Microsoft Outlook Express Exploit
Exploit code has been made publicly available that triggers a vulnerability in Microsoft Outlook Express and Windows Mail. The integer overflow vulnerability could allow a remote attacker to execute arbitrary code, although the attacker would need to control the mail server being used by the victim. At this time, there is no known vendor patch available.
http://www.exploit-db.com/exploits/12564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0816

Microsoft’s May Security Patches
As a reminder, Microsoft will be issuing their May security release later today. The two scheduled bulletins will address remote code execution vulnerabilities in Windows and Office. We will update the assessment when more details are available.
http://www.microsoft.com/technet/security/Bulletin/MS10-may.mspx

http://www.microsoft.com/technet/security/bulletin/MS10-024.mspx

2. Microsoft DirectShow Remote Code Execution (MS10-026 CVE-2010-0480)
Microsoft Windows is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the MPEG Layer-3 audio codecs when handling malicious files. The vulnerable MPEG Layer-3 audio codecs are the MPEG Layer-3 Audio Codec for Microsoft DirectShow. Successful exploitation of this issue would provide an attacker with complete control over the endpoint target. The use of malicious media files like images and movies has been prevalent in the past years.

http://www.microsoft.com/technet/security/bulletin/MS10-026.mspx

Adobe Reader and Acrobat Security Update
Adobe has addressed multiple critical vulnerabilities affecting Adobe Reader 9.3.1 (and earlier versions) for Windows, Macintosh, and UNIX, Adobe Acrobat 9.3.1 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.1 (and earlier versions) and Adobe Acrobat 8.2.1 (and earlier versions) for Windows and Macintosh. The most severe of these issues could allow a remote attacker to execute arbitrary code on a vulnerable system. Refer to the “Solution” section of the Adobe Security Bulletin for information on remediating these issues.
http://www.adobe.com/support/security/bulletins/apsb10-09.html

Microsoft April 2010 Security Release
Microsoft released eleven security bulletins today. There are five rated Critical, five rated Important and one rated Moderate. We encourage our customers to apply the patches and IBM product coverage where applicable. Please, review the break-down below.
http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx

Microsoft Maximum Severity Rating: Critical
Microsoft Security Bulletin MS10-019: Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
Vulnerabilities in Windows Authenticode Verification could allow a remote attacker execute arbitrary code on a vulnerable system.
CVE-2010-0486
CVE-2010-0487
http://www.microsoft.com/technet/security/bulletin/ms10-019.mspx

Microsoft Security Bulletin MS10-020: Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
Multiple vulnerabilities affecting Microsoft Windows could allow remote code execution. Successful exploitation can occur if an attacker can convince a user to initiate an SMB connection to a specially crafted SMB server.
CVE-2009-3676
CVE-2010-0269
CVE-2010-0270
CVE-2010-0476
CVE-2010-0477
http://www.microsoft.com/technet/security/bulletin/ms10-020.mspx

Microsoft Security Bulletin MS10-025: Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
A remote code execution vulnerability affects Windows Media Services running on Microsoft Windows 2000 Server. The Windows Media Unicast Service fails to properly handle specially crafted transport information packets. On Microsoft Windows 2000 Server Service Pack 4, Windows Media Services is an optional component and is not installed by default.
CVE-2010-0478
http://www.microsoft.com/technet/security/bulletin/ms10-025.mspx

Microsoft Security Bulletin MS10-026: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
2. Microsoft DirectShow Remote Code Execution (MS10-026 CVE-2010-0480)
http://www.microsoft.com/technet/security/bulletin/ms10-026.mspx

Microsoft Security Bulletin MS10-027: Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
The Windows Media Player ActiveX control is affected by a remote code execution vulnerability.
CVE-2010-0268
http://www.microsoft.com/technet/security/bulletin/ms10-027.mspx

Microsoft Maximum Severity Rating: Important
Microsoft Security Bulletin MS10-021: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
This bulletin addresses two vulnerabilities in Microsoft Windows, the most severe of which could allow elevation of privilege. In order to exploit these vulnerabilities, an attacker must have valid logon credentials and be able to log on locally.
CVE-2010-0236
CVE-2010-0237
http://www.microsoft.com/technet/security/bulletin/ms10-021.mspx

Microsoft Security Bulletin MS10-022: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
A vulnerability affecting VBScript on Microsoft Windows could allow remote code execution. This vulnerability requires user interaction and cannot be exploited on Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2.
CVE-2010-0483
http://www.microsoft.com/technet/security/bulletin/ms10-022.mspx

