Tech Talk

[Microsoft Security Advisory 2757760]

FYI...

Microsoft Security Advisory 2757760 - FixIt available
Vulnerability in Internet Explorer could allow remote code execution
- https://technet.microsoft.com/en-us/security/advisory/2757760
V1.2 (Sep 19, 2012): Added link to Microsoft Fix it solution, "Prevent Memory Corruption via ExecCommand in Internet Explorer," that prevents exploitation of this issue.
"... use the automated Microsoft Fix it solution to enable or disable this workaround..."
> http://support.microsoft.com/kb/2757760#FixItForMe
Last Review: September 20, 2012 - Revision: 2.0
"... click the Fix it button or link under the Enable heading..."
Microsoft Fix it 50939

 

[Microsoft Security Advisory (2757760)]

FYI...

Microsoft Security Advisory (2757760)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- https://technet.microsoft.com/en-us/security/advisory/2757760
V2.0 (Sep 21, 2012): Advisory updated to reflect publication of security bulletin.
"... We have issued MS12-063* to address this issue..."
* https://technet.microsoft.com/en-us/security/bulletin/ms12-063
Sep 21, 2012 - "... rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows..."

- https://blogs.technet.com/b/msrc/archive/2012/09/21/microsoft-releases-ms12-063-cumulative-security-update-for-internet-explorer.aspx?Redirected=true
21 Sep 2012

- http://atlas.arbor.net/briefs/index#1229731326
Severity: Extreme Severity
Sep 21, 2012
MS12-063 patches the recent 0day security hole in Internet Explorer along with other security holes.
Analysis: The exploit for one of the now-patched security holes was first found and reported last week and was apparently used in targeted attacks. One of the actions of at least one group of attackers was the installation of the Poison Ivy Remote Access Trojan (RAT). The exploit for this issue was soon revealed to the public and a Metasploit module was developed, allowing anyone to gain access to the exploit code for any purpose...

> https://update.microsoft.com/
___

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
- https://technet.microsoft.com/en-us/security/advisory/2755801
Sep 21, 2012 - "... availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10... The update addresses the vulnerabilities described in Adobe security bulletins APSB12-18 and APSB12-19. As of the release of this update, CVE-2012-1535* is known to be under active attack. For more information about this update, including download links, see Microsoft Knowledge Base Article 2755399**... Customers with Windows 8 Release Preview and Windows Server 2012 Release Candidate are encouraged to apply the update to their systems. The update is only available on Windows Update**..."
** http://go.microsoft.com/fwlink/?LinkId=21130

* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1535 - 9.3 (HIGH)
Last revised: 08/15/2012
** http://support.microsoft.com/kb/2755399
Sep 21, 2012
- https://blogs.technet.com/b/msrc/archive/2012/09/21/security-advisory-2755801-addresses-adobe-flash-player-issues.aspx?Redirected=true
21 Sep 2012

- http://atlas.arbor.net/briefs/index#1045103976
Severity: Elevated Severity
Sep 21, 2012
Microsoft releases a security update to Flash player.
Analysis: This patch resolves security issues patched by Adobe in August 2012 for Internet Explorer 10 on Windows 8. This includes the following CVE's: CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168, CVE-2012-4171. Attacks on the CVE-2012-1535 vulnerability are actively underway...

 

[Microsoft Security Advisory (2749655)]

FYI...

Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.microsoft.com/en-us/security/advisory/2749655
October 09, 2012 - "... For more information about the update, please see Microsoft Knowledge Base Article 2749655*..."
* http://support.microsoft.com/kb/2749655

Security Advisory 2749655 and timestamping
- https://blogs.technet.com/b/srd/archive/2012/10/09/security-advisory-2749655-and-timestamping.aspx?Redirected=true
9 Oct 2012 - "... due to a clerical error, a subset of binaries processed by the PRSS lab between June 12, 2012 and August 14, 2012 were digitally signed in an incorrect manner... we are re-releasing an initial batch of four security updates -- MS12-053, MS12-054, MS12-055, and MS12-058 -- with new digital signatures, each of which has been timestamped with a proper timestamping certificate. We are continuing our investigation and expect to re-release additional bulletins as needed in months to come..."
___

