MS13-081 – Critical : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008) – Version: 2.0

 Microsoft Security Bulletins  Comments Off on MS13-081 – Critical : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008) – Version: 2.0
Jan 142014
 

Severity Rating: Critical
Revision Note: V2.0 (January 14, 2014): Rereleased bulletin to announce the reoffering of the 2862330 update to systems running Windows 7 or Windows Server 2008 R2. See the Update FAQ for details.
Summary: This security update resolves seven privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if a user views shared content that embeds OpenType or TrueType font files. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.

Advance Notification Service for December 2013 Security Bulletin Release

 Microsoft Security Response Center, microsoft windows, Security Alerts  Comments Off on Advance Notification Service for December 2013 Security Bulletin Release
Dec 052013
 

Today we’re providing advance notification for the release of 11 bulletins, five Critical and six Important, for December 2013. The Critical updates address vulnerabilities in Internet Explorer, Windows, Microsoft Exchange and GDI+. The Critical update for GDI+ fully addresses the publicly disclosed issue described in Security Advisory 2896666.  

This release won’t include an update for the issue described in Security Advisory 2914486. We’re still working to develop a security update and we’ll release it when ready. Until then, we recommend folks review the advisory and apply the suggested workaround on their Windows XP and Windows Server 2003 systems. Customers with more recent versions of Windows are not affected by this issue.

As always, we’ve scheduled the security bulletin release for the second Tuesday of the month, December 10, 2013, at approximately 10:00 a.m. PST. Revisit this blog then for analysis of the risk and impact, as well as deployment guidance, together with a brief video overview of the month’s updates. Until then, please review the ANS summary page for more information that will help customers prepare for security bulletin testing and deployment.

Don’t forget, you can also follow the MSRC team’s recent activity on Twitter at @MSFTSecResponse

Thank you,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

Threat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild, (Fri, Sep 20th)

 SANS Internet Storm Center, Security Alerts  Comments Off on Threat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild, (Fri, Sep 20th)
Sep 212013
 

UPDATE: 21 SEP 2013

FireEye has posted Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets, which describes the campaign they've discovered leveraging the recently announced zero-day CVE-2013-3893. The writeup includes details and samples. Recommending an immediate read here: http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html

———————————————–

The Internet Storm Center is beginning to see increased evidence of exploits in the wild regarding Microsoft Security Advisory 2887505.  Accordingly, we're moving the InfoCon up to Yellow.

Per the advisory:
Microsoft is investigating public reports of a vulnerability in all supported versions of Internet Explorer. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. Applying the Microsoft Fix it solution, CVE-2013-3893 Fix It Workaround, prevents the exploitation of this issue. This FixIt solution also includes EMET 4.0 guidance. Certainly consider use of EMET 4.0 where you can.  Please note, the Fix It seems to only help 32-bit versions of browsers. That said the vulnerability affects all versions of Internet Explorer except in instances of Windows Server 2008 and 2012 Core installations.
 
It appears that an exploit has been in the wild since August 29th, 2013 when it was first seen by one of the online security scanners.  There is some indication that a weaponized exploit may be in broader circulation now, so expect this to ramp up quickly.
 
Emerging Threats does have Snort signatures available for this issue: http://www.emergingthreats.net/2013/09/19/daily-ruleset-update-summary-09192013/. Expect Rapid 7 to likely release Metasploit bits in the near term. We'll update here as we see more on this vulnerability emerge.
 
 
 
 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Microsoft Releases Revisions to 4 Existing Updates, (Tue, Aug 27th)

 SANS Internet Storm Center, Security Alerts  Comments Off on Microsoft Releases Revisions to 4 Existing Updates, (Tue, Aug 27th)
Aug 272013
 

Four patches have undergone signficant revision according to Microsoft.  The following patches were updated today by Microsoft, and are set to roll in the automatic updates:

MS13-057 – Critical

 – https://technet.microsoft.com/security/bulletin/MS13-057
 – Reason for Revision: V3.0 (August 27, 2013): Bulletin revised to
   rerelease security update 2803821 for Windows XP,
   Windows Server 2003, Windows Vista, and Windows Server 2008;
   security update 2834902 for Windows XP and Windows Server 2003;
   security update 2834903 for Windows XP; security update 2834904
   for Windows XP and Windows Server 2003; and security update
   2834905 for Windows XP. Windows XP, Windows Server 2003,
   Windows Vista, and Windows Server 2008 customers should install
   the rereleased updates. See the Update FAQ for more information.
 – Originally posted: July 9, 2013
 – Updated: August 27, 2013
 – Bulletin Severity Rating: Critical
 – Version: 3.0

MS13-061 – Critical

 – https://technet.microsoft.com/security/bulletin/MS13-061
 – Reason for Revision: V3.0 (August 27, 2013): Rereleased bulletin
   to announce the reoffering of the 2874216 update for Microsoft
   Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange
   Server 2013 Cumulative Update 2. See the Update FAQ for details.
 – Originally posted: August 13, 2013
 – Updated: August 27, 2013
 – Bulletin Severity Rating: Critical
 – Version: 3.0

* MS13-jul

 – https://technet.microsoft.com/security/bulletin/ms13-jul
 – Reason for Revision: V3.0 (August 27, 2013): For MS13-057,
   bulletin revised to rerelease security update 2803821 for
   Windows XP, Windows Server 2003, Windows Vista, and
   Windows Server 2008; security update 2834902 for Windows XP and
   Windows Server 2003; security update 2834903 for Windows XP;
   security update 2834904 for Windows XP and Windows Server 2003;
   and security update 2834905 for Windows XP. Windows XP,
   Windows Server 2003, Windows Vista, and Windows Server 2008
   customers should install the rereleased updates that apply to
   their systems. See the bulletin for details.
 – Originally posted: July 9, 2013
 – Updated: August 27, 2013
 – Version: 3.0

* MS13-aug

 – https://technet.microsoft.com/security/bulletin/ms13-aug
 – Reason for Revision: V3.0 (August 27, 2013): For MS13-061,
   bulletin revised to announce the reoffering of the 2874216
   update for Microsoft Exchange Server 2013 Cumulative Update 1
   and Microsoft Exchange Server 2013 Cumulative Update 2.
   See the bulletin for details
 – Originally posted: August 13, 2013
 – Updated: August 27, 2013
 – Version: 3.0

Thanx goes out to Dave for sharing this update, things are rolling out already.

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

%d bloggers like this: