Wiz's Computer and Website Security Blog

Oracle, the current keeper of Java software, has released a new version to fix stability problems in previous versions and improve performance (see bug fix page). The new version's common name is Java 6 update 30. The official version number is actually 1.6.0_30-b12. If you have Java installed I recommend keeping it updated to the latest version, whenever Oracle releases one.

I often write about Java vulnerabilities being exploited by criminals who install exploit attack kits onto web servers under their control; mostly in the former Soviet Union. The number one exploit targets vulnerabilities in Java. In my last blog article I wrote a couple of paragraphs about how Java vulnerabilities are exploited to take over computers with no user interaction.

If you have Java installed on any of your PCs, it is important to check for updates and apply them as soon as possible. Windows PC users can check for updates by using the Control Panel Java applet's "Update" tab. On that tab there is a section where you can select automatic checking for updates on a schedule of your choice. Since Oracle doesn't seem to have any regular schedule for updating Java, I recommend setting the automatic checks to every day, at a time when the PC is turned on. The updater hides in the System Tray, be the clock, and only appears if there is an update available.

You can also check for Java updates manually, from the same Java applet icon in Control Panel. It is found on the Update tab page, as a button labeled Update Now. Use it to install the latest version, if you haven't already received notification by the auto-updater.

It is important that you uninstall all previous versions of Java, in order to protect your computers from exploits that target them by their default folder location. Use your Control Panel "Add/Remove Programs," or the Windows 7 "Programs and Features" icon, to get rid of all previous builds prior to the latest version. Reboot after you run all of the old Java uninstallers. Then, after you re-enter Windows, go to Start and click to open "(My) Computer" - then double-click on the C drive, then on Program Files, and look for the Java folder. Open it (double-click) and look for any leftover older Java version number folders and delete them manually. Keep in mind that the new current version, as of 12/12/2011, is version 6 build 30.

You can also check to see if you have Java installed on this page on Java.com. You can download the latest stable version of Java from java.com.

If your computers have Java installed (even an old insecure version), you can check to see if you have any insecure software installed, or are missing any Windows Updates, by using the Secunia Online Software Inspector. It uses Java to scan your computer for out-dated software and browser plug-ins, including Java and provides download links to get the latest versions of those programs or plug-ins. I recommend scanning from Secunia one a week, just to be sure you are fully patched!

Posted by Wiz at 1:13 AM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

Adobe Systems has published an advisory announcing that they will be releasing an "out-of-band" patch, sometime during the week starting on December 12, 2011, for their Acrobat and Reader programs for Windows, version 9.4.6. This is in response to cyber criminals exploiting a critical vulnerability discovered in the code used by those related programs.

The same vulnerability being exploited in Reader 9.4.6 also exists in the newer version 10.1.1 of Adobe Reader X and Acrobat X. However, those programs operate by default in protected mode, which nullifies the exploit vector being target in the ongoing attacks. Nonetheless, Adobe has scheduled a security update for these newer versions, to be released on January 10, 2012. That update will apply to all supported platforms of Adobe Reader.

If you use the Foxit PDF reader, they have released a new version to respond to the same vulnerability as exists in Adobe's Reader (see Foxit security notice here). You can download the latest version (5.1.3) of Foxit from their website.

Microsoft is going to be releasing 14 patches on December 13, 2011. Be sure you check for these Windows Udates during the afternoon of this coming Patch Tuesday. You may or may not need all 14 patches, depending on your Windows operating system and installed Microsoft Office programs. If you use Windows XP, with SP 3, you are definitely going to get a lot of patches! If you haven't upgraded to SP 3, your PC is in extreme danger of takeover by numerous vulnerabilities that were patched, but require SP 3 to receive them.

Other software vulnerabilities being exploited in the wild this week include a critical flaw in Yahoo Messenger 11.5.0.152 and older. This happens to include the current version! The World waits with bated breath for Yahoo to respond with a patched update. The flaw allows hostile status update messages to be placed by hackers and criminals, with links to malware servers. The victims are unaware that their status message system is being used to trick other people on their Yahoo Messenger contact lists.

To protect themselves until a patch is released, Yahoo users should set their Yahoo Messenger to "ignore anyone who is not in your Yahoo! Contacts." That should keep you safe from being exploited by strangers, but you could still be tricked if one of your existing contacts gets hacked. Keep this in mind and check for updates regularly, via the Yahoo Messenger Help menu item.

Continue reading "Adobe and Windows critical patches coming in mid-December and January" »

Posted by Wiz at 3:10 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

According to a Microsoft Technet Blog article published on June 14, 2011, Malware infections resulting from exploits involving Autorun (like when you plug in a USB memory device and it runs a program or setup automatically) have dropped by 82% from the numbers recorded during the same period in 2010.

The percentage of decline varied with the operating system and service pack installed. Windows XP users who have Service Pack 3 installed saw a 62% drop in Autorun installed malware, after accepting the optional patch issued on Feb 8, 2011, or the forced installation of the reissued patch, pushed out on February 24, 2011.

If you are operating a Windows XP computer with any service pack older that SP 3, your version of Windows is now out of support and you are no longer receiving any critical patches. Thus, your computer is not protected against this, or any other recently patched vulnerabilities. If it is connected to the Internet, or if you plug in an infected USB device, unless you have manually edited your computer's Registry to disable Autorun, or it is running industrial strength anti-malware protection, it will eventually become infected and probably botted.

Computers running on Windows Vista with SP1 saw a 68% decline, while those with SP2 installed had a whopping 82% drop in malware installations.

Note! Microsoft will stop supporting Windows Vista Service Pack 1 on July 12, 2011. From that date onward, Microsoft will no longer provide support or free security updates for Windows Vista Service Pack 1 (SP1). You folks need to upgrade to Vista SP 2 by July 12, 2011, or you will not receive any more updates or patches.

Why have Autorun infection rates dropped so dramatically?

The drop in malware infections from Autorun exploits is attributable to patch KB971029 that Microsoft released optionally, with the Windows Updates of February 8, 2011, which turned OFF Autorun for "non-shiny" media (e.g. CDs, DVDs) and two weeks later, as a non-optional update. Before then, if you plugged a USB stick (a.k.a. thumbdrive, flash drive) into your Windows XP or Vista computer and there was a setup file on that memory device, it would run automatically. With the update installed, flash drives inserted into a PC running XP (SP3), or Vista no longer offer the option to run programs. However, the demise of AutoRun does not affect CDs or DVDs (just USB devices or shared network drives).

Some notorious infections went so far as spoofing the wording of options on the dialog box that usually opens when you plug in a USB device. The wording was crafted to induce unwary users into choosing the spoofed option, which was rewritten to appear that if clicked upon, it would open the drive as a folder, for them to look at. In fact, that option was still there, as the next option down! The first one executed a hidden file on the device, named "autorun.inf" - which triggered a hidden executable file on the drive, which was a malware/spyware setup file. Because of its being the first choice and the craftiness of the wording, many thousands of intelligent people were fooled into clicking it and installing the malware contained on those devices.

It was by means of infected thumb-drives that allowed the Conficker Worm to spread so widely and quickly in late 2009 and early 2010.

Continue reading "Windows malware infections from Autorun exploits down by 82% from 2010" »

Posted by Wiz at 12:00 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

Oracle, the new owners and maintainers of the Java Virtual Machine technology, will be releasing a new, patched version of Java, on June 7, 2011. This "Critical" update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. This patch contains 17 new security vulnerability fixes. All these vulnerabilities may be remotely exploitable without authentication, (may be exploited over a network without the need for a username and password). Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply this Critical Patch as soon as possible (June 7 will do!).

A rating of "Critical," in new-speak, indicates that no direct user interaction is required for an exploit to take ownership of an attacked PC, if that PC is running unpatched versions of exploitable software. All that must occur is that the operator of the PC either clicks on a hostile link, or views a web page which has had hidden malicious redirection links embedded within hidden iframes, or which contains injected JavaScript redirection codes, or navigates to an infected network share (using an unpatched machine).

Once an innocent Netizen has been redirected to an attack site, numerous attack vectors will be tried, until one succeeds in downloading malware to that PC. To date, the most frequently exploited software which plugs into web browsers - is the Java Virtual Machine.

You may or may not be aware that you have Java installed on your PC. If you do know, update it on June 7, 2011 and set the automatic check for updates to every day. You never know on what day Java updates will be issued. If you don't know if Java is installed, and it is, you are probably in greater danger than you can imagine. Read on...

Continue reading "Java Virtual Machine patch issued on June 7, 2011" »

Posted by Wiz at 10:10 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

On Sunday, June 5, 2011, while I was enjoying a steak dinner, Adobe was busy releasing critical patches for its ubiquitous Flash Player. The bulletin, strangely rated as only "important," addresses Vulnerability identifier: APSB11-13 and CVE number: CVE-2011-2107 and affects all operating systems and platforms, including smart phones.

A vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.22 and earlier versions for Android. This universal cross-site scripting vulnerability (CVE-2011-2107) could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.

