Internet Security Source provides daily updates on Internet Threats, Viruses, Worms, Trojans, Spyware and Adware. Subscribe to our newsletter and receive daily updates on threats on the internet.
Microsoft Security Advisory (953839)
Wednesday, August 13 2008
Revision Note: Advisory Published. Advisory Summary:Microsoft is releasing a new set of ActiveX kill bits with this advisory.Microsoft Security Advisory (956187)
Wednesday, July 30 2008
Revision Note: July 25, 2008: Advisory published. Advisory Summary:Microsoft released Microsoft Security Bulletin MS08-037, Vulnerabilities in DNS Could Allow Spoofing (953230), on July 8, 2008, offering security updates to protect customers against Windows Domain Name System (DNS) spoofing attacks. Microsoft released this update in coordination with other DNS vendors who were also similarly impacted. Since the coordinated release of these updates, the threat to DNS systems has increased due to a greater public understanding of the attacks, as well as detailed exploit code being published on the...
Microsoft Security Advisory (955179)
Wednesday, July 09 2008
Revision Note: Advisory published. Advisory Summary:Security AdvisoryMicrosoft Security Advisory (953635)
Wednesday, July 09 2008
Revision Note: Advisory published. Advisory Summary:Security AdvisoryMicrosoft Security Advisory (954960)
Wednesday, July 02 2008
Revision Note: Advsiory published. Advisory Summary:Microsoft is investigating public reports of a non-security issue that prevents the distribution of any updates deployed through Microsoft Windows Server Update Services 3.0 or Microsoft Windows Server Update Services 3.0 Service Pack 1 to client systems that have Microsoft Office 2003 installed in their environment. Microsoft is aware of reports from customers who are experiencing this issue.Microsoft Security Advisory (954462)
Monday, June 30 2008
Revision Note: June 25, 2008: Removed erroneous references to form field and cookie value testing from the HP Scrawlr tool description. Advisory Summary:Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. When a SQL injection attack...
Microsoft Security Advisory (897663)
Monday, June 30 2008
Revision Note: Advisory published. Advisory Summary:Microsoft has received a report of an unexpected behavior in the way that the Windows Firewall User Interface handles malformed entries in the Windows Registry. By creating malformed Windows Firewall exception entries in the Windows Registry, an exception could be created in the firewall that would not be displayed in the Windows Firewall User Interface. However, this exception is displayed by the command line firewall administration tools. It is important to note that this is not a vulnerability. Administrative privileges are required to access...
Microsoft Security Advisory (909444)
Monday, June 30 2008
Revision Note: Advisory Published. Advisory Summary:Microsoft is aware of reports of isolated issues after deployment with Microsoft Security Bulletin MS05-051. We are working with a limited number of affected customers to help resolve these issues. Systems that do not have the default Access Control List (ACL) settings in the %Windir%\Registration folder may experience various problems after installing MS05-051. The update helps protect against attacks seeking to exploit MS05-051, however this isolated set of issues might impact systems after installation of the update. Based on feedback from...
Microsoft Security Advisory (911052)
Monday, June 30 2008
Revision Note: Advisory updated to reference a CVE and to clarify that this issue is anonymously exploitable on Windows 2000 Service Pack 4. Advisory Summary:Microsoft is aware of public reports of proof-of-concept code that seeks to exploit a possible vulnerability in Windows 2000 SP4 and Windows XP SP1. This vulnerability could allow an attacker to levy a denial of service attack of limited duration. On Windows XP SP1, an attacker would need to have a valid logon on the system. For Windows XP SP1 users, an attacker must have valid logon credentials to try to exploit this vulnerability. The vulnerability...
