Over 1 million tech questions and answers.

CVE-2019-1161 | Microsoft Defender Elevation of Privilege Vulnerability

Q: CVE-2019-1161 | Microsoft Defender Elevation of Privilege Vulnerability

Hi everyone,
Our Nessus scanner detected the following vulnerability :


Description
<section>

The version of Microsoft Malware Protection Signature Update Stub (MpSigStub.exe) installed on the remote Windows host is prior to 1.1.16200.1. It is, therefore, affected by a elevation of privilege vulnerability which could allow an attacker who successfully
exploited this vulnerability to elevate privileges on the system.

</section>
Solution
<section>

Enable automatic updates to update the scan engine for the relevant antimalware applications. Refer to Knowledge Base Article 2510781 for information on how to verify that MMPE has been updated.

</section>
Plugin Output
<section>
Product : Microsoft Malware Protection Signature Update Stub
Path : C:\Windows\System32\MpSigStub.exe
Installed version : 1.1.15000.2
Fixed version : 1.1.16200.1
</section>
I don't understand how to fix that issue, is there any patches ?
Regards,
Lucas

Read other answers
RELEVANCY SCORE 200
Preferred Solution: CVE-2019-1161 | Microsoft Defender Elevation of Privilege Vulnerability

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 111.2

Hiya

A privilege elevation vulnerability exists in the way that Microsoft Windows starts applications with specially crafted file manifests. This vulnerability could allow a logged on user to take complete control of the system

Affected Software:

Microsoft Windows XP Service Pack 2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems

http://www.microsoft.com/technet/security/bulletin/ms06-075.mspx

Regards

eddie
 

Read other answers
RELEVANCY SCORE 108.8

Hello,
I'm with security issue CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability and the following occurs to me:

I'm having trouble starting to collect events 5827-5831
I have installed the August 2020 update on a DC Microsot Windows Server 2012 R2 to start the event collection, and no events appear, even when logging in with Microsoft Windows Server 2012 without the August update.

I have set the FullSecureChannelProtection registry key to 1, and from a server with Microsoft Windows Server 2012 without the August 2020 update I can login without problems.

No events appear in the security log and I can login without problems with FullSecureChannelProtection at 1. I don't understand where the problem is. Can anyone give me any clues?

sorry for my english
Thanks

Read other answers
RELEVANCY SCORE 106.4

Hi
With this latest vulnerability, i need some clarification about what exactly is a "Non-Compliant Device".
In the KB articles definition, A non-compliant device is one that uses a vulnerable Netlogon secure channel connection.
So that means, lets say you have a Windows machine, that has not been patched correctly, and still uses vulnerable netlogon connection.
So once the DC is patched for this vulnerability, what will happen to this Windows machine?
Will it get denied connection and be reported in event ID: 5827/5828?
Or will it be allowed connection, as it is technically a non-compliant device based on the definition, as it is using vulnerable netlogon connection? And be logged under event ID: 5829?

The other question i have is for the use of the GPO policy: "Domain controller: Allow vulnerable Netlogon secure channel connections"
So i understand that this will bypass the enforcement.
However, if the "Non-Compliant" device is not a windows device, i will assume that the GPO will not work for these devices. So when in enforcement phase, for these such non windows devices that is still using vulnerable netlogon connection, there
is no workaround right? Either get vendor to provide a fix or decommission?

Thanks DM.

DM

Read other answers
RELEVANCY SCORE 84

Details to Reproduce


Our SP versions are given below ? SP 2010: Running on SP2 and Apr 2017 CU (KB3191846) Version: 14.0.7180.5001


SP 2013: Running on SP1 and Oct 2018 CU (KB4461458) Version: 15.0.5075.1000

Summary: Markus Wulftange from Trend Micro's Zero Day Initiative has found a Remote Code Execution Vulnerability on Microsoft SharePoint Server CVE-2019-0604


Vulnerability Name : Microsoft SharePoint Remote Code Execution Vulnerability CVE Number : CVE-2019-0604 Attack Type : Remote Code Execution Vulnerability Attack vector
: Network Attack Complexity : Low Confidentiality Impact : High Integrity Impact : High Availability Impact : High Xforce score : 9.8

Description ? When software fails to check the source markup of an application package. ? An attacker who successfully exploited the vulnerability could run arbitrary code
in the context of the SharePoint application pool and the SharePoint server farm account. ? Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected versions of SharePoint. ? The security
update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.

Detailed analysis ? MS Released a patch on February, The original patch only addressed the Microsoft.SharePoint.BusinessData.Infrastructure.EntityInstanceIdEncoder in Microsoft.SharePoint.dll
but not the Microsoft.Office.Server.ApplicationRe... Read more

Read other answers
RELEVANCY SCORE 78.4

Hiya

This patch is a cumulative patch that includes the functionality of
all security patches released to date for IIS 5.0, and all patches
released for IIS 4.0 since Windows NT(r) 4.0 Service Pack 5. A
complete listing of the patches superseded by this patch is provided
below, in the section titled "Additional information about this
patch". Before applying the patch, system administrators should take
note of the caveats discussed in the same section

http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Regards

eddie
 

Read other answers
RELEVANCY SCORE 78

Hi, Guys.

Do you know about the Microsoft Release for CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability this May 14, 2019?

Are the security updates for this considered emergency and out-of-band? Please advise.

Thank you.

Read other answers
RELEVANCY SCORE 76

Hiya

The Windows Redirector is used by a Windows client to access files,
whether local or remote, regardless of the underlying network
protocols in use. For example, the "Add a Network Place" Wizard or
the NET USE command can be used to map a network share as a local
drive, and the Windows Redirector will handle the routing of
information to and from the network share.

A security vulnerability exists in the implementation of the
Windows Redirector on Windows XP because an unchecked buffer is
used to receive parameter information. By providing malformed data
to the Windows Redirector, an attacker could cause the system to
fail, or if the data was crafted in a particular way, could run
code of the attacker's choice.
Maximum Severity Rating: Important

Affected Software:

Microsoft Windows XP

Download locations for this patch

Windows XP:
32-bit Edition

64-bit Edition

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-005.asp

Regards

eddie
 

Read other answers
RELEVANCY SCORE 75.2

Hiya

The Network Connection Manager (NCM) provides a controlling
mechanism for all network connections managed by a host system.
Among the functions of the NCM is to call a handler routine
whenever a network connection has been established.

By design, this handler routine should run in the security context
of the user. However, a flaw could make it possible for an
unprivileged user to cause the handler routine to run in the
security context of LocalSystem, though a very complex process.
An attacker who exploited this flaw could specify code of his or
her choice as the handler, then establish a network connection
in order to cause that code to be invoked by the NCM. The code
would then run with full system privileges.

Maximum Severity Rating: Critical

Affected Software:

Microsoft Windows 2000

Download locations for this patch
Microsoft Windows 2000:

http://www.microsoft.com/downloads/Release.asp?ReleaseID=41406

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-042.asp

Regards

eddie
 

Read other answers
RELEVANCY SCORE 74.4

SEP 12.1 RU6 MP6 and earlier as well as SEP 14.1 MP1 are vulnerable as per CVE-2016-9093, CVE-2016-9094

Users running SEP 12.1 are advised to upgrade to SEP12.1 RU6 MP7. Users running SEP 14.1 are advised to update to SEP 14.1 MP1
 

Read other answers
RELEVANCY SCORE 68.8

 
Lutomirski had recently reported the CVE-2014-9090 which was caused due to improper handling of faults associated with the Stack Segment (SS) register on the x86 architecture. After notification of CVE-2014-9090, Borislav Petkov pointed out to Lutomirski some further flaws that existed even after vulnerability.  After  research Lutomirski discovered that there were two bugs in the improper handling of Stack Segment (SS) register.  The new kernel kernel vulnerability is now identified CVE-2014-9322 and allows potential hacker to  gain privilege escalation on all X86_64 systems.
 
 
“Any kernel that is not patched against CVE-2014-9090 is vulnerable to privilege escalation due to incorrect handling of a #SS fault caused by an IRET instruction. In particular, if IRET executes on a writeable kernel stack (this was always the case before 3.16 and is sometimes the case on 3.16 and newer), the assembly function general_protection will execute with the user’s gsbase and the kernel’s gsbase swapped,” Lutomirski explained in an advisory.
He added that, “This is likely to be easy to exploit for privilege escalation, except on systems with SMAP or UDEREF. On those systems, assuming that the mitigation works correctly, the impact of this bug may be limited to massive memory corruption and an eventual crash or reboot.”
Privilege Escalation Vulnerability in Linux #CVE-2014-9322
 
.

Read other answers
RELEVANCY SCORE 68.4

A vulnerability in the Panda 2016 products that allows the execution of code with elevated permissions has been detected in Small Business Protection and Panda 2016 products. The PSEvents.exe process is periodically run with elevated permissions and has dependencies of libraries located both in the default directory as well as in other system libraries. As the USERS group has Write permissions over the folder where the PSEvent.exe process is run and because the system first looks for libraries run by this process in the execution folder, it may be possible to create a malicious library in the execution folder that will replace one of the libraries installed in other folders. Therefore, a user could run malicious code with SYSTEM privileges.

Privilege escalation vulnerability in PSEvents.exe with Panda 2016 products - Technical Support - Panda Security
 

Read other answers
RELEVANCY SCORE 68.4

 
Security researchers have find out ways to hijack the Intel-compatible PCs running Linux by exploiting the physical weaknesses in certain varieties of DDR DRAM (double data rate dynamic random-access memory) chips and gaining higher kernel privileges on the system.
 
The technique, dubbed "rowhammer", was outlined in a blog post published Monday by Google's Project Zero security initiative, a team of top security researchers dedicatedly identifies severe zero-day vulnerabilities in different software.
 
Rowhammer is a problem with recent generation DRAM chips in which repeatedly accessing a row of memory can cause "bit flipping" in an adjacent row which could allow anyone to change the value of contents stored in computer memory.
 
 
WHAT IS ROWHAMMER BUG
DDR memory is arranged in an array of rows and columns, which are assigned to various services, applications and OS resources in large blocks. In order to prevent each application from accessing the memory of other application, they are kept in a "sandbox" protection layer.
 
However, Sandbox protection can be bypassed using Bit flipping technique in which a malicious application needs to repeatedly access adjacent rows of memory in a tiny fraction of a second.
 
As a result, hammering two aggressor memory regions can disturb neighbouring locations, causing charge to leak into or out of neighbouring cells.

DRAM Rowhammer vulnerability Leads to Kernel Privilege Escalation

A:DRAM Rowhammer vulnerability Leads to Kernel Privilege Escalation

Program for testing for the DRAM "rowhammer" problem
The test should work on Linux or Mac OS X, on x86 only.
 
 
https://github.com/google/rowhammer-test
 

Read other 4 answers
RELEVANCY SCORE 67.2

Hi, Guys.
Are critical security updates for CVE-2019-1367 considered an out-of-band updates and should be deployed to all applicable systems as an emergency or should be applied as part of normal patching cycle?
Thank you.

Read other answers
RELEVANCY SCORE 67.2

Realtek Audio driver has a vulnerability where you can load malware as DLL with NT AUTHORITY\SYSTEM permissions. https://www.bleepingcomputer.com/news/security/realtek-fixes-dll-hijacking-flaw-in-hd-audio-driver-f...https://safebreach.com/Post/Realtek-HD-Audio-Driver-Package-DLL-Preloading-and-Potential-Abuses-CVE-...https://www.realtek.com/images/safe-report/PM_Realtek_Audio_Drivers_for_Windows_DLL_preloading_and_p... According to Realtek, drivers version 8555 and older are affected.We have several Lenovo models with Realtek audio drivers where version number seems to indicate an older Realtek audio driver version than 8855, for instance Lenovo ThinkPad T470s (20HF0001MX) with driver updated 191014 with version number 6.0.8777.1. Are Lenovo supplied drivers for Realtek Audio affected by CVE-2019-19705?

Read other answers
RELEVANCY SCORE 56.8

I have seen this question asked before and attempted a few solutions. Fixing computer problems is not my forte and I would really like an easy to followed solution. I have downloaded the program Apache OpenOffice 4.1.2. It has converted most of my files to OpenOffice.org XML 1.0 Spreadsheet. When I first downloaded them and was able to open some they would only open as spreadsheet files, OpenOffice calc. Now all I get is the above message.
I'm not wishing to make myself unwelcomed as a new comer but I have found things becoming more and more complicated and not as easily fixed since moving from Windows 7. Unfortunately, for me, when I purchased my current laptop it came with W8 which I managed to cope with only just. When W10 came along I was drawn in by the online recommendations and went along with the upgrade.
A friend of mine who knows a lot more about computers than I do has stayed with Windows 7 because of all the reports that are circulating about the problems. He has helped me out with a download that I purchased and was not able to install with Windows 10 by using his Windows 7. He has also downloaded and is using Apache OpenOffice without any problems.
I would just like some help to sort out these problems which Windows 10, I'm sorry to say, seems to be creating. It's getting to the stage where I'll be needing an outside Technician to come help me out which is not what I would prefer

A:The requested elevation requires elevation

Hi easily confused,

I did some checking, and it looks as if it might be a permission error. See HERE for details.

Also, if you are unable to get that sorted out, there is the option of using a replacement program called LibreOffice. See HERE to compare the two.

Hang in there with Win-10 as these bugs will resolve in time and sooner or later. The one thing that might help might be to do a clean install, rather than a basic upgrade. See HERE.

b1rd

Read other 3 answers
RELEVANCY SCORE 56.8

I have seen this question asked before and attempted a few solutions. Fixing computer problems is not my forte and I would really like an easy to followed solution. I have downloaded the program Apache OpenOffice 4.1.2. It has converted most of my files to OpenOffice.org XML 1.0 Spreadsheet. When I first downloaded them and was able to open some they would only open as spreadsheet files, OpenOffice calc. Now all I get is the above message.
I'm not wishing to make myself unwelcomed as a new comer but I have found things becoming more and more complicated and not as easily fixed since moving from Windows 7. Unfortunately, for me, when I purchased my current laptop it came with W8 which I managed to cope with only just. When W10 came along I was drawn in by the online recommendations and went along with the upgrade.
A friend of mine who knows a lot more about computers than I do has stayed with Windows 7 because of all the reports that are circulating about the problems. He has helped me out with a download that I purchased and was not able to install with Windows 10 by using his Windows 7. He has also downloaded and is using Apache OpenOffice without any problems.
I would just like some help to sort out these problems which Windows 10, I'm sorry to say, seems to be creating. It's getting to the stage where I'll be needing an outside Technician to come help me out which is not what I would prefer

A:The requested elevation requires elevation

Hi easily confused,

I did some checking, and it looks as if it might be a permission error. See HERE for details.

Also, if you are unable to get that sorted out, there is the option of using a replacement program called LibreOffice. See HERE to compare the two.

Hang in there with Win-10 as these bugs will resolve in time and sooner or later. The one thing that might help might be to do a clean install, rather than a basic upgrade. See HERE.

b1rd

Read other 0 answers
RELEVANCY SCORE 56.4

I have a version of office 365 installed by my previous employer, the license is now out of date. to try and counteract this I have just purchased and downloaded office 19 pro plus with its activation key. It downloaded successfully but when I try and open it, it goes back to office 365 which is asking for it's own product key. Can anyone tell me how to sort this out?
 

A:Microsoft office 2019

you may need to completely uninstall 365 - i have had this issue in the past with office 365 trial and then not being able to load office 2016
https://support.office.com/en-us/ar...rom-a-PC-9dd49b83-264a-477a-8fcc-2fdf5dbf61d8
 

Read other 1 answers
RELEVANCY SCORE 55.6

Have a few computers missing this (MS15-058) Microsoft SQL Server Privilege Escalation (3065718) patch.

Get access denied just by trying to run the patch: SQLServer2008-KB3045305-x64.exe even though I'm logged in with my domain admin account.

I do a run as administrator with my domain admin account and GUI will start but will still fail with Setup account privileges failed.

Local admin account has same problem.
Screen shots attached.

Has anyone come across a problem like this??

A:(MS15-058) Microsoft SQL Server Privilege Escalation (3065718)

at what Service Pack level is your SQL Server install?
I am NOT any kind of expert in domain permissions! - have you checked the two links in the error message?
https://msdn.microsoft.com/en-us/library/ms813696.aspx
https://msdn.microsoft.com/en-us/library/ms813959.aspx

It's always possible that there is registry corruption present which is preventing access to certain keys - that's also worth checking.

Read other 1 answers
RELEVANCY SCORE 55.2

Hello,
SmartScreen is not working on my machine. windows defender is disabled (windows defender services are also set on manual, not automatic) and the Av I'm using is 360 TS.
version 1809(build 17763.348)
I tested SmartScreen with files from here:https://demo.smartscreen.msft.net/ but they all bypass it and start without any alert from smartscreen.dont know what to do.
my acc is an admin account.

Read other answers
RELEVANCY SCORE 54.4

Running the following cmdlet on a Setting that is in the "NOTSET" state works fine, after setting it to Enable/Disable using the following powershell cmdlet:

Set-ProcessMitigation -System -Enable SEHOP

I get this error:
Set-ProcessMitigation : Destination array was not long enough. Check destIndex and length, and the array's lower
bounds.
At line:1 char:1
+ Set-ProcessMitigation -System -Enable SEHOP
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Set-ProcessMitigation], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException,Microsoft.Samples.PowerShell.Commands.SetProcessMitigationsComm
   and



and I am unable to ever change the setting again using PowerShell commands. The same process works without issue on Windows 10, the issue only seems to exist on Server 2019. Changing the setting using the Windows Security GUI works as expected.

For other controls, such as DEP, CFG,  I still get the error, but the command applies the new setting properly anyway. So far SEHOP is the only setting that is unchangeable, but there may be others as we haven't tested extensively yet. It fails for both
System and App level settings.

Read other answers
RELEVANCY SCORE 54.4

I have some white / blank box that appears in Outlook 2019 / Excel 2019 after my computer goes to sleep. The only way to get it to go away is restarting Outlook / Excel. Any ideas how to fix this?It wasn't happening with my old Yoga 3 Pro... but since I got my new Yoga 920 it's happenning....and it's REALLY ANNOYING!

A:Lenovo YOGA 920 (92013IKB) - White Box in Outlook 2019 / Excel 2019 after computer goes to sleep

MORE DETAILS from another user reporting the same problem...https://answers.microsoft.com/en-us/windows/forum/all/windows-10-1809-cannot-change-screen-brightnes... Windows 10 1809: floating white shapes on screenAfter updating to Windows 10 version 1809, I have experienced several strange issues with my display. I am using a Lenova Yoga 920 laptop. These problems go away after rebooting the computer, but then re-emerge after using the computer for a while, and persist until I reboot again. It is getting very irritating, and interfering with my work.  - A mysterious floating white circle appeared on my desktop background. I cannot click on or interact with it, and changing the desktop background does not remove the circle. Then, a second circle appeared. Now, there is also a floating white rectangle. The rectangle poses the biggest issue, because it remains on TOP of whatever other windows I have open, constantly obstructing part of my screen unless I reboot the computer. The circles remain on the desktop background. I have attached a picture of these weird white artifacts on my display. Things I have already tried:- Installing all available Windows patches and updates- Updating graphics driver- Checking/unchecking auto-brightness settings

Read other 1 answers
RELEVANCY SCORE 53.2

I am unable to Microsoft Visual C++ 14 (2017) and

Universal C runtime update KB3118401 also fails

Please help me to install Microsoft Visual C++ 2015-2019 Redistributable Setup on windows 7 x64



Heres the log (failed setup):-



dd_vcredist_amd64_20200507215413.log:
[0604:0848][2020-05-07T21:54:13]i001: Burn v3.10.4.4718, Windows v6.1 (Build 7600: Service Pack 0), path: C:\Users\MUHAMM~1\AppData\Local\Temp\{C080DFCF-9919-4AA1-96EA-3EDE388B2291}\.cr\vc_redist.x64.exe
[0604:0848][2020-05-07T21:54:13]i009: Command Line: '"-burn.clean.room=C:\Users\Muhammad Tahir Khan\Downloads\New folder (2)\vc_redist.x64.exe" -burn.filehandle.attached=172 -burn.filehandle.self=180'
[0604:0848][2020-05-07T21:54:13]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\Muhammad Tahir Khan\Downloads\New folder (2)\vc_redist.x64.exe'
[0604:0848][2020-05-07T21:54:13]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\Muhammad Tahir Khan\Downloads\New folder (2)\'
[0604:0848][2020-05-07T21:54:13]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\MUHAMM~1\AppData\Local\Temp\dd_vcredist_amd64_20200507215413.log'
[0604:0848][2020-05-07T21:54:13]i000: Setting string variable 'WixBundleName' to value 'Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508'
[0604:0848][2020-05-07T21:54:13]i000: Setting string variable 'WixBundleManufacturer' to value 'Microsoft Corporation... Read more

Read other answers
RELEVANCY SCORE 52.8

 am nable to Microsoft Visual C++ 14 (2017) and

Universal C runtime update KB3118401 also fails

Please help me to install Microsoft Visual C++ 2015-2019 Redistributable Setup on windows 7 x64



Heres the log (failed setup):-



dd_vcredist_amd64_20200507215413.log:
[0604:0848][2020-05-07T21:54:13]i001: Burn v3.10.4.4718, Windows v6.1 (Build 7600: Service Pack 0), path: C:\Users\MUHAMM~1\AppData\Local\Temp\{C080DFCF-9919-4AA1-96EA-3EDE388B2291}\.cr\vc_redist.x64.exe

[0604:0848][2020-05-07T21:54:13]i009: Command Line: '"-burn.clean.room=C:\Users\Muhammad Tahir Khan\Downloads\New folder (2)\vc_redist.x64.exe" -burn.filehandle.attached=172 -burn.filehandle.self=180'
[0604:0848][2020-05-07T21:54:13]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\Muhammad Tahir Khan\Downloads\New folder (2)\vc_redist.x64.exe'
[0604:0848][2020-05-07T21:54:13]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\Muhammad Tahir Khan\Downloads\New folder (2)\'
[0604:0848][2020-05-07T21:54:13]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\MUHAMM~1\AppData\Local\Temp\dd_vcredist_amd64_20200507215413.log'
[0604:0848][2020-05-07T21:54:13]i000: Setting string variable 'WixBundleName' to value 'Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508'
[0604:0848][2020-05-07T21:54:13]i000: Setting string variable 'WixBundleManufacturer' to value 'Microsoft Corpor... Read more

Read other answers
RELEVANCY SCORE 52.8

Hi Team,

I have a situation, where, we have commissioned new Windows Servers 2019 in our DMZ zone.

We manage Windows Defender Antivirus from SCCM server. Since the new servers are in DMZ, our SCCM server cannot push Antimalware policies to the server.

I have exported the required Antimalware policy. Is there any way, where I can import those settings in these servers manually?

Thanks,
Balaji R

Read other answers
RELEVANCY SCORE 52.8

US-CERT advises today (5/16/06) that there is an unpatched Excel vulnerability that could allow a hacker to gain access to and control of a computer..."by convincing a user to open a specially crafted Excel document. The Excel document could be included as an email attachment or hosted on a web site. It may also be possible to exploit the vulnerability using Excel documents embedded in other Office documents."Until a patch is released, the agency recommends extreme caution in opening "...unfamiliar or unexpected Excel or other Office documents, including those received as email attachments or hosted on a web site."Regards,Johnhttp://www.us-cert.gov/cas/alerts/SA06-167A.htmlTo subscribe to the alert mailing list (which I strongly recommend):http://www.us-cert.gov/cas/Further information is provided at CNET news:http://news.com.com/New+Excel+zero-day+fla..._3-6084738.html

A:Microsoft Excel Vulnerability

And another 0-day vulnerability in ExcelMicrosoft Office Long Link Buffer Overflow VulnerabilitySecunia: Highly criticalSolution Status: UnpatchedWorkaround for the first 0-day vulnerability:Microsoft Security Advisory (921365) (Vulnerability in Excel Could Allow Remote Code Execution)

Read other 2 answers
RELEVANCY SCORE 52.4

Microsoft Windows 10 Malicious Software Removal Tool September 2019 missing? Why this delay?

Read other answers
RELEVANCY SCORE 52

Microsoft has confirmed officially a zero-day security vulnerability affecting Internet Information Services (IIS). The security hole was initially reported just ahead of Christmas on December 23rd, and the Redmond company provided the first response at the end of the past week. So far, the issue in question affects version 6 of IIS on a fully patched Windows Server 2003 R2 SP2; however, additional IIS
releases might also be impacted. A Microsoft security program manager notes that

Microsoft is aware of the problem and that investigation into the matter has already been kicked off. At the same time, the program manager assured customers running IIS that it hasn?t detected any active attacks in the wild targeting the new 0-day flaw.

The vulnerability identified in Microsoft Internet Information Services (IIS) involves the incorrect manner in which the server deals with files with multiple extensions. As long as the multiple extensions are divided by the ?;? character, the IIS server handles them as ASP files.

A possible attacks scenario could be based on an exploit constructed out of malformed executables. Any malicious files uploaded to a vulnerable web server would circumvent any file extension protections and restrictions in place.

More/.........Microsoft Confirms 0-Day IIS Security Vulnerability - IIS 6.0 Security Best Practices can help mitigate the threat - Softpedia

A:Microsoft confirms 0-Day IIS security vulnerability

Update:





Quote:
We’ve completed our investigation into the claims that came up over the holiday of a possible vulnerability in IIS and found that there is no vulnerability in IIS.

What we have seen is that there is an inconsistency in IIS 6 only in how it handles semicolons in URLs. It’s this inconsistency that the claims have focused on, saying this enables an attacker to bypass content filtering software to upload and execute code on an IIS server.

The key in this is the last point: for the scenario to work, the IIS server must already be configured to allow both “write” and “execute” privileges on the same directory. This is not the default configuration for IIS and is contrary to all of our published best practices. Quite simply, an IIS server configured in this manner is inherently vulnerable to attack.


See the complete report at The Microsoft Security Response Center (MSRC) : Results of Investigation into Holiday IIS Claim

Read other 2 answers
RELEVANCY SCORE 52

Although the scope of this new zero day is limited, users should always avoid unexpected attachments and scan them thoroughly with AV productsMicrosoft Security Advisory (929433)Vulnerability in Microsoft Word Could Allow Remote Code Executionhttp://www.microsoft.com/technet/security/...ory/929433.mspxMicrosoft is investigating a new report of limited ?zero-day? attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006. In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker. As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.More links are noted below:http://secunia.com/advisories/23232/http://www.frsirt.com/english/advisories/2006/4866 http://www.f-secure.com/weblog/archives/ar...6.html#00001042http://www.incidents.org/diary.php?storyid=1913

Read other answers
RELEVANCY SCORE 52

Microsoft warns of new server vulnerability.

A new, unpatched vulnerability exists in one of Microsoft's server products, the company warned late Monday.

Note: Read the technical bulletin link in the article to find out how to adjust configuration settings to mitigate the impact of the flaw.

-- Tom
 

Read other answers
RELEVANCY SCORE 52

This new threat is not circulating extensively yet and updating to the latest levels of AV (plus always being careful with suspicious attachments) will help mitigate this new exposure. Microsoft Word - Second new vulnerability and exploithttp://www.incidents.org/diary.php?storyid=1925We received notification from an ISC participant that McAfee has released a dat today for protection against a buffer overflow attack in MS Word. The announcement says "Note: This vulnerability was first found through one of the samples that McAfee analyzed, and this vulnerability differs from the "Microsoft Word 0-Day Vulnerability I" that was published on December 5, 2006.".McAfee information on Word Exploit IIhttp://vil.nai.com/vil/content/v_vul27249.htmA vulnerability exists in Microsoft Word that could allow for arbitrary code execution. This could be exploited successfully if a victim were to open a specially crafted Word document obtained via an email attachment or downloaded from a malicious website.New Word Exploit II Protection - DAT 4915http://vil.nai.com/vil/content/v_141056.htm MSRC Commentary on New Word Exploithttp://blogs.technet.com/msrc/archive/2006...d-zero-day.aspxWe are investigating reports of another new vulnerability in Microsoft Word ? initial investigation has shown that this is a different issue to that reported in Microsoft Security Advisory 929433. Our initial investigation has discovered that Word 2000, Word 2002, Word 2003 and the Word Viewer 20... Read more

A:Microsoft Word - Second New Vulnerability And Exploit

Cnet reports the possibility of a THIRD Microsoft Office flaw (Word), for which code has been published: "Secunia and McAfee said Thursday that a buffer-overflow flaw in the word-processing application could crash a computer and ultimately let an outsider run code on a vulnerable PC."See the article by Dawn Kawamoto:http://news.com.com/Attack+code+published+...html?tag=cd.topRegards,John

Read other 1 answers
RELEVANCY SCORE 51.6

Serious vulnerability in Microsoft?s anti-malware engine​Yesterday, Microsoft released a security advisory informing customers about a vulnerability in the Microsoft Malware Protection Engine, which is found in several products including Windows Defender, Microsoft Security Essentials, and Microsoft Malicious Software Removal Tool. An attacker could exploit the vulnerability by sending a user a specially crafted file which, once scanned by the Malware Protection Engine, causes the engine to time out. A successful exploit of the bug would essentially stop the ?Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed,? according to the advisory.
There are no known exploits of the vulnerability in the wild. The bug was privately disclosed to Microsoft by Google engineer Tavis Ormandy. Microsoft say a patch will be pushed out to customers within 48 hours, with ?typically no action required to install the update? due to built-in automation within the associated products.

A:Vulnerability in Microsoft Anti-malware engine

Cool that a google engineer disclosed the bug. I think security patching is something all the companies should work together with all the exploiting happening around the world today.

Read other 1 answers
RELEVANCY SCORE 51.6

Hiya

This is a work-around bulletin that details steps customers can
take to protect themselves against a publicly disclosed
vulnerability until patches are available.

The Gopher protocol is a legacy protocol that provides for the
transfer of text-based information across the Internet.
Information on Gopher servers is hierarchically presented using a
menu system, and multiple Gopher servers can be linked together to
form a collective "Gopherspace".

There is an unchecked buffer in a piece of code which handles the
response from Gopher servers. This code is used independently in
IE, ISA, and Proxy Server. A security vulnerability results
because it is possible for an attacker to attempt to exploit this
flaw by mounting a buffer overrun attack through a specially
crafted server response. The attacker could seek to exploit the
vulnerability by crafting a web page that contacted a server
under the attacker's control. The attacker could then either post
this page on a web site or send it as an HTML email. When the page
was displayed and the server's response received and processed,
the attack would be carried out.

A successful attack requires that the attacker be able to send
information to the intended target using the Gopher protocol.
Anything which inhibited Gopher connectivity could protect against
attempts to exploit this vulnerability. In the case of IE, the
code would be run in the user's context. As a result, any
limitations on the user would... Read more

A:Microsoft Proxy Server 2.0 and ISA Vulnerability: June 11

On June 11, 2002, Microsoft released the original version of this
bulletin. In it, we detailed a work-around procedure that customers
could implement to protect themselves against a publicly disclosed
vulnerability. An updated version of this bulletin was rereleased
on June 14, 2002 to announce the availability of patches for
Proxy Server 2.0 and ISA Server 2000 and to advise customers that
the work-around procedure is no longer needed on those platforms.
Patches for IE are forthcoming and this bulletin will be
re-released to announce their availability.

