February MS Security Patches Posted
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: February MS Security Patches Posted

  1. #1
    Member
    Join Date
    Dec 2003
    Posts
    97

    February MS Security Patches Posted

    Microsoft posted a bunch of new security patches today, you can find information about them at:

    http://www.microsoft.com/technet/security/default.mspx

    While some are worse then others, the MS05-011 looks like it has the potential to be the next vulnerability exploited by network aware worms.

  2. #2
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Yeah, I just got an email about this and updated my boxes. Wonder if there is any exploite code out there yet? Guess I need to go visit Security Focus.

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Kewl.... They should be waiting on my WUS servers in the morning.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    seven in all. Soon it may be that so many ms patches, fixes and updates are posted each month that ms will force automation in its next release of os just to save on bad press never mind licensing issues.
    Trappedagainbyperfectlogic.

  5. #5
    Senior Member
    Join Date
    Aug 2002
    Posts
    115
    Just an FYI...

    You can get the same notifications that MS Premier members do for free. I guess this is somthing they just started to offer. I find it helpful because it is a comphrensive email stating what is being released and what all the security updates encompass.

    ------------------------------------------------------------------------------------
    Microsoft has created a free e-mail notification service that
    serves as a supplement to the Security Notification Service
    (this e-mail). It provides timely notification of any minor
    changes or revisions to previously released Microsoft Security
    Bulletins. This new service provides notifications that are
    written for IT professionals and contain technical information
    about the revisions to security bulletins.

    Visit http://www.microsoft.com to subscribe to this service:

    - Click on Subscribe at the top of the page.
    - This will direct you via Passport to the Subscription center.
    - Under Newsletter Subscriptions you can sign up for the
    "Microsoft Security Notification Service: Comprehensive Version".


    Also, they updated an older Sec Bulletin, MS04-035 dealing with exchange. For everyone running WUS/SUS I suggest you configure it to 'Auto Approve' updated patches. Otherwise you might end up like I did yesterday on one of our SUS boxes, clicking 30+ check boxes... argh.
    Civilization. The death of dreams.

  6. #6
    Originally posted here by Irongeek
    Yeah, I just got an email about this and updated my boxes. Wonder if there is any exploite code out there yet? Guess I need to go visit Security Focus.

    Yeah.. 0day public release.. it's getting crazy out there..

    an MSN 6.2 exploit for the MS05-009 is
    HERE
    Dyn/Gnosis ~ Powerful/Knowledge
    www.Dyngnosis.com
    Tutorials - Site Penetration Logs - (TheCommunity)Forums - Toolss

  7. #7
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487

    Input validation vuln in Exchange exploitable via email?

    MS05-012 - Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
    http://www.microsoft.com/technet/sec.../MS05-012.mspx

    FAQ for Input Validation Vulnerability - CAN-2005-0044:

    How could an attacker exploit the vulnerability?
    On Exchange Server 5.0, Exchange Server 5.5, Exchange 2000 Server, and Exchange Server 2003 any anonymous user who could deliver a specially crafted message to the affected system could try to exploit this vulnerability. User interaction is required to exploit this vulnerability on Windows 2000, Windows XP, and Windows Server 2003. For an attack to be successful by sending an e-mail message to a locally logged on user, the user must open an attachment that contains a malicious OLE object. Many different types of attached documents can contain the affected OLE Object types. All Office file types as well as many other third-party file types could contain a malicious OLE Object.
    Does anyone know if this vulnerability is exploitable via simply sending an email to a mailbox on an Exchange server? Does the Exchange server application process the OLE/TNEF portion of the email or just on client?

    I'm trying to figure out how vulnerable my environment is to this nasty.

  8. #8
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    From the description you provided it appears that the user has to be logged onto the exchange server and be reading email..... Frankly, anyone allowing anyone to use an Exchange server as a workstation, web browser or anything is terminally stupid....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  9. #9
    Member
    Join Date
    Dec 2003
    Posts
    97
    Unfortunately, it looks like Exchange may be vulnerable on its own, not just through reading the e-mail. I get this both from my company's Microsoft technical account manager, and little odd-placed threads like this one:

    http://hellomate.typepad.com/exchang...oft_secur.html

  10. #10
    Originally posted here by Timmy77
    Unfortunately, it looks like Exchange may be vulnerable on its own, not just through reading the e-mail. I get this both from my company's Microsoft technical account manager, and little odd-placed threads like this one:

    http://hellomate.typepad.com/exchang...oft_secur.html

    nothing in that post seems to suggest that the user-interaction is not required for infection... I can't yet see how something like that would occur.
    Dyn/Gnosis ~ Powerful/Knowledge
    www.Dyngnosis.com
    Tutorials - Site Penetration Logs - (TheCommunity)Forums - Toolss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •