DP's Security Bits

Title: Microsoft Security Bulletin Minor Revisions - July 18, 2008

Don — Sat, 19 Jul 2008 09:00:00 GMT

Issued: July 18, 2008

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-040 - Important

Bulletin Information:

* MS08-040 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
- Reason for Revision: V1.4 (July 18, 2008): Corrected the list of
    valid product instance names in the Microsoft SQL Server 2000
    Desktop Engine (WMSDE) subsection under the Security Update
    Information section. Also added entry to the Frequently Asked
    Questions (FAQ) Related to This Security Update to
    communicate a detection change in the way that Windows Server
    Update Services (WSUS) offers the update for Microsoft SQL
    Server 2000 Desktop Engine (WMSDE).
- Originally posted: July 8, 2008
- Updated: July 18, 2008
- Bulletin Severity Rating: Important
- Version: 1.4

Microsoft Security Bulletin Major Revisions - July 10, 2008

Don — Fri, 11 Jul 2008 06:08:00 GMT

Issued: July 10, 2008

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS08-037 - Important

Bulletin Information:

* MS08-037 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
- Reason for Revision: V2.0 (July 10, 2008): Bulletin revised to
    inform users of ZoneAlarm and Check Point Endpoint Security
    of an Internet connectivity issue detailed in the section,
    Frequently Asked Questions (FAQ) Related to this Security
    Update. The revision did not change the security update files
    in this bulletin, but users of ZoneAlarm and Check Point
    Endpoint Security should read the FAQ entries for guidance.
- Originally posted: July 8, 2008
- Updated: July 10, 2008
- Bulletin Severity Rating: Important
- Version: 2.0

Sun Releases Updates for Java SE

Don — Thu, 10 Jul 2008 20:17:00 GMT

Sun has released updates for Java SE. These updates address multiple vulnerabilities in Java Runtime Environment (JRE), Java Web Start, Java Management Extensions (JMX), JDK, and Java Runtime Environment Virtual Machine. These vulnerabilities may allow a remote attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information or cause a denial-of-service condition.

US-CERT encourages users to review the following Sun Alerts and apply any necessary updates:

Sun Alert 238628 - Security Vulnerabilities in the Java Runtime Environment related to the processing of XML Data

Sun Alert 238666 - A Security Vulnerability with the processing of fonts in the Java Runtime Environment may allow Elevation of Privileges

Sun Alert 238687 - Security Vulnerabilities in the Java Runtime Environment Scripting Language Support

Sun Alert 238905 - Multiple Security Vulnerabilities in Java Web Start may allow Privileges to be Elevated

Sun Alert 238965 - Security Vulnerability in Java Management Extensions (JMX)

Sun Alert 238966 - Security Vulnerability in JDK/JRE Secure Static Versioning

Sun Alert 238967 - Security Vulnerability in the Java Runtime Environment Virtual Machine may allow an untrusted Application or Applet to Elevate Privileges

Sun Alert 238968 - Security Vulnerabilities in the Java Runtime Environment may allow Same Origin Policy to be Bypassed

US-CERT will provide additional information as it becomes available.

http://www.us-cert.gov/current/index.html#sun_releases_updates_for_java

Microsoft Security Advisory Notification - July 9, 2008

Don — Wed, 09 Jul 2008 22:02:00 GMT

Issued: July 9, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (954960)
- Title: Microsoft Windows Server Update Services
(WSUS) Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954960.mspx
- Revision Note: July 9, 2008: Advisory updated to reflect
availability of fix.

Microsoft Security Bulletin Minor Revisions - July 9, 2008

Don — Wed, 09 Jul 2008 20:33:00 GMT

Issued: July 9, 2008

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS08-040 - Important
* MS08-039 - Important

Bulletin Information:

* MS08-040 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
- Reason for Revision: V1.1 (July 9, 2008): Removed erroneous
    references to SQL Server 2005 Service Pack 1 in the MBSA and
    SMS Detection and Deployment tables. Also clarified
    permissions requirements for vulnerability mitigating factors.
- Originally posted: July 8, 2008
- Updated: July 9, 2008
- Bulletin Severity Rating: Important
- Version: 1.1

* MS08-039 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-039.mspx
- Reason for Revision: V1.1 (July 9, 2008): Changed the information
    reference link for OWA Premium in the Mitigating Factors
    sections for both vulnerabilities.
- Originally posted: July 8, 2008
- Updated: July 9, 2008
- Bulletin Severity Rating: Important
- Version: 1.1

DNS Implementations Vulnerable to Cache Poisoning

Don — Wed, 09 Jul 2008 09:07:00 GMT

US-CERT is aware of deficiencies in the DNS protocol. Implementations of this protocol may leave the affected system vulnerable to DNS cache poisoning attacks. If an attacker can successfully conduct a cache poisoning attack, they may be able to cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. This may allow an attacker to obtain sensitive information or mislead users into believing they are visiting a legitimate website.

US-CERT encourages users to review "VU#800113 - Multiple DNS implementations vulnerable to cache poisoning" and apply any necessary solutions listed in that document to help mitigate the risks.

US-CERT will provide additional information as it becomes available.

http://www.us-cert.gov/current/index.html#dns_implementations_vulnerable_to_cache

Microsoft Security Advisory Notification - July 8, 2008

Don — Wed, 09 Jul 2008 03:19:00 GMT

Issued: July 8, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (953635)
- Title: Vulnerability in Microsoft Word Could Allow
Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/953635.mspx
- Revision Note: Advisory published.

Microsoft Security Bulletin(s) for July 8, 2008

Don — Tue, 08 Jul 2008 16:52:00 GMT

Note: There may be latency issues due to replication, if the page does not display keep refreshing
July 8, 2008

Today Microsoft released the following Security Bulletin(s).

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

July Bulletin Summary

Important (4)

MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
MS08-038 - Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
MS08-037 - Vulnerabilities in DNS Could Allow Spoofing (953230)
MS08-039 - Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)

This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.

Microsoft Security Advisory Notification - July 7, 2008

Don — Mon, 07 Jul 2008 18:19:00 GMT

Issued: July 7, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (955179)
- Title: Vulnerability in the ActiveX Control for the
Snapshot Viewer for Microsoft Access Could Allow Remote Code
Execution
- http://www.microsoft.com/technet/security/advisory/955179.mspx
- Revision Note: Advisory published.

Microsoft Security Bulletin Advance Notification for July 2008

Don — Thu, 03 Jul 2008 19:03:00 GMT

Issued: July 3, 2008

This is an advance notification of security bulletins that
Microsoft is intending to release on July 8, 2008.

The full version of the Microsoft Security Bulletin Advance
Notification for July 2008 can be found at
http://www.microsoft.com/technet/security/bulletin/ms08-jul.mspx.

This bulletin advance notification will be replaced with the
July bulletin summary on July 8, 2008. For more information
about the bulletin advance notification service, see
http://www.microsoft.com/technet/security/Bulletin/advance.mspx.

To receive automatic notifications whenever
Microsoft Security Bulletins are issued, subscribe to Microsoft
Technical Security Notifications on
http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft will host a webcast to address customer questions on
these bulletins on Wednesday, July 9, 2008,
at 11:00 AM Pacific Time (US & Canada). Register for the July
Security Bulletin Webcast at
http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize
monthly security updates with any non-security, high-priority
updates that are being released on the same day as the monthly
security updates. Please see the section, Other Information.

This advance notification provides the software subject as the
bulletin identifier, because the official Microsoft Security
Bulletin numbers are not issued until release. The bulletin summary
that replaces this advance notification will have the proper
Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the
bulletin identifier. The security bulletins for this month are as
follows, in order of severity:

Important Security Bulletins

SQL Bulletin

- Affected Software:
    - Microsoft SQL Server 2000 Desktop Engine (WMSDE) on
      Microsoft Windows 2000 Service Pack 4
    - Microsoft SQL Server 2000 Desktop Engine (WMSDE) on
      Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Windows Internal Database (WYukon) Service Pack 2 on
      Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Microsoft SQL Server 2000 Desktop Engine (WMSDE) on
      Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Windows Internal Database (WYukon) x64 Edition Service Pack 2
      on Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Windows Internal Database (WYukon) Service Pack 2
      on Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Windows Internal Database (WYukon) x64 Edition Service Pack 2
      on Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)
    - GDR update for SQL Server 7.0 Service Pack 4
    - QFE update for SQL Server 7.0 Service Pack 4
    - GDR update for SQL Server 2000 Service Pack 4
    - QFE update for SQL Server 2000 Service Pack 4
    - GDR update for SQL Server 2000
      Itanium-based Edition Service Pack 4
    - QFE update for SQL Server 2000
      Itanium-based Edition Service Pack 4
    - GDR update for SQL Server 2005 Service Pack 2
    - QFE update for SQL Server 2005 Service Pack 2
    - GDR update for SQL Server 2005 x64 Edition Service Pack 2
    - QFE update for SQL Server 2005 x64 Edition Service Pack 2
    - GDR update for SQL Server 2005 with SP2 for
      Itanium-based Systems
    - QFE update for SQL Server 2005 with SP2 for
      Itanium-based Systems
    - GDR update for Microsoft Data Engine (MSDE) 1.0 Service Pack 4
    - QFE update for Microsoft Data Engine (MSDE) 1.0 Service Pack 4
    - GDR update for Microsoft SQL Server 2000
      Desktop Engine (MSDE 2000) Service Pack 4
    - QFE update for Microsoft SQL Server 2000
      Desktop Engine (MSDE 2000) Service Pack 4
    - GDR update for Microsoft SQL Server 2005
      Express Edition Service Pack 2
    - QFE update for Microsoft SQL Server 2005
      Express Edition Service Pack 2
    - GDR update for Microsoft SQL Server 2005
      Express Edition with Advanced Services Service Pack 2
    - QFE update for Microsoft SQL Server 2005
      Express Edition with Advanced Services Service Pack 2