Note the last sentence in the blockquote, where it refers to malicious links in email messages. For the last two weeks I have been updating my custom MailWasher Pro spam filters to combat these very links. Spam email has been pumped out by rented botnets, pretending to come from Adobe, Skype and a filesharing program that is claimed to be an alternative for the now dead LimeWire system. All contain links to exploit websites, all of which are hosted on servers in China. The goal was to draft more innocent computers into spam botnets.

The Adobe scam claims to provide an urgent update for Adobe Flash, Acrobat and Reader software. Please believe me when I tell you that Adobe does NOT send out unsolicited email messages to the general public, announcing updates to its products.

The facts is that there were serious zero day, highly targeted attacks launched from China, disclosed last week by Google, exploiting a previously unpublished cross site scripting vulnerability in all versions of Adobe Flash. Kudos to the Adobe security team for rushing out patched versions so quickly.

Continue reading "Adobe Flash Player patched for zero day vulnerabilities" »

Posted by Wiz at 11:55 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

This is a roundup of the most important security vulnerability alerts announced and patches issued, between March 10 through 23, 2011. Most affect Windows, operating systems, but some also target Macintosh and Linux computers. By applying vendors' patches as they are released you can keep your computers secured against the exploits targeting these vulnerabilities.

The following security alerts were issued in the past two weeks, with the latest first and the oldest last (FILO logic).

Fraudulent SSL Certificates
March 23, 2011

There have been recent published reports about the existence of at least nine fraudulent "Comodo" SSL certificates. These fake SSL certificates could be used by an attacker to masquerade as a trusted website. Multiple web browser vendors have provided updates to recognize and block these fraudulent SSL certificates.

Mozilla has updated Firefox 4.0, 3.6, and 3.5 which you get by upgrading your Firefox browser via Help > "Check for updates." Firefox 3.6.16 blacklists a few of the now invalid HTTPS certificates.

Microsoft has released a revised list of trusted root certificates for Internet Explorer browsers, which you can obtain via Windows Updates (under "Express").

Finally, Google Chrome was updated on March 22 to version 10.0.648.151 for Windows, Mac, Linux and Chrome Frame. This release blacklists the revoked Comodo HTTPS certificates.

Adobe Releases Security Updates for Reader and Acrobat
March 22, 2011

Adobe has released updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address a vulnerability in the authplay.dll component. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. End users and system administrators should review Adobe security bulletin APSB11-06 and apply any necessary updates to help offset the risks posed by this vulnerability.

Apple patches 56 bugs in Mac OS X
March 22, 2011

Apple on Monday patched 56 vulnerabilities, most of them critical flaws that could be used to hijack machines running Mac OS X, code-named "Snow Leopard." The patched version is 10.6.7.

Of the 56 bugs patched in the update for Snow Leopard, 45 were included the description that exploitation could lead to arbitrary code execution. Translated, that means complete system takeover is possible (even on a Mac!).

According to Apple's advisory , more than a dozen of the bugs can be exploited by "drive-by" attacks that execute as soon as a victim browses to a malicious Web site with an unpatched edition of Mac OS X.

The update to Mac OS X 10.6.7 also fixed several non-security bugs including issues in the AirPort Wi-Fi driver and other usability and stability improvements.

Use your Apple software updater to obtain the latest version of OS X.

Adobe Releases Flash Player Update
March 21, 2011

Adobe has released an update for Flash Player to address multiple vulnerabilities (see this Adobe bulletin). These vulnerabilities affect Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.106.16 and earlier versions for Android. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service attack or execute arbitrary code.

PC owners should upgrade to Adobe Flash Player 10.2.152.26 by downloading it from the Adobe Flash Player Download Center.

Users of Flash Player for Android version 10.1.106.16 and earlier can update to Flash Player version 10.2.156.12 by browsing to the Android Marketplace on an Android phone.

Continue reading "Security News and Updates for March 10 - 23, 2011" »

Posted by Wiz at 9:08 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

With the Pwn2Own competition just getting underway, several security updates were released over the past week for two of the World's more popular web browsers, along with the monthly Windows Updates, an iTunes patch, and one Java update. The following is a list of the significant updates released this past 6 days, starting with the most recent.

On March 9, 2011, Apple Releases Java Updates for Mac OS X 10.5 and OS X 10.6

Apple has released Java for Mac OS X 10.5 Update 9 and Java for Mac OS X 10.6 Update 4 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

Apple computer users running these systems should review Apple articles HT4563 and HT4562 and apply any necessary updates to help counteract the risks. Do not think that your computer is invulnerable just because it is a Mac!

Also on March 9, 2011, Google released Google Chrome 10.0.648.127

Just eight days after the previous security update, Google has released Chrome 10.0.648.127 for all platforms to address 50 25 vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or bypass security restrictions.

