Archive

Archive for September, 2012

Scams relating to the recent Microsoft Security Advisory

September 27th, 2012 No comments

Microsoft recently released a security update for Internet Explorer in response to Security Advisory 2757760.

Scammers will often use news items (especially those relating to computer security) to try to trick you into downloading malicious software or to steal your personal information. Scammers claiming to be from Microsoft might also contact you by phone and offer to help fix your computer.

Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes. For more information, see Avoid tech support phone scams.

If you receive a phone call about the recent Internet Explorer update or about another technical support issue, hang up. If you’re in the United States and you want to report the scam, the best place to report phone fraud is the Federal Trade Commission. For more information, see Reporting phone fraud.

If you receive a scam via email or a website, you can use Microsoft tools to report it.

Kids and technology: Is there any good news?

September 25th, 2012 No comments

What if we stopped listening to the fear-based news about cyberbullying, over-sharing, and loss of privacy?

What if we focused on research that doesn’t make for a scary headline on the evening news?

Would it surprise you to learn that a recent study by the Family Online Safety Institute (FOSI) and the Pew Internet Project showed 69 percent of teens reporting that their peers are mostly kind on social networking sites?

A Platform for Good is a new FOSI project aimed at changing the conversation about kids and technology. The site is designed for parents, teens, and teachers to share information and to do good online. A Platform for Good features a blog written by experts in the field, a resource center with videos and curriculum for teachers, and many other interactive features.

For more information, see Announcing “A Platform for Good” – A Place to Connect, Share and Do Good or go directly to A Platform for Good.

September 2012 Out-of-Band Security Bulletin Webcast, Q&A, and Slide Deck

September 24th, 2012 No comments

Hello.

Today we’re publishing the September 2012 Security Bulletin Out-of-Band Webcast Questions & Answers page. During the webcast, we fielded 19 questions. Those were focused on MS12-063, the out-of-band cumulative release for Internet Explorer, and Security Advisory 2755801, which involves an issue with the Adobe Flash Player implementation for Internet Explorer 10. All questions are included on the Q&A page.

Thanks,

Yunsun Wee
Director, Trustworthy Computing

MS12-061 – Important : Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (September 24, 2012): Modified the Recommendation section in the Executive Summary to reflect a change in the way the update is offered. This update is no longer offered automatically, but can be installed by checking online for updates from Microsoft Update. Customers who have already successfully updated their systems do not need to take any action. Also added a link to Microsoft Knowledge Base Article 2719584 under Known Issues in the Executive Summary.
Summary: This security update resolves a privately reported vulnerability in Visual Studio Team Foundation Server. The vulnerability could allow elevation of privilege if a user clicks a specially crafted link in an email message or browses to a webpage that is used to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website.

Categories: Uncategorized Tags:

Download security update for Internet Explorer

September 21st, 2012 No comments

Today Microsoft released a security update for Internet Explorer. To help protect your computer, visit Windows Update to download and install the update and ensure that you have automatic updating turned on.

Note: This update replaces the Fix it that we posted earlier this week. If you install this update, you do not need the Fix it. If you already installed the Fix it, you still need to install this update.

For technical details, see:

Microsoft releases MS12-063 – Cumulative Security Update for Internet Explorer

September 21st, 2012 No comments

Today we released Security Update MS12-063 to address limited attacks against a small number of computers through a vulnerability in Internet Explorer versions 9 and earlier. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. For those manually updating, we encourage you to apply this update as quickly as possible.

In addition to addressing the issue described in Security Advisory 2757760, MS12-063 also resolves four privately disclosed vulnerabilities that are currently not being exploited.

Please watch the video below for an overview of this bulletin release, and you can find more information about this security update on the Microsoft Security Bulletin Summary web page.

For a detailed review of this security update, please join our experts Jeremy Tinder and Dustin Childs for a live webcast at noon PDT today. They will also provide answers to your questions in real-time. You can register here.

Thanks,
Yunsun Wee 
Director, Microsoft Trustworthy Computing

Categories: Uncategorized Tags:

Security Advisory 2755801 addresses Adobe Flash Player issues

September 21st, 2012 No comments

Today we released Security Advisory 2755801 that addresses vulnerabilities in Adobe Flash Player in Internet Explorer 10 on Windows 8. The majority of customers have automatic updates enabled and will not need to take any action because protections will be downloaded and installed automatically. Customers who do not use automatic updates should apply the guidance in the advisory immediately using update management software, or by checking the Microsoft Update service, to help ensure protection.
 
