May 17, 2012

You are here: Home / Archives for Microsoft

Microsoft Fixes Duqu Vulnerability But Drops SSL Changes at Last Minute

December 14, 2011 By

(LiveHacking.Com) - As expected Microsoft has released its Patch Tuesday security updates for December. Originally Microsoft were going to release 14 bulletins but instead released only 13. The missing update was intended to make changes to the way Windows works with SSL/TLS to try and minimize the recently discovered weaknesses of the security protocol as highlighted by the BEAST (Browser Exploit Against SSL/TLS) hacking tool. However Microsoft discovered some compatibility issues with their changes and “a major third-party vendor.” Microsoft are “working with that vendor to address the issue.”

Microsoft however did fix the kernel-mode driver vulnerability that allows the Duqu malware to spread. The vulnerability allows remote code execution if a user opens a specially crafted document or visits a malicious Web page that embeds TrueType font files.

Microsoft also fixed a vulnerability in Windows Media Player and Windows Media Center that can allow remote code execution. Bulletin MS11-092  resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Microsoft Digital Video Recording (.dvr-ms) file. In all cases, a user cannot be forced to open the file; for an attack to be successful, a user must be convinced to do so.

The other “Critical” level update is for a  remote code execution vulnerability if a user views a specially crafted Web page that uses a specific binary behavior in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.

 

Filed Under: Microsoft, Microsoft, Vulnerability Tagged With: , , , , , , ,

Microsoft to Fix 20 Vulnerabilities Next Tuesday

December 9, 2011 By

(LiveHacking.Com) - Microsoft will fix 20 vulnerabilities for December’s Patch Tuesday. According to the Microsoft security bulletin advance Notification for December 2011, the Redmond company will release 14 bulletins addressing 20 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Microsoft Publisher, and Windows Media Player.

Although Microsoft doesn’t release details of the bulletins until they are posted, pundits are suggesting that among the patches will be a fix for the vulnerability that allows the Duqu intelligence-gathering Trojan to spread, and a fix for the SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 flaws popularized a few months ago by the BEAST (Browser Exploit Against SSL/TLS) hacking tool.

Three of the 14 bulletins are marked as “critical” (the highest threat ranking) and the remaining 11 are tagged as “important” (the second-highest rating). Release of the bulletin is scheduled for Tuesday, December 13, 2011.

Filed Under: Intenet Explorer, Microsoft, Microsoft, Vulnerability Tagged With: , , , , , ,

Microsoft Releases Hotfix for AppLocker Flaw

November 10, 2011 By

(LiveHacking.Com) - Microsoft has released a hotfix for a flaw in AppLocker that allows AppLocker rules to be circumvented with an Office macro. The vulnerability affects Windows 7 or Windows Server 2008 R2.

With AppLocker users can define rules that control which applications can run, however, it turns out that an attacker could create a macro in Microsoft Office  to circumvent the AppLocker rules. As a result malware in the %TEMP% or %system drive%:\Users directory can be executed by using the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags, even if access to these directories is limited by AppLocker rules.

To apply this hotfix, you must be running one of the following operating systems:

  • Windows 7
  • Windows 7 Service Pack 1 (SP1)
  • Windows Server 2008 R2
  • Windows Server 2008 R2 Service Pack 1 (SP1)
Filed Under: Microsoft, Microsoft, Vulnerability Tagged With: , , ,

Microsoft Plugs TCP/IP Hole While Adobe Fixes Critical Vulnerabilities in Shockwave

November 9, 2011 By

(LiveHacking.Com) - Microsoft has issued four security bulletins to address four vulnerabilities in its Windows operating system including a ‘Critical’ vulnerability in TCP/IP.

The networking flaw, which was reported privately to Microsoft, could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. Successful exploitation of MS11-083 would let an attacker run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The flaw exists in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 but not in Windows XP or Windows Server 2003.

The remaining three bulletins are as follows:

MS11-085Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.

MS11-086< – Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) – This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL.

MS11-084Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message.

Adobe Shockwave Player

Whilst Microsoft was busy fixing its networking code, Adobe posted a security bulletin about its Shockwave Player.

