December 18, 2018

Microsoft fixes five Critical vulnerabilities as promised

(LiveHacking.Com) –  As expected Microsoft has released seven bulletins, five to address Critical vulnerabilities and and two for Important vulnerabilities  In total the bulletins address 12 vulnerabilities a variety of products including Microsoft Windows, Internet Explorer (IE), Word and Windows Server.

According to Microsoft the two most important bulletins are MS12-077  – a cumulative security update for Internet Explorer and MS12-079 – a patch to fix a vulnerability in Microsoft Word that could allow remote code execution.

The IE update resolves three privately reported vulnerabilities, the most severe of which could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. The patch for Word resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Office software, or previews or opens a specially crafted RTF email message in Outlook while using Microsoft Word as the email viewer.

The other Critical vulnerabilities are MS12-078 – which fixes vulnerabilities in Windows kernel-mode drivers, MS12-080 – which addresses vulnerabilities in Microsoft Exchange Server and MS12-081 – which resolves a vulnerability in Windows file handling component. All of these three could allow remote code execution if exploited.

Adobe has also released an update to its Flash Player and as a result Microsoft has revised Security Advisory 2755801 to update the built-in version of Flash in Internet Explorer.

Microsoft to patch five critical security flaws in time for the holidays

(LiveHacking.Com) –  Microsoft has published its advance notification for the security vulnerabilities it will fix in December’s patch Tuesday. This month it will release seven security bulletins, five of which are rated as Critical and two as Important. In total these bulletins will address 11 vulnerabilities. The five Critical bulletins will fix security vulnerabilities in Microsoft Windows, Word, Windows Server and Internet Explorer. While the two Important-rated bulletins will resolve issues in Microsoft Windows.

Six of the seven bulletins address vulnerabilities that could allow an attacker to execute arbitrary code on the affected PC. While the other bulletin addresses a “Security Feature Bypass.” When Microsoft talk about a Critical rated vulnerabilities it means a flaw which can be exploited and allow arbitrary code execution without any user interaction. These vulnerabilities can allow self-propagating malware to spread. These types of vulnerabilities are normally exploited without warnings or prompts and can be triggered by browsing to a web page or opening email.

Windows XP is affected by all but one of the Windows related bulletins, as its Windows Server 2003.  Windows Vista, Windows 7 and Windows Server 2008 are likewise affected by four of the five fixes for Windows. For each of the previously mentioned operating systems  bulletin seven (which is rated as Important)  doesn’t apply. However bulletin seven does affect Windows Server 2008 R2 and Windows Server 2012.

Windows 8, Microsoft’s latest operating system which was released in October, is affected by two of the Critical bulletins and just one of Important ones.

Microsoft Office 2003, 2007 and 2010 are all affected by the Critical rated bulletin number three as is Microsoft SharePoint Server 2010 and Microsoft Office Web Apps 2010. Bulletin four deals with Critical issues in Microsoft Exchange Server 2007 and 2010.

“While it may be the most wonderful time of the year, we know it can also be the busiest time of the year,” wrote Dustin Childs from Microsoft. “We recommend that customers pause from searching for those hot new gadgets and review the ANS summary page for more information. Please prepare for bulletin testing and deployment as soon as possible to help ensure a smooth update process.”

Microsoft has scheduled the bulletin release for the second Tuesday of the month, at approximately 10 a.m. PST.

Microsoft to patch critical bugs including first fixes for Windows 8 and Windows 8 RT

(LiveHacking.Com) – Microsoft has published its advance notification for November’s Patch Tuesday. This month the company plans to release six bulletins which will fix 19 separate vulnerabilities. Four of the six bulletins are ranked at Critical and will  address 13 vulnerabilities in Microsoft Windows, Internet Explorer and the .NET Framework. Of the remaining two, the first is rated as Important and will address four vulnerabilities in Microsoft Office and finally, the last bulletin is rated as moderate and will address two issues in Microsoft Windows.

Five of the six bulletins fix vulnerabilities which could allow remote code execution. If exploited it would mean that attackers could use this bugs to install malware on to a vulnerable PC. The first bulletin is for Internet Explorer 9 and applies to Windows Vista and above (as IE9 isn’t available for XP) except for Windows 8 which runs IE10 by default, similarly bulletin three (the moderate update that addresses two issues in Windows) only applies to Windows Vista and above except Windows 8. However the remaining three Windows related bulletins affect all supported versions of Windows from XP upwards.

