April 2010 - Posts

Microsoft Security Advisory Notification - Issued: April 29, 2010

********************************************************************

Title: Microsoft Security Advisory Notification

Issued: April 29, 2010

********************************************************************

 

Security Advisory Released Today

==============================================

 

 * Microsoft Security Advisory (983438)

  - Title: Vulnerability in Microsoft SharePoint Could

    Allow Elevation of Privilege

  - http://www.microsoft.com/technet/security/advisory/983438.mspx

  - Revision Note: V1.0 (April 29, 2010): Advisory published.   

Posted Friday, April 30, 2010 8:05 AM by cmosby | with no comments
Filed under: , , , , ,

PDF Exploit Becomes a Little More Sophisticated – Trend Labs Malware Blog

Apr28
2:43 am (UTC-7)   |   by Jovi Umawing (Technical Communications)

.PDF files—or their inherent features—have been used by cybercriminals in some of the most noteworthy attacks we have encountered. Modified versions of this file type have been especially notorious these past few months since they are capable of attacking user systems by initially exploiting inherent vulnerabilities found in Adobe Reader and Acrobat. TrendLabsSM has documented a number of these attacks:

A newly spotted malformed .PDF was found to also attack flaws found in the aforementioned Adobe software products; however, this kind of .PDF contained an object that was embedded within itself using FlateDecode and ASCII85Decode, two common filters used in .PDF files to filter images before compressing them. This object turned out to be an Extensible Markup Language (XML) file bearing a malicious Tagged Image File Format (TIFF) file.

Trend Micro detects the .PDF file as TROJ_PIDIEF.AAL. It can exploit the following vulnerabilities:

Once these vulnerabilities are exploited, this Trojan connects to several URLs to download files, which were also found to be malicious. Trend Micro detects these downloaded files as TROJ_DNSCHANG.XT and TROJ_FRAUDPAC.QL.

Trend Micro protects users via the Smart Protection Network™, which blocks access to all malicious URLs via the Web reputation service and detects all related malware via the file reputation service.

Posted Wednesday, April 28, 2010 10:52 AM by cmosby | with no comments
Filed under: , , , , ,

Microsoft Security Bulletin Re-Release - Issued: April 27, 2010

********************************************************************

Title: Microsoft Security Bulletin Re-Release

Issued: April 27, 2010

********************************************************************

 

Summary

=======

The following bulletin has undergone a major revision increment:

 

  * MS10-025 - Critical

 

Bulletin Information:

=====================

 

* MS10-025 - Critical

 

 - http://www.microsoft.com/technet/security/bulletin/ms10-025.mspx

 - Reason for Revision: V3.0 (April 27, 2010): Revised bulletin to offer the rereleased security update for Windows Media Services running on Microsoft Windows 2000 Server Service Pack 4. Microsoft recommends that customers running the affected software apply the rereleased security update immediately. 

 - Originally posted: April 13, 2010

 - Updated: April 27, 2010

 - Bulletin Severity Rating: Critical

 - Version: 3.0

       

Posted Tuesday, April 27, 2010 12:52 PM by cmosby | with no comments
Filed under: , , , , ,

Search Engine Results Continue to be Poisoned – Symantec Security Response

Search Engine Results Continue to be Poisoned

 
Ashwin Athalye
April 26th, 2010
 

Google is presenting a paper tomorrow (Tuesday, April 27) regarding websites that offer fake antivirus software. Part of Google’s research shows that search engine results can lead to such pages. The presentation demonstrates that Google is working hard at preventing these search poisoning attempts.

Our data likewise shows that poisoning search engine results with links to fake antivirus software is an effective way for attackers to infect users’ machines. As such, we constantly track search results for malicious links. In previous blogs we’ve discussed how attackers are able to poison results; we continue to see search engine result poisoning as a primary vector of infection, especially for fake security products.

