Link to the ISACA® Las Vegas Chapter Home Page
  • RSS Feed Resources
  • Headlines: Microsoft Security Bulletins

    • Tuesday 09 March 2010 @ 12:00 am
      MS10-017 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
      Bulletin Severity Rating:Important - This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • Tuesday 09 March 2010 @ 12:00 am
      MS10-016 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)
      Bulletin Severity Rating:Important - This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003. Windows Live Movie Maker, which is available for Windows Vista and Windows 7, is not affected by this vulnerability. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker or Microsoft Producer project file and persuaded the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • Tuesday 09 February 2010 @ 12:00 am
      MS10-015 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
      Bulletin Severity Rating:Important - This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.

    • Tuesday 09 February 2010 @ 12:00 am
      MS10-014 - Important: Vulnerability in Kerberos Could Allow Denial of Service (977290)
      Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a specially crafted ticket renewal request is sent to the Windows Kerberos domain from an authenticated user on a trusted non-Windows Kerberos realm. The denial of service could persist until the domain controller is restarted.

    • Tuesday 09 February 2010 @ 12:00 am
      MS10-013 - Critical: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
      Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • Tuesday 09 February 2010 @ 12:00 am
      MS10-012 - Important: Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
      Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.

    • Tuesday 09 February 2010 @ 12:00 am
      MS10-011 - Important: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
      Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS). The vulnerability could allow elevation of privilege if an attacker logs on to the system and starts a specially crafted application designed to continue running after the attacker logs out. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

    • Tuesday 09 February 2010 @ 12:00 am
      MS10-010 - Important: Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
      Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a malformed sequence of machine instructions is run by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to log on locally into a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

    • Tuesday 09 February 2010 @ 12:00 am
      MS10-009 - Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
      Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link.

    • Tuesday 09 February 2010 @ 12:00 am
      MS10-008 - Critical: Cumulative Security Update of ActiveX Kill Bits (978262)
      Bulletin Severity Rating:Critical - This security update addresses a privately reported vulnerability for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP, Important for all supported editions of Windows Vista and Windows 7, Moderate for all supported editions of Windows Server 2003, and Low for all supported editions of Windows Server 2008 and Windows Server 2008 R2.

    • Tuesday 09 February 2010 @ 12:00 am
      MS10-007 - Critical: Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
      Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Windows 2000, Windows XP, and Windows Server 2003. Other versions of Windows are not impacted by this security update. The vulnerability could allow remote code execution if an application, such as a Web browser, passes specially crafted data to the ShellExecute API function through the Windows Shell Handler.

    • Tuesday 09 February 2010 @ 12:00 am
      MS10-006 - Critical: Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
      Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a malicious SMB server.

    • Tuesday 09 February 2010 @ 12:00 am
      MS10-005 - Moderate: Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
      Bulletin Severity Rating:Moderate - This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • Tuesday 09 February 2010 @ 12:00 am
      MS10-004 - Important: Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
      Bulletin Severity Rating:Important - This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • Tuesday 09 February 2010 @ 12:00 am
      MS10-003 - Important: Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
      Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • Thursday 21 January 2010 @ 12:00 am
      MS10-002 - Critical: Cumulative Security Update for Internet Explorer (978207)
      Bulletin Severity Rating:Critical - This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • Tuesday 12 January 2010 @ 12:00 am
      MS10-001 - Critical: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
      Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font in client applications that can render EOT fonts, such as Microsoft Internet Explorer, Microsoft Office PowerPoint, or Microsoft Office Word. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • Tuesday 08 December 2009 @ 12:00 am
      MS09-074 - Critical: Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)
      Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Office Project. The vulnerability could allow remote code execution if a user opens a specially crafted Project file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • Tuesday 08 December 2009 @ 12:00 am
      MS09-073 - Important: Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)
      Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft WordPad and Microsoft Office text converters. The vulnerability could allow remote code execution if a specially crafted Word 97 file is opened in WordPad or Microsoft Office Word. An attacker who successfully exploited this vulnerability could gain the same privileges as the user. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.

    • Tuesday 08 December 2009 @ 12:00 am
      MS09-072 - Critical: Cumulative Security Update for Internet Explorer (976325)
      Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An ActiveX control built with Microsoft Active Template Library (ATL) headers could also allow remote code execution; for more information about this issue, see the subsection, Frequently Asked Questions (FAQ) Related to This Security Update, in this section.

