DP's Security Bits

Issued: June 30, 2008

Security Advisories Updated or Released Today

 * Microsoft Security Advisory (954960)
  - Title: Microsoft Windows Server Update Services
    (WSUS) Blocked from Deploying Security Updates
  - http://www.microsoft.com/technet/security/advisory/954960.mspx
  - Revision Note: Advsiory published. 

Websense® Security Labs™ ThreatSeeker™ Network has discovered a substantial number of spam messages utilizing a reliable social engineering trick that lures users to download a Microsoft critical security update.

Details ...

The number of signatures required to detect malicious code skyrocketed in the first half of 2008, increasing by 80 percent since the end of 2007, according to data released by antivirus firm F-Secure on Tuesday.

The data -- part of the F-Secure's IT Security Threat Summary -- showed that the company currently requires nearly 900,000 different signatures, also referred to as "definitions" or "detections," in its product to catch current threats, up from 500,000 signatures at the end of 2007.

http://www.securityfocus.com/brief/763 

Issued: June 24, 2008

Security Advisories Updated or Released Today

 * Microsoft Security Advisory (954462)
  - Title: Rise in SQL Injection Attacks Exploiting
    Unverified User Data Input
  - http://www.microsoft.com/technet/security/advisory/954462.mspx
  - Revision Note: Advisory published.  

Issued: June 24, 2008

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

  * MS07-042 - Critical

Bulletin Information:

* MS07-042 - Critical

 - http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx
 - Reason for Revision: V4.0 (June 24, 2008): Bulletin updated:
    Added Windows XP Service Pack 3, Windows Vista Service Pack
    1, Windows Vista x64 Edition Service Pack 1, Windows Server
    2008 for 32-bit Systems, Windows Server 2008 for x64-based
    Systems, and Windows Server 2008 for Itanium-based Systems as
    affected software. This is a detection update only. There
    were no changes to the binaries. 
 - Originally posted: August 14, 2007
 - Updated: June 24, 2008
 - Bulletin Severity Rating: Critical
 - Version: 4.0
        

Issued: June 20, 2008

Security Advisories Updated or Released Today

 * Microsoft Security Advisory (953818)
  - Title: Blended Threat from Combined Attack Using
    Apple's Safari on the Windows Platform
  - http://www.microsoft.com/technet/security/advisory/953818.mspx
  - Revision Note: June 20, 2008: Advisory updated to provide
    link to related Apple security advisory.   
 

US-CERT has received reports of new phishing activity, some of which has been linked to Storm Worm. The latest activity is centered around messages related to the recent earthquake in China and the upcoming Olympic Games. This Trojan is spread via an unsolicited email message that contains a link to a malicious website. This website contains a video that, when opened, may run the executable file "beijing.exe" to infect the user's system with malicious code.

Reports, including a posting by Symantec, indicate that the following subject lines are being used. Please note that subject lines can change at any time.

• The most powerful quake hits China
• Countless victims of earthquake in China
• Death toll in China is growing
• Recent earthquake in china took a heavy toll
• Recent china earthquake kills million
• China is paralyzed by new earthquake
• Death toll in China exceeds 1000000
• A new powerful disaster in China
• A new deadly catastrophe in China
• 2008 Olympic Games are under the threat
• China's most deadly earthquake
  

• Install anti-virus software, and keep its virus signature files up-to-date.
• Do not follow unsolicited web links received in email messages.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

US-CERT reminds users to beware of future phishing attacks that may target natural disasters and the Olympic Games.

http://www.us-cert.gov/current/index.html#new_storm_worm_variant_spreads2 

Security-conscious users will have a choice to make in the next week.

Software maker Opera released the latest version of its browser, Opera 9.5, on Thursday, and rival Mozilla announced it would release a major update of its Firefox browser on June 17. Both browsers add a number of security-focused features, chief among them technology designed to block the downloading and execution of malicious code. Microsoft's next major version of its browser, Internet Explorer 8, is currently in beta and will also include anti-malware features.

http://www.securityfocus.com/brief/755 

 Issued: June 13, 2008

Security Advisories Updated or Released Today

  * Microsoft Security Advisory (954474)
  - Title: System Center Configuration Manager 2007
    Blocked from Deploying Security Updates
  - http://www.microsoft.com/technet/security/advisory/954474.mspx
  - Revision Note: Advisory published 

Issued: June 10, 2008

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

  * MS07-068 - Critical
  * MS06-078 - Critical

Bulletin Information:

* MS07-068 - Critical

 - http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx
 - Reason for Revision: V2.0 (June 10, 2008): Bulletin updated to
    add Windows Media Format Runtime 9, Windows Media Format
    Runtime 9.5, and Windows Media Format Runtime 11 as affected
    components for Windows XP Service Pack 3. This is a detection
    change only. There were no changes to the binaries. 
 - Originally posted: December 11, 2007
 - Updated: June 10, 2008
 - Bulletin Severity Rating: Critical
 - Version: 2.0
   
* MS06-078 - Critical

 - http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx
 - Reason for Revision: V5.0 (June 10, 2008): Bulletin updated to
    add Microsoft Windows XP Service Pack 3 to the Affected
    Software section for Microsoft Windows Media Format 7.1
    through 9.5 Series Runtime and to the Affected Software
    section for Microsoft Windows Media Player 6.4. This is a
    detection change only. There were no changes to the binaries. 
 - Originally posted: December 12, 2006
 - Updated: June 10, 2008
 - Bulletin Severity Rating: Critical
 - Version: 5.0

Note: There may be latency issues due to replication, if the page does not display keep refreshing
June 10, 2008

Today Microsoft released the following Security Bulletin(s). 

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

June Bulletin Summary

Critical (3)

MS08-030 - Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
MS08-031 - Cumulative Security Update for Internet Explorer (950759)
MS08-033 - Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)

Moderate (1)

MS08-032 - Cumulative Security Update of ActiveX Kill Bits (950760)  

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
 

Microsoft Security Advisory Notification

Issued: June 6, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (953818) 

  - Title: Blended Threat from Combined Attack Using
    Apple's Safari on the Windows Platform
  - http://www.microsoft.com/technet/security/advisory/953818.mspx
  - Revision Note: June 6, 2008: Modified the steps in the
    workaround and added acknowledgment.  

 

Software maker Opera announced on Friday that its browser of the same name will incorporate anti-malware features starting with the next version.

The feature -- to be added in the next version of the browser, Opera 9.5 -- will prevent users from downloading programs from Web pages that purposefully or inadvertently attempt to infected visitors with malicious code. The browser's ability to block known malicious links puts the soon-to-be-released browser on par with its competitors' software -- Microsoft's Internet Explorer 8 and Mozilla's Firefox 3 -- both which have anti-malware features.

http://www.securityfocus.com/brief/750 

The Chinese territory of Hong Kong and the People's Republic of China are home to the largest fraction of malicious Web sites, according to a report published by antivirus company McAfee on Wednesday.

In its report, Mapping the Mal Web Revisited, the company found that the top-level domains with the largest proportion of malicious sites belonged to Hong Kong (.hk) and China (.cn) with the Philippines (.ph) and Romania (.ro) tied for fourth. The company surveyed nearly 10 million heavily-trafficked Web sites around the world and found that 19.2 percent of all Web sites ending in the .hk posed a danger to visitors. Approximately 11 percent of Web sites in mainland China's top-level domain were rated as risky by SiteAdvisor.

http://www.securityfocus.com/brief/749 

Microsoft Security Bulletin Advance Notification for June 2008
Issued: June 5, 2008

This is an advance notification of security bulletins that
Microsoft is intending to release on June 10, 2008.

The full version of the Microsoft Security Bulletin Advance
Notification for June 2008 can be found at
http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx.

