Roundup of recently patched Internet security vulnerabilities
August 22, 2012
August has been a busy month for both cyber criminals and security patches from software vendors targeted by malware distributors. Microsoft released 9 security patches through its monthly Patch Tuesday, on August 14, 2012. The same day, Adobe released a new version of its Flash Player, to plug a vulnerability being exploited in the wild. Earlier today, Adobe released yet another version of Flash Player, fixing six more vulnerabilities.
These updates are all rated either "critical," or "Important" by their owners. You are strongly advised to update your Windows computers, via the links on your Start Menu for Windows or Microsoft Update, plus all installed Adobe programs, but especially Flash and AIR. Today's updates bring Flash to version 11.4.402.265 for most browsers, except for Google Chrome. Its new version is bundled into a newly released version of Chrome and holds version number 11.3.31.230. This applies to Windows and Mac computers.
To find out if you are running the current version, or an out-dated version of Flash, go to the Adobe "About Flash" page.
Adobe AIR has just been updated to version 3.4.0.2540. This cloud based application is exploitable if not kept updated. Also, some applications (after being updated themselves) will fail to load if you continue using an outdated version of AIR. You can download the latest version of Adobe AIR here.
Cyber criminals deliver their exploit attacks via multiple methods. Most arrive as .DOC, .PDF, or .ZIP attachments in spam emails spoofing a legitimate company's correspondence with its users (i.e: Intuit scams, Scan from an HP OfficeJet, UPS failed delivery scams). Others use disguised links in similar emails to send victims to poisoned websites that either host, or redirect one to the BlackHole Exploit Kit.
Several months ago Microsoft fixed a vulnerability in its Remote Desktop Protocol, which allowed criminals to obtain remote control of desktop and server PCs over the Internet, by sending a specially crafted RDP request. Unpatched computers running Remote Desktop Connection would respond, do the handshake, then allow distant attackers to take remote control as though they were sitting in front of those computers or servers.
Until this very week, there was a constant flood of malware link or attachment spam emails that contained exploits targeting Java, Flash Player, AIR and Windows components. Unpatched systems are at serious risk of takeover via exploitable versions of Windows, Mac, or third party plug-ins for their browsers. Accidentally launching a malware attachment, clicking on a poisoned link, or being tricked into visiting a web page containing a hidden iframe usually results in your computer becoming members of a spam spewing botnet, or being used to participate in denial of service attacks, or having a banking Trojan, or fake security program installed.
Please keep up to date with all updates for your Mac and Windows PCs, as well as third party plug-ins, such as Java, Flash, AIR, Reader, Quicktime, RealPlayer, etc. Windows users have a couple of methods of checking for Windows Updates. These include a link on your All Programs Start Menu, a link in Internet Explorer, under Safety, a link in the Security Center in Control Panel, as well as the Control Panel applet for configuring Automatic Windows Updates.
Adobe programs also have optional automatic updaters, which you should search for and enable. Flash, Quicktime and Java all install Control Panel icons, through which automatic checking for updates on your chosen schedule should be enabled.
Operating an outdated operating system that no longer qualifies for vendor support is online suicide. That PC will be owned and used by cyber criminals for bad purposes. Ditto for running a pirated operating system. You won't be entitled to most critical and any "important" updates, leaving that computer exposed to hundreds of attack vectors.
If your computer is running outdated anti-virus, consider purchasing a subscription to Trend Micro Internet Security, or a lifetime license for Malwarebytes Anti-Malware, or a subscription for one of several Norton security programs. I use the first two! Plus, I use MailWasher Pro to screen all of my incoming email for spam, scams, threats, or multiple forwarded silliness.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.