We watch search results constantly via an automated system, but given the large amounts of data we only capture complete sets of data on an hourly basis. We’ve gone back to analyze the last couple of weeks’ worth of data to provide a glimpse into the current effectiveness of search engine result poisoning. In particular, we generated statistics on the top search trends every hour and determined how many were malicious (within the first 70 Google search results).

The data below is specific to Google search results between March 30, 2010, and April 18, 2010. We have found that data sets for other search engines are less interesting and search engine poisoning less prevalent. Hackers clearly have a vested interest in ensuring their attacks are effective in poisoning Google results, most likely because of its large market share—Google’s breadth and speed of indexing will also play a role.

•    On average at any given hour, 3 out of the top 10 search trends contained at least one malicious URL within the first 70 results.
•    On average, 15 links out of the first 70 results were malicious for search terms that were found to be poisoned (had at least one malicious URL).
•    On average on any given day, 7.3% of links are malicious in the top 70 results for top search terms.
•    The most poisoned search term resulted in 68% of links leading to malicious pages in the first 70 results
•    Almost all of the malicious URLs redirect to a fake antivirus page.

The following graph shows the total number of malicious URLs (red) found in a given day versus total URLs checked (the top 70 results for the top 10 search terms each hour):


For this time period, April 3, 2010, had the highest percentage of malicious links returned in search results. Looking at April 3, 2010, on an hourly basis, we can see that the number of malicious URLs returned for the top 10 search trends each hour can change dramatically. Typically, this is a function of the particular trends during that hour:


The most malicious trend that day was “Roy Jones jr vs Bernard Hopkins,” in which at one point 68% of the URLs in the first 70 results were actually malicious.

While attackers are sometimes more successful in poisoning certain search terms, this is primarily due to luck. They use an automated system to determine which terms to poison. To give an example of the types of terms that resulted in poisoned results, here are the top 10 malicious search terms for April 3, 2010:

Often, the top search trends change quickly; likewise, which terms are poisoned also changes. Here are the top 10 search terms on April 3, 2010, that stayed active (had at least one malicious URL) for the longest time.

These days, the attackers continue to be effective at poisoning search results. They have an automated infrastructure that is able to automatically collect the latest, most popular search trends and poison the results. So, be careful when clicking on search result links, especially when searching for hot search topics. Also, follow our Twitter feed where we post the latest, dirtiest search terms.

Posted Tuesday, April 27, 2010 10:17 AM by cmosby | with no comments
Filed under: , , ,

Surrounded by Malicious PDFs – McAfee Labs Blog

Surrounded by Malicious PDFs

Monday April 26, 2010 at 3:35 pm CST
Posted by Francois Paget

No Comments
Trackback

Malicious PDF files and related exploits are invading the Net. Looking at the CVE records in the National Vulnerability Database for Adobe products, we see a dramatic increase in 2009.

Since January 1, Adobe vulnerabilities have continued to appear. During this period, five are classified as medium, while about 30 are judged high-level threats.

Now we find the Zeus botnet is also taking advantage of a PDF flaw: This vulnerability, along with about 15 others, are now covered by the recent patch (ABSB10-09).

In 2007 and at the beginning of 2008 most of the exploit samples in our malware collections were linked to HTML/iframe, WMF, or DCOM vulnerabilities.

Today malware involving malformed PDF file are legion. From less then 2 percent of malware directly connected to exploits in 2007 and 2008, they have reached 17 percent in 2009 and 28 percent during the first quarter of 2010. For Adobe Reader software, 2010 seems to be the year of living dangerously.

Posted Tuesday, April 27, 2010 10:09 AM by cmosby | with no comments
Filed under: , , , ,

Emerging P2P Trojan Botnet Uncovered – TrendLabs Malware Blog

Apr14

Emerging P2P Trojan Botnet Uncovered

7:52 pm (UTC-7)   |   by Oscar Abendan (Technical Communications)

News of a new botnet has been circulating recently in the threat landscape. According to reports, several systems have been infected by TROJ_DLOADE.ATJ, which has been built to download and install other malware. The Trojan does not, however, seem to have any distributed denial-of-service (DDoS) capability.