Microsoft Security Bulletin MS10-023: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
Microsoft Office Publisher is vulnerable to a remote code execution issue. An attacker could exploit this issue by creating a specially crafted Publisher file and sending it in an email or hosting it on a Web site.
CVE-2010-0479; IBM Product Coverage: CompoundFile_Shellcode_Detected
http://www.microsoft.com/technet/security/bulletin/ms10-023.mspx

Microsoft Security Bulletin MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
1. Denial of Service Conditions in Microsoft Exchange and Microsoft SMTP Service
http://www.microsoft.com/technet/security/bulletin/ms10-024.mspx

Microsoft Security Bulletin MS10-028: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)
Vulnerabilities in Microsoft Office Visio could allow remote code execution if a user opens a specially crafted Visio file.
CVE-2010-0254; IBM Product Coverage: CompoundFile_Shellcode_Detected
CVE-2010-0256; IBM Product Coverage: CompoundFile_Shellcode_Detected
http://www.microsoft.com/technet/security/bulletin/ms10-028.mspx

Microsoft Maximum Severity Rating: Moderate
Microsoft Security Bulletin MS10-029: Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)
A spoofing vulnerability exists in the Microsoft Windows IPv6 stack which could allow an attacker to impersonate an address to bypass edge or host firewalls. CVE-2010-0812
http://www.microsoft.com/technet/security/bulletin/ms10-029.mspx

CVE-2009-4074

CVE-2010-0027

CVE-2010-0244

CVE-2010-0245

CVE-2010-0246

CVE-2010-0247

CVE-2010-0248

CVE-2010-0249

Customers should apply this update as soon as possible. The update will also be sent through the Automatic update mechanism.
http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx

http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx

Additional Technical Detail

Data Execution Prevention (DEP) Bypass
There is a report of a new exploit that bypasses Data Execution Prevention (DEP). We have analyzed the Proof-of-Concept (POC) exploit code and have found that Windows Vista and later versions of Windows offer more effective protections in blocking the exploit due to the improved security protection offered by Address Space Layout Randomization (ASLR). Windows XP does not currently benefit from ASLR and will be more susceptible.

Additional details on the DEP bypass exploit are provided in a Security Research and Defense Blog published today.
http://blogs.technet.com/srd/archive/2010/01/20/reports-of-dep-being-bypassed.aspx

Microsoft E-Mail Products That Render using mshtml.dll Protected by Default
There have been reports that supported versions of Outlook, Outlook Express and Windows Live Mail are affected by the vulnerability in Security Advisory 979352.

For customers using the default configuration of all supported versions of Outlook, Outlook Express and Windows Live Mail the risk of exploit using Outlook as an attack vector is low. We are unaware of active exploit against supported versions of Outlook, Outlook Express or Windows Live. If customers have modified their default configuration to not run in Restricted sites zone, their environments will be in a less secure, more vulnerable, state.

Please review the announcement described above for more detail.

Office Applications with Active Scripting Enabled Potentially Vulnerable
Microsoft indicates that an ActiveX control in a Microsoft Access, Word, Excel, or PowerPoint file is a potentially exploitable vulnerability. Customers would have to open a malicious file to be at risk of exploitation, and Microsoft recommends disabling ActiveX Controls in Microsoft Office.

Live Briefing
On Thursday, January 21 at 1:00 p.m. PST (UTC – 8) Microsoft will host a public webcast where information on the bulletin will be presented.
Registration: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032440627

Original . . .

Yesterday we updated the assessment to reflect an impending out of cycle security update from Microsoft which will address the 0-day Microsoft Internet Explorer vulnerability highlighted in recent assessments. The update is announced in an MSRC blog posting, and timing for the release is expected to be explained today. The threat level remains at AlertCon 2 while we continue to encurage review of Microsoft Security Advisory for workaround information and X-Force Protection Alert for associated IBM product coverage.
http://blogs.technet.com/msrc/archive/2010/01/19/security-advisory-979352-going-out-of-band.aspx
https://portal.mss.iss.net/mss/xftas/alertAdvisory/details.mss?alertAdvisoryId=3382
http://www.microsoft.com/technet/security/advisory/979352.mspx

Shortly after the blog posting from MSRC appeared, a new posting on Neohapsis [Full Disclosure] began to be discussed. The posting explains how a restricted Windows user can exploit the Virtual DOS Machine (VDM) to gain command access in the system context (Ring 0). Microsoft was notified of the flaw in June 2009, but there currently is no patch. Exploit code that functions under Windows XP, 2003 Server, 2008 Server, Vista, and Windows 7 has been made available, and has been confirmed to function as described.

