December 2010 - Posts - Chris Mosby at myITforum.com

Published: 2010-12-20,
Last Updated: 2010-12-20 14:47:33 UTC
by Guy Bruneau (Version: 1)

Last week on December 14, Microsoft released an update (KB2412171) for Microsoft Outlook 2007, and several of our readers wrote in indicating it caused problems with Outlook after applying the update. On December 16, Microsoft removed the update from Microsoft Update. Microsoft identified 3 issues with this updated. If you are experiencing similar issues with the patch like those listed in this Microsoft Blog and you are using Windows XP, Vista and 7, Microsoft listed the steps to remove the patch here. [1]

[1] http://blogs.msdn.com/b/outlook/archive/2010/12/17/issues-with-the-recent-update-for-outlook-2007.aspx

Posted Monday, December 20, 2010 11:00 AM by cmosby | with no comments

Filed under: Patch Management, Microsoft Windows, Microsoft Office, Internet Applications, Configuration Management, ConfigMgr, Enterprise Applications, Software Vulnerabilites

December 2010 Microsoft Black Tuesday Summary - SANS Internet Storm Center

December 2010 Microsoft Black Tuesday Summary

Share |

Published: 2010-12-14,
Last Updated: 2010-12-14 18:48:22 UTC
by Manuel Humberto Santander Pelaez (Version: 1)

0 comment(s)

Overview of the December 2010 Microsoft Patches and their status.

#	Affected	Contra Indications	Known Exploits	Microsoft rating	ISC rating(*)
clients	servers
MS10-090	Cumulative Security Update for Internet Explorer (Replaces MS10-071 )
Internet Explorer CVE-2010-3340 CVE-2010-3342 CVE-2010-3343 CVE-2010-3345 CVE-2010-3346 CVE-2010-3348 CVE-2010-3962	KB 2416400	No known exploits.	Severity:Critical Exploitability: 1,?,1,1,1,?,1	Important	Important
MS10-091	Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (Replaces MS10-078 MS10-037)
Microsoft Windows OpenType Font (OTF) Driver CVE-2010-3956 CVE-2010-3957 CVE-2010-3959	KB 2416400	No known exploits.	Severity:Critical Exploitability: 2,1,1	Critical	Critical
MS10-092	Vulnerability in Task Scheduler Could Allow Elevation of Privilege
Microsoft Windows CVE-2010-3338	KB 2305420	Currenty being exploited.	Severity:Important Exploitability: 1	Important	Important
MS10-093	Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (Replaces MS10-050 )
Movie Maker CVE-2010-3967	KB 2424434	Vulnerability disclosed publicy.	Severity:Important Exploitability: 1	Important	N/A
MS10-094	Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (Replaces MS08-053 MS10-033 )
Windows Media Encoder CVE-2010-3965	KB 2447961	Vulnerability disclosed publicy.	Severity:Important Exploitability: 1	Important	Important
MS10-095	Vulnerability in Microsoft Windows Could Allow Remote Code Execution
Microsoft Windows CVE-2010-3966	KB 2385678	No known exploits.	Severity:Important Exploitability: 1	Important	Important
MS10-096	Vulnerability in Windows Address Book Could Allow Remote Code Execution
Microsoft Windows Address Book CVE-2010-3147	KB 2423089	Vulnerability disclosed publicy.	Severity:Important Exploitability: 1	Important	Important
MS10-097	Insecure Library Loading in Internet Connection Sign up Wizard Could Allow Remote Code Execution
Microsoft Windows CVE-2010-3144	KB 2443105	Vulnerability disclosed publicy.	Severity:Important Exploitability: 1	Important	Important
MS10-098	Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (Replaces MS10-073 )
Microsoft Windows Kernel-mode Drivers CVE-2010-3939 CVE-2010-3940 CVE-2010-3941 CVE-2010-3942 CVE-2010-3943 CVE-2010-3944	KB 2436673	Vulnerability disclosed publicy.	Severity:Important Exploitability: 1,1,2,2,1,1	Critical	Critical
MS10-099	Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege
Microsoft Windows Remote Access NDProxy Component CVE-2010-3963	KB 2440591	No known exploits.	Severity:Important Exploitability: 1	Important	Important
MS10-100	Vulnerability in Consent User Interface
User Account Control CVE-2010-3961	KB 2442962	No known exploit.	Severity:Important Exploitability: 1	Important	Important
MS10-101	Vulnerability in Windows Netlogon Service
Netlogon/RPC Service CVE-2010-2742	KB 2207559	No known exploit.	Severity:Important Exploitability: 3	Important	Important
MS10-102	Vulnerability in Hyper-V Could Allow Denial of Service
Microsoft Windows CVE-2010-3960	KB 2345316	No known exploits.	Severity:Important Exploitability: 2	Important	Important
MS10-103	Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (Replaces MS10-023 MS10-036 )
Microsoft Publisher CVE-2010-2569 CVE-2010-2570 CVE-2010-2571 CVE-2010-3954 CVE-2010-3955	KB 2292970	Remote code execution.	Severity:Important Exploitability: 1,1,2,2,3	Important	Important
MS10-104	Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution
Microsoft SharePoint CVE-2010-3964	KB 2433089	Remote code execution.	Severity:Important Exploitability: 1	Important	Critical
MS10-105	Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (Replaces MS08-044 )
Microsoft Office Graphics CVE-2010-3945 CVE-2010-3946 CVE-2010-3947 CVE-2010-3949 CVE-2010-3950 CVE-2010-3951 CVE-2010-3952	KB 968095	Remote code execution.	Severity:Important Exploitability: 1,2,2,2,2,2,2	Critical	Important
MS10-106	Exchange Server Infinite Loop Vulnerability (Replaces MS10-024 )
Microsoft Exchange Server CVE-2010-3937	KB 2407132	No known exploits.	Severity:Moderate Exploitability: 3	N/A	Critical