We recognize there has been some discussion about our update process as it relates to Adobe Flash Player. Microsoft is committed to taking the appropriate actions to help protect our customers and we are working closely with Adobe to deliver quality protections that are aligned with Adobe’s update process.
 
With respect to Adobe Flash Player in Internet Explorer 10, customers can expect the following:

  • On a quarterly basis when Adobe normally issues Flash Player updates, we will coordinate on disclosure and release timing.
  • When the threat landscape requires action outside of Adobe’s normal update cadence, we will also work to align our release schedules. For example, this may mean that in some cases we will issue updates outside of our regular monthly security bulletin release.

As always, we recommend customers visit the Advisory for more information and make sure the update is deployed as soon as possible to help ensure that they are protected.

Yunsun Wee
Director
Microsoft Trustworthy Computing

What you need to know about CVE-2012-4969

September 21st, 2012 No comments

On Monday, we released a Security Advisory on CVE-2012-4969, a vulnerability in Internet Explorer. A Fix it was released on Wednesday, and a cumulative update is also now available as of today, Friday morning. The vulnerability affects Internet Explorer versions 6 through 9.

We have identified that this vulnerability is being used to infect computers by installing malware on them. The exploitation method has an intricate way of getting the payload on the affected machine. A diagram of the “infection chain” is depicted below:

The infection chain of CVE-2012-4969

As you can see, the infection starts when the specially crafted webpage (detected as Exploit:Win32/CVE-2012-4969.C) is loaded into a vulnerable version of Internet Explorer. This webpage loads a malicious SWF (Adobe Shockwave Flash) file which we detect as Exploit:SWF/ShellCode.G. This SWF file is encrypted using a commercial packer to evade detection, and will try to load another webpage, which checks if your computer is vulnerable to the exploit and exploit it. This second webpage is detected as Exploit:Win32/CVE-2012-4969.A

If the exploitation is successful, a shellcode runs which downloads a malicious payload from a remote server. The payload is detected as Backdoor:Win32/Poison.BR.

How to protect yourself?

We released both a one-click, easy-to-use Fix it tool and a cumulative update for Internet Explorer that incorporates the Fixit code and fully addresses the CVE.

You can also deploy the Enhanced Mitigation Experience Toolkit (EMET), which provides mitigations to help protect against this issue and should not affect the usability of websites.

And lastly, you can also:

  • Set Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones

Setting security zone settings

  • Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones

For server users/administrators, who use Windows Server 2003, 2008 and 2008 R2, make sure that Enhanced Security Configuration is in place to help mitigate the vulnerability.

More information about this vulnerability, including details on how to update, can be found in the bulletin.

Conclusion

Zero-day attacks are never pleasant, but developers are fighting hard to keep the number to a minimum. We’ve seen fewer 0-day vulnerabilities over the last few years, so I would say we’re on the right track. The quick release of security updates or specially designed tools also helps minimize users’ exposure to these kinds of attacks. One example of a special tool is EMET (the Enhanced Mitigation Experience Toolkit), which is at its third version now and can be downloaded from here.

Daniel Chipiristeanu
MMPC

Categories: Uncategorized Tags:

2757760 – Vulnerability in Internet Explorer Could Allow Remote Code Execution – Version: 2.0

Revision Note: V2.0 (September 21, 2012): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into public reports of this vulnerability. We have issued MS12-063 to address this issue. For more information about this issue, including download links for an available security update, please review MS12-063. The vulnerability addressed is the execCommand Use After Free Vulnerability – CVE-2012-4969.

Categories: Uncategorized Tags:

2757760 – Vulnerability in Internet Explorer Could Allow Remote Code Execution – Version: 2.0

Revision Note: V2.0 (September 21, 2012): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into public reports of this vulnerability. We have issued MS12-063 to address this issue. For more information about this issue, including download links for an available security update, please review MS12-063. The vulnerability addressed is the execCommand Use After Free Vulnerability – CVE-2012-4969.

