MVP Jubo Security Blog : Security Advisory

Microsoft Security Advisory (973472)

jubo — Mon, 13 Jul 2009 16:00:00 GMT

Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

For more information see Microsoft TechNet

Possible vulnerability in Microsoft Office Word 2002 Service Pack 3

jubo — Wed, 09 Jul 2008 08:48:03 GMT

Microsoft released an advisory for a Office Word 2002 SP3 vulnerability.

Investigation indicates that customers who use all other supported versions of Microsoft Office Word, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and Microsoft Office for Mac are not affected.

At this time, Microsoft is aware of limited, targeted attacks that attempt to use this vulnerability. While Microsoft Office Word 2000 does not appear vulnerable to this issue, Word 2000 may unexpectedly exit when opening a specially crafted .doc file that the attacker is using in an attempt to exploit the vulnerability.

More information: Microsoft Security Advisory (953635) and MSRC Blog.

Snapshot Viewer MS Access ActiveX Control Vulnerability

jubo — Tue, 08 Jul 2008 07:00:46 GMT

Microsoft has released an advisory for a MS Access remote code-execution vulnerability. The flaw lies in the Microsoft Snapshot Viewer ActiveX control, "snapview.ocx", which may allow remote code-execution attacks. This affects Office Access 2000, Office Access 2002 and Office Access 2003.

An attacker could exploit this vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.

There's no patch available yet, but there are manual workarounds. For more information see Microsoft's Security Advisory (955179) and MSRC Blog.

Apple's Safari on Windows Platform Threat

jubo — Mon, 02 Jun 2008 08:13:43 GMT

Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory.

More information: Microsoft Security Advisory (953818) and MSRC's blog: Security Advisory 953818 Posted.

Microsoft Security Advisory (951306)

jubo — Sat, 19 Apr 2008 09:01:51 GMT

Vulnerability in Windows Could Allow Elevation of Privilege
Published: April 17, 2008

Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008.

Source: TechNet

Microsoft Security Advisory (947563)

jubo — Mon, 21 Jan 2008 07:25:22 GMT

Vulnerability in Microsoft Excel Could Allow Remote Code Execution

Published: January 15, 2008 | Updated: January 16, 2008

Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for Mac. At this time, Microsoft's initial investigation indicates that customers who are using Microsoft Office Excel 2007 or Microsoft Excel 2008 for Mac, or who have installed Microsoft Office Excel 2003 Service Pack 3 are not affected by this vulnerability.

See advisory at: TechNet

Check for the latest Office software at: Microsoft Office Update

Or: Microsoft Update

Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution

jubo — Fri, 13 Apr 2007 11:34:00 GMT

Microsoft Security Advisory (935964)

Microsoft is investigating new public reports of a limited attack exploiting a vulnerability in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista are not affected as these versions do not contain the vulnerable code.

Microsoft’s initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the Domain Name System Server Service, which by default runs as Local SYSTEM.

Related Software:

Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2

CVE Reference: CVE-2007-1748.

Microsoft Knowledge Base Article: 935964.

Vulnerability in Windows Animated Cursor Handling

jubo — Sat, 31 Mar 2007 07:16:00 GMT

A few days ago Microsoft posted Security Advisory (935423). Microsoft is investigating new public reports of attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.

Mitigating Factors for Animated Cursor Vulnerability:

if you are using Internet Explorer 7 on Windows Vista you are protected from currently known web based attacks due to Internet Explorer 7.0 protected mode.
If you are reading email in Outlook 2007 you are protected regardless of if you are reading the mail as plain text or not.
If you are reading email using Windows Mail on Vista you are protected as long are not forwarding or replying to the attackers email.
Regardless of if you are reading your mail in plain text on Outlook Express you are not protected.

For more detailed information see: Microsoft Security Advisory (935423).

MSRC Blog: Microsoft Security Advisory 935423 Posted
MSRC Blog: Update on Microsoft Security Advisory 935423

Microsoft Security Bulletin Advance Notification for March 2007

jubo — Thu, 08 Mar 2007 19:59:00 GMT

Somehow good news... no Microsoft Security Updates for this month:

On March 13, 2007 Microsoft is planning to release:

Security Updates

No new Microsoft Security Bulletins will be released on March 13, 2007.

Microsoft Windows Malicious Software Removal Tool

Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

Non-security High Priority updates on MU, WU, WSUS and SUS

Microsoft will release two non-security high-priority updates for Windows on Windows Update (WU) and Software Update Services (SUS).
Microsoft will release four non-security high-priority updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Source: TechNet.

No matter what, there will be enough work on "my" computers on the other side of the pond the next few weeks...

Microsoft Security Advisory 933052 published

jubo — Thu, 15 Feb 2007 20:11:00 GMT

Microsoft is investigating new public reports of very limited, targeted attacks against Microsoft Word “zero-day” using a vulnerability in Microsoft Office 2000 and Microsoft Office XP.

In order for this attack to be carried out, a user must first open a malicious Office file attached to an e-mail or otherwise provided to them by an attacker.

More information: TechNet, MSRC Blog and SSIRP.

Microsoft Excel “zero-day” exploit

jubo — Sat, 03 Feb 2007 18:57:00 GMT

Microsoft has released a Security Advisory regarding a Microsoft Excel “zero-day” attacks using a vulnerability in Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Mac. It involves an issue currently being exploited using Excel documents. But can affect all other Office documents.

In order for this attack to be carried out, a user must first open a malicious Office document file attached to an email or otherwise provided to them by an attacker. So don't open any Office document in an email from people you don't know. Keep your antivirus protection updated. If you're not sure you can always do an online scan at the Windows Live OneCare safety scanner.

Source: Microsoft Security Advisory (932553).
See also: Microsoft Security Response Center Security Blog.

Vulnerability in PowerPoint

jubo — Fri, 29 Sep 2006 10:50:00 GMT

On September 27th, Microsoft released the following Security Advisory:

925984 Vulnerability in PowerPoint Could Allow Remote Code Execution.

Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in the following Microsoft products:

PowerPoint 2000
PowerPoint 2002
PowerPoint 2003
PowerPoint 2004 for Mac
PowerPoint v. X for Mac

In order for this attack to be carried out, a user must first open a malicious PowerPoint file attached to an e-mail or otherwise provided to them by an attacker.

Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability.

A workaround for this vulnerability is to use PowerPoint Viewer 2003 to open and view files. PowerPoint Viewer 2003 does not contain the vulnerable code and is not susceptible to this attack. To download the PowerPoint Viewer 2003 for free, visit the following website.

Source: Microsoft Security Advisory (925984)