ISA Server 2000:

http://www.microsoft.com/downloads/release.asp?ReleaseID=39856

Proxy Server 2.0:

http://www.microsoft.com/downloads/release.asp?ReleaseID=39861

Internet Explorer:
Patches are under development and will be posted as soon as they are completed

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-027.asp

Regards

eddie
 

Read other 1 answers
RELEVANCY SCORE 51.6

As per the recently reported Microsoft Windows vulnerability in our environment(Windows Server 2012R2/Windows Server 2008R2/ Windows 10/ Windows 8.1/ Windows 10) described as  ?A vulnerability in the Microsoft Windows caused by an error
in NTFS Master File Table device, a remote attacker could cause the system to crash?.

Kindly advise what are the Windows updates/patches to be deployed for to secure an IT infrastructure.

Furthermore, Microsoft recommendations & best practices to mitigate this vulnerability.

Read other answers
RELEVANCY SCORE 51.6

Hiya

Commerce Server 2000 and Commerce Server 2002 are web server products
for building e-commerce sites. These products provides tools and
features that simplify developing and deploying e-commerce solutions,
and provide tools that let the site administrator analyze the usage
of their e-commerce site.

Four vulnerabilities exist in the Commerce Server products:

- A vulnerability that results because the Profile Service contains
an unchecked buffer in a section of code that handles certain
types of API calls. The Profile Service can be used to enable
users to manage their own profile information and to research
the status of their order. An attacker who provided specially
malformed data to certain calls exposed by the Profile Service
could cause the Commerce Server process to fail, or could run
code in the LocalSystem security context. This vulnerability
only affects Commerce Server 2000.

- A buffer overrun vulnerability in the Office Web Components (OWC)
package installer used by Commerce Server. An attacker who
provided specially malformed data as input to the OWC package
installer could cause the process to fail, or could run code in
the LocalSystem security context. This vulnerability only affects
Commerce Server 2000.

- A vulnerability in the Office Web Components (OWC) package
installer used by Commerce Server. An attacker who invoked the
OWC package installer in a particular manner could cause commands
to be run on the Commerce Server according ... Read more

Read other answers
RELEVANCY SCORE 51.6

Hiya

The Internet Mail Connector (IMC) enables Microsoft Exchange Server
to communicate with other mail servers via SMTP. When the IMC
receives an SMTP extended Hello (EHLO) protocol command from a
connecting SMTP server, it responds by sending a status reply that
starts with the following:
250-<Exchange server ID>Hello<Connecting server ID>

Where:
<Exchange server ID> is the fully-qualified domain name (FQDN) of
the Exchange server <Connecting server ID> is either the FQDN or
the IP address of the server that initiated the connection.

The FQDN would be used if the Exchange5.5 IMC is able to resolve
this information through a reverse DNS lookup; the IP address
would be used if a reverse DNS lookup was not possible or failed
to resolve the connecting servers IP address.

A security vulnerability results because of an unchecked buffer
In the IMC code that generates the response to the EHLO protocol
command. If the total length of the message exceeds a particular
value, the data would overrun the buffer. If the buffer were
overrun with random data, it would result in the failure of the
IMC. If, however, the buffer were overrun with carefully chosen
data, it could be possible for the attacker to run code in the
security context of the IMC, which runs as Exchange5.5 Service
Account.

It is important to note that the attacker could not simply send
Data to the IMC in order to overrun the buffer. Instead, the
Attacker would need to create a set of condi... Read more

Read other answers
RELEVANCY SCORE 51.6

 

 
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
.
we are taking the highly unusual step of providing a security update [kb4012598] for all customers to protect Windows platforms... [even those] that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003.
.
Direct download for Windows XP SP3 x86   : http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-enu_eceb7d5023bbb23c0dc633e46b9c2f14fa6ee9dd.exe

Read other answers
RELEVANCY SCORE 51.6

Vulnerability in Microsoft Malware Protection Engine Could Allow DOSMicrosoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted.The Microsoft Malware Protection Engine ships with several Microsoft antimalware products. See the Affected Software section for a list of affected products.

A:Vulnerability in Microsoft Malware Protection Engine Could Allow DOS

I was amazed to learn that there are 13 affected products. That's a lot of products to have simultaneously.
 
I read the advisory to see if further information was provided about what led to the timeout within the engine. Unfortunately, that information isn't there.

Read other 4 answers
RELEVANCY SCORE 51.6

Attackers have found another hole in Microsoft's Office products. Yesterday, Symantec reported that it has discovered a targeted attack that takes advantage of an unpatched vulnerability in Microsoft's PowerPoint software. This PowerPoint attack was discovered late Wednesday by a Symantec customer, who received a Chinese-character e-mail from a Gmail account. The e-mail contained a PowerPoint attachment that installed two pieces of malicious code when opened: a Trojan horse program, called Trojan.PPDDropper.B, and a backdoor program called Backdoor.Bifrose.E. The backdoor program tries to cover its tracks, by writing over the original PowerPoint document. It then awaits instructions from the attackers, who can use it to control the infected system Here is another link to the information about the Vulberabilityhttp://www2.csoonline.com/blog_view.html?CID=22959

A:Microsoft Office Powerpoint Security Vulnerability

Yep another bug to contend with. More here about it.

Read other 1 answers
RELEVANCY SCORE 51.6

The "Aurora" vulnerability, patched on Tuesday, was reported to Microsoft on 26 August 2009. MS planned to patch it in February 2010.Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe since September last year.Microsoft Knew of IE Zero-Day Flaw Since September

A:Microsoft knew about the "Aurora" vulnerability since september

What does it mean? Does it mean that Microsoft is not serious about the security of its customers? Or does it mean, that they thought it was not so serious exploit?