Categories: Uncategorized Tags:

Vulnerability in Internet Explorer Could Allow Remote Code Execution – Version: 2.0

Revision Note: V2.0 (September 21, 2012): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into public reports of this vulnerability. We have issued MS12-063 to address this issue. For more information about this issue, including download links for an available security update, please review MS12-063. The vulnerability addressed is the execCommand Use After Free Vulnerability – CVE-2012-4969.

Categories: Uncategorized Tags:

Microsoft Security Advisory (2757760): Vulnerability in Internet Explorer Could Allow Remote Code Execution – Version: 2.0

Severity Rating:
Revision Note: V2.0 (September 21, 2012): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into public reports of this vulnerability. We have issued MS12-063 to address this issue. For more information about this issue, including download links for an available security update, please review MS12-063. The vulnerability addressed is the execCommand Use After Free Vulnerability – CVE-2012-4969.

Categories: Uncategorized Tags:

MS12-063 – Critical : Cumulative Security Update for Internet Explorer (2744842) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (September 21, 2012): Bulletin published.
Summary: This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Categories: Uncategorized Tags:

MS12-063 – Critical : Cumulative Security Update for Internet Explorer (2744842) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (September 21, 2012): Bulletin published.
Summary: This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Categories: Uncategorized Tags:

Microsoft Security Advisory (2757760): Vulnerability in Internet Explorer Could Allow Remote Code Execution – Version: 2.0

Revision Note: V2.0 (September 21, 2012): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into public reports of this vulnerability. We have issued MS12-063 to address this issue. For more information about this issue, including download links for an available security update, please review MS12-063. The vulnerability addressed is the execCommand Use After Free Vulnerability – CVE-2012-4969.

Categories: Uncategorized Tags:

Summary for September 2012 – Version: 2.0

Revision Note: V2.0 (September 21, 2012): Added Microsoft Security Bulletin MS12-063, Cumulative Security Update for Internet Explorer (2744842). Also added the bulletin webcast link for this out-of-band security bulletin.
Summary: This bulletin summary lists security bulletins released for September 2012.

Categories: Uncategorized Tags:

MS12-063 – Critical : Cumulative Security Update for Internet Explorer (2744842) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (September 21, 2012): Bulletin published.
Summary: This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Categories: Uncategorized Tags:

“Fix it” available for Internet Explorer

September 19th, 2012 No comments

Today we released a downloadable tool called a “Fix it” for Internet Explorer that we mentioned in this blog yesterday.

On September 21, we will release a cumulative update for Internet Explorer through Windows Update.  We recommend that you install this update immediately. If you have automatic updating enabled on your computer, you won’t need to take any action – it will automatically update your machine. This update will reinforce the issue that the Fix it addressed and it will also cover other issues.

For more information, see Security Advisory 2757760.

For tips on how to stay safe online, visit the Microsoft Safety and Security Center.

Internet Explorer Fix it available now; Security Update scheduled for Friday

September 19th, 2012 No comments

Earlier this week, an issue impacting Internet Explorer affected a small number of customers.  The potential exists, however, that more customers could be affected.  As a result, today we have released a Fix it that is available to address that issue.  This is an easy, one-click solution that will help protect your computer right away.  It will not affect your ability to browse the web, and it does not require a reboot of your computer.

Then, on this Friday, Sept. 21, we will release a cumulative update for Internet Explorer through Windows Update and our other standard distribution channels.  We recommend that you install this update as soon as it is available. If you have automatic updates enabled on our PC, you won’t need to take any action – it will automatically be updated on your machine.  This will not only reinforce the issue that the Fix It addressed, but cover other issues as well.

Today’s Advance Notification Service (ANS) provides additional details about the update we are releasing on Friday – MS12-063. We are planning to release this bulletin as close to 10 a.m. PDT as possible. This cumulative update for Internet Explorer has an aggregate severity rating of Critical. It addresses the publicly disclosed issue described in Security Advisory 2757760 as well as four other Critical-class remote code execution issues.

We will also hold a special live webcast, during which we’ll take your questions above everything we release on Friday, Sept. 21 at 12 p.m. PDT. Click here to register.

Thanks –

Yunsun Wee
Director, Trustworthy Computing.

The Data Classification Toolkit for Windows Server 2012 is now available!

September 19th, 2012 No comments

Get the most out of Windows Server 2012 with new features that help you to quickly identify, classify, and protect data in your private cloud!
This toolkit is designed to help you to:

Identify, classify, and protect data on file servers in your…(read more)