This bulletin advance notification will be replaced with the March bulletin summary on March 9, 2010. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications.

Microsoft will host a webcast to address customer questions on these bulletins on March 10, 2010, at 11:00 AM Pacific Time (US & Canada). Register now for the March Security Bulletin Webcast. After this date, this webcast is available on-demand. For more information, see Microsoft Security Bulletin Summaries and Webcasts.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates.

Source: Microsoft

The flaw could be used by attackers to inject malicious code onto victims’ PCs, said Maurycy Prodeus, the Polish security analyst with iSEC Security Research who revealed the vulnerability and posted attack code on Friday.

Users running IE7 or the newer IE8 are at risk, said Prodeus.

Microsoft noted it’s already on the case. “Microsoft is investigating new public claims of a vulnerability involving the use of VBScript and Windows Help files within Internet Explorer,” said Jerry Bryant, a senior manager with the Microsoft Security Response Center (MSRC), in an e-mail Sunday. *The current state of our investigations shows that Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not affected.”

Source: Computer World

What Does this Mean?

Windows Vista with no service packs installed will reach end of support on April 13, 2010.  Windows XP SP2 will reach the end of support on July 13, 2010.  In both of these cases, support for the service pack will expire in accordance with the Service Pack Support policy. We first outlined this part of the policy back in October but now that end dates are coming closer, we wanted to remind customers that there is a need to take action. You can find more information about this here.

But first, some basics (if this is too 101 for you, you can skim this part). Let’s start by defining what a service pack is. As part of the effort to continually improve Microsoft software, updates and fixes are created and released for recognized issues. Many of these fixes and others are combined into a single package (called a service pack) that is made available for installation. This can include updates for system reliability, program compatibility and security. The products we’re talking about ending support for in this case are Windows XP SP2 and the original release of Windows Vista – one with no service packs installed. To set some context, the current service packs for these products are Windows XPSP3 and Windows Vista SP2. These are both available at no cost for customers. If you are running anything less, than you’re missing important free updates for your PC that can make your PC safer and run better.

Now let’s identify what end of support means. End of support means that Microsoft will no longer provide further support for that specific service pack level.  This means that customers need to upgrade to a supported service pack to continue to receive security updates, hotfixes or assisted support from Microsoft Customer Service & Support.

If you are running one of these versions that is about to reach end of support, I’d really encourage you to think about upgrading to Windows 7.  Why am I recommending Windows 7?  Basically, Windows 7 makes your PC simple to use and provides the latest security technology from Microsoft in both the OS and Internet Explorer (IE8). It also allows you to do more with your computer – and ensures your PC is completely up to date. If you are a consumer, I’d also recommend ensuring that you have an up-to-date antivirus program (such as Microsoft Security Essentials).

Source: Technet

• Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
• Microsoft Internet Explorer 6, 7, and 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows 2008, Windows 7, and Windows Server 2008 R2

Overview

Malicious activity detected in mid-December targeted at least 20 organizations representing multiple industries including chemical, finance, information technology, and media.  Investigation into this activity revealed that third parties routinely accessed the personal email accounts of dozens of users based in the United States, China, and Europe. Further analysis revealed these users were victims of previous phishing scams through which threat actors successfully gained access to their email accounts.

I. Description

Through analysis of the malware used in this incident, McAfee discovered one of the malware samples exploited a vulnerability in Microsoft Internet Explorer (IE). The vulnerability exists as an invalid pointer reference within IE and, if successfully exploited, allows for remote code execution.

Microsoft has released Security Bulletin MS10-002, which provides updates for Internet Explorer that address this and other vulnerabilities.

US-CERT is providing technical indicators that can be incorporated into an organization’s security posture to detect and mitigate any malicious activity.

Source: US-Cert

Perhaps not surprisingly, analysis of Web hacking incidents reveals that social network sites such as Twitter and Facebook are becoming premier targets for hackers. One in five incidents (19 percent) between January and June 2009 targeted social network sites, making them the most commonly attacked market.

Many attacks on social networks involve cross-site scripting (XSS) worms. Additionally, insufficient anti-automation controls permit hackers to brute force attack login credentials. In one incident, an attacker accessed a Twitter Admin account that had a password reset tool and compromised 33 high-profile accounts, including President Obama’s.

