Spyware, Viruses, & Security forum


Microsoft Security Bulletin Summary for October 2011

by Carol~ Moderator / October 11, 2011 3:24 AM PDT
Microsoft Security Bulletin Summary for October 2011

Published : October 11, 2011

As part of Microsoft's routine monthly security update cycle, 8 new security updates were released today:

Critical: 2

MS11-078 - Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2604930)
MS11-081 - Cumulative Security Update for Internet Explorer (2586448)

Important 6:

MS11-075 - Vulnerability in Microsoft Active Accessibility Could Allow Remote Code Execution (2623699)
MS11-076 - Vulnerability in Windows Media Center Could Allow Remote Code Execution (2604926)
MS11-077 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2567053)
MS11-079 - Vulnerabilities in Microsoft Forefront Unified Access Gateway Could Cause Remote Code Execution (2544641)
MS11-080 - Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2592799)
MS11-082 - Vulnerabilities in Host Integration Server Could Allow Denial of Service (2607670)

Security Bulletin: http://technet.microsoft.com/en-us/security/bulletin/ms11-oct
Discussion is locked
You are posting a reply to: Microsoft Security Bulletin Summary for October 2011
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Microsoft Security Bulletin Summary for October 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
October Update: Security Intelligence Report Annouonced
by Carol~ Moderator / October 11, 2011 3:37 AM PDT

From Jerry Bryant @ the Microsoft Security Response Center:

On this October Update Tuesday, we are releasing the 11th volume of the Security Intelligence Report, SIRv11, which puts zero-day vulnerabilities into context against other global threats. We are also releasing eight security updates so please read on for details.

A new method of analyzing malware distribution indicates that in the first half of 2011 zero-day issues account for a very small percentage of actual infections. The results from our analysis concluded that none of the top malware families in the first half of 2011 were known to be distributed through the use of 0-days, and while some smaller families did take advantage of 0-day vulnerabilities, less than 1 percent of all exploit attempts were against zero-day issues.

The key takeaway from SIRv11 is how malware is actually being distributed - social engineering, Autorun feature abuse, file-infection, exploits (with updates available) and brute force password attacks. Many of these attacks can be avoided with fundamental security practices, such as downloading security updates once available or ensuring that you have Automatic Updates enabled on your system. Automatic Updates help to ensure that computers are protected against new and ongoing security threats and that Windows continues to function smoothly.

Speaking of which, as we do each month, today we are releasing security updates to help protect customers. As I mentioned in the Advance Notification Service blog on Thursday, today we are releasing eight security bulletins, two of which are rated Critical, the remaining rated Important.

These bulletins will increase protection by addressing 23 unique CVEs in Microsoft products. As always, customers should plan to install all of these updates as soon as possible. There are two bulletins that we want to call out as priorities for our customers:

MS11-081 (Internet Explorer): This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

MS11-078 (.NET Framework & Silverlight): This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.


Collapse -
MSRT October '11: EyeStye
by Carol~ Moderator / October 13, 2011 2:29 AM PDT

From the Microsoft Malware Protection Center:

This month, the Malicious Software Removal Tool (MSRT) targets two families: Win32/EyeStye and Win32/Poison.

EyeStye (aka 'SpyEye') is a family of trojans that steals information, targeting authentication data used for online banking such as passwords and digital certificates. The method it employs is called "form grabbing" which involves the interception of webform data submitted to the host through the client's browser. By intercepting this data, authentication information can be stolen, and web content presented to the user can be altered to the malware author's preference. In one recent EyeStye variant (for example SHA1 e36287d81770d583679be28d9a229f8363ab4cde) we came across, we observed that the following browsers were targeted, indicating that the malware authors are leaving few stones unturned: Internet Explorer, Mozilla, Chrome and Opera.

The malware file contains obfuscated code, while the payload is injected into running processes. It also employs user-mode rootkit protection in an effort to prevent itself from being seen via Windows Explorer or the Command Prompt. This may be intended to make detection and remediation challenging for antivirus engines. As this bot is kit-based, the file names and mutexes it creates are variable, which makes identification (based on these factors) difficult.

Continued : http://blogs.technet.com/b/mmpc/archive/2011/10/12/msrt-october-11-eyestye.aspx

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.