    - Impact: Elevation of Privilege
    - Version Number: 1.0

Windows Bulletin 1

- Affected Software:
    - Windows Vista and
      Windows Vista Service Pack 1
    - Windows Vista x64 Edition and
      Windows Vista x64 Edition Service Pack 1
    - Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)
    - Windows Server 2008 for Itanium-based Systems

    - Impact: Remote Code Execution
    - Version Number: 1.0

Windows Bulletin 2

- Affected Software:
    - Client update for Microsoft Windows 2000 Service Pack 4
    - Server update for Microsoft Windows 2000 Service Pack 4
    - Client update for Windows XP Service Pack 2 and
      Windows XP Service Pack 3
    - Client update for Windows XP Professional x64 Edition and
      Windows XP Professional x64 Edition Service Pack 2
    - Client update for Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Server update for Windows Server 2003 Service Pack 1 and
      Windows Server 2003 Service Pack 2
    - Client update for Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Server update for Windows Server 2003 x64 Edition and
      Windows Server 2003 x64 Edition Service Pack 2
    - Client update for Windows Server 2003 with SP1 for
      Itanium-based Systems and
      Windows Server 2003 with SP2 for Itanium-based Systems
    - Server update for Windows Server 2003 with SP1 for
      Itanium-based Systems and
      Windows Server 2003 with SP2 for Itanium-based Systems
    - Server update for Windows Server 2008 for 32-bit Systems
      (Windows Server 2008 Server Core installation affected)
    - Server update for Windows Server 2008 for x64-based Systems
      (Windows Server 2008 Server Core installation affected)

    - Impact: Spoofing
    - Version Number: 1.0

Exchange Server Bulletin

- Affected Software:
    - Microsoft Exchange Server 2003 Service Pack 2
    - Microsoft Exchange Server 2007
    - Microsoft Exchange Server 2007 Service Pack 1

    - Impact: Elevation of Privilege
    - Version Number: 1.0

Other Information

Microsoft Windows Malicious Software Removal Tool:

Microsoft will release an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Update, Microsoft Update,
Windows Server Update Services, and the Download Center.

Non-Security, High-Priority Updates on MU, WU, and WSUS:

For information about non-security releases on Windows Update and
Microsoft
update, please see:
* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base
Article 894199, Description of Software Update Services and
Windows Server Update Services changes in content for 2008.
Includes all Windows content.
* http://technet.microsoft.com/en-us/wsus/bb466214.aspx: New,
Revised, and Released Updates for Microsoft Products Other Than
Microsoft Windows

Microsoft Security Advisory Notification - July 2, 2008

Don — Thu, 03 Jul 2008 04:55:00 GMT

Issued: July 2, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (953818)
- Title: Blended Threat from Combined Attack Using
Apple's Safari on the Windows Platform
- http://www.microsoft.com/technet/security/advisory/953818.mspx
- Revision Note: July 2, 2008: Updated the Suggested Actions.

Firefox 2.0.0.15 Released

Don — Wed, 02 Jul 2008 10:57:00 GMT

Known Vulnerabilities Fixed in Firefox 2.0.0.15:

MFSA 2008-33 Crash and remote code execution in block reflow
MFSA 2008-32 Remote site run as local file via Windows URL shortcut
MFSA 2008-31 Peer-trusted certs can use alt names to spoof
MFSA 2008-30 File location URL in directory listings not escaped properly
MFSA 2008-29 Faulty .properties file results in uninitialized memory being used
MFSA 2008-28 Arbitrary socket connections with Java LiveConnect on Mac OS X
MFSA 2008-27 Arbitrary file upload via originalTarget and DOM Range
MFSA 2008-25 Arbitrary code execution in mozIJSSubScriptLoader.loadSubScript()
MFSA 2008-24 Chrome script loading from fastload file
MFSA 2008-23 Signed JAR tampering
MFSA 2008-22 XSS through JavaScript same-origin violation
MFSA 2008-21 Crashes with evidence of memory corruption (rv:1.8.1.15)

http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15

Apple closes holes in Mac OS X, Safari

Don — Wed, 02 Jul 2008 09:51:00 GMT

Apple plugged 25 security holes in components of its Mac OS X operating system on Monday, closing remote execution vulnerabilities in its Safari Web browser and the Ruby Web programming language.