Mitigation steps requiring the Group Policy Editor for Windows 2003 Server systems are included in the Neohapsis article. For those systems that do not include the GPE the heise security team has provided instructions for a registry hack that should work until a patch is available.
http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html
http://www.h-online.com/security/news/item/Windows-hole-discovered-after-17-years-Update-908917.html

Apple Computer released their Security Update 2010-001 yesterday. The update addresses several multi-media applications, as well as printer handling, and a patch to suppress renegotiation in OpenSSL while the IETF works out final changes to the renegotiation protocol. The multi-media flaws relate to MP4, TIFF, and RAW(DNG) files, as well as multiple patches to the Adobe Flash player plug-in.
http://support.apple.com/kb/HT4004

Adobe has released an update for critical vulnerabilities in Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Macintosh operating systems. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations to the latest version.
http://www.adobe.com/support/security/bulletins/apsb10-03.html

Additionally, the Internet Systems Consortium (ISC) announced the release of the BIND 9.6.1-P3 security patch to address two cache poisoning vulnerabilities, both of which could allow a validating recursive nameserver to cache data which had not been authenticated or was invalid. This patch targets nameservers that have DNSSEC validation enabled, which could potentially provide responses from unauthenticated records within the cache.
http://isc.sans.org/diary.html?storyid=8029

We would also like to inform our customers that a report has surfaced indicating there has been “an increase in probes to port 12174.” Our analysts have also observed an increase in activity on this port. Reportedly, these probes are targeting a vulnerability in the Intel LANDesk Common Base Agent (CBA) which is used by the Symantec Alert Management System. An attacker could exploit this issue by sending a specially-crafted packet to TCP Port 12174 and execute arbitrary code on the vulnerable system. The Alert Management System 2 (AMS2) is a component of the Symantec System Center console, Symantec AntiVirus Server, and of the Symantec AntiVirus Central Quarantine Server. To mitigate against this threat, ensure the Symantec Alert Management Systems running in your environment are up-to-date.
http://isc.sans.org/diary.html?storyid=7834
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

Anti-malware testing group AV-Comparatives.org not only gave Microsoft Security Essentials a top rating for malware removal, but now they’ve given it their best ranking in their performance test as well.

AV-Comparatives.org ran a series of real-world tests running through common scenarios like downloading, extracting, copying, and encoding files, installing and launching applications, and they also ran through an automated testing suite as well. Once the dust had settled, it became clear that not only is MSE one of only three products that both blocks and removes malware well, but it’s also very light on system resources.

Out of all the products tested, Microsoft Security Essentials was the best-performing free antivirus solution, and one of only two that received “very fast” on each of the real-world tests, earning it their top award: an “advanced+” ranking.  you don’t need to pay for Windows security, and now with MSE ranked alongside the top paid apps in both malware removal and performance, you might want to consider making the switch.

Arizona IT Management can help. We know the costs of running and supporting an office, with finance, accounting, superintendents, foremen, project managers, project coordinators, estimators, virtual construction, fab, warehouse, hr, payroll, and the most about information technology!

With new advances in technology along with proven old school methods with a new twist, we can assist in cutting down the costs and keeping you worrying on the business and not the technology that supports it. New advances in products and technology can completely wow your customers with items such as netbooks running Windows 7, Google OS, or Ubuntu Linux, and using Google Apps. Google Apps helps the workforce become mobile without all the hardware costs and Microsoft licensing.

Contracting with Arizona IT Management brings you and your company peace of mind with full solutions development, contract support, top level security and information technology management.

Whether you are starting your construction business, having to realign your business focus, or just need some help, contact Arizona IT Management.

Some of the common predictions are: increased attacks targeting Microsoft 7 platforms and smartphones, more tailored and targeted attacks and continued targeting of social networking sites to distribute malware and obtain information. We have seen attackers become increasingly sophisticated over the years and their attacks harder to detect. And if you’re not technically savy? Script kiddies have professionally produced products readily available to them on the Internet. In other words, be prepared for another cyber threat filled environment in 2010.
http://www.f-secure.com/weblog/archives/00001835.html
http://securitylabs.websense.com/content/Blogs/3509.aspx
http://blog.trendmicro.com/trend-micro-2010-future-threat-report/