You can review the Google Chrome Releases blog and apply any necessary updates to help mitigate the risks. Chrome can be updated by opening the browser, clicking on the Settings icon on the upper right and selecting About Chrome. This starts the online check for updates and downloads them.

On Patch Tuesday, March 8, 2011, Microsoft released its monthly Windows Updates.

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for March 2011. Two were rated as important and one as Critical.

One vulnerability patched this week is in Windows Media Player and is rated Critical, and affects almost all versions of Media Player on almost all supported versions of Windows. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

Make sure you check for and apply Windows Updates to all of your supported Windows PCs.

On March 4, 2011, Firefox was updated to version 3.6.15, fixing a stability problem caused by one of the security fixes in version 3.6.14, which was released 3 days earlier, on March 1, 2011.

On March 3, 2011, Apple Released iTunes 10.2

Apple has released iTunes 10.2 to address multiple vulnerabilities affecting the ImageIO, libxml, and WebKit packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. You can review Apple article HT4554 for the details and links to download the patched version. Or, use your installed Apple Software Updater to download the latest version of iTunes.

That completes the list of vulnerabilities patched this past week, in Windows and Mac applications. You can keep tabs on all installed and exploitable software by running the Secunia Online Software Inspector every week. It reveals out-dated and insecure programs and offers download links to obtain the latest patched versions. It also tells you about any missing Windows Updates.

Posted by Wiz at 2:38 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

On Wednesday, February 16, 2011, Oracle, the current owner of the Java technology developed by Sun Corporation, released their Java second update in 6 days. It was just on Feb 10 that Java 6 build 23 was released, plugging a critical vulnerability, which I included in my last Security Patch Roundup, published on Feb 11, 2011. Now, just six days later, Java 6 build 24 has been released, plugging 21 more security holes!

Multiple vulnerabilities have been reported by Secunia and others in Sun Java, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

One doesn't really get a sense of how big of a deal this is, until one reads an outline detailing each one of those 21 vulnerabilities and the impact each one can have. Take a stroll over to Secunia Vulnerability Advisory 43262 and scroll down through the long list of these 21 exploitable weaknesses that were just fixed with this week's Java update.

Here is how the impacts of the 21 patched vulnerabilities break down:

• Execution of arbitrary code on unpatched machines: 10


• Disclosure and/or manipulation of sensitive data (espionage, sabotage, data theft): 8


• Code escaping the Sandbox security field (system invasion): 1


• Denial Of Service (DOS) on a server running Java: 1


• Infinite Loop condition (Denial of use of browser, user's Desktop, or even the entire computer): 1

Of these 21 vulnerabilities, the one about the infinite loop is the most interesting, from a mathematical viewpoint:

An error in the "doubleValue()" method in FloatingDecimal.java when converting "2.2250738585072012e-308" from a string type to a double precision binary floating point can be exploited to cause an infinite loop.

This infinite loop condition could be used to sabotage a particular computer, or a network, or computers that manage electro-mechanical systems, reactors and municipal utilities.

The vulnerabilities that allow arbitrary code usually lead to complete takeover of infected machines by cyber criminals. They use these vulnerabilities to download remote control backdoor Botnet executables (used to send spam or launch DDoS attacks), to install hidden rootkits to oversee and protect other installed malware; like data stealing keyloggers to empty your bank, PayPal and stock accounts and fake/rogue security programs that extort cleanup money from victims owning the infected computers.

Go here to download the latest Java Virtual Machine, or go here to see if you have the latest version, or an older, vulnerable version. You must make sure that older versions are uninstalled from your computers, not just left behind. Malware can still exploit older versions left on a computer by specifying the original default path to their executables and JAR files. The new version of Java does remove older versions of the same series, but not previous ones. You'll need to uninstall them manually, via Control Panel (Windows) , or drag them to your Mac's Trash Can.

You can check the security and patch availability status of many types of commonly installed software by routinely running the Secunia Online Software Inspector, which ironically runs on Java technology.

Now, go fix yourself a cup of Mocca Java and get busy updating Virtual Java on all of your computers (including Mac and Linux)!

Posted by Wiz at 3:49 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

It's been over a month since I published a roundup of security news and bulletins that have a major impact on computer users. Quite a lot of vulnerabilities and fixes have been announced just in the first 11 days of this month. Links are provided to obtain patched versions of affected software. All of these are very serious and could be, or are being exploited in the wild. I will start with the newest announcements and work my way back to early January.

Oracle Releases Security Alert for Java Runtime Environment
February 10, 2011

Oracle has released a security alert to address a vulnerability in the Java Runtime Environment (JRE) component of the Oracle Java SE and Java for Business products. Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition. To cut through the geek-speak, this involves the Java "plug-in" that many computers use in the browsers to be able to use and interact with Java Applets in web pages. This plug-in, as well as the standalone version of Java need to be updated as soon as possible, if not sooner.

The new Java is coded Version 6 Update 23 - for Windows, Solaris, and Linux. Go here to download the latest Java Virtual Machine, or go here to see if you have the latest version, or an older, vulnerable version. You must make sure that older versions are uninstalled from your computers, not just left behind. Malware can still exploit older versions left on a computer by specifying the original default path to their executables and JAR files.

I want you to be aware that Java is the most frequently exploited browser plug-in for the last year. When an update is released, do not delay in applying it. Java normally is setup for automatic updates. You can verify this, or even change the frequency of checking, via Control Panel > Java > "Update" tab.

Google Releases Chrome 9.0.597.98
February 10, 2011

Google has released an updated version of their Chrome browser: Chrome 9.0.597.98, for all platforms to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. This update also includes a recently released version of Adobe Flash Player that repairs several vulnerabilities.

If you have the Chrome browser installed, open it and click on the wrench icon to the right side of the browser, which opens the Tools menu. From there, click on "About Google Chrome" - which launches a check for updates, or tells you if it has already updated itself in the background (it does that via the Google Updater).

Adobe Releases Security Update for Flash Player
February 9, 2011

Adobe Flash Player has also been updated this week, to version 10.2.152.26, to address multiple vulnerabilities in Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. (This leads to taking over your computer, if you operate with Administrator level privileges)

You can download the latest version of Flash Player from the Adobe Flash Player page. If you have the Windows operating system and use other browsers too, you'll need to visit the Flash Player page once with Internet Explorer, and once with Firefox, or Opera. Google Chrome maintains its own installation of Flash and updates the entire browser when Adobe updates the Flash plug-in.

Find out what version of Flash Player you have installed, for Internet Explorer and your other browsers, on the Adobe About Flash page. Only install Flash Player at Adobe.com! Criminals use fake Flash Player icons and links to fool people into installing Trojan Horse Botnet programs, from hostile web pages linked to in spam emails.

RealNetworks, Inc. Releases Security Updates for RealPlayer
February 9, 2011

RealNetworks, Inc. has released security updates to address a vulnerability affecting Windows RealPlayer 14.0.1 and earlier versions and RealPlayer Enterprise 2.1.4 and earlier versions. Exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the browser. You can update your version of RealPlayer here.

Adobe Releases Updates for Adobe Reader and Acrobat
February 8, 2011

Adobe has released updates for Reader and Acrobat to address multiple vulnerabilities affecting the following software versions:

* Adobe Reader X (10.0) and earlier versions for Windows and Macintosh
* Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh, and Unix
* Adobe Acrobat x (10.0) and earlier versions for Windows and Macintosh

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with escalated privileges, or conduct cross-site scripting attacks.

At this time, updates are available for the Windows platform. Adobe indicates that it plans to release updates for Macintosh and Unix the week of February 28, 2011. All recent versions of Adobe Reader and Acrobat are now set to automatically check for updates. I still recommend manually checking by opening Adobe Reader, clicking on Help, then "Check for Updates."

Adobe Reader updates require Administrator privileges.

Patch Tuesday Windows Updates

Microsoft released a bunch of Windows Updates on Patch Tuesday, February 8, 2011. If you operate a Windows XP (with SP3), Vista, or 7, or Server 2008, you need to make sure you have received all updates available for your computers. There is a link to do so in your Start Menu, and in Internet Explorer's Safety menu.

Webmaster Alert! WordPress Releases Version 3.0.5
February 8, 2011

WordPress has released WordPress 3.0.5 to address multiple vulnerabilities. Execution of these vulnerabilities may allow an attacker to conduct cross-site scripting attacks or obtain sensitive information.

To download WordPress 3.0.5, update automatically from the Dashboard > Updates menu in your site's admin area or visit the Wordpress.org current stable version download page.

This updated followed closely on the heels of a previous mandatory security updated for WordPress, which was version 3.0.4, which was released on January 3, 2011.

That is the roundup for January 3, through February 11, 2011. You can keep up with all of these updates by using the Secunia Online Software Inspector. It scans your computer, using Java, then displays a readout of any vulnerable software it finds, along with links to download the latest versions.

Posted by Wiz at 10:14 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

On Patch Tuesday, January 11, 2011, Microsoft re-released an update that fixes the three issues identified in the December 14, 2010 Office Update for Microsoft Outlook 2007 (see my extended content for details). The original December update was withdrawn three days later, following numerous complaints about problems caused by that update. The new update released on January 11 was distributed by Microsoft Update and referenced as updated KB article KB2412171.

