Feed aggregator

MS14-037 - Critical: Cumulative Security Update for Internet Explorer (2975687) - Version: 1.1

Microsoft Security Notifications - Mon, 07/28/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.1 (July 29, 2014): Corrected the severity table and vulnerability information to add CVE-2014-4066 as a vulnerability addressed by this update. This is an informational change only. Customers who have already successfully installed the update do not have to take any action.
Summary: This security update resolves one publicly disclosed vulnerability and twenty-four privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Categories: Security Alerts

MS13-098 - Critical: Vulnerability in Windows Could Allow Remote Code Execution (2893294) - Version: 1.6

Microsoft Security Notifications - Mon, 07/28/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.6 (July 29, 2014): Revised bulletin to announce that Microsoft no longer plans to enforce the stricter verification behavior as a default functionality on supported releases of Microsoft Windows. It remains available as an opt-in feature.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user or application runs or installs a specially crafted, signed portable executable (PE) file on an affected system.
Categories: Security Alerts

MS14-036 - Critical: Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487) - Version: 1.2

Microsoft Security Notifications - Sun, 07/27/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.2 (July 28, 2014): Corrected the update replacements for the Windows Vista (Windows GDI+) (2957503) update and the Windows Server 2008 (Windows GDI+) (2957503) update. This is an informational change only.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync. The vulnerabilities could allow remote code execution if a user opens a specially crafted file or webpage. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Categories: Security Alerts

MS14-009 - Important: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege - Version: 1.2

Microsoft Security Notifications - Tue, 07/15/2014 - 23:00
Severity Rating: Important
Revision Note: V1.2 (July 16, 2014): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
Summary: This security update resolves two publicly disclosed vulnerabilities and one privately reported vulnerability in Microsoft .NET Framework. The most severe vulnerability could allow elevation of privilege if a user visits a specially crafted website or a website containing specially crafted web content. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to visit the compromised website, typically by getting them to click a link in an email message or in an Instant Messenger message that takes them to the attacker's website.
Categories: Security Alerts

MS14-039 - Important: Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege (2975685) - Version: 1.1

Microsoft Security Notifications - Tue, 07/15/2014 - 23:00
Severity Rating: Important
Revision Note: V1.1 (July 16, 2014): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses a vulnerability in a low integrity process to execute the On-Screen Keyboard (OSK) and upload a specially crafted program to the target system.
Categories: Security Alerts

MS14-030 - Important: Vulnerability in Remote Desktop Could Allow Tampering (2969259) - Version: 1.2

Microsoft Security Notifications - Tue, 07/15/2014 - 23:00
Severity Rating: Important
Revision Note: V1.2 (July 16, 2014): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes"
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow tampering if an attacker gains access to the same network segment as the targeted system during an active RDP session, and then sends specially crafted RDP packets to the targeted system.
Categories: Security Alerts

MS14-033 - Important: Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2966061) - Version: 1.1

Microsoft Security Notifications - Wed, 07/09/2014 - 23:00
Severity Rating: Important
Revision Note: V1.1 (July 10, 2014): Bulletin revised to remove the prerequisite requirement for the MSXML 6.0 update on Windows Server 2003 systems
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a logged on user visits a specially crafted website that is designed to invoke MSXML through Internet Explorer. In all cases, however, an attacker would have no way to force users to visit such websites. Instead, an attacker would have to convince users to visit a website, typically by getting them to click a link in an email message or in an Instant Messenger request that takes users to the attacker's website.
Categories: Security Alerts

MS14-042 - Moderate: Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621) - Version: 1.0

Microsoft Security Notifications - Mon, 07/07/2014 - 23:00
Severity Rating: Moderate
Revision Note: V1.0 (July 8, 2014): Bulletin published
Summary: This security update resolves one publicly disclosed vulnerability in Microsoft Service Bus for Windows Server. The vulnerability could allow denial of service if a remote authenticated attacker creates and runs a program that sends a sequence of specially crafted Advanced Message Queuing Protocol (AMQP) messages to the target system. Microsoft Service Bus for Windows Server is not shipped with any Microsoft operating system. For an affected system to be vulnerable Microsoft Service Bus must first be downloaded, installed, and configured, and then its configuration details (farm certificate) shared with other users.
Categories: Security Alerts

MS14-041 - Important: Vulnerability in DirectShow Could Allow Elevation of Privilege (2975681) - Version: 1.0

Microsoft Security Notifications - Mon, 07/07/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (July 8, 2014): Bulletin published
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker first exploits another vulnerability in a low integrity process and then uses this vulnerability to execute specially crafted code in the context of the logged on user. By default, the modern, immersive browsing experience on Windows 8 and Windows 8.1 runs with Enhanced Protected Mode (EPM). For example, customers using the touch-friendly Internet Explorer 11 browser on modern Windows tablets are using Enhanced Protected Mode by default. Enhanced Protected Mode uses advanced security protections that can help mitigate against exploitation of this vulnerability on 64-bit systems.
Categories: Security Alerts

MS14-038 - Critical: Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689) - Version: 1.0

Microsoft Security Notifications - Mon, 07/07/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.0 (July 8, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince them to visit the website, typically by getting them to click a link that takes them to the attacker's site, and then convince them to open the specially crafted Journal file.
Categories: Security Alerts

MS14-040 - Important: Vulnerability in Ancillary Function Driver (AFD) Could Allow Elevation of Privilege (2975684) - Version: 1.0

Microsoft Security Notifications - Mon, 07/07/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (July 8, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege an attacker logs onto a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Categories: Security Alerts

MS14-018 - Critical: Cumulative Security Update for Internet Explorer (2950467) - Version: 1.2

Microsoft Security Notifications - Sun, 06/29/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.2 (June 30, 2014): Corrected the CVE number for CVE-2014-0325. The bulletin incorrectly had listed this CVE number as CVE-2014-0235. This is an informational change only.
Summary: This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Categories: Security Alerts

MS14-019 - Critical: Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229) - Version: 1.1

Microsoft Security Notifications - Thu, 06/26/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.1 (June 27, 2014): Updated the Known Issues entry in the Knowledge Base Article section from "None" to "Yes".
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user runs specially crafted .bat and .cmd files from a trusted or semi-trusted network location. An attacker would have no way to force users to visit the network location or run the specially crafted files. Instead, an attacker would have to convince users to take such action. For example, an attacker could trick users into clicking a link that takes them to the location of the attacker's specially crafted files and subsequently convince them to run them.
Categories: Security Alerts

MS14-035 - Critical: Cumulative Security Update for Internet Explorer (2969262) - Version: 1.1

Microsoft Security Notifications - Mon, 06/16/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.1 (June 17, 2014): Corrected the severity table and vulnerability information to add CVE-2014-2782 as a vulnerability addressed by this update. This is an informational change only. Customers who have already successfully installed the update do not need to take any action.
Summary: This security update resolves two publicly disclosed vulnerabilities and fifty-eight privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Categories: Security Alerts

MS14-031 - Important: Vulnerability in TCP Protocol Could Allow Denial of Service (2962478) - Version: 1.0

Microsoft Security Notifications - Mon, 06/09/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (June 10, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a sequence of specially crafted packets to the target system.
Categories: Security Alerts

MS14-032 - Important: Vulnerability in Microsoft Lync Server Could Allow Information Disclosure (2969258) - Version: 1.0

Microsoft Security Notifications - Mon, 06/09/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (June 10, 2014): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Lync Server. The vulnerability could allow information disclosure if a user tries to join a Lync meeting by clicking a specially crafted meeting URL..
Categories: Security Alerts

MS14-034 - Important: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261) - Version: 1.0

Microsoft Security Notifications - Mon, 06/09/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (June 10, 2014): Bulletin published.
Summary: This security update resolves one privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Categories: Security Alerts

TA14-150A: GameOver Zeus P2P Malware

US-CERT Security Alerts - Mon, 06/02/2014 - 04:15
Original release date: June 02, 2014 | Last revised: June 06, 2014
Systems Affected
  • Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
  • Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
Overview

GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, [1] uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.

Description

GOZ, which is often propagated through spam and phishing messages, is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim’s computer. [2] Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks. 

Prior variants of the Zeus malware utilized a centralized command and control (C2) botnet infrastructure to execute commands. Centralized C2 servers are routinely tracked and blocked by the security community. [1] GOZ, however, utilizes a P2P network of infected hosts to communicate and distribute data, and employs encryption to evade detection. These peers act as a massive proxy network that is used to propagate binary updates, distribute configuration files, and to send stolen data. [3] Without a single point of failure, the resiliency of GOZ’s P2P infrastructure makes takedown efforts more difficult. [1]

Impact

A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users' credentials for online services, including banking services.

Solution

Users are recommended to take the following actions to remediate GOZ infections:

  • Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information).
  • Change your passwords - Your original passwords may have been compromised during the infection, so you should change them (see Choosing and Protecting Passwords for more information).
  • Keep your operating system and application software up-to-date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
  • Use anti-malware tools - Using a legitimate program that identifies and removes malware can help eliminate an infection. Users can consider employing a remediation tool (examples below) that will help with the removal of GOZ from your system.
F-Secure       

http://www.f-secure.com/en/web/home_global/online-scanner (Windows Vista, 7 and 8) 

http://www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142 (Windows XP)

Heimdal

http://goz.heimdalsecurity.com/ (Microsoft Windows XP, Vista, 7, 8 and 8.1)   

McAfee

www.mcafee.com/stinger (Windows XP SP2, 2003 SP2, Vista SP1, 2008, 7 and 8)

Microsoft

http://www.microsoft.com/security/scanner/en-us/default.aspx (Windows 8.1, Windows 8, Windows 7, Windows Vista, and Windows XP) 

Sophos

http://www.sophos.com/VirusRemoval (Windows XP (SP2) and above) 

Symantec

http://www.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network (Windows XP, Windows Vista and Windows 7)

Trend Micro

http://www.trendmicro.com/threatdetector (Windows XP, Windows Vista, Windows 7, Windows 8/8.1, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2)

The above are examples only and do not constitute an exhaustive list. The U.S. Government does not endorse or support any particular product or vendor.

 

References Revision History
  • Initial Publication - June 2, 2014
  • Added McAfee - June 6, 2014

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Alerts

MS14-029 - Critical: Security Update for Internet Explorer (2962482) - Version: 1.2

Microsoft Security Notifications - Mon, 05/26/2014 - 23:00
Severity Rating: Critical
Revision Note: V1.2 (May 27, 2014): Bulletin revised to correct the update replacement for the Internet Explorer 11 updates and to announce a detection change in the 2961851 update. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves two privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Categories: Security Alerts

MS14-025 - Important: Vulnerability in Group Policy Preferences Could Allow Elevation of Privilege (2962486) - Version: 1.0

Microsoft Security Notifications - Mon, 05/12/2014 - 23:00
Severity Rating: Important
Revision Note: V1.0 (May 13, 2014): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an authenticated attacker uses certain Active Directory Group Policy preferences extensions to configure, distribute and ultimately decrypt the passwords that are stored with Group Policy preferences.
Categories: Security Alerts
Syndicate content