DarkFiber Consulting – IT Managed Services

Microsoft Releases Security Advisory 979352

January 27th, 2010 . by DarkFiber Consulting

Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitation of this vulnerability.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 979352 and apply the suggested workaround of setting the Internet zone security setting to High to help mitigate the risks.

Additional information about this vulnerability can be found in Vulnerability Note VU#492515.

Microsoft Releases Security Advisory 977981

December 10th, 2009 . by DarkFiber Consulting

Microsoft has released security advisory 977981 to address a vulnerability in Microsoft Internet Explorer. This vulnerability may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 977981  and implement the suggested workarounds listed in the advisory to help mitigate the risks.

Microsoft Releases Security Advisory 977544

December 10th, 2009 . by DarkFiber Consulting

Microsoft has released security advisory 977544 to address a vulnerability in the Server Message Block (SMB) protocol. This vulnerability may allow an attacker to cause a denial-of-service condition. This vulnerability only affects Windows 7 and Server 2008 software.

DarkFiber Consulting encourages users and administrators to review Microsoft security advisory 977544 and apply the workarounds.

Microsoft Releases Fix It for SMB Vulnerability

October 14th, 2009 . by DarkFiber Consulting

Microsoft has released Microsoft Knowledge Base Article 975497 to address a previously reported vulnerability in Microsoft Sever Message Block (SMB). This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Microsoft Knowledge Base Article 975497 and Microsoft Security Advisory 975497 and apply the Fix it tool or workarounds. Microsoft Knowledge Base Article 975497 addresses the vulnerability that was previously reported in the “Microsoft Releases Security Advisory 975497” Current Activity entry.

DarkFiber Consulting is aware that exploit code for this vulnerability has been made publicly available as part of the Metasploit Framework. Users and system administrators are strongly encouraged to apply the Microsoft Fix it solution or other workarounds until a patch is released.

Microsoft Releases Security Advisory (961040)

December 23rd, 2008 . by DarkFiber Consulting

Microsoft has released Security Advisory 961040 to address reports of attacks against a new vulnerability in Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine, Microsoft SQL Server 2000 Desktop Engine, and Windows Internal Database. The vulnerability occurs in the extended stored procedure “sp_replwriteovarbin.” Exploitation of this vulnerability may allow an authenticated attacker to execute arbitrary code. Additionally, if a web application is vulnerable to SQL injection, an unauthenticated, remote attacker may be able to execute arbitrary code.

DarkFiber Consulting encourages users to review the Microsoft Security Advisory 961040 and implement any Suggested Actions to help mitigate the risks.

Microsoft Releases Security Advisory (961051)

December 11th, 2008 . by DarkFiber Consulting

Microsoft has released Security Advisory 961051 to address reports of attacks against a new vulnerability in Internet Explorer 7. By convincing a user to view a specially crafted XML document, an attacker may be able to execute arbitrary code with the privileges of the user. Additionally, Microsoft indicates that it is aware of limited and targeted attacks using this vulnerability.

DarkFiber Consulting encourages users to review the Microsoft Security Advisory 961051 and implement any Suggested Actions to help mitigate the risks.

Additional information is available in the Vulnerability Notes database. DarkFiber Consulting will provide further details as they become available.

Microsoft Releases Security Advisory (960906)

December 9th, 2008 . by DarkFiber Consulting

Microsoft has released Security Advisory 960906 to address reports of a vulnerability in the WordPad Text Converter for Word 97 files. The advisory indicates that Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 are affected by this vulnerability. Exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code or obtain local user rights. Additionally, Microsoft indicates that they are aware of limited and targeted attacks using this vulnerability.

DarkFiber Consulting encourages users to review Microsoft Security Advisory 960906 and implement any necessary Suggested Actions to help mitigate the risks.

DarkFiber Consulting will provide additional information as it becomes available.

Microsoft Releases Security Advisory 958963

October 27th, 2008 . by DarkFiber Consulting

Microsoft has released Security Advisory 958963 to alert users that exploit code is publicly available for the Windows Server Service vulnerability addressed in Microsoft Security Bulletin MS08-067. The advisory states that this exploit code has demonstrated arbitrary code execution on Windows 2000, XP and Server 2003.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 958963 and apply the update or workarounds listed in Microsoft Security Bulletin MS08-067 to help mitigate the risks.

Additional information regarding the Windows Server Service vulnerability is available in:

Microsoft Releases Security Advisory For Snapshot Viewer ActiveX Control

July 14th, 2008 . by DarkFiber Consulting

Microsoft has released a Security Advisory to address a vulnerability in a Microsoft Access ActiveX control. By convincing a user to visit a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code. The Advisory also indicates that the vulnerability is being used in active, targeted attacks.

DarkFiber Consulting encourages users to review Microsoft Security Advisory 955179 and apply the workarounds to help mitigate the risks. Additional information regarding this issue can be found in the Vulnerability Notes Database.

Microsoft Releases Security Advisory for Word Vulnerability

July 14th, 2008 . by DarkFiber Consulting

Microsoft has released a Security Advisory to address a vulnerability in Microsoft Word. The advisory indicates that this vulnerability affects Microsoft Office Word 2002 Service Pack 3. By convincing a user to open a specially crafted Word file, a remote attacker may be able to execute arbitrary code or cause a denial-of-service condition. Additionally, the advisory indicates that Microsoft is aware of limited, targeted attacks attempting to exploit this vulnerability.

DarkFiber Consulting encourages users to review Microsoft Security Advisory 953635 and apply any necessary workarounds to help mitigate the risks.

DarkFiber Consulting will provide additional information as it becomes available.