Windows Update
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1
vCenter 4.0 Windows affected, patch pending
VirtualCenter 2.5 Windows affected, no patch planned
Update Manager 4.1 Windows Update 1
Update Manager 4.0 Windows affected, patch pending
Windows Update (as well as Microsoft Update and the Automatic Update)
installs an outdated (and from its manufacturer unsupported) Flash
Player ActiveX control on Windows XP.
Although this fact is nothing really new it but shows the lack of taking
care for security problems and in general the chuzpe of many software
"producers" to ship their "products" with outdated and often vulnerable
components.
Adobe
Flash Player 10.0 r22
--Monday, April 20, 2009, 8:17:24 PM, you wrote to bugtraq@securityfocus.com:
SK> Windows Update (as well as Microsoft Update and the Automatic Update)
SK> installs an outdated (and from its manufacturer unsupported) Flash
SK> Player ActiveX control on Windows XP.
SK> Although this fact is nothing really new it but shows the lack of taking
>Adobe
>Flash Player 10.0 r22
>
>--Monday, April 20, 2009, 8:17:24 PM, you wrote to bugtraq@securityfocus.com:
>
>SK> Windows Update (as well as Microsoft Update and the Automatic Update)
>SK> installs an outdated (and from its manufacturer unsupported) Flash
>SK> Player ActiveX control on Windows XP.
>
>
>SK> Although this fact is nothing really new it but shows the lack of taking
assigned the name CVE-2011-0426 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.1 Windows Update 1 *
vCenter 4.0 Windows Update 3 *
VirtualCenter 2.5 Windows Update 6a
hosted ** any any not affected
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =================
Update Manager 1.0 Windows Update Manager fix for Jetty *
Update Manager 4.0 Windows Update Manager fix for Jetty *
Update Manager 4.1 Windows Update Manager fix for Jetty *
* Refer to VMware Knowledge Base article 1023962
If "Web View Content" is enabled in Windows Explorer, which is the
default setting, a single click will open the malicious file in the
preview pane and trigger the vulnerability.
DirectX 9.0c is listed as an optional update for Windows 2000 operating
system in Windows Update site. It is not listed as a critical update.
However, installing this update will remove this vulnerability.
IV. DETECTION
iDefense has confirmed Microsoft DirectX 7.x and Microsoft DirectX 8.x
This paper explains an attack vector inherent to certain WDM audio
drivers running on Windows Vista, XP, 2000 and 2003. Successful
exploitation could lead to local escalation of privileges.
The paper also covers the interesting case of es1371mp.sys, a vulnerable
WDM driver that can be automatically installed through Windows Update,
on systems with Ensoniq PCI 1371 based SoundCards (Certain VMware
products emulate a soundcard of this type).
It can be downloaded at :
(v 1.01)
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 5.0 Windows not affected
vCenter 4.1 Windows Update 2
vCenter 4.0 Windows not applicable **
VirtualCenter 2.5 Windows not applicable **
Update Manager 5.0 Windows not affected
Update Manager 4.1 Windows not applicable **
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
Update Manager 5.0 Windows not affected
Update Manager 4.1 Windows Update 2
Update Manager 4.0 Windows Update 4
hosted * any any not affected
ESXi any ESXi not affected
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows Update 1
VirtualCenter 2.5 Windows affected, patch pending
VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
* The result of malicious software removal
* The operating system version
* The operating system locale
* The processor architecture
* The version number of the tool
* An indicator that notes whether the tool is being run by Microsoft Update, Windows Update, Automatic Updates, the Download Center, or from the Web site
* An anonymous GUID
* A cryptographic one-way hash (MD5) of the path and file name of each malicious software file that is removed from the computer
If apparently malicious software is found on the computer, the tool prompts you to send information to Microsoft beyond what is listed here. You are prompted in each of these instances, and this information is sent only with your consent. The additional information includes the following: * The files that are suspected to be malicious software. The tool will identify the files for you.
* A cryptographic one-way hash (MD5) of any suspicious files that are detected.
You can disable the reporting feature. For information about how to disable the reporting component and how to prevent this tool from sending information to Microsoft, click the following article umber to view the article in the Microsoft Knowledge Base:
with changes to their systems, the last thing they need is a patch that
breaks their functionality, and so even with patches a lot of testing
takes place.
A SCADA system isn't something that you can simply run the equivalent of
Windows Update, reboot the machine and all will be well. Because the
safety and availability requirements, upgrades can take a lot of
planning and a lot of time to impliments. I've heard of upgrades taking
anything from a couple of hours to a couple of years!
Because no one wants their electricity cut off just to install the next
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
======== ======== ======= =======================
Virtual- 2.5 Windows Update 3 build 119838
Center
Virtual- 2.0.2 Windows not affected
Center
hosted * any any not affected
Original Vendor Advisories:
http://www.adobe.com/support/security/bulletins/apsb08-13.html
http://www.adobe.com/support/security/advisories/apsa08-01.html
== Solutions ==
Adobe recommends Acrobat 8 users on Windows update to Acrobat 8.1.2
available here:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3849.
== Credit ==
Discovered and advised to Adobe February , 2007 by Paul Craig of
vCenter 5. Windows patch pending
vCenter 4.1 Windows patch pending
vCenter 4.0 Windows not applicable **
VirtualCenter 2.5 Windows not applicable **
Update Manager 5.0 Windows Update Manager 5.0 Update 1
Update Manager 4.1 Windows not applicable **
Update Manager 4.0 Windows not applicable **
hosted * any any not affected
from http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html:
The disruption was triggered by a massive restart of our users'
computers across the globe within a very short timeframe as they
re-booted after receiving a routine set of patches through Windows
Update.
The high number of restarts affected Skype's network resources.
This caused a flood of log-in requests, which, combined with the
lack of peer-to-peer network resources, prompted a chain reaction
that had a critical impact.
Original Vendor Advisories:
http://www.adobe.com/support/security/bulletins/apsb08-13.html
http://www.adobe.com/support/security/advisories/apsa08-01.html
== Solutions ==
Adobe recommends Acrobat 8 users on Windows update to Acrobat 8.1.2
available here:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3849.
== Credit ==
Discovered and advised to Adobe February , 2007 by Paul Craig of
everyone is happy.
The concept of Microsoft's Malicious Software Removal tool not being a backdoor is
flawed. For starters, no information is ever disclosed to someone installing the Windows
Malicious Software removal tool: "Windows will now install a program which will report
suspicious activity to Microsoft". As far as I can recall on any Windows update, there has
never been any mention of it.
"But this is a wonderful tool, why are you being such a troll and knocking Microsoft for
doing the right thing!". The question slash qualm I have about this tool is I'd like to know
what, why, when and how things are being done on my machine. It's not a matter of
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows affected, patch pending *
VirtualCenter 2.5 Windows Update 6
VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
Player any any not affected
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows Update 1
VirtualCenter 2.5 Windows not affected
VirtualCenter 2.0.2 Windows not affected
Workstation any any not affected
For the above products Microsofts advice is like a self-fullfilling
prophecy:-(
3. Even if the current MSVC++ runtime is installed later (via Windows
Update, for example), the vulnerable MSVC++ runtime(s) remain
installed (side-by-side).
You have to (and should!) remove them manually to get rid of them
completely!
|
