From security em unicamp.br Wed Mar 10 09:59:07 2010 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 10 Mar 2010 09:59:07 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA10-068A -- Microsoft Updates for Multiple Vulnerabilities Message-ID: <20100310125904.GC64979@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA10-068A -- Microsoft Updates for Multiple Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 9 Mar 2010 16:44:50 -0500 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-068A Microsoft Updates for Multiple Vulnerabilities Original release date: Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Office Overview Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office. I. Description Microsoft has released security bulletins for multiple vulnerabilities in Microsoft Movie Maker, Microsoft Office Producer 2003, and Microsoft Office Excel. These bulletins are described in the Microsoft Security Bulletin Summary for March 2010. Microsoft notes that affected versions of Microsoft Movie Maker were either included with Microsoft Windows or available as an optional download. II. Impact A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for March 2010. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Microsoft notes that there is no security update available for Microsoft Producer 2003 at this time of this writing. Users can mitigate the impact to systems with Microsoft Producer 2003 by applying the automated solution to remove the Microsoft Producer file associations using the Fix it found in Microsoft Knowledge Base Article 975561, and by applying the workarounds in Microsoft Security Bulletin MS10-016. IV. References * Microsoft Security Bulletin Summary for March 2010 - * Microsoft Windows Server Update Services - * Microsoft Knowledge Base Article 975561 - * Microsoft Security Bulletin MS10-016 - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA10-068A Feedback VU#586853" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History March 09, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBS5bAnT6pPKYJORa3AQJgXwgAvE0mmWRlV/XF5k/H6yf5ZHocmH80a3+P CpGT1DWFDbBLEO2I6jq9bJM8yNCmeTzG0v3XkwGe6fQ29KuILMTRqwDPgdB5gDHh MPfnxX/PJN8LBR8Qog8T6ilOTXEgYHj/6RN4j5iOmZjpbgkUKmGfDxevht2DDOjK e7y0tseZuKee4Vb1pZgpFHyjspMQ1ksVQbyvklAQkPL9DSnq+uk6lFBxQnnJ36pR I4Lku7Qf3kjSc3yJWFXkXhAcMx6RbPasogtnU9MBDlOC69X3W3m4RxaXB87RwFV8 XDqtuyrINJ6RJHEg0V/gZCT0+mgfUpkqPWS9uaaPSp24LwDGj5yqQw== =+osT -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Thu Mar 11 10:27:02 2010 From: security em unicamp.br (CSIRT - UNICAMP) Date: Thu, 11 Mar 2010 10:27:02 -0300 Subject: [SECURITY-L] CAIS-Alerta: Resumo dos Boletins de Segurana Microsoft - Maro 2010 Message-ID: <20100311132701.GB74673@unicamp.br> ----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca ----- From: Centro de Atendimento a Incidentes de Seguranca Subject: CAIS-Alerta: Resumo dos Boletins de Segurança Microsoft - Março 2010 To: pop-seg em cais.rnp.br, rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br Date: Wed, 10 Mar 2010 14:47:47 -0300 (BRT) -----BEGIN PGP SIGNED MESSAGE----- Prezados, A Microsoft publicou 2 boletins de segurança em 09 de Março que abordam ao todo 2 vulnerabilidades em produtos da empresa. A exploração destas vulnerabilidades permite execução remota de código. No momento da publicação deste resumo não há informações sobre códigos maliciosos (exploits) disponíveis publicamente que exploram as vulnerabilidades relacionadas aos boletins MS10-016 e MS10-017. SEVERIDADE . Crítica - Nenhum boletim . Importante - MS10-016: Vulnerabilidade no Windows Movie Maker Vulnerabilidade que permite a execução remota de código - MS10-017: Vulnerabilidades no Microsoft Office Excel Vulnerabilidades que permitem a execução remota de código . Moderada - Nenhum boletim . Baixa - Nenhum boletim O sistema de classificação de severidade das vulnerabilidades adotado pelo CAIS neste resumo é o da própria Microsoft. O CAIS recomenda que se aplique, minimamente, as correções para vulnerabilidades classificadas como crítica e importante. No caso de correções para vulnerabilidades classificadas como moderadas o CAIS recomenda que ao menos as recomendações de mitigação sejam seguidas. . Crítica - Vulnerabilidades cuja exploração possa permitir a propagação de um worm sem a necessidade de interação com o usuário. . Importante - Vulnerabilidades cuja exploração possa resultar no comprometimento de confidencialidade, integridade ou disponibilidade de dados de usuários ou a integridade ou disponibilidade de recursos de processamento. . Moderada - exploração é mitigada significativamente por fatores como configuração padrão, auditoria ou dificuldade de exploração. . Baixa - uma vulnerabilidade cuja exploração seja extremamente difícil ou cujo impacto seja mínimo. CORREÇÕES DISPONÍVEIS Recomenda-se atualizar os sistemas para as versões disponíveis em: . Microsoft Update https://www.update.microsoft.com/microsoftupdate/ . Windows Server Update Services http://www.microsoft.com/windowsserversystem/updateservices/default.mspx MAIS INFORMAÇÕES . Microsoft Security Bulletin Summary for March 2010 http://www.microsoft.com/technet/security/Bulletin/MS10-mar.mspx . SANS ISC Handler's Diary 2010-03-09 - March 2010 Patch Tuesday Diary http://isc.sans.org/diary.html?storyid=8392 . MS10-016: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561) http://www.microsoft.com/technet/security/bulletin/ms10-016.mspx . MS10-017: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150) http://www.microsoft.com/technet/security/bulletin/ms10-017.mspx . Microsoft TechCenter de Segurança http://technet.microsoft.com/pt-br/security/ . Microsoft Security Response Center - MSRC http://www.microsoft.com/security/msrc/ . Microsoft Security Research & Defense - MSRD http://blogs.technet.com/srd/ . Segurança Microsoft http://www.microsoft.com/brasil/security/ Identificador CVE (http://cve.mitre.org): CVE-2010-0257, CVE-2010-0258, CVE-2010-0260, CVE-2010-0261, CVE-2010-0262, CVE-2010-0263, CVE-2010-0264, CVE-2010-0265 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as últimas versões e correções oferecidas pelos fabricantes. Os Alertas do CAIS também são oferecidos no formato RSS/RDF: http://www.rnp.br/cais/alertas/rss.xml Atenciosamente, ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br http://www.cais.rnp.br # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel http://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Made with pgp4pine 1.76 iQCVAwUBS5fbV+kli63F4U8VAQE0LAQAoVedYI7H3Gqf5gbdnGc/Z43H4YwCWR9x vsiriZD6YMG+fmVVq9X+ekyveCCuR9Rhu3uozjLbNYmzqh1w3SnddMAO1wMMDDSr 2PS1NxwWBEF9W79PbGrshIlvCxPGhYdIxmYpCGUrIcI9vGm8fdjBjN9L0unPq/uI YfbDFXW8Kmk= =s8lx -----END PGP SIGNATURE----- ----- End forwarded message ----- From security em unicamp.br Wed Mar 31 09:26:59 2010 From: security em unicamp.br (CSIRT - UNICAMP) Date: Wed, 31 Mar 2010 09:26:59 -0300 Subject: [SECURITY-L] US-CERT Technical Cyber Security Alert TA10-089A -- Microsoft Internet Explorer Vulnerabilities Message-ID: <20100331122659.GB10534@unicamp.br> ----- Forwarded message from US-CERT Technical Alerts ----- From: US-CERT Technical Alerts Subject: US-CERT Technical Cyber Security Alert TA10-089A -- Microsoft Internet Explorer Vulnerabilities To: technical-alerts em us-cert.gov Date: Tue, 30 Mar 2010 19:39:18 -0400 Organization: US-CERT - +1 202-205-5266 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-089A Microsoft Internet Explorer Vulnerabilities Original release date: March 30, 2010 Last revised: -- Source: US-CERT Systems Affected * Microsoft Internet Explorer Overview Microsoft has released out-of-band updates to address critical vulnerabilities in Internet Explorer. I. Description Microsoft has released updates for multiple vulnerabilities in Internet Explorer, including the vulnerability detailed in Microsoft Security Advisory (981374) and US-CERT Vulnerability Note VU#744549. II. Impact By convincing a user to view a specially crafted HTML document or Microsoft Office document, an attacker may be able to execute arbitrary code with the privileges of the user. III. Solution Apply updates Microsoft has released updates to address these vulnerabilities. Please see Microsoft Security Bulletin MS10-018 for more information. Apply workarounds Microsoft has provided workarounds for some of the vulnerabilities in MS10-018. IV. References * Microsoft Security Bulletin MS10-018 - * Microsoft Security Advisory (981374) - * Microsoft Internet Explorer iepeers.dll use-after-free vulnerability - ____________________________________________________________________ The most recent version of this document can be found at: ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA10-089A Feedback VU#744549" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: ____________________________________________________________________ Revision History March 30, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBS7KKyj6pPKYJORa3AQJsgAf/SkHbDt3N9SoIvHHHRsYGjbbIBq1wO3zt xQLTkCvapDgRgf+HCPjw8kzQNCqa+Qisfj3OEw1ADJPwh7PLrWnkrdJMgkLjhJtF xON1Cb+nzy4TuccKPwo2ydu/+bxkFfbKVqB7s355LqC+O+uOnklk1GPftqY0vKpx la5sR+BWkjhARC+OMQsYSQ1hfI7DG7qO9tUljoHwjkyz+ry0rdCX3VSvr3mswf9r hAIw17MTzzjWfvr1logn2SDC6e8HR1TAsSCKvicCJvR2SlIiLFneleDSlVQX8H+g EMdZn06dD6tYgzkLrFT77xwfRW9AgQ/WS7Ai8G4+e9zdJl1uO9ICyg== =+WLE -----END PGP SIGNATURE----- ----- End forwarded message -----