Critical vulnerabilities exist in Adobe Shockwave Player 11.6.1.629 and earlier versions on the Windows and OS X. Successful exploitation would let an attacker run arbitrary code.

A new version of Shockwave Player is available which:

  • Resolves a memory corruption vulnerability in the DIRapi library that could lead to code execution (CVE-2011-2446).
  • Fixes a memory corruption vulnerability that could lead to code execution (CVE-2011-2447).
  • Resolves a memory corruption vulnerability in the DIRApi library that could lead to code execution (CVE-2011-2448).
  • Fixes multiple potential memory corruption vulnerabilities in the TextXtra module that could lead to code execution (CVE-2011-2449).
Filed Under: Adobe, Adobe, Microsoft, Microsoft, Vulnerability Tagged With: , , , ,

Light Patch Tuesday Ahead With No Fix For Duqu TrueType Font Vulnerability

November 7, 2011 By

(LiveHacking.Com) - Microsoft has published its advance notification of the security bulletins that Microsoft is intending to release for November’s Patch Tuesday (November 8, 2011).

Microsoft will issue four bulletins: one for a ‘Critical’ remote code execution vulnerability, two ‘Important’ fixes for remote code execution and elevation of privilege flaws and a ‘Moderate’ denial-of-service vulnerability.

The ‘Critical’ bulletin affects Windows 7, Vista, Server 2008 and Server 2008 R2 but not XP and Server 2003. This probably means that the flaw is in newer functionality which isn’t included XP or Server 2003. In fact, only one of the four bulletins affects XP and Windows Server 2003. The other three are only found in Windows Vista or above.

Microsoft have already said that a fix for the Windows’ TrueType font parsing engine vulnerability, that is used by the Duqu malware, will not be ready for this month’s bulletin release:

Additionally, our engineering teams determined the root cause of this vulnerability, and we are working to produce a high-quality security update to address it. At this time, we plan to release the security update through our security bulletin process, although it will not be ready for this month’s bulletin release.

Filed Under: Microsoft, Microsoft, Vulnerability Tagged With: , ,

Microsoft to Revoke Trust in Malaysian CA

November 7, 2011 By

Microsoft has issued a notice that it will shortly revoke the trust in the Intermediate Certificate Authority DigiCert Sdn. Bhd. (Digicert Malaysia) via Windows Update. The reason for the revoke isn’t that the CA has been compromised or suffered a security breach, but rather they were caught issuing certificates with weak 512 bit keys.

The requirements of the  the Microsoft Root Program are that a minimum crypto key size of RSA 2048-bit modulus is used for any root and all issuing CAs. Microsoft used to accept root certificates with RSA 1024-bit modulus however these existing legacy 1024-bit RSA root certificates were phased out at the end of last year. The fact that this Malaysian CA issued 512-bit certificates is a clear violation of Microsoft requirements.

“The subordinate CA has clearly demonstrated poor CA security practices and Microsoft intends to revoke trust in the intermediate certificates” said Jerry Bryant, Group manager, Response Communications, Trustworthy Computing.

Although Microsoft have no indication that any of the 22 certificates were issued fraudulently, however, these weak keys have allowed some of the certificates to be compromised.  These compromised certificates could allow an attacker to impersonate the legitimate owner and make a user believe they are trusting a website or signed software that was created for malicious use.

Filed Under: Cryptography, Microsoft Tagged With: , , ,

Microsoft’s Official YouTube Channel Hacked – Raises Questions Over YouTube’s Security

October 24, 2011 By

(LiveHacking.Com) - Over the weekend Microsoft’s Official YouTube Channel was hacked  allowing the attackers to remove Microsoft’s videos and upload their own content. The hacker’s videos where typically about 4 seconds long and called on other YouTube users to post video responses or create new background images for the channel.

During the hack the channel’s description read, “I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/.”

Sophos noticed the following comment posted during the hack: 

This is how he “hacked” the channel: He legittly made the account Microsoft when youtube wasn’t that big but the REAL Microsoft probably asked Youtube to disable it and give it to them. The flaw is that this account was probably still linked to this kid’s email and microsoft forgot to change it or whatever.