Microsoft Security Advisory (2737111)
Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2737111
• V3.0 (October 9, 2012): Advisory updated to reflect publication of security bulletin* for Microsoft FAST Search Server 2010 for SharePoint.
* http://technet.microsoft.com/en-us/security/bulletin/ms12-067

Microsoft Security Advisory (2661254)
Update For Minimum Certificate Key Length
- http://technet.microsoft.com/en-us/security/advisory/2661254
• V2.0 (October 9, 2012): Revised advisory to re-release the KB2661254 update for Windows XP and to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. Customers who previously applied the KB2661254 update do not need to take any action. See advisory FAQ for details.

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe -Flash- Player in IE 10
* https://technet.microsoft.com/en-us/security/advisory/2755801
Updated: Oct 08, 2012 - "... Microsoft recommends that customers apply the current update -immediately- using update management software, or by checking for updates using the Microsoft Update service. Since the update is cumulative, only the current update will be offered..."
• V2.0 (October 8, 2012): Added KB2758994** to the Current update section.
** http://support.microsoft.com/kb/2758994

 

[Microsoft Security Advisory (2269637)]

FYI...

Microsoft Security Advisory (2269637)
Insecure Library Loading Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2269637
V18.0 (November 13, 2012): Added the following Microsoft Security Bulletin to the Updates relating to Insecure Library Loading section: MS12-074*, "Vulnerabilities in .NET Framework Could Allow Remote Code Execution."
* http://technet.microsoft.com/en-us/security/bulletin/ms12-074

Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.microsoft.com/en-us/security/advisory/2749655
V1.2 (November 13, 2012): Added the KB2687626 update, described in MS12-046*, to the list of available re-releases (List of available re-releases at the URL above).
* http://technet.microsoft.com/en-us/security/bulletin/ms12-046
V2.0 (November 13, 2012): Re-released bulletin to replace the KB2598361 update with the KB2687626** update for Microsoft Office 2003 Service Pack 3 to address an issue with digital certificates described in Microsoft Security Advisory 2749655. See the update FAQ for details.
** http://support.microsoft.com/KB/2687626

.

[Microsoft Security Advisory (2749655)]

FYI...

Microsoft Security Advisory (2749655)
Compatibility Issues Affecting Signed Microsoft Binaries
- http://technet.microsoft.com/en-us/security/advisory/2749655
V2.0 (December 11, 2012): Added the KB2687627 and KB2687497 updates described in MS12-043, the KB2687501 and KB2687510 updates described in MS12-057, the KB2687508 update described in MS12-059, and the KB2726929 update described in MS12-060* to the list of available rereleases.
* http://technet.microsoft.com/en-us/security/bulletin/ms12-060
V2.0 (December 11, 2012): Re-released bulletin to replace the KB2687323 update with the KB2726929 update for Windows common controls on all affected variants of Microsoft Office 2003, Microsoft Office 2003 Web Components, and Microsoft SQL Server 2005.

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.microsoft.com/en-us/security/advisory/2755801
V5.0 (December 11, 2012): Added KB2785605* to the Current update section.
* http://support.microsoft.com/kb/2785605
Dec 11, 2012 - Revision: 1.0
___

The following bulletins have undergone a major revision increment. Please see the appropriate bulletin for more details.

- http://technet.microsoft.com/security/bulletin/MS12-043
- http://technet.microsoft.com/security/bulletin/MS12-050
V2.1 (December 12, 2012): Clarified that the update for Microsoft SharePoint Services 2.0 is available from the Microsoft Download Center only.
- http://technet.microsoft.com/security/bulletin/MS12-057
- http://technet.microsoft.com/security/bulletin/MS12-059
- http://technet.microsoft.com/security/bulletin/MS12-060

 

[MS FixIt released for IE 0-day]

FYI...

MS FixIt released for IE 0-day...
MS Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2794220
V1.1 (December 31, 2012): Added link to Microsoft Fix it* solution, "MSHTML Shim Workaround," that prevents exploitation of this issue.
* http://support.microsoft.com/kb/2794220#FixItForMe
Last Review: Dec 31, 2012 - Rev 1.0
Applies to: IE8, IE7, IE6...

