DP's Security Bits

US-CERT is aware of deficiencies in the DNS protocol. Implementations of this protocol may leave the affected system vulnerable to DNS cache poisoning attacks. If an attacker can successfully conduct a cache poisoning attack, they may be able to cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. This may allow an attacker to obtain sensitive information or mislead users into believing they are visiting a legitimate website.

US-CERT encourages users to review "VU#800113 - Multiple DNS implementations vulnerable to cache poisoning" and apply any necessary solutions listed in that document to help mitigate the risks.

US-CERT will provide additional information as it becomes available.

http://www.us-cert.gov/current/index.html#dns_implementations_vulnerable_to_cache

Issued: July 8, 2008

Security Advisories Updated or Released Today

 * Microsoft Security Advisory (953635)
  - Title: Vulnerability in Microsoft Word Could Allow
    Remote Code Execution
  - http://www.microsoft.com/technet/security/advisory/953635.mspx
  - Revision Note: Advisory published. 

Note: There may be latency issues due to replication, if the page does not display keep refreshing
July 8, 2008

Today Microsoft released the following Security Bulletin(s). 

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

July Bulletin Summary

Important (4)

MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
MS08-038 - Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
MS08-037 - Vulnerabilities in DNS Could Allow Spoofing (953230)
MS08-039 - Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
  
This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.

Issued: July 7, 2008

Security Advisories Updated or Released Today

 * Microsoft Security Advisory (955179)
  - Title: Vulnerability in the ActiveX Control for the
    Snapshot Viewer for Microsoft Access Could Allow Remote Code
Execution
  - http://www.microsoft.com/technet/security/advisory/955179.mspx
  - Revision Note: Advisory published.   

Issued: July 3, 2008

This is an advance notification of security bulletins that
Microsoft is intending to release on July 8, 2008.

The full version of the Microsoft Security Bulletin Advance
Notification for July 2008 can be found at
http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx.

This bulletin advance notification will be replaced with the
July bulletin summary on July 8, 2008. For more information
about the bulletin advance notification service, see
http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

To receive automatic notifications whenever
Microsoft Security Bulletins are issued, subscribe to Microsoft
Technical Security Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft will host a webcast to address customer questions on
these bulletins on Wednesday, July 9, 2008,
at 11:00 AM Pacific Time (US & Canada). Register for the July
Security Bulletin Webcast at
http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize
monthly security updates with any non-security, high-priority
updates that are being released on the same day as the monthly
security updates. Please see the section, Other Information.

This advance notification provides the software subject as the
bulletin identifier, because the official Microsoft Security
Bulletin numbers are not issued until release. The bulletin summary
that replaces this advance notification will have the proper
Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the
bulletin identifier. The security bulletins for this month are as
follows, in order of severity:


Important Security Bulletins

SQL Bulletin

  - Affected Software:
    - Microsoft SQL Server 2000 Desktop Engine (WMSDE) on
      Microsoft Windows 2000 Service Pack 4
    - Microsoft SQL Server 2000 Desktop Engine (WMSDE) on
      Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Windows Internal Database (WYukon) Service Pack 2 on
      Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Microsoft SQL Server 2000 Desktop Engine (WMSDE) on
      Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Windows Internal Database (WYukon) x64 Edition Service Pack 2
      on Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Windows Internal Database (WYukon) Service Pack 2
      on Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Windows Internal Database (WYukon) x64 Edition Service Pack 2
      on Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)
    - GDR update for SQL Server 7.0 Service Pack 4
    - QFE update for SQL Server 7.0 Service Pack 4
    - GDR update for SQL Server 2000 Service Pack 4
    - QFE update for SQL Server 2000 Service Pack 4
    - GDR update for SQL Server 2000
      Itanium-based Edition Service Pack 4
    - QFE update for SQL Server 2000
      Itanium-based Edition Service Pack 4
    - GDR update for SQL Server 2005 Service Pack 2
    - QFE update for SQL Server 2005 Service Pack 2
    - GDR update for SQL Server 2005 x64 Edition Service Pack 2
    - QFE update for SQL Server 2005 x64 Edition Service Pack 2
    - GDR update for SQL Server 2005 with SP2 for
      Itanium-based Systems
    - QFE update for SQL Server 2005 with SP2 for
      Itanium-based Systems
    - GDR update for Microsoft Data Engine (MSDE) 1.0 Service Pack 4
    - QFE update for Microsoft Data Engine (MSDE) 1.0 Service Pack 4
    - GDR update for Microsoft SQL Server 2000
      Desktop Engine (MSDE 2000) Service Pack 4
    - QFE update for Microsoft SQL Server 2000
      Desktop Engine (MSDE 2000) Service Pack 4
    - GDR update for Microsoft SQL Server 2005
      Express Edition Service Pack 2
    - QFE update for Microsoft SQL Server 2005
      Express Edition Service Pack 2
    - GDR update for Microsoft SQL Server 2005
      Express Edition with Advanced Services Service Pack 2
    - QFE update for Microsoft SQL Server 2005
      Express Edition with Advanced Services Service Pack 2