This Trojan may be downloaded when users visit sites under the domain {BLOCKED}m.com or {BLOCKED}n.net. It may also download other malware from the said domain. Once installed, it attempts to connect to the command-and-control (C&C) server using TCP port 8090 to register itself and to wait for commands. It also has the capability to communicate with other bots via some kind of peer-to-peer (P2P) connection over ports 7000–7010. It also connects to specific malicious sites, which are currently inaccessible.

Botnets have been dubbed as the most prevalent and dangerous threats lurking in the Internet, as they can cause severe damage such as information theft and malware infections as shown in “Botnet: Perpetrators of Crimeware,” which gives a rundown on the evolution of botnets and their impact on the current threat landscape.

Trend Micro™ Smart Protection Network™ already protects product users from this particular threat blocking access to malicious sites and domains via the Web reputation service and by preventing the download and execution of TROJ_DLOADE.ATJ and other related malware onto systems via the file reputation service.

Update (April 15, 2010, 4:40 p.m. [GMT +8:00]):

TROJ_DLOADE.ATJ is now detected by Trend Micro as BKDR_HELOAG.SM. It receives specific IP addresses and commands from a host bot.

Posted Thursday, April 15, 2010 1:39 PM by cmosby | with no comments
Filed under:

New Zbot campaign comes in a PDF – Websense Alerts

New Zbot campaign comes in a PDF

Date:04.14.2010

Threat Type: Malicious Web Site / Malicious Code

Websense Security Labs™ has received several reports of a Zbot trojan campaign spreading via email. We have seen over 2200 messages so far.

Zbot (also known as Zeus) is an information stealing trojan (infostealer) collecting confidential data from each infected computer. The main vector for spreading Zbot is a spam campaign where recipients are tricked into opening infected attachments on their computer.

This new variant uses a malicious PDF file which contains the threat as an embedded file. When recipients open the PDF, it asks to save a PDF file called Royal_Mail_Delivery_Notice.pdf. The user falsely assumes that the file is just a PDF, and therefore safe to store on the local computer. The file, however, is really a Windows executable. The malicious PDF launches the dropped file, taking control of the computer. At time of writing this file has a 20% anti-virus detection rate (SHA1 : f1ff07104b7c6a08e06bededd57789e776098b1f).

The threat creates a subdirectory under %SYSTEM32% with the name "lowsec" and drops the "local.ds" and "user.ds" files. These are configuration files for the threat. It also copies itself into %SYSTEM32% as "sdra64.exe" and modifies the registry entry "%SOFTWARE%\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit" to launch itself during system startup. When it runs, it injects malicious code into the Winlogon.exe instance in memory. This Zbot variant connects to malicious remote sever in China using an IP address of 59.44.[removed].[removed]:6010.

Screen shot of the email message:

 

Saves the malicious embedded file

 

Adobe Acrobat Reader shows a warning about launching the file:

 

The problem lies deep inside the PDF file format, as originally published by in this blog post.

 

Websense Messaging and Websense Web Security customers are protected against this attack.

Posted Thursday, April 15, 2010 10:58 AM by cmosby | with no comments
Filed under: ,

Security update released for Adobe Reader and Acrobat - Adobe Product Security Incident Response Team (PSIRT)

Security update released for Adobe Reader and Acrobat

By Wendy Poland on April 13, 2010 11:14 AM

Today, a Security Bulletin has been posted in regards to the April 13, 2010 quarterly security update for Adobe Reader and Acrobat. The update addresses critical security issues in the products. Adobe recommends that users apply the updates for their product installations.

With this quarterly update, we are enabling the new updater first shipped in a passive state with the October quarterly security update. For more information, please refer to the Adobe Reader blog.

This posting is provided "AS IS" with no warranties and confers no rights.