We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
- Important: Things where more testing and other measures can help.
- Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.
The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them

As always, please use the contact form for comments about patches.

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

Posted Tuesday, December 14, 2010 12:53 PM by cmosby | with no comments

Filed under: Security and Anti-Virus, Microsoft Windows, Internet Explorer, Microsoft Office, Internet Applications, Configuration Management, ConfigMgr, Enterprise Applications, Software Vulnerabilites, WSUS

AVG Update Bricking windows 7 64 bit – SANS Internet Storm Center

AVG Update Bricking windows 7 64 bit

Share |

Published: 2010-12-03,
Last Updated: 2010-12-03 04:24:55 UTC
by Mark Hofman (Version: 1)

3 comment(s)

We've had a few reports on AVG updates breaking things on Windows 7 64 bit (thanks Bill, et all).

The problem lies with the mandatory update.

The AVG site has some info on how to deal with the issue here http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=94159

Basically get the machine started somehow (use AVG rescue Disk or any Linux Live CD). In the windows/system32/drivers directory rename everything starting with avg. Reboot and your system will be back (minus the AV). I guess it will then be a matter of waiting for it to be fixed, reinstall or change to something else.

M

Keywords: AVG Updates

3 comment(s)

Posted Friday, December 03, 2010 9:43 AM by cmosby | with no comments

Filed under: Security and Anti-Virus, Microsoft Windows, AntiVirus Information

SQL Injection: Wordpress 3.0.2 released – SANS Internet Storm Center

SQL Injection: Wordpress 3.0.2 released

Share |

Published: 2010-12-02,
Last Updated: 2010-12-02 17:25:16 UTC
by Kevin Johnson (Version: 1)

0 comment(s)

Wordpress has released a new version, 3.0.2, to fix a SQL injection flaw. This flaw is in all previous versions of the codebase according to reports, which means that if you are running Wordpress, you must update. This exploit is possible with author-level permissions but personally I would not depend on this to protect myself. More information is available here.

Posted Thursday, December 02, 2010 1:17 PM by cmosby | with no comments

Filed under: Patch Management, Blogging, Internet Applications

VMWare Security Advisory – SANS Internet Storm Center

VMWare Security Advisory

Share |

Published: 2010-11-30,
Last Updated: 2010-11-30 13:24:19 UTC
by Joel Esler (Version: 1)

0 comment(s)

Today VMWare released a Security Advisory at this URL:

http://lists.vmware.com/pipermail/security-announce/2010/000111.html

It's an update for VMware ESX 4.1 without patch ESX410-201011001.

Here's the problem description right off of their website:

 a. Service Console OS update for COS kernel package.

    This patch updates the Service Console kernel to fix a stack
    pointer underflow issue in the 32-bit compatibility layer.

    Exploitation of this issue could allow a local user to gain
    additional privileges.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2010-3081 to this issue.

So if you are running this software in your enterprise, you'll want to take a look at this one. Thanks to VMWare for this one.

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler

Posted Wednesday, December 01, 2010 10:57 AM by cmosby | with no comments

Filed under: Patch Management, Security, Virtualization, Software Vulnerabilites

McAfee Security Bulletin Released – SANS Internet Storm Center

McAfee Security Bulletin Released

Share |

Published: 2010-12-01,
Last Updated: 2010-12-01 15:55:08 UTC
by Deborah Hale (Version: 1)

0 comment(s)

McAfee Released Security Bulletin SB10013 this morning. The bulletin pertains to a potential code execution vulnerability for VirusScan Enterprise 8.5i and earlier versions. According to the information from McAfee they are investigating the publicly disclosed security issue and will publish a hotfix as soon as the investigation is complete. They have listed his as a Severity Rating of Medium. For more information and to check for the hotfix keep an eye on kc.mcafee.com/corporate/index.

Chris Mosby at myITforum.com

Search

Tags

News

Unique Visitors

Navigation

Archives

Microsoft Links

SMS Links

Great Blogs

My Links

Security Links

Anti-Virus Links

Things I Have Done or I Am Involved In

Published Works