- https://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx?Redirected=true
31 Dec 2012

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4792 - 9.3 (HIGH)
___

- https://windowssecrets.com/windows-secrets/a-windows-patching-december-to-remember/
Jan 2, 2013
> http://www.microsoft.com/security/pc-security/bulletins/201212.aspx

 

[MS Security Advisory (2798897)]

FYI...

MS Security Advisory (2798897)
Fraudulent Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/security/advisory/2798897
Jan 03, 2013 - "Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. To help protect customers from the fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) and is providing an update for all supported releases of Microsoft Windows that removes the trust of certificates that are causing this issue... see Microsoft Knowledge Base Article 2677070 for details..."
* http://support.microsoft.com/kb/2677070
___

- http://h-online.com/-1777291
4 Jan 2013 - "... Mozilla will be adding the two SubCA certificates to its certificate blacklist during its next update, which is due on 8 January... Chrome has also been updated and no longer trusts the SubCA certificates; the company says that when it updates Chrome later in the month it will no longer show Extended Validation status for TURKTRUST issued certificates."

 

[IE FixIt negated with bypass]

FYI...

IE FixIt negated with bypass ...
- http://www.securitytracker.com/id/1027930
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4792 - 9.3 (HIGH)
Updated: Jan 4 2013
Original Entry Date: Dec 30 2012
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes 
Version(s): IE6,7,8
... the vendor has provided the Microsoft Fix it solution, "MSHTML Shim Workaround"... the Microsoft Fix it solution can be bypassed using a variation of the original exploit http://blog.exodusintel.com/2013/01/04/bypassing-microsofts-internet-explorer-0day-fix-it-patch-for-cve-2012-4792/
The vendor's advisory is available at:
http://technet.microsoft.com/en-us/security/advisory/2794220

Mitigation: Use an alternative browser until a full patch is released for this issue.

 

[Microsoft Security Advisory (973811)]

FYI...

Microsoft Security Advisory (973811)
Extended Protection for Authentication
- http://technet.microsoft.com/en-us/security/advisory/973811
• V1.14 (January 8, 2013): Updated the FAQ and Suggested Actions with information about attacks against NTLMv1 (NT LAN Manager version 1) and LAN Manager (LM) network authentication. Microsoft Fix it solutions for Windows XP and Windows Server 2003 are available to help protect against these attacks. Applying these Microsoft Fix it solutions enables NTLMv2 settings required for users to take advantage of Extended Protection for Authentication.

Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in IE 10
- http://technet.microsoft.com/en-us/security/advisory/2755801
• V6.0 (January 8, 2013): Added KB2796096* to the Current update section.
* http://support.microsoft.com/kb/2796096

 

[Microsoft Security Advisory (2798897)]

FYI...

Microsoft Security Advisory (2798897)
Fraudulent Digital Certificates Could Allow Spoofing
- http://technet.microsoft.com/en-us/security/advisory/2798897
V1.1 (January 14, 2013): Corrected the disallowed certificate list effective date to "Monday, December 31, 2012 (or later)" in the FAQ entry, "After applying the update, how can I verify the certificates in the Microsoft Untrusted Certificates Store?"

Microsoft Security Advisory (2794220)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2794220
V2.0 (January 14, 2013): Advisory updated to reflect publication of security bulletin.
MS13-008: http://boards.cexx.org/index.php?topic=19188.msg84259#msg84259

 

[Microsoft Security Advisory (2819682)]

FYI...

Microsoft Security Advisory (2819682)
Security Updates for Microsoft Windows Store Applications
- http://technet.microsoft.com/en-us/security/advisory/2819682
March 26, 2013 - "Microsoft is announcing the availability of security updates for Windows Store applications running on Windows 8, Windows RT, and Windows Server 2012 (Windows Server 2012 Server Core installations are not affected). The updates address vulnerabilities that are detailed in the Knowledge Base articles associated with each update..."
> http://support.microsoft.com/kb/2832006
March 26, 2013 - Revision: 1.0
Applies to:
    Windows RT
    Windows 8
    Windows 8 Enterprise
    Windows 8 Pro
    Windows Server 2012 Datacenter
    Windows Server 2012 Essentials
    Windows Server 2012 Foundation
    Windows Server 2012 Standard
___

- https://secunia.com/advisories/52779/
Release Date: 2013-03-27
Impact: Spoofing
Where: From remote...
Original Advisory:
- http://technet.microsoft.com/en-us/security/advisory/2819682
- http://support.microsoft.com/kb/2832006

 

[MS - End of Support]

FYI...