Microsoft Security Advisory (911302)
Monday, June 30 2008
Revision Note: Advisory updated to reference released security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of a vulnerability. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin (http://go.microsoft.com/fwlink/?LinkId=53511).Microsoft Security Advisory (912920)
Monday, June 30 2008
Revision Note: Advisory published Advisory Summary:Microsoft is aware of the Sober mass mailer worm variant named Win32/Sober.Z@mm. The worm tries to entice users through social engineering efforts into opening an attached file or executable in e-mail. If the recipient opens the file or executable, the worm sends itself to all the contacts that are contained in the system’s address book. Customers who are using the most recent and updated antivirus software are at a reduced risk from infection by the Win32/Sober.Z@mm worm. On systems that are infected by Win32/Sober.Z@mm, the malware is programmed...
Microsoft Security Advisory (912840)
Monday, June 30 2008
Revision Note: Advisory updated to reference released security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of a vulnerability. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin (http://go.microsoft.com/fwlink/?LinkId=58471).Microsoft Security Advisory (904420)
Monday, June 30 2008
Revision Note: Additional information about the blank password restriction functionality in Windows XP Service Pack 1, Windows XP Service Pack 2, Windows Server 2003, and Windows Server 2003 Service Pack 1. Added link to Virus Information Alliance member Sophos. Advisory Summary:Microsoft wants to make customers aware of the Mywife mass mailing malware variant named Win32/Mywife.E@mm. The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message. If the recipient opens the file, the malware sends itself to all the contacts that...
Microsoft Security Advisory (913333)
Monday, June 30 2008
Revision Note: Advisory Published Advisory Summary:Microsoft is investigating new public reports of a vulnerability in older versions of Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user. The attacker could do this by one or more of the following actions: By hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site; By convincing a user to open a specially crafted e-mail attachment; By convincing a user to click on a link in an e-mail...
Microsoft Security Advisory (906267)
Monday, June 30 2008
Revision Note: Advisory updated to include additional mitigating factors. Msdds.dll file versions have also been revised: updated file version from 7.0.9446.0 to 7.0.9466.0 and added file version 7.0.9064.9143. Advisory Summary:Microsoft is investigating new public reports of a possible vulnerability in Internet Explorer. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time. Microsoft is aggressively investigating the public reports. The Microsoft DDS Library Shape Control (Msdds.dll) is a COM object that could, when called from a Web page...
Microsoft Security Advisory (914457)
Monday, June 30 2008
Revision Note: March 14, 2006: Advisory updated to reference released security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of a vulnerability. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin.Microsoft Security Advisory (917077)
Monday, June 30 2008
Revision Note: Advisory updated to reference released security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of a vulnerability. We have issued a security bulletin to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin.Microsoft Security Advisory (910550)
Monday, June 30 2008
Revision Note: Advisory published. Advisory Summary:Microsoft is aware of recent security vulnerabilities in Macromedia Flash Player, a third party software application that also was redistributed with Microsoft Windows XP Service Pack 1, Windows XP Service Pack 2, Windows 98, Windows 98 SE, and Windows Millennium Edition. The Microsoft Security Response Center is in communication with Macromedia and is aware that Macromedia has made updates that are available on their Web site. Microsoft encourages customers who use Macromedia Flash Player to follow the guidance documented in Macromedia’s Security...
Microsoft Security Advisory (916208)
Monday, June 30 2008
Revision Note: Advisory published. Advisory Summary:Microsoft is aware of recent security vulnerabilities in Macromedia Flash Player, a third party software application that also was redistributed with Microsoft Windows XP Service Pack 1, Windows XP Service Pack 2, Windows 98, Windows 98 SE, and Windows MiMicrosoft Security Advisory (912945)
Monday, June 30 2008
Revision Note: Advisory updated to advise of the release of Microsoft Security Bulletin MS06-021. Advisory Summary:Microsoft Security Bulletin MS06-021 has been released and replaces Microsoft Security Bulletin MS06-013. The Compatibility Patch discussed in Microsoft Knowledge Base Article 917425 is also replaced by this security update. The changes to the way Internet Explorer handles ActiveX controls is made permanent by the updates included with Microsoft Security Bulletin MS06-021. Microsoft originally released this security advisory discussing non-security update 912945 for Internet Explorer...