    - Impact: Elevation of Privilege
    - Version Number: 1.0

Windows Bulletin 1

  - Affected Software:
    - Windows Vista and
      Windows Vista Service Pack 1
    - Windows Vista x64 Edition and
      Windows Vista x64 Edition Service Pack 1
    - Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)
    - Windows Server 2008 for Itanium-based Systems

    - Impact: Remote Code Execution
    - Version Number: 1.0

Windows Bulletin 2

  - Affected Software:
    - Client update for Microsoft Windows 2000 Service Pack 4
    - Server update for Microsoft Windows 2000 Service Pack 4
    - Client update for Windows XP Service Pack 2 and
      Windows XP Service Pack 3
    - Client update for Windows XP Professional x64 Edition and
      Windows XP Professional x64 Edition Service Pack 2
    - Client update for Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Server update for Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Client update for Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Server update for Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Client update for Windows Server 2003 with SP1 for
      Itanium-based Systems and
      Windows Server 2003 with SP2 for Itanium-based Systems
    - Server update for Windows Server 2003 with SP1 for
      Itanium-based Systems and
      Windows Server 2003 with SP2 for Itanium-based Systems
    - Server update for Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Server update for Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)

    - Impact: Spoofing
    - Version Number: 1.0

Exchange Server Bulletin

  - Affected Software:
    - Microsoft Exchange Server 2003 Service Pack 2
    - Microsoft Exchange Server 2007
    - Microsoft Exchange Server 2007 Service Pack 1

    - Impact: Elevation of Privilege
    - Version Number: 1.0


Other Information

Microsoft Windows Malicious Software Removal Tool:

Microsoft will release an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Update, Microsoft Update,
Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS:

For information about non-security releases on Windows Update and
Microsoft
update, please see:
* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base
  Article 894199, Description of Software Update Services and
  Windows Server Update Services changes in content for 2008.
  Includes all Windows content.
* http://technet.microsoft.com/en-us/wsus/bb466214.aspx: New,
  Revised, and Released Updates for Microsoft Products Other Than
  Microsoft Windows

Issued: July 2, 2008

Security Advisories Updated or Released Today

 * Microsoft Security Advisory (953818)
  - Title: Blended Threat from Combined Attack Using
    Apple's Safari on the Windows Platform
  - http://www.microsoft.com/technet/security/advisory/953818.mspx
  - Revision Note: July 2, 2008: Updated the Suggested Actions.  

Known Vulnerabilities Fixed in Firefox 2.0.0.15:

MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15

Apple plugged 25 security holes in components of its Mac OS X operating system on Monday, closing remote execution vulnerabilities in its Safari Web browser and the Ruby Web programming language.

The software patch -- the fourth this year for Apple's Mac OS X -- also fixed flaws in the open-source Apache Tomcat Java server, Apple's VPN client, the operating system's screen lock, and the handling of potentially unsafe types of content. While the open-source Apache Tomcat server racked up the most vulnerabilities, the most severe issues affect the Ruby Web programming language, WebKit library for Safari, and Mac OS X core library functions.

http://www.securityfocus.com/brief/767

Issued: June 30, 2008

Security Advisories Updated or Released Today

 * Microsoft Security Advisory (954960)
  - Title: Microsoft Windows Server Update Services
    (WSUS) Blocked from Deploying Security Updates
  - http://www.microsoft.com/technet/security/advisory/954960.mspx
  - Revision Note: Advsiory published. 

Websense® Security Labs™ ThreatSeeker™ Network has discovered a substantial number of spam messages utilizing a reliable social engineering trick that lures users to download a Microsoft critical security update.

Details ...

The number of signatures required to detect malicious code skyrocketed in the first half of 2008, increasing by 80 percent since the end of 2007, according to data released by antivirus firm F-Secure on Tuesday.

The data -- part of the F-Secure's IT Security Threat Summary -- showed that the company currently requires nearly 900,000 different signatures, also referred to as "definitions" or "detections," in its product to catch current threats, up from 500,000 signatures at the end of 2007.

http://www.securityfocus.com/brief/763 

Issued: June 24, 2008

Security Advisories Updated or Released Today

 * Microsoft Security Advisory (954462)
  - Title: Rise in SQL Injection Attacks Exploiting
    Unverified User Data Input
  - http://www.microsoft.com/technet/security/advisory/954462.mspx
  - Revision Note: Advisory published.  

