DarkFiber Consulting – IT Managed Services

Microsoft Releases Out-of-Band Security Bulletin to Address Shortcut Vulnerability

August 6th, 2010 . by DarkFiber Consulting

Microsoft has released security bulletin MS10-046 to address a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote attacker may be able to execute arbitrary code.

DarkFiber Consulting strongly encourages users and administrators to review Microsoft security bulletin MS10-046 and apply any necessary updates to mitigate the risks.

Additional information regarding this vulnerability can be found in the following:

Microsoft Releases Security Advisory 979352

January 27th, 2010 . by DarkFiber Consulting

Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitation of this vulnerability.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 979352 and apply the suggested workaround of setting the Internet zone security setting to High to help mitigate the risks.

Additional information about this vulnerability can be found in Vulnerability Note VU#492515.

Microsoft Releases Security Advisory 977981

December 10th, 2009 . by DarkFiber Consulting

Microsoft has released security advisory 977981 to address a vulnerability in Microsoft Internet Explorer. This vulnerability may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 977981  and implement the suggested workarounds listed in the advisory to help mitigate the risks.

Microsoft Releases Security Advisory 977544

December 10th, 2009 . by DarkFiber Consulting

Microsoft has released security advisory 977544 to address a vulnerability in the Server Message Block (SMB) protocol. This vulnerability may allow an attacker to cause a denial-of-service condition. This vulnerability only affects Windows 7 and Server 2008 software.

DarkFiber Consulting encourages users and administrators to review Microsoft security advisory 977544 and apply the workarounds.

Microsoft Releases Fix It for SMB Vulnerability

October 14th, 2009 . by DarkFiber Consulting

Microsoft has released Microsoft Knowledge Base Article 975497 to address a previously reported vulnerability in Microsoft Sever Message Block (SMB). This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review Microsoft Knowledge Base Article 975497 and Microsoft Security Advisory 975497 and apply the Fix it tool or workarounds. Microsoft Knowledge Base Article 975497 addresses the vulnerability that was previously reported in the “Microsoft Releases Security Advisory 975497” Current Activity entry.

DarkFiber Consulting is aware that exploit code for this vulnerability has been made publicly available as part of the Metasploit Framework. Users and system administrators are strongly encouraged to apply the Microsoft Fix it solution or other workarounds until a patch is released.

Microsoft Releases Two Out-of-Band Security Bulletins and a Security Advisory

July 30th, 2009 . by DarkFiber Consulting

Microsoft has released two out-of-band security bulletins. The first bulletin, MS09-034, is a cumulative security update for Internet Explorer that addresses several vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code. The second bulletin, MS09-035, addresses vulnerabilities in the Visual Studio Active Template Library (ATL). Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

Additionally, Microsoft has released security advisory 973882 to provide specific guidance for developers, IT professionals, consumers, and home users regarding the vulnerabilities in Active Template Library (ATL).

DarkFiber Consulting encourages users and administrators to review Microsoft Security Bulletins MS09-034 and MS09-035 and Microsoft Security Advisory 973882 and apply any necessary updates or workarounds to help mitigate the risks. Additional information can be found in Technical Cyber Security Alert TA09-209A.

Microsoft Releases Security Advisory (961040)

December 23rd, 2008 . by DarkFiber Consulting

Microsoft has released Security Advisory 961040 to address reports of attacks against a new vulnerability in Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine, Microsoft SQL Server 2000 Desktop Engine, and Windows Internal Database. The vulnerability occurs in the extended stored procedure “sp_replwriteovarbin.” Exploitation of this vulnerability may allow an authenticated attacker to execute arbitrary code. Additionally, if a web application is vulnerable to SQL injection, an unauthenticated, remote attacker may be able to execute arbitrary code.

DarkFiber Consulting encourages users to review the Microsoft Security Advisory 961040 and implement any Suggested Actions to help mitigate the risks.

Microsoft Releases Security Advisory (961051)

December 11th, 2008 . by DarkFiber Consulting

Microsoft has released Security Advisory 961051 to address reports of attacks against a new vulnerability in Internet Explorer 7. By convincing a user to view a specially crafted XML document, an attacker may be able to execute arbitrary code with the privileges of the user. Additionally, Microsoft indicates that it is aware of limited and targeted attacks using this vulnerability.

DarkFiber Consulting encourages users to review the Microsoft Security Advisory 961051 and implement any Suggested Actions to help mitigate the risks.

Additional information is available in the Vulnerability Notes database. DarkFiber Consulting will provide further details as they become available.

Microsoft Releases Security Advisory (960906)

December 9th, 2008 . by DarkFiber Consulting

Microsoft has released Security Advisory 960906 to address reports of a vulnerability in the WordPad Text Converter for Word 97 files. The advisory indicates that Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 are affected by this vulnerability. Exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code or obtain local user rights. Additionally, Microsoft indicates that they are aware of limited and targeted attacks using this vulnerability.

DarkFiber Consulting encourages users to review Microsoft Security Advisory 960906 and implement any necessary Suggested Actions to help mitigate the risks.

DarkFiber Consulting will provide additional information as it becomes available.

Microsoft Releases Security Advisory 958963

October 27th, 2008 . by DarkFiber Consulting

Microsoft has released Security Advisory 958963 to alert users that exploit code is publicly available for the Windows Server Service vulnerability addressed in Microsoft Security Bulletin MS08-067. The advisory states that this exploit code has demonstrated arbitrary code execution on Windows 2000, XP and Server 2003.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 958963 and apply the update or workarounds listed in Microsoft Security Bulletin MS08-067 to help mitigate the risks.

Additional information regarding the Windows Server Service vulnerability is available in:

« Previous Entries