MS - End of Support ...
- https://blogs.technet.com/b/rmilne/archive/2013/04/08/exchange-support-save-the-date-8th-april-2014.aspx?Redirected=true
8 Apr 2013 - "...
Outlook 2003 will transition out of extended support on 8th of April 2014
Exchange Server 2003 will transition out of extended support on 8th of April 2014
Windows XP will transition out of extended support on 8th of April 2014
Exchange 2010 SP2 will transition out of support on 8th April 2014
And as non Exchange specific item, please also note Windows 2003:
Windows Server 2003 will transition out of extended support on 14th of July 2015 ..."

 

[Microsoft Security Advisory (2847140)]

FYI...

Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
- http://technet.microsoft.com/en-us/security/advisory/2847140
May 03, 2013 - "Microsoft is investigating public reports of a vulnerability in IEv8. Microsoft is aware of attacks that attempt to exploit this vulnerability. Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability.
This is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs..."

- https://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-security-advisory-2847140.aspx?Redirected=true
3 May 2013 - "... impacts Internet Explorer 8... This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message..."
___

- http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/
May 4, 2013

- http://www.invincea.com/2013/05/part-2-us-dept-labor-watering-hole-pushing-poison-ivy-via-ie8-zero-day/
May 3, 2013 - "... driveby download exploit of IE8... to install the Poison Ivy backdoor Trojan..."

- https://www.virustotal.com/en/file/ea80dba427e7e844a540286faaccfddb6ef2c10a4bc6b27e4b29ca2b30c777fb/analysis/
File name: stub.EXE
Detection ratio: 26/46
Analysis date:    2013-05-02

- http://www.securitytracker.com/id/1028514
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1347
May 4 2013
Vendor Confirmed:  Yes  
Version(s): 8
Versions 6, 7, 9, and 10 are not affected.
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: No solution was available at the time of this entry.
The vendor's advisory is available at:
http://technet.microsoft.com/en-us/security/advisory/2847140

- https://secunia.com/advisories/53314/
Release Date: 2013-05-05
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 8.x ...
Reported as a 0-day...

 

[IE8 0-Day update]

FYI...

IE8 0-Day update ...
- https://isc.sans.edu/diary.html?storyid=15734
Last Updated: 2013-05-06 14:33:57 UTC - "... a Metasploit module was released to exploit the recent Internet Explorer 8 vulnerability. The vulnerability has also been assigned CVE-2013-1347..."
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1347 - 10.0 (HIGH)
Last revised: 05/06/2013 - "... as exploited in the wild in May 2013."

- http://technet.microsoft.com/security/advisory/2847140
May 03, 2013

 

[Fix it for IEv8 available]

FYI...

Fix it for IEv8 available
- http://support.microsoft.com/kb/2847140#FixItForMe
Last Review: May 9, 2013 - Revision: 2.0 - "... CVE-2013-1347 MSHTML Shim Workaround... To enable or disable this Fix it solution, click the Fix it button or link under the Enable heading or under the Disable heading, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard..." Microsoft Fix it 50992

- https://blogs.technet.com/b/msrc/archive/2013/05/08/fix-it-for-security-advisory-2847140-is-available.aspx?Redirected=true
8 May 2013 - "... applying the Fix it does not require a reboot. We encourage all customers using Internet Explorer 8 to apply this Fix it to help protect their systems..."

- http://technet.microsoft.com/en-us/security/advisory/2847140
• V1.1 (May 8, 2013): Added link to Microsoft Fix it solution, "CVE-2013-1347 MSHTML Shim Workaround," that prevents exploitation of this issue.

- http://www.securitytracker.com/id/1028514
"... This is currently being actively exploited in targeted attacks. Solution: ... As a workaround apply the Microsoft Fix it solution "CVE-2013-1347 MSHTML Shim Workaround" to mitigate the vulnerability..."