Read other 3 answers
RELEVANCY SCORE 51.6

Hiya

Sticking this for a week in here, in case no-one goes to Security

A remote code execution vulnerability exists in Microsoft Outlook and Microsoft Exchange Server because of the way that it decodes the Transport Neutral Encapsulation Format (TNEF) MIME attachment.

An attacker could exploit the vulnerability by constructing a specially crafted TNEF message that could potentially allow remote code execution when a user opens or previews a malicious e-mail message or when the Microsoft Exchange Server Information Store processes the specially crafted message.

An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Affected Software:

Microsoft Office 2000 Service Pack 3

Microsoft Office 2000 Software:

Microsoft Outlook 2000
Microsoft Office 2000 MultiLanguage Packs
Microsoft Outlook 2000 English MultiLanguage Packs
Microsoft Office XP Service Pack 3

Microsoft Office XP Software:

Microsoft Outlook 2002
Microsoft Office XP Multilingual User Interface Packs

Note Multilingual User Interface Packs are for non- English packages.

Microsoft Office 2003 Service Pack 1 and Service Pack 2

Microsoft Office 2003 Software:

Microsoft Outlook 2003
Microsoft Office 2003 Multilingual User Interface Packs
Microsoft Office 2003 Language Interface Packs

Note Multilingual User Interface Packs are for non- English packages
Microsoft Exchange Server

Microsoft Exchange Server 5.0 Service P... Read more

Read other answers
RELEVANCY SCORE 50.8

A vulnerability has been identified in Microsoft Word, which could be exploited by attackers to take complete control of an affected system. This issue is due to a memory corruption error when handling a malformed document, which could be exploited by attackers to execute arbitrary commands by tricking a user into opening a specially crafted Word document.Products: Office 2000 and XPExploits: Discovered as a 0-day. The vulnerability is currently being actively exploited.A brand new Word vulnerability affecting the 2000 and XP versions has been discovered. Please continue to be careful with all Office documents you may find attached to email messages:Microsoft Word - Memory Corruption Vulnerability being exploited http://www.microsoft.com/technet/security/...ory/933052.mspxhttp://secunia.com/advisories/24122/http://www.frsirt.com/english/advisories/2007/0607http://secunia.com/cve_reference/CVE-2007-0870/http://www.avertlabs.com/research/blog/?p=199

A:Microsoft Word - Memory Corruption Vulnerability & Exploit

I always see the wording "malformed document" in those notices from M$. What does it mean? Who malformed it? How? When? Me ?????

Read other 1 answers
RELEVANCY SCORE 50.8

Good to know about this Microsoft update. I find it strange that it wasn't installed automatically by Microsoft (Windows). I guess they know what they're doing. Sometimes i ask myself, do they really know??? Good news for XP users.....
GET THE SECURITY PATCH HERE >>>>> https://technet.microsoft.com/library/security/ms14-021
 

A:Microsoft releases MS14-021 update to address 0-day vulnerability

On my computer it has been offered for 8.1 and 7
It appears that whether it is offered depends on this

For systems running Internet Explorer 11 on Windows 7 or Windows Server 2008 R2:
The 2964358 update is for systems that have the 2929437 update installed.
The 2964444 update is for systems without the 2929437 update installed.
As if you install it without 2929437 IE11 will crash
Customers running Internet Explorer 11 on Windows 7 or Windows Server 2008 R2, must first install the 2929437 update released in April, 2014 before installing the 2964358 update.
Thanks for the post and welcome to Tech Support Guy
 

Read other 2 answers
RELEVANCY SCORE 50.8

Good to know about this Microsoft update. I find it strange that it wasn't installed automatically by Microsoft (Windows). I guess they know what they're doing. Sometimes i ask myself, do they really know??? Good news for XP users.....
 
 
You can get the security patch HERE >>>>>    https://technet.microsoft.com/library/security/ms14-021

A:Microsoft releases MS14-021 update to address 0-day vulnerability

Thank You
I went to Windows Update and there it was, It is installing now.
Roger

Read other 2 answers
RELEVANCY SCORE 50.8

A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system.The vulnerability is caused due to an unspecified error. This can be exploited to execute arbitrary code.See this link for complete details: http://secunia.com/advisories/20153/Be (MS Word) SafeDa Bleepin AniMod, Animal

A:Microsoft Word Unspecified Code Execution Vulnerability

MS Word Zero-Day AttackSymantec's DeepSight Threat Analyst Team has escalated its ThreatCon level after confirming the unpatched vulnerability is being used "against select targets."The exploit arrives as an ordinary Microsoft Word document attachment to an e-mail. However, when the document is launched by the user the vulnerability is triggered to drop a backdoor with rootkit features to mask itself from anti-virus scanners.security.ithub.com

Read other 6 answers
RELEVANCY SCORE 50.8

Hiya
A remote code execution vulnerability exists in Excel. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system.

Affected Software:

Microsoft Office 2000 Software Service Pack 3
Excel 2000

Microsoft Office XP Software Service Pack 2
Excel 2002

Microsoft Office 2001 for Mac
Excel 2001 for Mac

Microsoft Office v. X for Mac
Excel v. X for Mac

http://www.microsoft.com/technet/security/bulletin/ms04-033.mspx

Regards

eddie
 

Read other answers