revision: 4.0

- https://blogs.technet.com/b/msrc/archive/2011/09/19/cumulative-non-security-update-protects-from-fraudulent-certificates.aspx
19 Sep 2011
___

- https://www.computerworld.com/s/article/9220121/Microsoft_fixes_SSL_kill_switch_blooper
September 19, 2011 - "... the update (MS) shipped to Windows XP and Server 2003 users last Tuesday was flawed..."

 Sad  Exclamation
« Last Edit: September 20, 2011, 06:41:59 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #226 on: September 26, 2011, 18:26:11 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



FYI...

Microsoft Security Advisory (2588513)
Vulnerability in SSL/TLS Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/security/advisory/2588513
September 26, 2011 - "Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not specific to the Windows operating system. This is an information disclosure vulnerability that allows the decryption of encrypted SSL/TLS traffic. This vulnerability primarily impacts HTTPS traffic, since the browser is the primary attack vector, and all web traffic served via HTTPS or mixed content HTTP/HTTPS is affected. We are not aware of a way to exploit this vulnerability in other protocols or components and we are not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Mitigating Factors:
  The attack must make several hundred HTTPS requests before the attack could be successful.
  TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected..."
(More detail at the URL above.)

- http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
26 Sep 2011
___

- http://www.secureworks.com/research/blog/general/transitive-trust-and-ssl-cert/
Sep 9, 2011
___

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389
Last revised: 10/03/2011
CVSS v2 Base Score: 4.3 (MEDIUM)

- https://www.kb.cert.org/vuls/id/864643
Date Last Updated: 2011-09-29

 Neutral
« Last Edit: October 03, 2011, 15:30:27 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #227 on: October 11, 2011, 05:27:14 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



FYI...

MS SIRv11 available
- https://blogs.technet.com/b/mmpc/archive/2011/10/11/new-microsoft-security-intelligence-report-volume-11-now-available.aspx
11 Oct 2011
> http://www.microsoft.com/security/sir/default.aspx

Malware detected by MSRT H1-2011
> http://www.microsoft.com/security/portal/blog-images/SIR11/SIR11_chart.png
___

- http://h-online.com/-1360430
13 October 2011

 Exclamation
« Last Edit: October 13, 2011, 06:38:50 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #228 on: October 12, 2011, 06:18:39 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2269637
Updated: Tuesday, October 11, 2011
V11.0: Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-075, "Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution;" and MS11-076, "Vulnerability in Windows Media Center Could Allow Remote Code Execution."

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #229 on: November 03, 2011, 17:21:22 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



FYI...

Microsoft Security Advisory (2639658)
Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/security/advisory/2639658
V1.0 (November 3, 2011): Advisory published.
V1.1 (November 3, 2011): Added localization notation to the Workarounds section.
V1.2 (November 4, 2011): Revised the workaround, Deny access to T2EMBED.DLL, to improve support for non-English versions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. Customers with non-English versions of Microsoft Windows should reevaluate the applicability of the revised workaround for their environment.
V1.3 (November 8, 2011): Added link to MAPP Partners with Updated Protections in the Executive Summary.

November 03, 2011 - "Microsoft is investigating a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs...
Workarounds: Deny access to T2EMBED.DLL
Note: See Microsoft Knowledge Base Article 2639658* to use the automated Microsoft Fix it solution to enable or disable this workaround to deny access to t2embed.dll..."
- http://support.microsoft.com/kb/2639658#FixItForMe
November 3, 2011 - Revision: 1.0
Impact of Workaround. Applications that rely on embedded font technology will fail to display properly.

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3402
Last revised: 11/07/2011
CVSS v2 Base Score: 9.3 (HIGH)
___

- https://secunia.com/advisories/46724/
Last Update: 2011-11-07
Criticality level: Extremely critical
Impact: System access
Where: From remote...
CVE Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3402
... Reported as a 0-day.
Solution: Apply the Microsoft Fix it*...
* http://support.microsoft.com/kb/2639658#FixItForMe

- http://www.securitytracker.com/id/1026271
Updated: Nov 4 2011
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes  
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs...
... A remote user can create a specially crafted document that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with kernel level privileges. The vulnerability resides in the Win32k.sys kernel driver in the parsing of TrueType fonts...