Issued: June 24, 2008

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

  * MS07-042 - Critical

Bulletin Information:

* MS07-042 - Critical

 - http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx
 - Reason for Revision: V4.0 (June 24, 2008): Bulletin updated:
    Added Windows XP Service Pack 3, Windows Vista Service Pack
    1, Windows Vista x64 Edition Service Pack 1, Windows Server
    2008 for 32-bit Systems, Windows Server 2008 for x64-based
    Systems, and Windows Server 2008 for Itanium-based Systems as
    affected software. This is a detection update only. There
    were no changes to the binaries. 
 - Originally posted: August 14, 2007
 - Updated: June 24, 2008
 - Bulletin Severity Rating: Critical
 - Version: 4.0
        

Issued: June 20, 2008

Security Advisories Updated or Released Today

 * Microsoft Security Advisory (953818)
  - Title: Blended Threat from Combined Attack Using
    Apple's Safari on the Windows Platform
  - http://www.microsoft.com/technet/security/advisory/953818.mspx
  - Revision Note: June 20, 2008: Advisory updated to provide
    link to related Apple security advisory.   
 

US-CERT has received reports of new phishing activity, some of which has been linked to Storm Worm. The latest activity is centered around messages related to the recent earthquake in China and the upcoming Olympic Games. This Trojan is spread via an unsolicited email message that contains a link to a malicious website. This website contains a video that, when opened, may run the executable file "beijing.exe" to infect the user's system with malicious code.

Reports, including a posting by Symantec, indicate that the following subject lines are being used. Please note that subject lines can change at any time.

• The most powerful quake hits China
• Countless victims of earthquake in China
• Death toll in China is growing
• Recent earthquake in china took a heavy toll
• Recent china earthquake kills million
• China is paralyzed by new earthquake
• Death toll in China exceeds 1000000
• A new powerful disaster in China
• A new deadly catastrophe in China
• 2008 Olympic Games are under the threat
• China's most deadly earthquake
  

• Install anti-virus software, and keep its virus signature files up-to-date.
• Do not follow unsolicited web links received in email messages.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

US-CERT reminds users to beware of future phishing attacks that may target natural disasters and the Olympic Games.

http://www.us-cert.gov/current/index.html#new_storm_worm_variant_spreads2 

Security-conscious users will have a choice to make in the next week.

Software maker Opera released the latest version of its browser, Opera 9.5, on Thursday, and rival Mozilla announced it would release a major update of its Firefox browser on June 17. Both browsers add a number of security-focused features, chief among them technology designed to block the downloading and execution of malicious code. Microsoft's next major version of its browser, Internet Explorer 8, is currently in beta and will also include anti-malware features.

http://www.securityfocus.com/brief/755 

 Issued: June 13, 2008

Security Advisories Updated or Released Today

  * Microsoft Security Advisory (954474)
  - Title: System Center Configuration Manager 2007
    Blocked from Deploying Security Updates
  - http://www.microsoft.com/technet/security/advisory/954474.mspx
  - Revision Note: Advisory published 

Issued: June 10, 2008

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

  * MS07-068 - Critical
  * MS06-078 - Critical

Bulletin Information:

* MS07-068 - Critical

 - http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx
 - Reason for Revision: V2.0 (June 10, 2008): Bulletin updated to
    add Windows Media Format Runtime 9, Windows Media Format
    Runtime 9.5, and Windows Media Format Runtime 11 as affected
    components for Windows XP Service Pack 3. This is a detection
    change only. There were no changes to the binaries. 
 - Originally posted: December 11, 2007
 - Updated: June 10, 2008
 - Bulletin Severity Rating: Critical
 - Version: 2.0
   
* MS06-078 - Critical

 - http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx
 - Reason for Revision: V5.0 (June 10, 2008): Bulletin updated to
    add Microsoft Windows XP Service Pack 3 to the Affected
    Software section for Microsoft Windows Media Format 7.1
    through 9.5 Series Runtime and to the Affected Software
    section for Microsoft Windows Media Player 6.4. This is a
    detection change only. There were no changes to the binaries. 
 - Originally posted: December 12, 2006
 - Updated: June 10, 2008
 - Bulletin Severity Rating: Critical
 - Version: 5.0

Note: There may be latency issues due to replication, if the page does not display keep refreshing
June 10, 2008

Today Microsoft released the following Security Bulletin(s). 

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

June Bulletin Summary

Critical (3)

MS08-030 - Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
MS08-031 - Cumulative Security Update for Internet Explorer (950759)
MS08-033 - Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)

Moderate (1)

MS08-032 - Cumulative Security Update of ActiveX Kill Bits (950760)  

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
 

Microsoft Security Advisory Notification

Issued: June 6, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (953818) 

  - Title: Blended Threat from Combined Attack Using
    Apple's Safari on the Windows Platform
  - http://www.microsoft.com/technet/security/advisory/953818.mspx
  - Revision Note: June 6, 2008: Modified the steps in the
    workaround and added acknowledgment.