Microsoft Environment Analysis
Five vulnerabilities for the workgroup LAN based on the Microsoft Security Advisories are 2755801, 2719662, 2854544, 2846338, and 2847140. 2846338 involves privilege elevation, vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution, and is a high priority.
Three vulnerabilities and Solutions related to client configuration.
Advisory Number: 2719662. Microsoft is announcing the availability of an automated Microsoft Fix it solution that disables the Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7. Disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. Customers should consider the following ways that an attacker could leverage Gadgets to execute arbitrary code; un addition, Microsoft is aware that some legitimate Gadgets running in Windows Sidebar could contain vulnerabilities. An attacker who successfully exploited a gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could also create a malicious Gadget and then trick a user into installing the malicious gadget. Once installed, the malicious gadget could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. Gadgets can access your computer's files, show you objectionable content, or change their behavior at any time. Gadgets could also potentially harm your computer.
Recommendation: Customers who are concerned about vulnerable or malicious gadgets should apply the automated Microsoft Fix it solution as soon as possible.
Advisory Number: 2854544
Microsoft is announcing the availability of an update as part of ongoing efforts to improve cryptography and digital
Three vulnerabilities and Solutions related to client configuration.
Advisory Number: 2719662. Microsoft is announcing the availability of an automated Microsoft Fix it solution that disables the Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7. Disabling Windows Sidebar and Gadgets can help protect customers from potential attacks that leverage Gadgets to execute arbitrary code. Customers should consider the following ways that an attacker could leverage Gadgets to execute arbitrary code; un addition, Microsoft is aware that some legitimate Gadgets running in Windows Sidebar could contain vulnerabilities. An attacker who successfully exploited a gadget vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could also create a malicious Gadget and then trick a user into installing the malicious gadget. Once installed, the malicious gadget could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take complete control of the affected system. Gadgets can access your computer's files, show you objectionable content, or change their behavior at any time. Gadgets could also potentially harm your computer.
Recommendation: Customers who are concerned about vulnerable or malicious gadgets should apply the automated Microsoft Fix it solution as soon as possible.
Advisory Number: 2854544
Microsoft is announcing the availability of an update as part of ongoing efforts to improve cryptography and digital