If you did not uninstall the December Update for Outlook 2007, then the update released on Tuesday, January 11, will fix the three known issues which you may be experiencing. It can be installed over the previous patch; thus, patching the patch.

If you did uninstall the December Update for Outlook 2007, then you can benefit from the new January update. To receive the January 11 update you can either run Windows Update on your computer; or download and install the update directly from the Microsoft Download Center. If you have automatic updates enabled, you will receive this update automatically.

Coincidentally, This re-released Office 2007 update has also patched a long standing vulnerability in the allowable Dynamic Link Library path; which was being targeted in published exploit kits used by hackers and criminals. The list of known applications affected by that particular Dll path vulnerability are listed on the Insecure Library Loading advisories page, on Secunia.com. Microsoft had 20 of its programs listed as being exploitable. Now, half have been patched; and it took five months to fix those 10. The list first appeared on August 24, 2010.

Continue reading "Microsoft re-releases previously canceled update for Outlook 2007" »

Posted by Wiz at 5:59 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

It has taken the Microsoft code writers 15 weeks to patch just half of the insecure library loading vulnerabilities they announced on August 23, 2010. These patches were released with the December 14, 2010 Windows Updates.

I first wrote about the insecure library loading vulnerabilities back on October 10, 2010. At that time there were 176 programs, 20 of which belong to Microsoft, that were affected by the underlying vulnerability in how applications can call on a .dll file (Dynamic Link Library) when a program loads in Windows (this is a Windows flaw). Now, there are 239 exploitable programs on list of vulnerable programs, maintained by the security firm Secunia.

It was revealed on August 23, in Microsoft Security Advisory 2269637, that Windows itself allowed for a wider range of actual paths to be searched when a ".dll" file was requested than most thought was the case. These paths allowed a software program to specify a remote location for a required dll file, which could include the Internet! Many commonly used programs could be exploited by adding a line of code that changed the path to their dll files. This made it possible for malware writers to infect Windows PCs by tricking users into opening their own installed vulnerable applications, that they had exploited to request remote mal-crafted dll files, instead of the legitimate files installed by the program.

Here is what I wrote about this remote vulnerability:

the security firm Secunia has identified 176 programs that can be exploited by directing one of these applications to load a remotely hosted hostile file, when the targeted program opens, or opens an associated file. The exploited files are .dll libraries, which just about every Windows program uses as includes to add functionality to the main program executable. The .dll files are actually executable files, but only when called by another executable.

On November 9, 2010, Microsoft released critical patches for several of its newer MS Office applications, one of which plugged a security issue involving .dll path hijacking. It took an additional 5 weeks for them to patch another 9 programs, on December 14, 2010. This brings their new total for MS programs affected by the insecure library loading issue to 10. Unfortunately, three of these unpatched programs include Windows XP Home, XP Professional and Windows Live Mail. Millions of people are using those operating systems and that email client!

Since there are still 10 Microsoft programs, include operating systems remaining exploitable, plus 229 from other very popular software companies, I recommend that technically adept PC users read the information on this Microsoft Support Article 2264107 and apply the Fix It Tool about half way down the page. You must first apply a Registry change, in the beginning of that article, before the Fix It Tool will work.

In the meantime, apply all available Microsoft patches, especially those for MS Office programs, and read the Secunia list of vulnerable programs, and apply the Fix It recommendations from Microsoft. As the other software companies released patched versions of their programs, you should install those new versions.

Posted by Wiz at 12:01 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

On Thursday, August 19, 2010, Adobe released critical "out of cycle" security updates, 9.3.4 and 8.2.4, for its commercial Acrobat PDF encoder and free Adobe PDF Reader programs. Today's updates fix at least two critical vulnerabilities that are being exploited in the wild. Exploitation of these vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Updates are available for Windows, Mac and UNIX versions of these Adobe programs. Windows users may receive automatic updates notices, or may be auto-updated, depending on how you have set your updater preferences (Edit > Preferences > Updater). You can also check manually, buy going to the Help menu item, then down to "Check for updates." An updater window will open separately, download the new version upon receiving your permission. It will close Reader or Acrobat, then install then new version. If you were working on any PDF documents, save them and exit the application during the update phase. It may take some time to complete (I don't know why, it just does!).

The official Common Vulnerabilities and Exposures code for today's update is: CVE-2010-2862, which was discussed and demonstrated at the Black Hat USA 2010 security conference on Wednesday, July 28, 2010. The actual vulnerability is described as: "Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table."

Further details are: "Network exploitable; Victim must voluntarily interact with attack mechanism" - which they are tricked into doing.