This bulletin advance notification will be replaced with the
June bulletin summary on June 10, 2008. For more information
about the bulletin advance notification service, see
http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

Microsoft will host a webcast to address customer questions on
these bulletins on Wednesday, June 11, 2008,
at 11:00 AM Pacific Time (US & Canada). Register for the June
Security Bulletin Webcast at
http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize
monthly security updates with any non-security, high-priority
updates that are being released on the same day as the monthly
security updates. Please see the section, Other Information.

This advance notification provides the software subject as the
bulletin identifier, because the official Microsoft Security
Bulletin numbers are not issued until release. The bulletin summary
that replaces this advance notification will have the proper
Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the
bulletin identifier. The security bulletins for this month are as
follows, in order of severity:

Critical Security Bulletins

Bluetooth Bulletin

  - Affected Software:
    - Windows XP Service Pack 2 and Windows XP Service Pack 3
    - Windows XP Professional x64 Edition and Windows XP
      Professional x64 Edition Service Pack 2
    - Windows Vista and Windows Vista Service Pack 1
    - Windows Vista x64 Edition and Windows Vista x64 Edition
      Service Pack 1

    - Impact: Remote Code Execution
    - Version Number: 1.0

Internet Explorer Bulletin

  - Affected Software:
    - Internet Explorer 5.01 Service Pack 4 on Microsoft Windows
      2000 Service Pack 4
    - Internet Explorer 6 Service Pack 1 when installed on Microsoft
      Windows 2000 Service Pack 4
    - Internet Explorer 6 for Windows XP Service Pack 2 and Windows
      XP Service Pack 3
    - Internet Explorer 6 for Windows XP Professional x64 Edition
      and Windows XP Professional x64 Edition Service Pack 2
    - Internet Explorer 6 for Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Internet Explorer 6 for Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Internet Explorer 6 for Windows Server 2003 with SP1 for
      Itanium-based Systems and Windows Server 2003 with SP2 for
      Itanium-based Systems
    - Internet Explorer 7 for Windows XP Service Pack 2 and Windows
      XP Service Pack 3
    - Internet Explorer 7 for Windows XP Professional x64 Edition
      and Windows XP Professional x64 Edition Service Pack 2
    - Internet Explorer 7 for Windows Server 2003 Service Pack 1 and
       Windows Server 2003 Service Pack 2
    - Internet Explorer 7 for Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Internet Explorer 7 for Windows Server 2003 with SP1 for
      Itanium-based Systems and Windows Server 2003 with SP2 for
      Itanium-based Systems
    - Internet Explorer 7 in Windows Vista and Windows Vista Service
      Pack 1
    - Internet Explorer 7 in Windows Vista x64 Edition and Windows
      Vista x64 Edition Service Pack 1
    - Internet Explorer 7 in Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Internet Explorer 7 in Windows Server 2008 for x64-based
      Systems (Windows Server 2008 Server Core installation affected)
    - Internet Explorer 7 in Windows Server 2008 for Itanium-based
      Systems

    - Impact: Remote Code Execution
    - Version Number: 1.0

DirectX Bulletin

  - Affected Software:
    - DirectX 7.0 on Microsoft Windows 2000 Service Pack 4
    - DirectX 8.1 on Microsoft Windows 2000 Service Pack 4
    - DirectX 9.0, DirectX 9.0b, and DirectX 9.0c on Microsoft
      Windows 2000 Service Pack 4
    - DirectX 9.0, DirectX 9.0b, and DirectX 9.0c on Windows XP
      Service Pack 2 and Windows XP Service Pack 3
    - DirectX 9.0, DirectX 9.0b, and DirectX 9.0c on Windows XP
      Professional x64 Edition and Windows XP Professional x64
      Edition Service Pack 2
    - DirectX 9.0, DirectX 9.0b, and DirectX 9.0c on Windows Server
      2003 Service Pack 1 and Windows Server 2003 Service Pack 2
    - DirectX 9.0, DirectX 9.0b, and DirectX 9.0c on Windows Server
      2003 x64 Edition and Windows Server 2003 x64 Edition Service
      Pack 2
    - DirectX 9.0, DirectX 9.0b, and DirectX 9.0c on Windows Server
      2003 with SP1 for Itanium-based Systems and Windows Server
      2003 with SP2 for Itanium-based Systems
    - DirectX 10.0 on Windows Vista and Windows Vista Service Pack 1
    - DirectX 10.0 on Windows Vista x64 Edition and Windows Vista
      x64 Edition Service Pack 1
    - DirectX 10.0 on Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation not affected)
    - DirectX 10.0 on Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation not affected)
    - DirectX 10.0 on Windows Server 2008 for Itanium-based Systems