    • Tuesday 08 December 2009 @ 12:00 am
      MS09-071 - Critical: Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)
      Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts. On Windows Server 2008, the Internet Authentication Service is replaced by Network Policy Server (NPS). An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. Servers using Internet Authentication Service or Network Policy Server are only affected when using PEAP with MS-CHAP v2 authentication.

    • Tuesday 08 December 2009 @ 12:00 am
      MS09-070 - Important: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)
      Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities.

    • Tuesday 08 December 2009 @ 12:00 am
      MS09-069 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)
      Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, while communicating through Internet Protocol security (IPsec), sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system.

    • Tuesday 10 November 2009 @ 12:00 am
      MS09-068 - Important: Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
      Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • Tuesday 10 November 2009 @ 12:00 am
      MS09-067 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
      Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  • Move your cursor into the feed view window to halt scrolling
    Refresh the page to change the RSS Channel
    Click the link to view the complete article

  • What is RSS?

  • You should have a functioning RSS Feed Reader installed in order to take full advantage of these links.

  • Without a RSS aggregator such as

    Pluck Logo
    or

    Lektora Logo
    many of the links on this page will display the source code instead of the content when viewed with MS Internet Explorer or Mozilla Firefox.

  • RSS Feed Readers and Aggregators
  • Wikipedia Logo
    List of news aggregators from Wikipedia, the free encyclopedia.
    A news aggregator is a software application, webpage or service that collects syndicated content from disparate sources and provides a consolidated view. Such applications are also referred to as feed readers, feed aggregators or simply aggregators.
    A website may incorporate aggregator features by republishing syndicated content on one or more of its pages. Aggregator features also can be added to other client software, including Web browsers, e-mail clients, weblog creation programs, or media player programs.
    Aggregators substantially improve upon the time and effort needed to regularly check websites of interest for updates.
    Through subscriptions to syndicated content feeds and the application's periodic collection of updates, users are able to create a unique information space that caters to their specific needs and desires.
    The syndicated content an aggregator will interpret is XML-based data using the Atom or RSS formats.
    [TOP]
     
     

  • Information Systems Security related RSS Feeds
  • US CERT Logo
     US-CERT National Cyber Alert System
    US-CERT Cyber Security User Docs
    US-CERT Cyber Security Tips
    US-CERT Cyber Security Alerts
    US-CERT Technical Cyber Security Alerts
    [TOP]
     
     
  • SANS RSS Feed Logo
     SANS Information Security Reading Room RSS Feed
  • offers an abundant resource of up-to-date security news, exploits, and advisories.
    [TOP]
     
     
  • Infoworld Logo
     InfoWorld Top News
    InfoWorld Security News
    InfoWorld Wireless News
    [TOP]
     
     
  • ComputerWorld Logo
     Computer World Top News
    Computer World Security News
    Computer World Sarbanes-Oxley News
    Computer World HIPAA News
    Computer World Cyber Crime News
    Computer World Hacking News
    Computer World Computerworld Viruses, Worms and Security Holes News
    [TOP]
     
     
  • Security Focus Logo
     Security Focus Security News
    Security Focus Vulnerabilities News
    [TOP]
     
     
  • AstaLaVista Logo
     AstaLaVista.com Security News
    [TOP]
     
     
  • Packet Storm Logo
     Packet Storm Global Security Resource News
    [TOP]
     
     
  • E Week Logo
     E Week Security News
    [TOP]
     
     
  • CISCO Logo
     Cisco Systems Security Advisories
    Cisco Systems Security Notices
    [TOP]
     
     
  • Network World Logo
     Network World on Security
    Network World on Privacy
    [TOP]
     
     
  • Microsoft Logo
     Microsoft Security Bulletins
    Microsoft Recent Security at Home information
    [TOP]
     
     
  • Security Pipeline Logo
     Security Pipeline
    [TOP]
     
     

  •   If you would like to add a link to your favorite Audit, IT Controls, or INFOSEC related feed to this page
     please contact:
  • Mailbox Image info@isaca-lasvegas.org

  •  Return to ISACA® Las Vegas Chapter Audit, Controls, and Infosec Resources Page

  •  Return to ISACA® Las Vegas Chapter Home Page