Microsoft’s latest operating system is not immune to these bugs as Windows 8 receives three critical updates this month. This isn’t surprising as large parts of the code (especially the various libraries  are common across many versions of Windows. What is more surprising is that Windows 8 RT (the version that runs on ARM tablets) receives one critical and one important update. This again highlights the amount of source code shared between the different version and the bugs are related to the platform.

The bulletins are scheduled for release on the second Tuesday of this month, November 13, 2012, at approximately 10 a.m. PST.

Microsoft fixes remote code execution vulnerabilities some of which are already being exploited

(LiveHacking.Com) – As anticipated, Microsoft has released nine security bulletins as part of Patch Tuesday. Of the nine bulletins five are rated as Critical and four as Important. In total they address 26 vulnerabilities in Microsoft Windows, Internet Explorer, Exchange Server, SQL Server, Server Software, Developer Tools, and Office. All of the Critical level bulletins fix Remote Code Execution vulnerabilities.

The first Critical set of fixes (MS12-052) is for Internet Explorer, the most severe of which could allow remote code execution if a user views a specially crafted webpage. The vulnerabilities are rated as Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows XP, Vista and 7. The fix modifies the way that Internet Explorer handles objects in memory.

The second Critical bulletin addresses issues with in the Remote Desktop Protocol. This isn’t the first time Microsoft have had to fix the protocol which is used by millions to control remote machines (including web server running and exposed on the Internet). Back in March, Microsoft fixed a bug in RDP which exposed over 5 million machines on the Internet after an exploit was developed for the vulnerability. The latest set of fixes (MS12-053) sounds very similar to previous RDP bugs. According to Microsoft, “The vulnerability could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system.” However one bit of good news is that the bug only affects Windows XP. To fix the problem, Microsoft has changed the way that the Remote Desktop Protocol processes packets in memory.

The next Critical bulletin (MS12-054) resolves four privately reported vulnerabilities in the Windows print spooler. These vulnerabilities could allow remote code execution if an attacker sends a specially crafted response to the spooler. This security update is rated Critical for all supported editions of Windows XP and Windows Server 2003; Important for all supported editions of Windows Vista; and Moderate for all supported editions of Windows Server 2008, Windows 7, and Windows 2008 R2. As part of the fix the code has been changed to correct the way the Windows Print Spooler handles specially crafted responses and how Windows networking components handle Remote Administration Protocol (RAP) responses.

The fourth bulletin (MS12-060) is already seeing some targeted attacks attempting to exploit this vulnerability, but there is no public proof-of-concept code published yet. This security update resolves a vulnerability in the Windows common controls and since multiple software products utilize Windows Common Controls , and the issues addressed in this bulletin affect Microsoft Office, SQL Server, Server Software, and Developer Tools. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability.

Finally, MS12-058 resolves publicly disclosed vulnerabilities in Microsoft Exchange Server WebReady Document Viewing. The vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange server if a user previews a specially crafted file using Outlook Web App (OWA).  The vulnerabilities are actually in Oracle’s Outside In libraries, that are used in Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint. The Outside In libraries were recently updated as part a Critical Patch Update released by Oracle.

Microsoft Fixes Three Critical Issues

(LiveHacking.Com) – Microsoft has issued updates for May’s Patch Tuesday covering vulnerabilities in Microsoft Windows, Office, .NET Framework, and Silverlight. There are a total of seven security bulletins, three Critical and four Important, which address 23 issues.

The first of the Critical level updates is MS12-034, which affects Microsoft Office, Windows, .NET Framework, and Silverlight. This security update addresses 10 issues, the most severe of which could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files.

Microsoft Word is also affected by another Critical issue that could allow remote code execution. MS12-029 addresses a privately reported vulnerability in the processing of RTF files. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The third, and final, Critial level update, MS12-035, fixes two remote code execution vulnerabilities in the .NET Framework. The two privately reported vulnerabilities could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The remaining four bulletins are as follows:

  • MS12-030 – Vulnerabilities in Microsoft Office Could Allow Remote Code Execution – This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-031 – Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution – This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • MS12-032 – Vulnerability in TCP/IP Could Allow Elevation of Privilege – This security update resolves one privately reported and one publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
  • MS12-033 – Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

 

Microsoft Fixes Four Critical Vulnerabilities for April’s Patch Tuesday

(LiveHacking.Com) – Microsoft has released six security bulletins, four of which are rated Critical in severity, and two Important. The bulletins fix vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Server Software, Developer Tools, and Forefront United Access Gateway.