Posted Thursday, April 15, 2010 10:56 AM by cmosby | with no comments
Filed under: , , ,

And let the patching games continue – SANS Internet Strom Center

And let the patching games continue

Share |

Published: 2010-04-14,
Last Updated: 2010-04-15 04:39:07 UTC
by Mark Hofman (Version: 1)

0 comment(s)

As we progress through the week more patches and updates are being released. 

Cisco has joined in with an Active X issue in the desktop client more info is here http://www.cisco.com/warp/public/707/cisco-sa-20100414-csd.shtml . The issue centres around the non-verification of code downloaded from a web page.

Apple has also released an update.  This one requires a restart.  The patch addresses CVE-2010-1120 which considering it credits Charlie Miller's is to address the prize winning exploit the other week. The issue relates to a malicious embedded font. Not much more info is here http://support.apple.com/kb/HT4131

Joining the club is Adobe who is releasing their update as well to Reader and Acrobat http://www.adobe.com/support/security/bulletins/apsb10-09.html

Update

Joining the "and me too" club is java with update 20.  Two security fixes by the looks of the release notes.  http://java.sun.com/javase/6/webnotes/6u20.html

Happy patching, as always test before doing production and Friday 5pm is never a good time to push out updates.

Mark H - Shearwater

Keywords: Patching

Posted Thursday, April 15, 2010 10:54 AM by cmosby | with no comments
Filed under: , ,

Microsoft April 2010 Patch Tuesday – SANS Internet Storm Center

Microsoft April 2010 Patch Tuesday
 Share |     
Published: 2010-04-13,
Last Updated: 2010-04-13 17:32:12 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

 

Overview of the April 2010 Microsoft Patches and their status.

# Affected Contra Indications Known Exploits Microsoft rating ISC rating(*)
clients servers
MS10-019 Vulnerabilities in Windows Authenticode Verification
Authenticode
CVE-2010-0486
CVE-2009-0487		 KB 981210 no known exploits. Severity:Critical
Exploitability: 2,2		 Critical Critical
MS10-020 Vulnerabilities in SMB Client (Replaces MS10-006 )
SMB Client
CVE-2009-3676
CVE-2010-0269
CVE-2010-0270
CVE-2010-0476
CVE-2010-0477		 KB 980232 vuln public. Severity:Critical
Exploitability: 3,3,2,2,3		 Critical Critical
MS10-021 Privilege Elevation Vulnerabilities in Windows Kernel (Replaces MS10-015 )
Windows Kernel
CVE-2010-0234
CVE-2010-0235
CVE-2010-0236
CVE-2010-0237
CVE-2010-0238
CVE-2010-0481
CVE-2010-0482
CVE-2010-0810		 KB 979683 no known exploits. Severity:Important
Exploitability: ?,?,1,1,?,?,?,?		 Important Important
MS10-022 Vulnerability in VBScript Engine (Replaces MS10-022 )
VBScript
CVE-2010-0483		 KB 981169 Known Exploits!. Severity:Critical
Exploitability: 1		 PATCH NOW! Critical
MS10-023 Vulnerability in Microsoft Office Publisher (Replaces MS08-027 MS09-030 )
Publisher
CVE-2010-0479		 KB 981160 no known exploits. Severity:Important
Exploitability: 1		 Critical Important
MS10-024 DoS Vulnerability in Microsoft Exchange and SMTP Service
Exchange, SMTP Service
CVE-2010-0024
CVE-2010-0025		 KB 981832 vuln public. Severity:Important
Exploitability: 3,?		 Moderate Important
MS10-025 Vulnerability in Micorsoft Windows Media Services
Windows Meida Services
CVE-2010-0478		 KB 980858 no known exploit. Severity:Critical
Exploitability: 1		 Moderate Critical
MS10-026 Vulnerability in Microsoft MPEG Layer 3 Codec
MPEG Layer 3 Codec
CVE-2010-0480		 KB 977816 no known exploit. Severity:Critical
Exploitability: 1		 Critical Moderate
MS10-027 Vulnerability in Windows Media Player (Replaces MS07-047 )
Windows Media Player
CVE-2010-0268		 KB 979402 no known exploit. Severity:Critical
Exploitability: 1		 Critical Moderate
MS10-028 Vulnerabilities in Microsoft Visio (Replaces MS09-062 MS09-005 )
Windows Media Player
CVE-2010-0254
CVE-2010-0256		 KB 980094 no known exploit. Severity:Critical
Exploitability: 1,2		 Critical Important
MS10-029 ISATAP Spoofing Vulnerability
ISATAP
CVE-2010-0812		 KB 978338 no known exploit. Severity:Moderate
Exploitability: ?		 Moderate Moderate
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.
  • The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
  • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
  • Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
  • All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them

