Archives
-
Microsoft Releases Security Advisory 2914486
Today we released Security Advisory 2914486 regarding a local elevation of privilege (EoP) issue that affects customers using Microsoft Windows XP and Server 2003. Windows Vista and later are not affected by this local EoP issue. A member of the Microsoft Active Protections Program (MAPP) found this issue being used on systems compromised by a third-party remote code execution vulnerability. These limited, targeted attacks require users to open a malicious PDF file. The issues described by the advisory cannot be used to gain access to a remote system alone.
-
Our protection metrics – October results
Last month we introduced our monthly protection metrics and talked about our September results. Today, we’d like to talk about our results from October. If you want a refresh on the definition of the metrics we use in our monthly results, see our prior post: Our protection metrics – September results.
-
Security and policy surrounding bring your own devices (BYOD)
As the proliferation of devices continues to capture the imagination of consumers, and has ignited what is referred to as bring your own device (BYOD) revolution, many IT departments across the globe are now facing increased security considerations. While organizations encourage BYOD for cost savings and productivity, it is also important to have robust security policies supporting BYOD.
-
Download Windows Server 2012 R2 and Get Free Training on the New Capabilities from MVA
As announced on the Windows Server blog last month, the team has released Windows Server 2012 R2 for General Availability. Download the Windows Server 2012 R2 evaluation or use our free Windows Server 2012 R2 Virtual Labs to test the product online without installation.Then, learn directly from Microsoft's product experts with a series of new Windows Server 2012 R2 courses on Microsoft Virtual Academy:View all of the latest courses on Windows Server 2012 on the MVA Windows Server Topic Page. -
How to Automate the Creation of App-V 5.0 Debug Command Prompts
Microsoft’s own Dave Falkus has a great article out on how to automate the creation of App-V 5.0 debug command prompts. If this is something you’ve struggled with or just want an easier way to create these then this is one you won’t want to miss.
-
Meet Microsoft’s master of high-tech showmanship
-
WIRED prototypes four world-changing product ideas from Bill Gates
-
Carberp-based trojan attacking SAP
Recently there has been quite a bit of buzz about an information-stealing trojan that was found to be targeting the logon client for SAP. We detect this trojan as TrojanSpy:Win32/Gamker.A.
-
How to remove an OpsMgr 2012 Gateway Server that is associated with a site
~ Brian McDermott | Escalation Engineer
-
The R2 is available at Tech Showcase!
Windows Server 2012 R2 is available at Tech Showcase. The new R2 offers exciting features and enhancements across virtualization, storage, networking, virtual desktop infrastructure, access and information protection, and more. Attend a Microsoft Tech Showcase event and explore what R2 has to offer you and your organization. Register at http://aka.ms/Yclp43Tech Showcase events, hosted by Microsoft Learning Partners, are intended for senior technical experts and IT professional. Attend an event to review new, breakthrough features and capabilities important to you as an It Professional. Plan ahead and help you and your team get skilled and ready for the latest Windows release. -
A busy week for Windows apps
-
Backup the best defense against (Cri)locked files
Crilock – also known as CryptoLocker – is one notorious ransomware that’s been making the rounds since early September. Its primary payload is to target and encrypt your files, such as your pictures and Office documents. All of the file types that can be encrypted are listed in our Trojan:Win32/Crilock.A and Trojan:Win32/Crilock.B descriptions.
-
Nokia gives us something to look forward to
-
MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck
Today we’re publishing the November 2013 Security Bulletin Webcast Questions & Answers page. The majority of questions focused on the ActiveX Kill Bits bulletin (MS13-090) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates, but that may be of interest.
-
Meet Microsoft researcher Eric Horvitz’s disarmingly human AI personal assistant
-
Microsoft CityNext transforms the ‘digital architecture’ of residents’ everyday lives
-
Febipos for Internet Explorer
In a previous blog post we discussed Trojan:JS/Febipos.A, a malicious browser extension that targets the Facebook profiles of Google Chrome and Mozilla Firefox users. We recently came across a new Febipos sample that was specifically developed for Internet Explorer - we detect it as Trojan:Win32/Febipos.B!dll.