NOTE: "... The vulnerability cannot be exploited automatically via email unless the user opens an attachment sent in an email message..."
Per: https://isc.sans.edu/diary.html?storyid=11950

U.S.CERT: Critical alert
- https://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf
November 1, 2011

 Exclamation Exclamation
« Last Edit: November 09, 2011, 09:34:21 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #230 on: November 09, 2011, 16:53:41 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2269637
V12.0 (November 8, 2011): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS11-085*, "Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution."
* https://technet.microsoft.com/en-us/security/bulletin/ms11-085

Microsoft Security Advisory (2639658)
Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/security/advisory/2639658
V1.4 (November 11, 2011): Revised impact statement for the workaround, Deny access to T2EMBED.DLL, to address applications that rely on T2EMBED.DLL for functionality.
"... vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability..."
> http://support.microsoft.com/kb/2639658#FixItForMe

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3402
Last revised: 11/07/2011
CVSS v2 Base Score: 9.3 (HIGH)

- http://labs.m86security.com/2011/11/truetype-but-not-truly-safe-the-new-zero-day-event/
November 8th, 2011
___

A simple test of the Duqu workaround...
- http://blogs.computerworld.com/19256/a_simple_test_insures_the_duqu_workaround_is_working
November 12, 2011

 Neutral
« Last Edit: November 15, 2011, 04:07:03 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #231 on: November 10, 2011, 15:08:03 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



FYI...

Microsoft Security Advisory (2641690)
Fraudulent Digital Certificates Could Allow Spoofing
* http://technet.microsoft.com/security/advisory/2641690
November 10, 2011 - "... The majority of customers have automatic updating enabled and will not need to take any action because the KB2641690 update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually..."

- http://support.microsoft.com/kb/2641690
November 10, 2011 Rev 1.0 - "Microsoft has released a Microsoft security advisory about this issue for IT professionals. This update is released for all supported versions of Microsoft Windows. This update revokes the trust of the following DigiCert Sdn. Bhd intermediate certificates by putting them in the Microsoft Untrusted Certificate Store:
    Digisign Server ID (Enrich) issued by Entrust.net Certification Authority (2048)
    Digisign Server ID (Enrich) issued by GTE CyberTrust Global Root
The security advisory* contains additional security-related information..."

- https://blogs.technet.com/themes/blogs/generic/post.aspx?WeblogApp=msrc&y=2011&m=11&d=10&WeblogPostName=microsoft-releases-security-advisory-2641690-updates-untrusted-certificate-store&GroupKeys=
10 Nov 2011
___

- https://www.us-cert.gov/current/#fraudulent_digital_certificates_could_allow
November 10, 2011

 Exclamation
« Last Edit: November 11, 2011, 04:08:24 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #232 on: November 17, 2011, 12:25:19 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



FYI...

Microsoft Security Advisory (2641690)
Fraudulent Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/en-us/security/advisory/2641690
V2.0 (November 16, 2011): Revised to announce the re-release of the KB261690 update. See the Update FAQ in this advisory for more information. Also, added link to Microsoft Knowledge Base Article 2641690* under Known Issues in the Executive Summary.
* http://support.microsoft.com/kb/2641690
November 16, 2011 - Revision: 5.1
"... Before November 16, 2011, Microsoft Windows Server Update Services (WSUS) server customers experienced problems with the versions of update 2641690 for Windows XP x64 and for Windows Server 2003. On November 16, 2011, we re-released update 2641690 to address this issue for Windows XP x64 and for all editions of Windows Server 2003. Most systems have automatic updating enabled. If you do have automatic updating enabled, you do not have to take any action because update 2641690 will be installed automatically. All releases of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2 are not affected by this issue..."