 

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Posted Tuesday, April 13, 2010 1:02 PM by cmosby | with no comments

WordPress Blogs Suffer from a Mass Compromise – TrendLabs Malware Blog

Apr11

WordPress Blogs Suffer from a Mass Compromise

2:43 pm (UTC-7)   |   by Jonathan Leopando (Technical Communications)

Mass compromises have not been in the news of late but a new wave recently hit the headlines. According to news reports, users running the popular blogging platform WordPress have been hit with an attack that modifies a setting within the application that contains the URL of a blog.

In compromised sites, this setting is changed to point to a malicious website. This redirects all would-be blog readers to the said website, which contains scripts leading to a malicious file detected by Trend Micro as TROJ_BUZUS.ZYX.

TROJ_BUZUS.ZYX, in turn, leads into an infection chain that leads to various malware, including a rogue antivirus that was already detected by Trend Micro as TROJ_FAKEAV.ZZY.

It is not yet clear how this attack is being carried out. However, many of the affected blogs were hosted on Network Solutions, which stated on its own blog that it is aware of the issue. In addition, Network Solutions stated that it was investigating the issue and checking to see if a WordPress theme or plug-in was responsible.

This represents a change in the behavior of the BUZUS malware family, as traditionally it spreads via instant-messaging programs, as documented in two separate posts here in the Malware Blog:

Trend Micro™ Smart Protection Network™ protects users from these threats by blocking the malicious website used in this attack as well as by detecting and removing associated malware like TROJ_BUZUS.ZYX and TROJ_FAKEAV.ZZY.

Read more: http://blog.trendmicro.com/wordpress-blogs-suffer-mass-compromise/#ixzz0kuTojFLf

Posted Monday, April 12, 2010 12:59 PM by cmosby | with no comments
Filed under: , ,

Microsoft Security Bulletin Advance Notification for April 2010 - Issued: April 8, 2010

********************************************************************

Microsoft Security Bulletin Advance Notification for April 2010

Issued: April 8, 2010

********************************************************************

This is an advance notification of security bulletins that Microsoft is intending to release on April 13, 2010.

The full version of the Microsoft Security Bulletin Advance Notification for April 2010 can be found at http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx.

This bulletin advance notification will be replaced with the April bulletin summary on April 13, 2010. For more information about the bulletin advance notification service, see http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft will host a webcast to address customer questions on these bulletins on April 14, 2010, at 11:00 AM Pacific Time (US & Canada). Register for the Security Bulletin Webcast at http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. The security bulletins for this month are as follows, in order of severity:

Critical Security Bulletins

===========================

Bulletin 1

- Affected Software:

- Microsoft Windows 2000 Service Pack 4

- Windows XP Service Pack 2 and

Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista,

Windows Vista Service Pack 1, and

Windows Vista Service Pack 2

- Windows Vista x64 Edition,

Windows Vista x64 Edition Service Pack 1, and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems

- Windows 7 for x64-based Systems

- Windows Server 2008 R2 for x64-based Systems

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 2

- Affected Software:

- Microsoft Windows 2000 Service Pack 4

- Windows XP Service Pack 2 and

Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista,

Windows Vista Service Pack 1, and

Windows Vista Service Pack 2

- Windows Vista x64 Edition,

Windows Vista x64 Edition Service Pack 1, and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems

- Windows 7 for x64-based Systems

- Windows Server 2008 R2 for x64-based Systems

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 3

- Affected Software:

- Microsoft Windows 2000 Server Service Pack 4

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 4

- Affected Software:

- Microsoft Windows 2000 Service Pack 4

- Windows XP Service Pack 2 and

Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Vista,

Windows Vista Service Pack 1, and

Windows Vista Service Pack 2

- Windows Vista x64 Edition,

Windows Vista x64 Edition Service Pack 1, and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 5

- Affected Software:

- Microsoft Windows 2000 Service Pack 4

- Windows XP Service Pack 2 and

Windows XP Service Pack 3

- Impact: Remote Code Execution

- Version Number: 1.0

Important Security Bulletins

============================

Bulletin 6

- Affected Software:

- Microsoft Windows 2000 Service Pack 4

- Windows XP Service Pack 2 and

Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems

- Windows 7 for x64-based Systems

- Windows Server 2008 R2 for x64-based Systems

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems

- Impact: Elevation of Privilege

- Version Number: 1.0

Bulletin 7

- Affected Software:

- Microsoft Windows 2000 Service Pack 4

- Windows XP Service Pack 2 and

Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista,

Windows Vista Service Pack 1, and

Windows Vista Service Pack 2

- Windows Vista x64 Edition,

Windows Vista x64 Edition Service Pack 1, and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems

- Windows 7 for x64-based Systems

- Windows Server 2008 R2 for x64-based Systems

(Windows Server 2008 R2 Server Core installation not affected)

- Windows Server 2008 R2 for Itanium-based Systems

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 8

- Affected Software:

- Microsoft Office Publisher 2002 Service Pack 3

- Microsoft Office Publisher 2003 Service Pack 3

- Microsoft Office Publisher 2007 Service Pack 1 and

Microsoft Office Publisher 2007 Service Pack 2

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 9

- Affected Software:

- Microsoft Windows 2000 Service Pack 4

- Windows XP Service Pack 2 and

Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 R2 for x64-based Systems

(Windows Server 2008 R2 Server Core installation not affected)

- Microsoft Exchange Server 2000 Service Pack 3

- Microsoft Exchange Server 2003 Service Pack 2

- Microsoft Exchange Server 2007 Service Pack 1

for x64-based Systems

- Microsoft Exchange Server 2007 Service Pack 2

for x64-based Systems

- Microsoft Exchange Server 2010

for x64-based Systems

- Impact: Denial of Service

- Version Number: 1.0

Bulletin 10

- Affected Software:

- Microsoft Office Visio 2002 Service Pack 2

- Microsoft Office Visio 2003 Service Pack 3

- Microsoft Office Visio 2007 Service Pack 1 and

Microsoft Office Visio 2007 Service Pack 2

- Impact: Remote Code Execution

- Version Number: 1.0

Moderate Security Bulletins

============================

Bulletin 11

- Affected Software:

- Windows XP Service Pack 2 and

Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista,

Windows Vista Service Pack 1, and

Windows Vista Service Pack 2

- Windows Vista x64 Edition,

Windows Vista x64 Edition Service Pack 1, and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Impact: Spoofing

- Version Number: 1.0

Other Information

=================

Microsoft Windows Malicious Software Removal Tool:

==================================================

Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS:

========================================================

For information about non-security releases on Windows Update and Microsoft update, please see:

* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base

Article 894199, Description of Software Update Services and

Windows Server Update Services changes in content.

Includes all Windows content.

* http://technet.microsoft.com/en-us/wsus/bb456965.aspx: Updates

from Past Months for Windows Server Update Services. Displays all

new, revised, and rereleased updates for Microsoft products other

than Microsoft Windows.

Posted Thursday, April 08, 2010 1:58 PM by cmosby | with no comments
Filed under: , , , , , , ,