Internet Security Source provides daily updates on Internet Threats, Viruses, Worms, Trojans, Spyware and Adware. Subscribe to our newsletter and receive daily updates on threats on the internet.
Microsoft Security Advisory (961509)
Sunday, February 15 2009
Revision Note: Advisory published Advisory Summary:Microsoft is aware that research was published at a security conference proving a successful attack against X.509 digital certificates signed using the MD5 hashing algorithm. This attack method would allow an attacker to generate additional digital certificates with different content that have the same digital signature as an original certificate. The MD5 algorithm had previously shown a vulnerability, but a practical attack had not yet been demonstrated.Microsoft Security Advisory (961040)
Wednesday, December 24 2008
Revision Note: Advisory published Advisory Summary:Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). Systems with Microsoft SQL Server 7.0 Service Pack 4 and Microsoft SQL Server 2008 are not affected by this issue.Microsoft Security Advisory (961051)
Wednesday, December 17 2008
Revision Note: December 15, 2008: Updated the workarounds, Disable XML Island functionality and Disable Row Position functionality of OLEDB32.dll. Advisory Summary:Security AdvisoryMicrosoft Security Advisory (960906)
Wednesday, December 10 2008
Revision Note: Security Advisory published Advisory Summary:Microsoft is investigating new reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Windows XP Service Pack 3, Windows Vista, and Windows Server 2008 are not affected as these operating systems do not contain the vulnerable code.Microsoft Security Advisory (958963)
Wednesday, October 29 2008
Revision Note: Advisory published Advisory Summary:Security AdvisoryMicrosoft Security Advisory (956391)
Wednesday, October 15 2008
Revision Note: Advisory Published. Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory.Microsoft Security Advisory (953839)
Wednesday, August 13 2008
Revision Note: Advisory Published. Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory.Microsoft Security Advisory (956187)
Wednesday, July 30 2008
Revision Note: July 25, 2008: Advisory published. Advisory Summary:Microsoft released Microsoft Security Bulletin MS08-037, Vulnerabilities in DNS Could Allow Spoofing (953230), on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the...
Microsoft Security Advisory (955179)
Wednesday, July 09 2008
Revision Note: Advisory published. Advisory Summary:Security AdvisoryMicrosoft Security Advisory (953635)
Wednesday, July 09 2008
Revision Note: Advisory published. Advisory Summary:Security AdvisoryMicrosoft Security Advisory (954960)
Wednesday, July 02 2008
Revision Note: Advsiory published. Advisory Summary:Microsoft is investigating public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft is aware of reports from customers who are experiencing this issue.Microsoft Security Advisory (954462)
Monday, June 30 2008
Revision Note: June 25, 2008: Removed erroneous references to form field and cookie value testing from the HP Scrawlr tool description. Advisory Summary:Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. When a SQL injection attack...
Microsoft Security Advisory (897663)
Monday, June 30 2008
Revision Note: Advisory published. Advisory Summary:Microsoft has received a report of an unexpected behavior in the way that the Windows Firewall User Interface handles malformed entries in the Windows Registry. By creating malformed Windows Firewall exception entries in the Windows Registry, an exception could be created in the firewall that would not be displayed in the Windows Firewall User Interface. However, this exception is displayed by the command line firewall administration tools. It is important to note that this is not a vulnerability. Administrative privileges are required to access...
Microsoft Security Advisory (909444)
Monday, June 30 2008
Revision Note: Advisory Published. Advisory Summary:Microsoft is aware of reports of isolated issues after deployment with Microsoft Security Bulletin MS05-051. We are working with a limited number of affected customers to help resolve these issues. Systems that do not have the default Access Control List (ACL) settings in the %Windir%\Registration folder may experience various problems after installing MS05-051. The update helps protect against attacks seeking to exploit MS05-051, however this isolated set of issues might impact systems after installation of the update. Based on feedback from...
Microsoft Security Advisory (911052)
Monday, June 30 2008
Revision Note: Advisory updated to reference a CVE and to clarify that this issue is anonymously exploitable on Windows 2000 Service Pack 4. Advisory Summary:Microsoft is aware of public reports of proof-of-concept code that seeks to exploit a possible vulnerability in Windows 2000 SP4 and Windows XP SP1. This vulnerability could allow an attacker to levy a denial of service attack of limited duration. On Windows XP SP1, an attacker would need to have a valid logon on the system. For Windows XP SP1 users, an attacker must have valid logon credentials to try to exploit this vulnerability. The vulnerability...
Microsoft Security Advisory (911302)
Monday, June 30 2008
Revision Note: Advisory updated to reference released security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of a vulnerability. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin (http://go.microsoft.com/fwlink/?LinkId=53511).Microsoft Security Advisory (912920)
Monday, June 30 2008
Revision Note: Advisory published Advisory Summary:Microsoft is aware of the Sober mass mailer worm variant named Win32/Sober.Z@mm. The worm tries to entice users through social engineering efforts into opening an attached file or executable in e-mail. If the recipient opens the file or executable, the worm sends itself to all the contacts that are contained in the system’s address book. Customers who are using the most recent and updated antivirus software are at a reduced risk from infection by the Win32/Sober.Z@mm worm. On systems that are infected by Win32/Sober.Z@mm, the malware is programmed...
Microsoft Security Advisory (912840)
Monday, June 30 2008
Revision Note: Advisory updated to reference released security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of a vulnerability. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin (http://go.microsoft.com/fwlink/?LinkId=58471).Microsoft Security Advisory (904420)
Monday, June 30 2008
Revision Note: Additional information about the blank password restriction functionality in Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003, and Windows Server 2003 Service Pack 1. Added link to Virus Information Alliance member Sophos. Advisory Summary:Microsoft wants to make customers aware of the Mywife mass mailing malware variant named Win32/Mywife.E@mm. The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message. If the recipient opens the file, the malware sends itself to all the contacts that...
Microsoft Security Advisory (913333)
Monday, June 30 2008
Revision Note: Advisory Published Advisory Summary:Microsoft is investigating new public reports of a vulnerability in older versions of Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user. The attacker could do this by one or more of the following actions: By hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site; By convincing a user to open a specially crafted e-mail attachment; By convincing a user to click on a link in an e-mail...