-
Get an exclusive look inside Microsoft’s new high-tech headquarters for the fight against cybercrime
-
New Lync Online Guided Walkthrough Helps Office 365 Admins Troubleshoot Sign-in Issues
Contributors: Darrin Hanson | Patrick Kelley | Premal Gandhi | Tim Lulofs | Peter Krebs Publication date: November 13, 2013 Product version: Lync Online The Lync Online Sign-in Guided Walkthrough ( http://aka.ms/LyncSignIn ) offers admins a customized...(read more)
-
Authenticity and the November 2013 Security Updates
If you haven't had a chance to see the movie Gravity, I highly recommend you take the time to check it out. The plot moves a bit slowly at times, but director Alfonso Cuaron's work portrayal of zero gravity is worth the ticket price alone. Add in stellar acting and you end up with an epic movie that really makes you miss the shuttle program. Still, the movie has its detractors. Specifically, astrophysicist and geek icon Neil deGrasse Tyson has been critical about the movie's authenticity. To deGrasse Tyson, a lack of authenticity disrupts the movie-going experience.
Similarly, a lack of authenticity can disrupt your computing experience, which leads me to a couple of interesting items in this month's release. Two advisories this month deal with authenticity by focusing on certificates and cryptography. The first is Security Advisory 286725, which disables the use of the RC4 stream cipher. As computing power increases, cryptographic attacks that were once only theoretical become practical - this is the case with RC4, which was originally designed in 1987. That's the same year The Simpsons first appeared as shorts on The Tracy Ullman Show. Computing has changed somewhat in that time.
We've already taken this step in Windows 8.1 and Internet Explorer 11, and now we're providing an update to disable its use in other operating systems as well. Rather than automatically disable the cipher, the update provides a registry key that allows developers to eliminate RC4 as an available cipher in their applications. The SRD blog provides a deep dive into RC4 and the implications of disabling it.
Security Advisory 2880823 also impacts cryptography and authenticity but addresses SHA1. We aren't going to surprise the world by saying we're turning off support for SHA1 today, but we are announcing a new policy for Certificate Authorities (CAs) that deprecates the use of the SHA1 algorithm in SSL and code signing certificates in favor of the SHA2 algorithm. After January 2016, only SHA2 certificates can be issued. The good folks over on the PKI blog go into more detail about the change.
We have an update regarding a cryptographic function as well, MS13-095 addresses an issue in Digital Signatures that could cause a web service to stop responding if it receives a specially crafted X.509 certificate. Since these certificates are used to ensure authenticity, having the web service go down during negotiation is suboptimal.
Of course, another way to help ensure authenticity throughout your computing experience is to use EMET. An updated version of the program is available today. Of the many improvements, there is an update to the default settings that includes two new application protection profiles for applications. There's also an update for the Certificate Trust profile that offers more applications protection. Full details about this release can be found on the SRD blog. It may not patch any holes, but it can make it harder to reach any issue that may exist on a system and, if your family is like mine, it will significantly reduce calls from relatives looking for tech support.
Of course it takes more than just authenticity to make a secure computing experience, which leads us to the other updates for November. Today, we released eight bulletins, three Critical and five Important, addressing 19 unique CVEs in Microsoft Windows, Internet Explorer, and Office. For those who need to prioritize their deployment planning we recommend focusing on MS13-090, MS13-088, and MS13-089.
Our Bulletin Deployment Priority graph provides an overview of this month's priority releases (click to enlarge).
MS13-090 | Cumulative Security Update of Active X Kill Bits
This update addresses a remote code execution issue in an ActiveX control by providing a kill bit for associated ActiveX controls. We are aware of limited attacks that exploit this issue. The code execution occurs at the level of the logged on user, so non-admin users would face less of an impact. The remote code execution vulnerability with higher severity rating be fixed in today's release and we advise customers to prioritize the deployment of MS13-090 for their monthly release. As usual, customer with Automatic Updates enabled will not need to take any action to receive the update. Additional information about this vulnerability is available on the Security Research & Defense blog.
MS13-088 | Cumulative Update for Internet Explorer
This security update resolves ten privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user.