The first Critical severity bulletin (MS12-023) patches Internet Explorer to fix five vulnerabilities in Internet Explorer. The most severe of these could allow remote code execution if a user views a specially crafted webpage designed to exploit the vulnerability. The hacker would then gain the same user rights as the current user.

Next Microsoft fixed a remote code execution vulnerability in Microsoft Windows (MS12-024). The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system.

Remote code execution vulnerabilities were also fixed in the .NET framework (MS12-025):

  1. If a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs) then an attacker could execute arbitrary code on the PC.
  2. Remote code execution could also occur on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a web hosting scenario.
  3. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions. In a web browsing attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability.
  4. Finally, a compromised website or a  website that accepts user-provided content or advertisements could host specially crafted content to exploit this vulnerability.

The fourth and finally Critical severity vulnerability fixed is in the Windows common controls (MS12-027). The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability. The Windows common controls are installed on a PC with software like Microsoft Office, Microsoft SQL Server and  Microsoft Visual FoxPro.

Microsoft Fixes Duqu Vulnerability But Drops SSL Changes at Last Minute

(LiveHacking.Com) – As expected Microsoft has released its Patch Tuesday security updates for December. Originally Microsoft were going to release 14 bulletins but instead released only 13. The missing update was intended to make changes to the way Windows works with SSL/TLS to try and minimize the recently discovered weaknesses of the security protocol as highlighted by the BEAST (Browser Exploit Against SSL/TLS) hacking tool. However Microsoft discovered some compatibility issues with their changes and “a major third-party vendor.” Microsoft are “working with that vendor to address the issue.”

Microsoft however did fix the kernel-mode driver vulnerability that allows the Duqu malware to spread. The vulnerability allows remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files.

Microsoft also fixed a vulnerability in Windows Media Player and Windows Media Center that can allow remote code execution. Bulletin MS11-092  resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.

The other “Critical” level update is for a  remote code execution vulnerability if a user views a specially crafted Web page that uses a specific binary behavior in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.

 

Microsoft to Fix 20 Vulnerabilities Next Tuesday

(LiveHacking.Com) – Microsoft will fix 20 vulnerabilities for December’s Patch Tuesday. According to the Microsoft security bulletin advance Notification for December 2011, the Redmond company will release 14 bulletins addressing 20 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Microsoft Publisher, and Windows Media Player.

Although Microsoft doesn’t release details of the bulletins until they are posted, pundits are suggesting that among the patches will be a fix for the vulnerability that allows the Duqu intelligence-gathering Trojan to spread, and a fix for the SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 flaws popularized a few months ago by the BEAST (Browser Exploit Against SSL/TLS) hacking tool.

Three of the 14 bulletins are marked as “critical” (the highest threat ranking) and the remaining 11 are tagged as “important” (the second-highest rating). Release of the bulletin is scheduled for Tuesday, December 13, 2011.

Microsoft Fix 23 Security Issues in October’s Patch Tuesday

(LiveHacking.Com) – Microsoft has released its patches for Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of October’s patch Tuesday.

There are two Critical level fixes, one for .NET Framework & Silverlight and the other for Internet Explorer:

MS11-078 – Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution. This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

MS11-081 – Cumulative Security Update for Internet Explorer. This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The remaining advisories are all rated as Important:

  • MS11-075 – Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution
  • MS11-076 – Vulnerability in Windows Media Center Could Allow Remote Code Execution
  • MS11-077 – Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
  • MS11-079 – Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution
  • MS11-080  – Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege
  • MS11-082 – Vulnerabilities in Host Integration Server Could Allow Denial of Service

Microsoft Has Released Version 2 of Security Essentials (MSE)

Microsoft has released version 2 of Security Essentials (MSE), its anti-malware and virus protection software for Windows.

According to Microsoft website, Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software. Microsoft Security Essentials is a free download from Microsoft that is simple to install and easy to use.

Microsoft Security Essentials 2 is available to download for Windows XP Service Pack 2 or later, Windows Vista and Windows 7. Microsoft has also released the 2010 edition of its Forefront Endpoint Protection solution for corporate customers.

Microsoft has released version 2 of Security Essentials (MSE), its anti-malware and virus protection software for Windows.

According to Microsoft website, Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software. Microsoft Security Essentials is a free download from Microsoft that is simple to install and easy to use.

Microsoft Security Essentials 2 is available to download for Windows XP Service Pack 2 or later, Windows Vista and Windows 7. Microsoft has also released the 2010 edition of its Forefront Endpoint Protection solution for corporate customers.