Vulnerability details were provided and/or discovered by: Charlie Miller, Independent Security Evaluators, and Tavis Ormandy, Google Security Team.

All of this follows on the heels of another out-of-cycle critical update in Adobe's Flash Player, on August 11. It appears that Adobe Acrobat and Reader bundle a version of Flash inside the program, and that version was exploitable, via authplay.dll. The new updates to Reader and Acrobat supply the latest, patched version of Flash, bundled inside those programs.

Posted by Wiz at 4:30 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

August 11, 2010

Adobe Releases Security Update for Flash Player: Adobe has released Flash Player 10.1.82.76 to address multiple vulnerabilities. See Go here for the details.

See what version of Flash you have installed for each browser brand, here. If you use the current version of Firefox it will tell you to update Flash, when a new version has been released. Internet Explorer users still need to go to Adobe and update the ActiveX version manually.

Due to exploits in the wild, you are strongly advised to update your Flash players now! Adobe recommends users of Adobe AIR 2.0.2.12610 and earlier versions update to Adobe AIR 2.0.3, by downloading it from the Adobe AIR Download Center.

Note, that previously, one could navigate to C:\Windows\System32\Macromed\Flash and use the FlashUtil(version#).exe application to run a manual update. Those files no longer work that way. Now, the FlashUtil apps uninstall Flash, rather than update it. You can download the new Flash installers, named: install_flash_player_ax.exe, for Internet Explorer based browsers, and install_flash_player.exe, for Mozilla based browsers (non-ActiveX), from the Adobe Flash Download Center. Administrator privileges are required to install or update Flash via these installer files. Use "Run As" (Administrator & password) if necessary.

A word of warning!
As you browse the Internet, or read emails about watching movies online, always beware of any links that take you to a page that tells you to update your Flash Player, but the link does not go to www.adobe.com, or http://www.adobe.com/go/getflash/ . Cyber criminals are famous for creating fake Flash and YouTube players, with a spinning circle in a black player screen, telling you that your Flash Player needs updating and click there. If you hover your mouse over those links you may or may not see that they never leave that website. The files you are about to downland and run from these fake web pages are Trojan Horse programs designed to make your PC a member of a Botnet, or install rogue security scanners, or a login stealing Trojan, like the Zeus/Zbot Trojan.

If you are tricked into clicking on a fake media player and a download dialog appears, dismiss it immediately, then close your browser. Use your anti-virus scanner to see if malware was downloaded into the browser's cache and remove it, or clear the cache. Always update your anti-malware definitions before scanning for new threats.

Posted by Wiz at 1:43 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

Vulnerability identifier: Adobe security advisory APSB10-15 - a.k.a. CVE-2010-1297

On June 29, 2010, Adobe is planning to release updates for Adobe Reader 9.3.2 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.2 for Windows and Macintosh, and Adobe Reader 8.2.2 and Acrobat 8.2.2 for Windows and Macintosh to resolve critical security issues in the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This has been known about since June 4 and is being exploited in the wild.

According to the advisory, "the June 29, 2010 updates represent an accelerated release of the next quarterly security update originally scheduled for July 13, 2010. With this accelerated schedule, Adobe will not release additional updates for Adobe Reader and Acrobat on July 13, 2010."

UPDATE: June 29, 2010

As scheduled, Adobe has released patched versions 9.3.3 and 8.2.3 of its pdf Acrobat and Reader. 17 vulnerabilities were fixed in this update, including one zero-day flaw that has been exploited in the wild. I applied this update to my XP SP 3 computer and it required a reboot to complete, and your computer may also require a restart, depending on the OS. Be prepared to save any work in progress and reboot after you receive this update, whether manually or automatically.

Adobe warned about that vulnerability, which also affected Flash Player, on June 4, 2010, and plugged the hole in Flash on June 10. If you haven't updated Flash for all of your browsers, do so now, at http://www.adobe.com/go/EN_US-H-GET-FLASH, or from http://get.adobe.com/flashplayer/.

If you are currently using the latest version of Adobe Reader or Acrobat, you should have automatic checking for updates and notification of availability turned on by default, unless you purposely turned this safety feature off. That means that when the check for updates is run after these updates are pushed out, you will be notified about their availability and can download the update. If you set your Updates preference to automatically download and install the updates, this will happen automatically, in the background. This could be the same day, or the next day, depending on what time your Adobe Reader checks for updates. You can also run a manual check for updates, via the Help menu > Check for Updates.

You can set or reset your preferences for Adobe Reader and Acrobat update checking, via Edit > Preferences > Updater. I recommend "Automatically Install Updates." Note, that you must use Administrator credentials to check for and apply updates to Adobe Reader and Acrobat. This can be done from a less privileged account by right clicking on the desktop or Start Menu icon for Adobe Reader/Acrobat and choosing "Run As" (Administrator).

