Security News MS09-067 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652) (Tue 10, Nov 2009) Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative MS09-068 - Important: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307) (Tue 10, Nov 2009) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be l MS09-063 - Critical: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565) (Tue 10, Nov 2009) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. Only attackers on the local subnet would be able to exploit this vulnerability. This security update is rated Critical for all supported editions of Windows Vista and Window MS09-066 - Important: Vulnerability in Active Directory Could Allow Denial of Service (973309) (Tue 10, Nov 2009) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Active Directory directory service, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow denial of service if stack space was exhausted during execution of certain types of LDAP or LDAPS requests. This vulnerability only affects domain controllers and systems configured to run ADAM or AD LDS. MS09-064 - Critical: Vulnerability in License Logging Server Could Allow Remote Code Execution (974783) (Tue 10, Nov 2009) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Windows 2000. The vulnerability could allow remote code execution if an attacker sent a specially crafted network message to a computer running the License Logging Server. An attacker who successfully exploited this vulnerability could take complete control of the system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that MS09-065 - Critical: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947) (Tue 10, Nov 2009) Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web si Psychology and security (Tue 27, Oct 2009) Professor Ross Anderson of the Computing Laboratory at Cambridge University has put together an excellent web page on psychology and security. The page contains links to a wide range of on-line resour... Cookie Monster (Mon 26, Oct 2009) Cookies are a part of everyday web usage that most people take for granted (indeed many users are blissfully unaware of their existence). Cookies are used to provide a persistent record of your intera... MS09-051 - Critical: Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have f MS09-061 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts MS09-056 - Important: Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) (Tue 13, Oct 2009) Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. MS09-053 - Important: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254) (Tue 13, Oct 2009) Bulletin Severity Rating:Important - This security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of se MS09-050 - Critical: Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimete MS09-055 - Critical: Cumulative Security Update of ActiveX Kill Bits (973525) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Users whose accounts are configured to MS09-057 - Important: Vulnerability in Indexing Service Could Allow Remote Code Execution (969059) (Tue 13, Oct 2009) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component. This call could include a malicious URL and exploit the vulnerability, granting the attacker access to the client system with the privileges of the user browsing the Web page. Users whose accounts are confi MS09-060 - Critical: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in ActiveX Controls for Microsoft Office that were compiled with a vulnerable version of Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user r MS09-062 - Critical: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. MS09-054 - Critical: Cumulative Security Update for Internet Explorer (974455) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Firefox users who are running the Windows Presentat MS09-058 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) (Tue 13, Oct 2009) Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. MS09-052 - Critical: Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Microsoft Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with ad MS09-059 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467) (Tue 13, Oct 2009) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process. Firefox Fends Off Paypal Fraudsters, Microsoft Browsers Still Bugged (Tue 06, Oct 2009) On Monday, a hacker published a counterfeit (null-prefix) SSL certificate for PayPal that exploits a hole in Microsoft browsers to appear legitimate to unsuspecting users of the online payment service... MS09-045 - Critical: Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) (Tue 08, Sep 2009) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, ch MS09-048 - Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) (Tue 08, Sep 2009) Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter MS09-047 - Critical: Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) (Tue 08, Sep 2009) Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with fu MS09-046 - Critical: Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) (Tue 08, Sep 2009) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights o MS09-049 - Critical: Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) (Tue 08, Sep 2009) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability. Another Packed Patch Tuesday (Mon 07, Sep 2009) Microsoft is set to release five critical bulletins tomorrow - all of which affect both server and desktop Windows users. The bulletins may cause more disruption to networks than normal ... Coastal Council Silences Status Updates (Tue 01, Sep 2009) Portsmouth Council have this week moved to block all 4,500 staff from accessing Facebook. According to estimates, staff spent "on average" 400 hours per month on the popular social networking site. Qu... Police Suffer Paper Trail Fail (Fri 21, Aug 2009) Sensitive documents (on paper - how delightfully old fashioned!) containing details of background checks of around 60 people have been found dumped on a building site in Northern Ireland. As it relate... When Private Data Goes Walkies: Do Home Users Need Crypto? (Wed 19, Aug 2009) A recent burglary victim who lost a laptop, iPhone and various other gadgets, has been taunted by the thief posting messages on her Facebook account. Victoria Richardson lost the laptop when her ho... MS09-044 - Critical: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927) (Tue 11, Aug 2009) Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who o Feline Scapegoat in Frame for Child Porn Downloads (Tue 11, Aug 2009) A Florida man has claimed that the child abuse images found on his computer were the result of his cat walking across the keyboard. He claims that over a thousand images were downloaded as a resul... More Certificate Woes (Tue 11, Aug 2009) At the recent BlackHat computer security conference, researcher Moxie Marlinspike revealed yet another attack on the SSL certificate management infrastructure that underpins much of the web's security... Nmap Revamped (Wed 29, Jul 2009) A major new version of Nmap, the "Swiss army knife" of network diagnostic tools, has been released. A long term favourite of security professionals, Nmap allows complex packet scans and is a valuable ...