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #233 on: November 25, 2011, 06:07:01 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



FYI...     http://windowssecrets.com/category/patch-watch/

... Regularly updated problem-patch chart
>> http://windowssecrets.com/newsletter/everyone-gets-a-small-holiday-ae%E2%80%9D-from-patching/#patch5
2011-11-23 - "... table provides the status of problem Windows patches reported in previous Patch Watch columns. Patches listed... as safe to install will be removed from the next updated table...
[ i.e.] Microsoft Security Bulletin MS11-069 - Moderate
Vulnerability in .NET Framework Could Allow Information Disclosure (2567951)
* https://technet.microsoft.com/en-us/security/bulletin/ms11-069
'Published: Tuesday, August 09, 2011 | Updated: Wednesday, October 26, 2011 ...
Revisions:
V1.0 (August 9, 2011): Bulletin published.
V1.1 (August 23, 2011): Added an update FAQ to announce a detection change for KB2539636 that corrects an installation issue. This is a detection change only. There were no changes to the security update files. Customers who have already successfully updated their systems do not need to take any action.
V1.2 (October 26, 2011): Corrected Server Core installation applicability for .NET Framework 4 on Windows Server 2008 R2 for x64-based Systems...'

Status recommendations: Skip* patch not needed; Hold do not install until its problems are resolved; Wait hold off temporarily while the patch is tested; Optional not critical, use if wanted; Install OK to apply..."

 Neutral
« Last Edit: November 26, 2011, 18:47:50 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #234 on: December 01, 2011, 11:39:00 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



MS Security Advisory updates:

Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
- https://technet.microsoft.com/en-us/security/advisory/2639658
V2.0 (December 13, 2011): Advisory updated to reflect publication of security bulletin. MS11-087.
- https://technet.microsoft.com/en-us/security/bulletin/ms11-087

Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2269637
V13.0 (December 13, 2011): Added the following Microsoft Security Bulletins to the Updates relating to Insecure Library Loading section: MS11-099, "Cumulative Security Update for Internet Explorer;" and MS11-094, "Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution."
- https://technet.microsoft.com/en-us/security/bulletin/ms11-099
- https://technet.microsoft.com/en-us/security/bulletin/ms11-094
___

Insecure library loading - verified Secunia List
- https://secunia.com/community/advisories/windows_insecure_library_loading/
Number of products affected: 293
Number of vendors affected: 113
Number of Secunia Advisories issued: 215
Solution Status ...
___

> http://windowssecrets.com/newsletter/building-your-own-xp-service-pack-4/#inthe3
2011-12-01 - "... The workaround** denies access to t2embed.dll, causing the Duqu exploit to fail. But the Duqu Fix it also has an odd characteristic: it prompts Windows XP users to download two older Microsoft patches, MS10-001 (KB 972270) and MS10-076 (KB 982132) patches most XP users have presumably already installed..."
** http://support.microsoft.com/kb/2639658#FixItForMe

Free Duqu detector from CrySyS
> http://windowssecrets.com/newsletter/building-your-own-xp-service-pack-4/#inthe2
2011-12-01 - "... To see whether your system is vulnerable to Duqu, you can obtain a free Duqu detector from CrySyS*..."
* http://www.crysys.hu/duqudetector.html

 Exclamation
« Last Edit: January 26, 2012, 03:39:15 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #235 on: December 28, 2011, 12:27:41 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



FYI...

- http://boards.cexx.org/index.php?topic=19076.msg83055#msg83055
Dec 29, 2011

- https://www.us-cert.gov/current/#multiple_vendors_vulnerable_to_hash
Dec. 29, 2011

- http://h-online.com/-1401863
Dec. 29, 2011
___

Microsoft Security Advisory (2659883)
Vulnerability in ASP.NET Could Allow Denial of Service
- https://technet.microsoft.com/en-us/security/advisory/2659883
December 28, 2011 - "Microsoft is aware of detailed information that has been published describing a new method to exploit hash tables. Attacks targeting this type of vulnerability are generically known as hash collision attacks. Attacks such as these are not specific to Microsoft technologies and affect other web service software providers. This vulnerability affects all versions of Microsoft .NET Framework and could allow for an unauthenticated denial of service attack on servers that serve ASP.NET pages. Sites that only serve static content or disallow dynamic content types listed in the mitigation factors below are not vulnerable.
The vulnerability exists due to the way that ASP.NET processes values in an ASP.NET form post causing a hash collision. It is possible for an attacker to send a small number of specially crafted posts to an ASP.NET server, causing performance to degrade significantly enough to cause a denial of service condition. Microsoft is aware of detailed information available publicly that could be used to exploit this vulnerability but is not aware of any active attacks.
Details of a workaround to help protect sites against this vulnerability are provided in this article. Individual implementations for sites using ASP.NET will vary and Microsoft strongly suggests customers evaluate the impact of the workaround for applicability to their implementations...
Workarounds - Configuration-based workaround
 The following workaround configures the limit of the maximum request size that ASP.NET will accept from a client. Decreasing the maximum request size will decrease the susceptibility of the ASP.NET server to a denial of service attack..."
- http://support.microsoft.com/kb/2659883
December 28, 2011 - Revision: 2.0

