DP's Security Bits

Issued: January 27, 2010

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS10-002 - Critical
* MS09-073 - Important


Bulletin Information:

* MS10-002 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
- Reason for Revision: V1.1 (January 27, 2010): Corrected a log
file entry in the Reference table for Internet Explorer 5.01
Service Pack 4 on all supported editions of Windows 2000.
- Originally posted: January 21, 2010
- Updated: January 27, 2010
- Bulletin Severity Rating: Critical
- Version: 1.1

* MS09-073 - Important

- http://www.microsoft.com/technet/security/bulletin/ms09-073.mspx
- Reason for Revision: V2.1 (January 27, 2010): Corrected erroneous
entries in the Executive Summary, Update FAQ, and
Vulnerability FAQ to clarify that the Microsoft Office XP
Service Pack 3 (KB975008) and Microsoft Office 2003 Service
Pack 3 (KB975051) update packages do not apply to Microsoft
Office Word but only to text converters used by other
Microsoft Office applications in order to read Word files.
This is an informational change only.
- Originally posted: December 8, 2009
- Updated: January 27, 2010
- Bulletin Severity Rating: Important
- Version: 2.1

Google has released Chrome 4.0.249.78 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or cause a denial-of-service condition.

See Google Chrome Release for additional information

Issued: January 22, 2010

Security Advisories Updated or Released Today

* Microsoft Security Advisory (979682)
- Title: Vulnerability in Windows Kernel Could Allow
Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/979682.mspx
- Revision Note: V1.1 (January 22, 2010): Added links to
Microsoft Knowledge Base Article 979682 in the Issue
References table and Additional Suggestion Actions section.
Added a link to Microsoft Knowledge Base Article 979682 to
provide an automated Microsoft Fix it solution for the
workaround, Disable the NTVDM subsystem.

Register Online

Published: January 12, 2010 | Updated: January 21, 2010

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···jan.mspx

Critical (2)

Microsoft Security Bulletin MS10-001
Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
»www.microsoft.com/technet/securi···001.mspx

Microsoft Security Bulletin MS10-002
Cumulative Security Update for Internet Explorer (978207)
»www.microsoft.com/technet/securi···002.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

.

Issued: January 20, 2010

Security Advisories Updated or Released Today

* Microsoft Security Advisory (979682)
- Title: Vulnerability in Windows Kernel Could Allow
Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/979682.mspx
- Revision Note: V1.0 (January 20, 2010): Advisory published.

* Microsoft Security Advisory (979352)
- Title: Vulnerability in Internet Explorer Could
Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/979352.mspx
- Revision Note: V1.2 (January 20, 2010): Revised Executive
Summary to reflect the changing nature of attacks attempting
to exploit the vulnerability. Clarified information in the
Mitigating Factors section for Data Execution Prevention
(DEP) and Microsoft Outlook, Outlook Express, and Windows
Mail. Clarified several Frequently Asked Questions to provide
further details about the vulnerability and ways to limit the
possibility of exploitation. Added "Enable or disable
ActiveX controls in Office 2007" and "Do not open unexpected
files" to the Workarounds section.

Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing MS10-002 tomorrow, January 21^st, 2010. We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible.  This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical. It addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized. We recommend that customers install the update as soon as it is available.  For customers using automatic updates, this update will automatically be applied once it is released.

Today we also updated Security Advisory 979352 to include technical details addressing additional customer questions.

The updated Security Advisory includes guidance in relation to reports of proof of concept (POC) code that bypasses Data Encryption Prevention (DEP) and additional information on the exploitability of, and mitigations and workarounds for, Microsoft products that use mshtml.dll.

Based on our comprehensive monitoring of the threat landscape, we continue to see only limited attacks. To date, the only successful attacks that we are aware of have been against Internet Explorer 6.

We continue to recommend that customers update to Internet Explorer 8 to benefit from the improved security protection it offers.

Full Advance Notification

We wanted to provide a quick update on the threat landscape and announce that we will release a security update out-of-band to help protect customers from this vulnerability.

Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted attacks.  To date, the only successful attacks that we are aware of have been against Internet Explorer 6.  We continue to recommend customers upgrade to Internet Explorer 8 to benefit from the improved security protection it offers.  We also recommend customers consider deploying the workarounds and mitigations provided in  Security Advisory 979352.

Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability.

We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an update out-of-band update is the right decision at this time.  We will provide the specific timing of the release tomorrow.

As always, we’re continuing to investigate this situation, so customers should look for the latest updates here on the Microsoft Security Response Center blog.

Thank you,

George Stathakopoulos
General Manager
Trustworthy Computing Security

*This posting is provided "AS IS" with no warranties, and confers no rights*

http://blogs.technet.com/msrc/archive/2010/01/19/security-advisory-979352-going-out-of-band.aspx

Issued: January 13, 2010

Summary

The following bulletin has undergone a major revision increment.