MS13-089 | Vulnerability in Windows Graphics Device Interface Could Allow Remote Code Execution
This update addresses one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views or opens a specially crafted Windows Write file in WordPad. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
Last but not least, we are also providing an update for users of DirectAccess (DA) through Security Advisory 2862152. This security feature bypass issue would require a man-in-the-middle attacker to be successful, but if someone can snoop on your DA connection, it's possible they could impersonate a legitimate DA server in order to establish connections with legitimate DA clients. The attacker-controlled system could then intercept the target user's network traffic and potentially determine the encrypted domain credentials. This update, along with the new configuration guidelines available in KB2862152, helps ensure the authenticity of DA connections.
Watch the bulletin overview video below for a brief summary of today's releases.
Our risk and impact graph shows an aggregate view of this month's Security and Exploitability Index (click to enlarge).
For more information about this month's security updates, including the detailed view of the Exploit Index broken down by CVE, visit the Microsoft Bulletin Summary Webpage.
Jonathan Ness and I will host the monthly bulletin webcast, scheduled for Wednesday, November 13, 2013, at 11 a.m. PST. I invite you to register here and tune in to learn more about this month's security bulletins and advisories. We'll provide authentic answers to your update deployment questions, but no zero gravity effects will be employed.
For all the latest information, you can also follow the MSRC team on Twitter at @MSFTSecResponse.
I look forward to hearing your questions in the webcast tomorrow.
Thanks,
Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing -
Nokia Copter takes flight
-
MSRT November 2013 - Napolar
We first noticed the new family we named Win32/Napolar being distributed in the wild in early August this year. It quickly became a big problem on our customers’ machines.
-
ActiveX Control issue being addressed in Update Tuesday
Late last Friday, November 8, 2013, a vulnerability, CVE-2013-3918, affecting an Internet Explorer ActiveX Control was publically disclosed. We have confirmed that this vulnerability is an issue already scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090, as listed in the November Advanced Notification Service (ANS). The security update will be distributed to customers tomorrow via Windows Update at approximately 10:00 AM PDT. Customers who have Automatic Updates enabled will not need to take any action to receive the update.
-
The ChronoZoom challenge: Visualize history and compete for $5,000 and a trip to Moscow
-
TMG SP2 Rollup 4 available
-
Cumulative Update for Lync Desktop Client 2013: November 2013
Abstract: Microsoft Support has released a cumulative update for Lync 2013 Desktop Client for Windows, which includes new functionality. Author: Nikolay Muravlyannikov, Program Manager II Publication date: November 12, 2013 Product version: Lync...(read more)
-
Updated Microsoft Lync Server 2013 Documentation Help File (.chm) Available on the Download Center
We've posted an updated Microsoft Lync Server 2013 Documentation Help File on the download center. The updated file includes all changes made to topics in the Lync Server TechNet Library since the release of Lync Server 2013, including bug fixes and updates...(read more)
-
Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release
Today, we’re providing advance notification for the release of eight bulletins, three Critical and five Important, for November 2013. The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows, and the Important updates address issues in Windows and Office.
-
Video: Nokia Shows off the Lumia 2520
-
Check out the new System Center 2012 R2 Operations Manager survival guide
~ Matthias Heil | Consultant
-
Microsoft Releases Security Advisory 2896666
Today we released Security Advisory 2896666 regarding an issue that affects customers using Microsoft Windows Vista and Windows Server 2008, Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync. We are aware of targeted attacks, largely in the Middle East and South Asia. The current versions of Microsoft Windows and Office are not affected by this issue. The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment. If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document. An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user.
While we are actively working to develop a security update to address this issue, we encourage our customers concerned with the risk associated with this vulnerability, to deploy the following Fix it from the advisory: -
Video: Witness Surface 2’s impressive display
-
Updates: RAMMap v1.32, Sigcheck v2.01
RAMMap v1.32: This fixes a bug in v1.30 that caused RAMMap to fail on Windows 8.
-
Video: Get to know Surface 2’s clever two-position kickstand
-
Upatre: Emerging Up(d)at(er) in the wild
The MMPC is constantly monitoring emerging threats that are impacting our customers the most.