So all this kid had to do was recover this account using his old email.

Not that hard. Thats probably how the other big Channels got “hacked”.

Although this is likely to be untrue, it does raise the question on the strength of YouTube’s security. Was this simply a case of an easy to break password or is there some vulnerability in YouTube’s site that is so far unknown to Google.

As of Monday, the channel is back to normal.

Filed Under: Attack, Microsoft, YouTube Tagged With: ,

Microsoft Fix 23 Security Issues in October’s Patch Tuesday

October 12, 2011 By

(LiveHacking.Com) - Microsoft has released its patches for Microsoft Windows, Internet Explorer, .NET Framework, Silverlight, Forefront United Access Gateway, and Microsoft Host Integration Server as part of October’s patch Tuesday.

There are two Critical level fixes, one for .NET Framework & Silverlight and the other for Internet Explorer:

MS11-078 – Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution. This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

MS11-081 - Cumulative Security Update for Internet Explorer. This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The remaining advisories are all rated as Important:

  • MS11-075 - Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution
  • MS11-076 - Vulnerability in Windows Media Center Could Allow Remote Code Execution
  • MS11-077 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
  • MS11-079 - Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution
  • MS11-080  - Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege
  • MS11-082 - Vulnerabilities in Host Integration Server Could Allow Denial of Service
Filed Under: Intenet Explorer, Microsoft, Microsoft, Vulnerability Tagged With: , , , , , , ,

Microsoft Releases Details of Two Upcoming Critical Security Fixes

October 7, 2011 By

(LiveHacking.Com) - As usual, Microsoft has issued its advanced notification for this month’s ‘Patch Tuesday’. This month Microsoft will issue eight security bulletins, two rated ‘Critical’ and six rated ‘Important’ which will address a total of 23 vulnerabilities in a variety of Microsoft products including the Microsoft .NET Framework, Silverlight, Windows, Internet Explorer, the Microsoft Forefront Unified Access Gateway, and the Microsoft Host Integration Server.

The Critical vulnerabilities which will be patched affect the Microsoft .NET Framework,
Microsoft Silverlight, Microsoft Windows and Internet Explorer 6, 7, 8 and 9 (depending on the Windows version). Successful exploitation of these vulnerabilities could lead to remote code execution.

Bulletins 3, 4, 5 and 6 also deal with possible remote code execution vulnerabilities for Windows and the Microsoft Forefront Unified Access Gateway. Although these are rated as Important (and not Critical) it still means that their  exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.

Bulletin 7 deals with a possible Elevation of Privilege in Windows XP and Window Server 2003 (but not Windows 7 or Windows Server 2008), while Bulletin 8 addresses Denial of Service issues with the Microsoft Host Integration Server.

Patch Tuesday this months falls on October 12, 2011.

Filed Under: Microsoft, Microsoft, Vulnerability Tagged With: ,

Patch Tuesday Blocks More DigiNotar Certificates

September 14, 2011 By

(LiveHacking.Com) - As anticipated Microsoft has issued five security bulletins bringing a number of updates to Windows and Office. At the same time it has released a new update  (2616676) that blocks six additional DigiNotar root certificates. These new certificates are ones that are cross-signed by Entrust and GTE. They are:

  • DigiNotar Root CA Issued by Entrust (2 certificates)
  • DigiNotar Services 1024 CA Issued by Entrust
  • Diginotar Cyber CA Issued by GTE CyberTrust (3 certificates)

The security bulletins issued are

  1. MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege
  2. MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution
  3. MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
  4. MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
  5. MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege

None of the bulletins are rated as Critical but the affected software includes all of Microsoft’s currently supported versions of Windows including XP, Vista, Windows 7 and Windows Server 2003/2008 as well Office 2003, 2007 and 2010.

MS11-071, 072 and 073 all relate to vulnerabilities could allow remote code execution if a user opens a specially crafted file. In some cases, for .doc., .rtf and .txt files, the document needs to be the located in the same network directory as a specially crafted library file for the exploit to work.

Filed Under: Cryptography, Microsoft, Security, Vulnerability Tagged With: , , , ,
« Older Posts
Newer Posts »