* MS09-073 - Important

Bulletin Information:

* MS09-073 - Important

- http://www.microsoft.com/technet/security/bulletin/ms09-073.mspx
- Reason for Revision: V2.0 (January 13, 2010): Renamed the update
packages formerly listed as Microsoft Office Word 2002
Service Pack 3 (KB975008) and Microsoft Office Word 2003
Service Pack 3 (KB975051) to Microsoft Office XP Service Pack
3 (KB975008) and Microsoft Office 2003 Service Pack 3
(KB975051), respectively. Added an Update FAQ to explain this
bulletin-only change. There were no changes to the detection
logic or the update files. Customers who have already
successfully updated their systems do not need to take any action.
- Originally posted: December 8, 2009
- Updated: January 13, 2010
- Bulletin Severity Rating: Important
- Version: 2.0

Oracle has released its Critical Patch Update for January 2010 to address 24 vulnerabilities across several products. This update contains the following security fixes:

• 10 for Oracle Database
• 3 for Oracle Application Server
• 3 for the Oracle Applications Suite
• 1 for PeopleSoft and JD Edwards Suite
• 5 for the BEA Products Suite
• 2 for the Oracle Primavera Products Suite

US-CERT encourages users and administrators to review the January 2010 Critical Patch Update and apply any necessary updates to help mitigate the risks. Additional information can be found in US-CERT Technical Cyber Security Alert TA10-012A

Microsoft is aware of reports of vulnerabilities in Adobe Flash Player 6 provided in Windows XP. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time but recommend that users install the latest version of Flash Player provided by Adobe.

The Adobe Flash Player 6 was provided with Windows XP and contains multiple vulnerabilities that could allow remote code execution if a user views a specially crafted Web page. Adobe has addressed these vulnerabilities in newer versions of Adobe Flash Player. Microsoft recommends that users of Windows XP with Adobe Flash Player 6 installed update to the most current version of Flash Player available from Adobe.

Microsoft Security Advisory (979267)

Issued: January 12, 2010

Summary

The following bulletin has undergone a major revision increment.

* MS09-035 - Moderate

Bulletin Information:

* MS09-035 - Moderate

- http://www.microsoft.com/technet/security/bulletin/ms09-035.mspx
- Reason for Revision: V3.0 (January 12, 2010): Rereleased this
bulletin to add Windows Embedded CE 6.0 to affected software.
The new update for Windows Embedded CE 6.0 (KB974616) is
available from the Microsoft Download Center only. Customers
using the Windows Embedded CE 6.0 platform should consider
applying the update. No other update packages are affected by
this rerelease.
- Originally posted: July 28, 2009
- Updated: January 12, 2010
- Bulletin Severity Rating: Moderate
- Version: 3.0

Register Online

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···jan.mspx

Critical (1)

Microsoft Security Bulletin MS10-001
Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
»www.microsoft.com/technet/securi···001.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

.

VMware has released Security Advisory VMSA-2010-0001 to address multiple vulnerabilities in ESX Service Console packages for Network Security Services (NSS) and NetScape Portable Runtime (NSPR). Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a denial-of-service condition, bypass security restrictions, and compromise a vulnerable system.

Additionally, VMware has updated two previously released advisories: VMSA-2009-0014.2 that addresses vulnerabilities in the DHCP, Service Console Kernel, and Java JRE packages for ESX, and VMSA-2009-0004.3 that addresses vulnerabilities in the OpenSSL, BIND, and Vim packages for ESX.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2010-0001, VMSA-2009-0014.2, and VMSA-2009-0004.3 and apply any necessary updates to help mitigate the risks.

Source: US-CERT

Websense Security Labs™ ThreatSeeker™ Network has detected that search results on office.microsoft.com can lead users to a Rogue AV page.

Users looking for information related to help with Office products on Microsoft’s own site are being targeted. Users may be unaware that, when they type in search queries on the site, Microsoft scours its own Web site for results, but also pulls in results from the broader Web. As the URL for the search results begins with http://office.microsoft.com, this is particularly troubling for users who trust sites simply because of their reputation.

The malicious URL is a redirect to a very real-looking virus scan and warning page presented by a Rogue AV program (SHA1: 6489c54e30af18801a9e83a5855fa639f3bae0b8). The executable used in the exploit is currently recognized by 1 of the 41 AV engines on Virus Total.

Alert Details

Release date: January 7, 2010

Vulnerability identifier: APSB10-02

Platform: All

Summary

Adobe is planning to release an update for Adobe Reader 9.2 and Acrobat 9.2, and Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh, and Adobe Reader 9.2 for UNIX, to resolve critical security issues. Adobe expects to make this quarterly update available on January 12, 2010.

Among other issues, this update will resolve a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier (CVE-2009-4324) on Windows, Macintosh and UNIX. There are reports that this issue is being actively exploited in the wild; the exploit targets Adobe Reader and Acrobat 9.2 on Windows platforms. Please see the related APSA09-07 Security Advisory for mitigation guidance until a patch is available on January 12, 2010.

Full Advisory

Microsoft Security Bulletin Advance Notification issued: January 7, 2010

This is an advance notification of security bulletins that Microsoft is intending to release on January 12, 2010.

Microsoft is planning to release 1 Critical update for Microsoft Windows

http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx

What’s New in Firefox 3.5.7

Firefox 3.5.7 fixes the following issues:

* Fixed a common stability issue.
* Fixed a problem with how updates were being presented to users.

Get it here

Websense Security Labs™ ThreatSeeker™ Network has discovered several spam messages on Facebook that trick the user into visiting BINSSERVICESONLINE(dot)INFO. When the link in the message is clicked, the Web site redirects the user to an online scam site similar to the one we published in the blog Google Scam Kits in mid-December. The use of Facebook to distribute links that lead to Google scam kits is fairly new, and is sure to trick some users into buying the kits.

Alert Details