Web attacks are driven by crime. Most occur because the hacker wants money, not glory. However, in some instances, the attacks are performed by professionals seeking to advance a cause.

In 2009, defacement of Web sites was still the number one driver for Web hacking (28 percent). Defacement includes visible changes and covert changes, such as the planting of malicious code. Criminals exploit Web application vulnerabilities to plant malware that subsequently infects clients who visit the Web site. The hacked sites become the hacker’s primary method of distributing viruses, Trojans and root kits.

On the other end of the spectrum, ideologists use the Internet to express themselves using Web hacking to deface Web sites. The majority of defacement incidents are of a political nature, targeting political parties, candidates, and government departments, typically with a specific message related to a campaign.

Web defacements are a serious problem and a critical barometer for estimating exploitable vulnerabilities in Web sites. Defacement statistics are valuable since they are one of the few incidents that are publicly facing and thus cannot be easily swept under the rug.

SQL injection tops the attack methods

SQL injection remains the No. 1 attack vector, accounting for nearly one-fifth of all security breaches (19 percent). These attacks alter the contents of the back-end database and inject malicious JavaScript. Interestingly, the overall attack more closely resembles a XSS methodology, as the end goal of the attack is to have malicious JavaScript execute within victim’s browsers to steal login credentials to other Web applications.

Attack vectors exploiting Web 2.0 features, such as user-contributed content from social media applications, are also commonly used: Authentication abuse is the second most active attack vector (11 percent), and cross-site request forgery (CSRF) rose to No. 5 (5 percent).

While not a new attack vector, attacks that take advantage of insufficient authentication are increasingly severe due to the proliferation of user-contributed and managed Web sites. This is closely related to CSRF, a vulnerability that was recognized several years ago as a potent attack vector. While it took longer for CSRF to appear than expected, the rise in CSRF incidents is in line with authentication abuse, since it provides an alternative mechanism for performing actions on behalf of a victim.

Source: Info World

Today we’re expanding that reach in two ways:

1. The LinkedIn download for the Outlook Social Connector is available today at www.LinkedIn.com/outlook.
2. We’re announcing new Outlook integrations with Facebook, the leading social website in the world, and MySpace.

Stay tuned to the Outlook team blog for availability of the Facebook and MySpace download for the Outlook Social Connector at http://blogs.msdn.com/outlook/

Source: blogs.technet.com

Out the gate, the update will reach Windows 7 Home Premium, Professional, Ultimate and Enterprise users, said Joe Williams, the general manager of Microsoft’s activation and anti-counterfeit group. “I’d like to stress that the Update is voluntary, which means that you can choose not to install it when you see it appear on Windows Update,” said Williams in an entry to the Genuine Windows blog.

That’s counter to the practice Microsoft used in 2006, when it force fed Windows XP customers a WGA update by labeling it as a high-priority security update. Several users sued Microsoft over that behavior; the lawsuit was officially dismissed just last week. Since then, the company’s anti-piracy software updates have been less aggressive.

According to Williams, the WAT update sniffs out more than 70 “activation exploits,” Microsoft’s term for what others call “cracks” that sidestep the product activation process, or use stolen keys to illegally activate counterfeit copies of Windows 7.

After the update has been installed, PCs running cracked copies will begin displaying a black background and the usual gamut of nagging notifications that mark the operating system as bogus. “Machines running genuine Windows 7 software with no activation exploits will see nothing,” promised Williams.

Microsoft regularly refreshes its anti-piracy technology to identify new activation exploits — it did the same two years ago in a Vista crack crack-down — but the number of exploit “signatures” in the upcoming WAT update is magnitudes larger than any previous.

Among the 70-some cracks shut down by the update are a pair that surfaced last November , just weeks after the launch of Windows 7. At the time, Microsoft said it was aware of the cracks — “RemoveWAT” and “Chew-WGA” — and was working on ways to disable them. A Microsoft spokeswoman confirmed today that the WAT update will include signatures for both cracks.

Williams also noted that the WAT update will periodically “phone home” to Microsoft’s servers to re-validate the copy of Windows 7 as legit, and use those opportunities to update activation signatures to detect newer cracks. Initially, WAT will connect to Microsoft’s severs every 90 days.

