Support Wars

From SANS ISC: As announced on Friday, Microsoft released an out-of-band bulletin to address the recent Shortcut/LNK exploits. As confirmed in Microsoft’s announcement, various malware is now attempting to exploit this vulnerability. The vulnerability is rather easy to exploit in particular given the tools available to craft necessary shortcuts. Clients are the main target but [...]

From ISC SANS: Roseman tells us of updates to the popular Sysinternals toolkit.  This round includes updates to the utilities: VMMap, Disk2vhd,  Sigcheck,  Autoruns,  PsExec and PsKill. The Disk2vhd update is the one I find most interesting – they’ve updated it to fix the kernel and HAL during the migrate, to make migrated VHDs bootable [...]

From Security Focus: Microsoft released data collected from an FTP-server honeypot, showing that attempts to guess passwords continue to focus on the low-hanging fruit: passwords with an average length of eight characters, with “password” and “123456″ being the most common. The data is part of a project to monitor attacks that everyday users might encounter [...]

From Dark Reading: Microsoft’s Malicious Software Removal Tool (MSRT) removed malware from more than 1.5 million machines just three days after it was updated on November’s Patch Tuesday, and the software giant has detected two new fake antivirus threats on more than 110,000 machines. The latest statistics come on the heels of Microsoft’s recently published [...]

A new zero day exploit has been reported for IE 6 and 7.  From Symantec: A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, [...]

From DownLoad Squad: It’s only been a couple of weeks since Windows 7 was released, but Microsoft’s new OS has already captured a larger percentage of the market than Apple’s OS X 10.6 Snow Leopard and Linux (yes, all of Linux). This doesn’t come as a huge surprise, considering how many Windows users were clamoring [...]

From ISC SANS: As pointed out by several folks writing in to the ISC Handlers group, Microsoft has updated its Security Advisory 975497 – Vulnerabilities in SMB Could Allow Remote Code Execution – to include a “Fix it” workaround that makes it rather easy to disable SMBv2. The “Fix it” links can be found in two locations: – Microsoft [...]

From ISC SANS: Last week Guy posted a diary (http://isc.sans.org/diary.html?storyid=7093) about a 0-day vulnerability in SMB2 on Windows Vista and Server 2008 operating systems. Back then the exploit only crashed affected systems. This is already bad enough; however, it just got worse. Yesterday a well known security company added a module for their exploitation product. [...]

From Dark Reading: A denial-of-service (DoS) attack threat to Transmission Control Protocol (TCP) implementations reported more than a year ago re-emerged yesterday in the form of security updates from Microsoft and Cisco, with the two vendors each issuing protections against the potentially deadly attacks. Microsoft and Cisco were the first vendors to address the still [...]

From ISC SANS: We have received a report from Tyler that a vulnerability affecting Microsoft SMB2 can be remotely crashed with proof-of-concept code that has been published yesterday and a Metasploit module is out. We have confirmed  it affects Windows 7/Vista/Server 2008. The exploit needs no authentication, only file sharing enabled with one 1 packet [...]