    - Impact: Remote Code Execution
    - Version Number: 1.0


Important Security Bulletins

WINS Bulletin

  - Affected Software:
    - Microsoft Windows 2000 Server Service Pack 4
    - Windows Server 2003 Service Pack 1 and Windows Server 2003
      Service Pack 2
    - Windows Server 2003 x64 Edition and Windows Server 2003 x64
      Edition Service Pack 2
    - Windows Server 2003 with SP1 for Itanium-based Systems and
      Windows Server 2003 with SP2 for Itanium-based Systems

    - Impact: Elevation of Privilege
    - Version Number: 1.0

Active Directory Bulletin

  - Affected Software:
    - Active Directory on Microsoft Windows 2000 Server Service Pack
      4
    - ADAM when installed on Windows XP Service Pack 2 and Windows
      XP Service Pack 3
    - ADAM when installed on Windows XP Professional x64 Edition
      and Windows XP Professional x64 Edition Service Pack 2
    - Active Directory on Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - ADAM when installed on Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Active Directory on Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - ADAM when installed on Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Active Directory on Windows Server 2003 with SP1 for Itanium-
      based Systems and Windows Server 2003 with SP2 for Itanium-
      based Systems
    - Active Directory on Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - AD LDS on Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Active Directory on Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)
    - AD LDS on Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)

    - Impact: Denial of Service
    - Version Number: 1.0

PGM Bulletin

  - Affected Software:
    - Windows XP Service Pack 2 and Windows XP Service Pack 3
    - Windows XP Professional x64 Edition and Windows XP
      Professional x64 Edition Service Pack 2
    - Windows Server 2003 Service Pack 1 and Windows Server 2003
      Service Pack 2
    - Windows Server 2003 x64 Edition and Windows Server 2003 x64
      Edition Service Pack 2
    - Windows Server 2003 with SP1 for Itanium-based Systems and
      Windows Server 2003 with SP2 for Itanium-based Systems
    - Windows Vista and Windows Vista Service Pack 1
    - Windows Vista x64 Edition and Windows Vista x64 Edition
      Service Pack 1
    - Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation not affected)
    - Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation not affected)
    - Windows Server 2008 for Itanium-based Systems

    - Impact: Denial of Service
    - Version Number: 1.0


Moderate Security Bulletins

Kill Bit Bulletin

  - Affected Software:
    - Microsoft Windows 2000 Service Pack 4
    - Windows XP Service Pack 2 and Windows XP Service Pack 3
    - Windows XP Professional x64 Edition and Windows XP
      Professional x64 Edition Service Pack 2
    - Windows Server 2003 Service Pack 1 and Windows Server 2003
      Service Pack 2
    - Windows Server 2003 x64 Edition and Windows Server 2003 x64
      Edition Service Pack 2
    - Windows Server 2003 with SP1 for Itanium-based Systems and
      Windows Server 2003 with SP2 for Itanium-based Systems
    - Windows Vista and Windows Vista Service Pack 1
    - Windows Vista x64 Edition and Windows Vista x64 Edition
      Service Pack 1
    - Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)
    - Windows Server 2008 for Itanium-based Systems

    - Impact: Remote Code Execution
    - Version Number: 1.0


Other Information

Microsoft Windows Malicious Software Removal Tool:

Microsoft will release an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Update, Microsoft Update,
Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS:

For information about non-security releases on Windows Update and
Microsoft
update, please see:
* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base
  Article 894199, Description of Software Update Services and
  Windows Server Update Services changes in content for 2008.
  Includes all Windows content.
* http://technet.microsoft.com/en-us/wsus/bb466214.aspx: New,
  Revised, and Released Updates for Microsoft Products Other Than
  Microsoft Windows

Title: Microsoft Security Bulletin Minor Revisions
Issued: June 4, 2008

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

  * MS08-028 - Critical
  * MS08-027 - Critical
  * MS08-015 - Critical
  * MS08-014 - Critical

Bulletin Information:

* MS08-028 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms08-028.mspx
  - Reason for Revision: V1.2 (June 4, 2008): Added a link to
    Microsoft Knowledge Base Article 950749 under Known Issues in
    the Executive Summary. 
  - Originally posted: May 13, 2008
  - Updated: June 4, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.2
   
* MS08-027 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms08-027.mspx
  - Reason for Revision: V1.1 June 4, 2008: Added a link to Microsoft
    Knowledge Base Article 951208 under Known Issues in the
    Executive Summary. 
  - Originally posted: May 13, 2008
  - Updated: June 4, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.1
   
* MS08-015 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms08-015.mspx
  - Reason for Revision: V1.5 (June 4, 2008): Bulletin updated: Added
    entry to Update FAQ to explain why the update may be offered
    even when Affected Software isn't present on the system. 
  - Originally posted: March 11, 2008
  - Updated: June 4, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.5
   
* MS08-014 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms08-014.mspx
  - Reason for Revision: V3.2 (June 4, 2008): Bulletin updated: Added
    entry to Update FAQ to explain why the update may be offered
    even when Affected Software isn't present on the system. 
  - Originally posted: March 11, 2008
  - Updated: June 4, 2008
  - Bulletin Severity Rating: Critical
  - Version: 3.2
 

Apple released its Security Configuration Guide for Mac OS X 10.5 "Leopard" on Monday, a 240-page document that describes ways for sophisticated Mac users to further secure their systems.

The manual includes an overview of the Mac OS X's security architecture and advice on hardening the operating system against external attackers as well as locking down the system to protect against unauthorized access by people with physical access to the system. The instructions make extensive use of the command line, and Apple warns readers that only technically-adept users should use the guide.

http://www.securityfocus.com/brief/747 

The Planet.com Internet Services Inc. hopes to have all 9,000 of its servers in its Houston data center back online later tonight following a blast that shut down the facility on Saturday afternoon.

When firefighters arrived at around 5 p.m., they could see "light smoke" at the Planet data center -- the aftermath of an explosion in a network gear room that produced enough force to move walls. Sprinklers quickly doused whatever flames erupted; the fire was attributed to an electrical problem with a transformer, according to a Houston Fire Department spokeswoman. There were no injuries.

Story at computerworld.com 

VMware has released a security advisory indicating that updates are available for VMware Workstation, VMware Player, VMware ACE, and VMware Fusion. These updates address multiple vulnerabilities that may allow an attacker to execute arbitrary code in the context of the "vmx" process on the host system or to bypass security restrictions.

US-CERT encourages users to review VMware Security Advisory VMSA-2008-0008 and apply any necessary updates.

http://www.us-cert.gov/current/index.html#vmware_releases_security_advisory 

Google has fixed security vulnerabilities related to its Grand Central telecom service and its Google.com Web site, the company said Monday.

Google fixed a cross-site scripting vulnerability on the log-in page for Grand Central, a service that allows people to have numerous phone numbers ring on one phone and have a unified voice mail.

A cross-site script is a vulnerability found increasingly in Web applications in which malicious code can be injected into Web pages that could be used to attack or compromise visitors to the site.

"This issue was reported to us (and everyone else) this morning, and we closed it shortly after being notified," a Google spokesman said.

Continues at news.cnet.com