Full story: PC World

“Today, I’m proud to introduce Windows Phone 7 Series, the next generation of Windows Phones,” said Steve Ballmer, chief executive officer at Microsoft. “In a crowded market filled with phones that look the same and do the same things, I challenged the team to deliver a different kind of mobile experience. Windows Phone 7 Series marks a turning point toward phones that truly reflect the speed of people’s lives and their need to connect to other people and all kinds of seamless experiences.”

Partners from around the world have committed to include Windows Phone 7 Series in their portfolio plans. They include mobile operators AT&T, Deutsche Telekom AG, Orange, SFR, Sprint, Telecom Italia, Telefónica, Telstra, T-Mobile USA, Verizon Wireless and Vodafone, and manufacturers Dell, Garmin-Asus, HTC Corp., HP, LG, Samsung, Sony Ericsson, Toshiba and Qualcomm Inc. The first phones will be available by holiday 2010. Customers who would like to receive additional information about Windows Phone 7 Series and be notified when it is available can register at http://www.windowsphone7series.com.

To watch the full replay of Steve Ballmer’s press conference at Mobile World Congress, and to experience Windows Phone 7 Series through an online product demo, readers can visit http://www.microsoft.com/news/windowsphone.

Source: bink.nu

On Friday, Microsoft offered a preliminary conclusion, saying that malicious software may be to blame. “Malware on the system can cause the behavior,” wrote Microsoft spokesman Jerry Bryant on a company blog. “We are not yet ruling out other potential causes at this time and are still investigating.” He later said in a Twitter message, “we have confirmed cases where removing malware allows the system to boot.”

Windows XP user Patrick Barnes said he’d traced the issue to a malicious rootkit program known as TDSS that he found on one of his systems. In a post to the Internet Storm Center, Barnes said that he’d identified a nonworking file on his system called atapi.sys. When he submitted the file for analysis it turned out to be the TDSS rootkit.

It may not be the only cause of the problem, however. “From the reports I have been receiving, the infected atapi.sys is the most common cause of this blue screen,” Barnes wrote in his post. “However, any driver that references the updated kernel bits incorrectly can also cause this blue screen.”

Barnes posted repair instructions to his blog Friday, but the site was unavailable Friday morning Pacific Time. Security vendor Kaspersky Lab has released a standalone utility that removes the TDSS infection, however.

Users must first remove the rootkit from their hard drive before they can repair the issue or apply the security update, Barnes wrote in the Internet Storm Center post. People who have experienced the BSOD should remove their hard drive and then scan it for infections using another PC to make sure they catch it. “If atapi.sys is removed, you will need to replace it from installation media or from another Windows system of the same version,” Barnes wrote. “Restore your hard drive and attempt to boot again. If it still does not boot, you may try a repair installation of Windows. If that still does not work, you may need to reload your computer.”

Because TDSS uses crafty techniques to hide itself on the operating system, many antivirus programs have a hard time detecting it, said Roel Schouwenberg, a Kaspersky antivirus researcher. “The more I look into it, the more plausible it becomes that this is indeed the (main) issue behind the BSOD. MS10-015 is a kernel update with atapi.sys containing the extremely advanced TDSS kernel rootkit,” he said via instant message. “Microsoft pulling the patch obviously says something about how widespread this thing is.”

Barnes’ repair instructions “make sense,” Schouwenberg said. “Given the nature of the BSOD I doubt there’s an easier way.”

Microsoft has said that the issue affects a “limited number” of customers.

News source: Info World

The February update for Windows will close the loophole that dates from the time of the DOS operating system.

First appearing in Windows NT 3.1, the vulnerability has been carried over into almost every version of Windows that has appeared since.

The monthly security update will also tackle a further 25 holes in Windows, five of which are rated as “critical”.

Home hijack

The ancient bug was discovered by Google security researcher Tavis Ormandy in January 2010 and involves a utility that allows newer versions of Windows to run very old programs.

Mr Ormandy has found a way to exploit this utility in Windows XP, Windows Server 2003 and 2008 as well as Windows Vista and Windows 7.

The patch for this vulnerability will appear in the February security update. Five of the vulnerabilities being patched at the same time allow attackers to effectively hijack a Windows PC and run their own programs on it.

Source: BBC News