The software patch -- the fourth this year for Apple's Mac OS X -- also fixed flaws in the open-source Apache Tomcat Java server, Apple's VPN client, the operating system's screen lock, and the handling of potentially unsafe types of content. While the open-source Apache Tomcat server racked up the most vulnerabilities, the most severe issues affect the Ruby Web programming language, WebKit library for Safari, and Mac OS X core library functions.

http://www.securityfocus.com/brief/767

Microsoft Security Advisory Notification - June 30, 2008

Don — Mon, 30 Jun 2008 22:01:00 GMT

Issued: June 30, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (954960)
- Title: Microsoft Windows Server Update Services
(WSUS) Blocked from Deploying Security Updates
- http://www.microsoft.com/technet/security/advisory/954960.mspx
- Revision Note: Advsiory published.

Onslaught of fake Microsoft patch spam

Don — Mon, 30 Jun 2008 21:13:00 GMT

Websense® Security Labs™ ThreatSeeker™ Network has discovered a substantial number of spam messages utilizing a reliable social engineering trick that lures users to download a Microsoft critical security update.

Details ...

Malware morphs to greater numbers

Don — Wed, 25 Jun 2008 20:37:00 GMT

The number of signatures required to detect malicious code skyrocketed in the first half of 2008, increasing by 80 percent since the end of 2007, according to data released by antivirus firm F-Secure on Tuesday.

The data -- part of the F-Secure's IT Security Threat Summary -- showed that the company currently requires nearly 900,000 different signatures, also referred to as "definitions" or "detections," in its product to catch current threats, up from 500,000 signatures at the end of 2007.

http://www.securityfocus.com/brief/763

Microsoft Security Advisory Notification - June 24, 2008

Don — Wed, 25 Jun 2008 17:03:00 GMT

Issued: June 24, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (954462)
- Title: Rise in SQL Injection Attacks Exploiting
Unverified User Data Input
- http://www.microsoft.com/technet/security/advisory/954462.mspx
- Revision Note: Advisory published.

Microsoft Security Bulletin Revisions - June 24, 2008

Don — Tue, 24 Jun 2008 21:53:00 GMT

Issued: June 24, 2008

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS07-042 - Critical

Bulletin Information:

* MS07-042 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx
- Reason for Revision: V4.0 (June 24, 2008): Bulletin updated:
    Added Windows XP Service Pack 3, Windows Vista Service Pack
    1, Windows Vista x64 Edition Service Pack 1, Windows Server
    2008 for 32-bit Systems, Windows Server 2008 for x64-based
    Systems, and Windows Server 2008 for Itanium-based Systems as
    affected software. This is a detection update only. There
    were no changes to the binaries.
- Originally posted: August 14, 2007
- Updated: June 24, 2008
- Bulletin Severity Rating: Critical
- Version: 4.0

Microsoft Security Advisory Notification - June 20, 2008

Don — Sat, 21 Jun 2008 16:33:00 GMT

Issued: June 20, 2008

Security Advisories Updated or Released Today

* Microsoft Security Advisory (953818)
- Title: Blended Threat from Combined Attack Using
Apple's Safari on the Windows Platform
- http://www.microsoft.com/technet/security/advisory/953818.mspx
- Revision Note: June 20, 2008: Advisory updated to provide
link to related Apple security advisory.

New Phishing/Storm Worm Variant Spreading

Don — Fri, 20 Jun 2008 10:32:00 GMT

US-CERT has received reports of new phishing activity, some of which has been linked to Storm Worm. The latest activity is centered around messages related to the recent earthquake in China and the upcoming Olympic Games. This Trojan is spread via an unsolicited email message that contains a link to a malicious website. This website contains a video that, when opened, may run the executable file "beijing.exe" to infect the user's system with malicious code.

Reports, including a posting by Symantec, indicate that the following subject lines are being used. Please note that subject lines can change at any time.

The most powerful quake hits China

Countless victims of earthquake in China

Death toll in China is growing

Recent earthquake in china took a heavy toll

Recent china earthquake kills million

China is paralyzed by new earthquake

Death toll in China exceeds 1000000

A new powerful disaster in China

A new deadly catastrophe in China

2008 Olympic Games are under the threat

China's most deadly earthquake

US-CERT encourages users and administrators to take the following preventative measures to mitgate the security risks:

Install anti-virus software, and keep its virus signature files up-to-date.

Do not follow unsolicited web links received in email messages.

Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.

Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

US-CERT reminds users to beware of future phishing attacks that may target natural disasters and the Olympic Games.

http://www.us-cert.gov/current/index.html#new_storm_worm_variant_spreads2