December 2010 - Posts

Patch Issues with Outlook 2007

Share |

Published: 2010-12-20,
Last Updated: 2010-12-20 14:47:33 UTC
by Guy Bruneau (Version: 1)

0 comment(s)

Last week on December 14, Microsoft released an update (KB2412171) for Microsoft Outlook 2007, and several of our readers wrote in indicating it caused problems with Outlook after applying the update. On December 16, Microsoft removed the update from Microsoft Update. Microsoft identified 3 issues with this updated. If you are experiencing similar issues with the patch like those listed in this Microsoft Blog and you are using Windows XP, Vista and 7, Microsoft listed the steps to remove the patch here. [1]

[1] http://blogs.msdn.com/b/outlook/archive/2010/12/17/issues-with-the-recent-update-for-outlook-2007.aspx

Published: 2010-12-14,
Last Updated: 2010-12-14 18:48:22 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
0 comment(s)

Overview of the December 2010 Microsoft Patches and their status.
 

# Affected Contra Indications Known Exploits Microsoft rating ISC rating(*)
clients servers
MS10-090 Cumulative Security Update for Internet Explorer (Replaces MS10-071 )
Internet Explorer
CVE-2010-3340
CVE-2010-3342
CVE-2010-3343
CVE-2010-3345
CVE-2010-3346
CVE-2010-3348
CVE-2010-3962
 
KB 2416400 No known exploits. Severity:Critical
Exploitability: 1,?,1,1,1,?,1
Important Important
MS10-091 Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (Replaces MS10-078 MS10-037)

Microsoft Windows OpenType Font (OTF) Driver
CVE-2010-3956
CVE-2010-3957
CVE-2010-3959
 

KB 2416400 No known exploits. Severity:Critical
Exploitability: 2,1,1
Critical Critical
MS10-092 Vulnerability in Task Scheduler Could Allow Elevation of Privilege
Microsoft Windows
CVE-2010-3338
 
KB 2305420 Currenty being exploited. Severity:Important
Exploitability: 1
Important Important
MS10-093 Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (Replaces MS10-050 )
Movie Maker
CVE-2010-3967
 
KB 2424434 Vulnerability disclosed publicy. Severity:Important
Exploitability: 1
Important N/A
MS10-094 Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (Replaces MS08-053 MS10-033 )
Windows Media Encoder
CVE-2010-3965
 
KB 2447961 Vulnerability disclosed publicy. Severity:Important
Exploitability: 1
Important Important
MS10-095 Vulnerability in Microsoft Windows Could Allow Remote Code Execution
Microsoft Windows
CVE-2010-3966
 
KB 2385678 No known exploits. Severity:Important
Exploitability: 1
Important Important
MS10-096 Vulnerability in Windows Address Book Could Allow Remote Code Execution
Microsoft Windows Address Book
CVE-2010-3147
 
KB 2423089 Vulnerability disclosed publicy. Severity:Important
Exploitability: 1
Important Important
MS10-097 Insecure Library Loading in Internet Connection Sign up Wizard Could Allow Remote Code Execution
Microsoft Windows
CVE-2010-3144
 
KB 2443105 Vulnerability disclosed publicy. Severity:Important
Exploitability: 1
Important Important
MS10-098 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (Replaces MS10-073 )

Microsoft Windows Kernel-mode Drivers
CVE-2010-3939
CVE-2010-3940
CVE-2010-3941
CVE-2010-3942
CVE-2010-3943
CVE-2010-3944
 

KB 2436673 Vulnerability disclosed publicy. Severity:Important
Exploitability: 1,1,2,2,1,1
Critical Critical
MS10-099 Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege
Microsoft Windows Remote Access NDProxy Component
CVE-2010-3963
 
KB 2440591 No known exploits. Severity:Important
Exploitability: 1
Important Important
MS10-100 Vulnerability in Consent User Interface
User Account Control
CVE-2010-3961
 
KB 2442962 No known exploit. Severity:Important
Exploitability: 1
Important Important
MS10-101 Vulnerability in Windows Netlogon Service
Netlogon/RPC Service
CVE-2010-2742
 