- http://www.kb.cert.org/vuls/id/903934
2011-12-28

- https://isc.sans.edu/diary.html?storyid=12286
Last Updated: 2011-12-28 23:02:14 UTC ...(Version: 2)
___

- https://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx?Redirected=true
27 Dec 2011 10:29 PM - "...if your website does need to accept user uploads, this workaround is likely to block legitimate requests. In that case, you should not use this workaround and instead wait for the comprehensive security update*..."
* Advanced Notification for out-of-band release to address Security Advisory 2659883
- https://blogs.technet.com/b/msrc/archive/2011/12/28/advanced-notification-for-out-of-band-release-to-address-security-advisory-2659883.aspx?Redirected=true
28 Dec 2011 7:51 PM - "...  The release is scheduled for December 29... The bulletin has a severity rating of Critical..."
___

- http://www.securitytracker.com/id/1026469
CVE Reference: CVE-2011-3414
Date: Dec 28 2011
Impact: Denial of service via network...

- http://www.ocert.org/advisories/ocert-2011-003.html
2011-12-28

- https://secunia.com/advisories/47323/ | https://secunia.com/advisories/47404/
- https://secunia.com/advisories/47405/ | https://secunia.com/advisories/47406/
- https://secunia.com/advisories/47407/ | https://secunia.com/advisories/47408/
- https://secunia.com/advisories/47411/ | https://secunia.com/advisories/47413/
- https://secunia.com/advisories/47414/ | https://secunia.com/advisories/47415/
Release Date: 2011-12-29

 Sad Questioning or Suspicious
« Last Edit: December 29, 2011, 13:05:17 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #236 on: January 10, 2012, 14:35:59 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



FYI...

Microsoft Security Advisory (2588513)
Vulnerability in SSL/TLS Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/security/advisory/2588513
Published: Monday, September 26, 2011 | Updated: Tuesday, January 10, 2012 - "We have issued MS12-006* to address this issue..."
* https://technet.microsoft.com/en-us/security/bulletin/ms12-006

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389

* http://boards.cexx.org/index.php?topic=19084.0

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #237 on: January 19, 2012, 16:52:18 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



FYI...

Microsoft Security Advisory (2641690)
Fraudulent Digital Certificates Could Allow Spoofing
- https://technet.microsoft.com/en-us/security/advisory/2641690
V3.0 (January 19, 2012): Revised to announce the release of an update for Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices.

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #238 on: March 13, 2012, 14:07:27 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



FYI...

Microsoft Security Advisory (2647518)
Update Rollup for ActiveX Kill Bits
- https://technet.microsoft.com/en-us/security/advisory/2647518
March 13, 2012

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2269637
V15.0 (March 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-022*, "Vulnerability in Expression Design Could Allow Remote Code Execution."
* https://technet.microsoft.com/en-us/security/bulletin/ms12-022

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #239 on: March 16, 2012, 07:36:29 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8345



FYI...

MS12-020 - MS RDP ...
- https://isc.sans.edu/diary.html?storyid=12805
Last Updated: 2012-03-16 15:26:16 UTC - "... proof-of-concept is out..."

- https://isc.sans.edu/diary.html?storyid=12808
Last Updated: 2012-03-17 00:18:07 UTC

- http://atlas.arbor.net/briefs/index#-700023003
Severity: Extreme Severity
March 16, 2012 01:36

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0002
Last revised: 03/15/2012
CVSS v2 Base Score: 9.3 (HIGH)

> http://boards.cexx.org/index.php?topic=19103.0

 Shocked
« Last Edit: March 16, 2012, 23:15:31 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: 1 ... 14 15 [16] 17 18 ... 21   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Page created in 1.534 seconds with 20 queries.