DP's Security Bits

Note: There may be latency issues due to replication, if the page does not display keep refreshing
March 11, 2008

Today Microsoft released the following Security Bulletin(s). 

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

March Bulletin Summary

Critical (4)

MS08-014 -  Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)
MS08-015 -  Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)
MS08-016 -  Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)
MS08-017 -  Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
 

Security has to evolve into something that supports business, rather than the other way around, according to Lisa R. Young, senior member of the technical staff at Carnegie Mellon University's Computer Emergency Response Team.

Security has gotten a bad rap in today's enterprises, said Young, in Stockholm to speak at the European Computer Audit, Control and Security Conference.

The tendency is to want to start locking things down, so security is something that disables, not enables, business, according to Young.

Full Story at computerworld.com 

Spammers have cracked the captcha mechanism Gmail uses to make sure you are a human before you can open an e-mail account, leading to a huge increase in the amount of spam sent from Gmail last month, security firm MessageLabs says.

Story continues at news.com 

Issued: March 6, 2008

This is an advance notification of four security bulletins that
Microsoft is intending to release on March 11, 2008.

The full version of the Microsoft Security Bulletin Advance
Notification for March 2008 can be found at
http://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx.

This bulletin advance notification will be replaced with the
March bulletin summary on March 11, 2008. For more information
about the bulletin advance notification service, see
http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

Microsoft will host a webcast to address customer questions on
these bulletins on Wednesday, March 12, 2008,
at 11:00 AM Pacific Time (US & Canada). Register for the March
Security Bulletin Webcast at
http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize
monthly security updates with any non-security, high-priority
updates that are being released on the same day as the monthly
security updates. Please see the section, Other Information.

Critical Security Bulletins

Microsoft Security Bulletin 1

  - Affected Software:
    - Microsoft Office Excel 2000 Service Pack 3
    - Microsoft Office Excel 2002 Service Pack 3
    - Microsoft Office Excel 2003 Service Pack 2
    - Microsoft Office Excel Viewer 2003
    - Microsoft Office Excel 2007
    - Microsoft Office Compatibility Pack for Word, Excel, and
      PowerPoint 2007 File Formats
    - Microsoft Office 2004 for Mac
    - Microsoft Office 2008 for Mac

    - Impact: Remote Code Execution
    - Version Number: 1.0

Microsoft Security Bulletin 2

  - Affected Software:
    - Microsoft Office Outlook 2000 Service Pack 3
    - Microsoft Office Outlook 2002 Service Pack 3
    - Microsoft Office Outlook 2003 Service Pack 2
    - Microsoft Office Outlook 2003 Service Pack 3
    - Microsoft Office Outlook 2007

    - Impact: Remote Code Execution
    - Version Number: 1.0

Microsoft Security Bulletin 3

  - Affected Software:
    - Microsoft Office 2000 Service Pack 3
    - Microsoft Office XP Service Pack 3
    - Microsoft Office 2003 Service Pack 2
    - Microsoft Office Excel Viewer 2003
    - Microsoft Office Excel Viewer 2003 Service Pack 3
    - Microsoft Office 2004 for Mac

    - Impact: Remote Code Execution
    - Version Number: 1.0

Microsoft Security Bulletin 4

  - Affected Software:
    - Microsoft Office Web Components 2000 (KB931660)
    - Microsoft Office Web Components 2000 (KB932031)
    - Microsoft Office Web Components 2000 (KB933367)
    - Microsoft Office Web Components 2000 (KB933369)
    - Microsoft Office Web Components 2000 (KB939714)
    - Microsoft Office Web Components 2000 (KB941305)
    - Microsoft Office Web Components 2000 (KB948257)

    - Impact: Remote Code Execution
    - Version Number: 1.0


Other Information

Microsoft Windows Malicious Software Removal Tool:

Microsoft will release an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Update, Microsoft Update,
Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS:

For this month:

* Microsoft is planning to release two non-security,
  high-priority updates on Microsoft Update (MU) and
  Windows Server Update Services (WSUS).

* Microsoft is planning to release three non-security,
  high-priority update for Windows on Windows Update (WU) and
  WSUS.

Note that this information pertains only to non-security,
high-priority updates on Microsoft Update, Windows Update,
and Windows Server Update Services, released on the same day as the
Security Bulletin Summary. Information will not be provided about
non-security updates released on other days.

A rootkit uncovered in the wild in December is proving to be a real headache to detect, according to Finnish security company F-Secure.

Dubbed "Mebroot," the rootkit infects the master boot record (MBR), the first sector of a PC's hard drive that the computer looks to before loading the operating system. Since it loads before anything else, Mebroot is nearly invisible to security software.

"You can't execute any earlier than that," said Mikko Hypponen, F-Secure's chief research officer.

A rootkit is a malicious program that hides deep in a computer's operating system and can be difficult to remove.

Since December, Hypponen said they've seen alpha and beta versions of the Mebroot rootkit but believe it has now been RTMed, the term usually used for a legitimate piece of software that's entered production after testing.

Full story at infoworld.com 

Online attackers have found a way to inject IFRAME redirects into the search results of major sites, including tech news site ZDNet Asia and bittorrent tracker TorrentReactor, researchers discovered on Tuesday.

By abusing the way that the sites cache search queries to optimize their rankings in other search engines -- most notably, Google -- fraudsters have been able to inject iframe redirects into the cached results. The redirects send unwary users to servers affiliated with the Russian Business Network that attempts to install a fake antivirus product, known as XP Antivirus, according to Dancho Danchev, an independent security researcher based in the Netherlands.

http://www.securityfocus.com/brief/695 

After a little more than a year in the wild, it's high time for Windows Vista to receive the service pack it deserves. While Service Pack 1 won't change the way Windows Vista looks or feels, for the most part, it will improve many things about the way it runs, based on both Microsoft's internal testing and the feedback of tens of thousands of users.

Continues at informationweek.com