KB 2207559 No known exploit. Severity:Important
Exploitability: 3
Important Important
MS10-102 Vulnerability in Hyper-V Could Allow Denial of Service
Microsoft Windows
CVE-2010-3960
 
KB 2345316 No known exploits. Severity:Important
Exploitability: 2
Important Important
MS10-103 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (Replaces MS10-023 MS10-036 )
Microsoft Publisher
CVE-2010-2569
CVE-2010-2570
CVE-2010-2571
CVE-2010-3954
CVE-2010-3955
 
KB 2292970 Remote code execution. Severity:Important
Exploitability: 1,1,2,2,3
Important Important
MS10-104 Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution
Microsoft SharePoint
CVE-2010-3964
 
KB 2433089 Remote code execution. Severity:Important
Exploitability: 1
Important Critical
MS10-105 Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (Replaces MS08-044 )
Microsoft Office Graphics
CVE-2010-3945
CVE-2010-3946
CVE-2010-3947
CVE-2010-3949
CVE-2010-3950
CVE-2010-3951
CVE-2010-3952
 
KB 968095 Remote code execution. Severity:Important
Exploitability: 1,2,2,2,2,2,2
Critical Important
MS10-106 Exchange Server Infinite Loop Vulnerability (Replaces MS10-024 )
Microsoft Exchange Server
CVE-2010-3937
 
KB 2407132 No known exploits. Severity:Moderate
Exploitability: 3
N/A Critical
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.
  • The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
  • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
  • Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
  • All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them

As always, please use the contact form for comments about patches.

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

AVG Update Bricking windows 7 64 bit

Share |

Published: 2010-12-03,
Last Updated: 2010-12-03 04:24:55 UTC
by Mark Hofman (Version: 1)

3 comment(s)

We've had a few reports on AVG updates breaking things on Windows 7 64 bit  (thanks Bill, et all).

The problem lies with the mandatory update.

The AVG site has some info on how to deal with the issue here http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=94159

  • Basically get the machine started somehow (use AVG rescue Disk or any Linux Live CD).  In the windows/system32/drivers directory rename everything starting with avg. Reboot and your system will be back (minus the AV). I  guess it will then be a matter of waiting for it to be fixed, reinstall or change to something else.  

M

Keywords: AVG Updates

3 comment(s)

SQL Injection: Wordpress 3.0.2 released

Share |

Published: 2010-12-02,
Last Updated: 2010-12-02 17:25:16 UTC
by Kevin Johnson (Version: 1)

0 comment(s)

Wordpress has released a new version, 3.0.2, to fix a SQL injection flaw.  This flaw is in all previous versions of the codebase according to reports, which means that if you are running Wordpress, you must update.  This exploit is possible with author-level permissions but personally I would not depend on this to protect myself.  More information is available here.

VMWare Security Advisory

Share |

Published: 2010-11-30,
Last Updated: 2010-11-30 13:24:19 UTC
by Joel Esler (Version: 1)

0 comment(s)

Today VMWare released a Security Advisory at this URL:

http://lists.vmware.com/pipermail/security-announce/2010/000111.html

It's an update for VMware ESX 4.1 without patch ESX410-201011001.

Here's the problem description right off of their website:

 a. Service Console OS update for COS kernel package.

    This patch updates the Service Console kernel to fix a stack
    pointer underflow issue in the 32-bit compatibility layer.

    Exploitation of this issue could allow a local user to gain
    additional privileges.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2010-3081 to this issue.

So if you are running this software in your enterprise, you'll want to take a look at this one.  Thanks to VMWare for this one.

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler

McAfee Security Bulletin Released

Share |

Published: 2010-12-01,
Last Updated: 2010-12-01 15:55:08 UTC
by Deborah Hale (Version: 1)

0 comment(s)

McAfee Released Security Bulletin SB10013 this morning.  The bulletin pertains to a potential code execution vulnerability for VirusScan Enterprise 8.5i and earlier versions.  According to the information from McAfee they are investigating the publicly disclosed security issue and will publish a hotfix as soon as the investigation is complete.  They have listed his as a Severity Rating of Medium.  For more information and to check for the hotfix keep an eye on kc.mcafee.com/corporate/index.

Deb Hale Long Lines, LLC

Keywords: McAfee DLL

0 comment(s)