If you are running Ubuntu or Debian Linux, you must update Adobe Reader via the Updates Manager, found under the Menu item: Administration. An Administrator password is required to check for and install updates.

Please apply the security update to all PCs running Adobe Reader and or Acrobat, as the vulnerability is critical and if exploited, may lead to complete takeover of unpatched PCs. From that point on, anything goes.

Posted by Wiz at 12:18 AM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

According to a security bulletin posted on Adobe.com, on April 13, 2010 they will be releasing updated version 9.3.2 of Adobe's PDF Reader and Acrobat PDF encoder software, for Windows, Mac and Linux/Unix operating systems. This is a critical update that will correct a feature that has been demonstrated to be an attack vector that can be used by criminal exploiters. There is also going to be an update from version 8.2.1 to v 8.2.2 for Windows and Macintosh platforms using that version.

If you have installed Adobe Acrobat or Reader 9.3.1 and chosen to set the preferences to automatically check for and apply updates, you should receive the new version when it is released in your timezone, on April 13, 2010. If you haven't set that preference, you can do so now, by following these steps...

Open Adobe Reader 9.x. Click on Edit. Scroll down to the bottom of the flyout options and click on "Preferences." When the Preferences box opens go to the last entry on the left, labeled "Updater" and click on it. In the left options select "Automatically install updates." Click OK to save your changes.

If you cannot allow the automatic updater to be enabled, due to company policy or paranoia, you should check for updates manually, by opening Reader or Acrobat, then go to the "Help" menu item, then click on the flyout option "Check for Updates." You must have Administrator privileges to check for updates, or to alter the automatic updater preferences.

The feature that is being patched on April 13 is a command known as "/Launch /Action" - which has been a part of Adobe' Reader and Acrobat for a long long time. Adobe's Reader and Acrobat are able to open or launch embedded and external applications by using this function, but they first display a dialog box requesting the user's permission. The wording inside the dialog box can be set by the author of the PDF file in question. This would allow a criminal or hacker to craft words designed to fool users into thinking that they were doing the right thing by opening an application or executable that may be embedded within the PDF package. This could be accomplished by social engineering tactics, such as are already used successfully in various Phishing attacks. They could make a PDF document look like a message from your bank or loan company, with authentic logos, then present the Open dialog box with wording to the effect that you must click Open to submit the enclosed form. You could be fooled into installing a keylogger, or Bot malware on your PC, just like that.

As was demonstrated by researcher Didier Stevens, on March 29, 2010, if a user receives such a specially crafted PDF file and is tricked into allowing the Launch action to take place, their computer could become infected with an embedded virus, or malware downloader, or the default browser could be opened to a URL where malware attacks could be launched. Furthermore, another proof of concept exploit has been demonstrated showing the this attack could be used to infect other clean PDF files on that computer, turning the original malware laden PDF file into a replicating Worm.

If you don't want to wait for Adobe's patch to be released on April 13, you can manually disable the feature that allows the exploit to occur. Just open the Adobe Reader or Acrobat Preferences (under Edit), find the left sidebar option labeled "Trust Manager" and click on it. When the Trust Manager options load, uncheck the top option labeled: "Allow opening of non-PDF file attachments with external applications." Click OK and you are protected from this particular exploit vector.

While the Reader/Acrobat Preferences are still open, consider disabling JavaScript (under "JavaScript") and/or displaying of PDF documents in Web browsers (under "Internet"). That fixes two other attack vectors already in use by malware authors. If you find that you need JavaScript to fill in forms or read certain documents, just re-enable it as needed.

You can really reduce your computer's likelihood of becoming infected by operating with non-Administrator rights. If you use Windows XP Home you can demote your account to Limited User, while XP Professional users can become Power Users. Vista and Windows 7 has a new account type called Standard User and that is what you should use for your every day operation. You should read my recent post explaining how 90% of critical Windows vulnerabilities can be mitigated by removing Admin rights from an account.

Posted by Wiz at 1:11 AM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

On Monday, November 2, 2009, Microsoft began using Automatic Windows Updates to forcibly push out a re-release of a critical patch for its Internet Explorer browsers. Monday's hotfix, named KB976749, targeted MS09-054, originally released on October 13, 2009. That update patched four vulnerabilities, all "critical," in Internet Explorer. It was the third fix released for last month's Windows Updates! Whew!

Microsoft Knowledge base article KB976749 outlines the two issues, one that scrambles Web page elements, while the other spawns a "Type Mismatch" script error on sites that use VBScript, or a mix of VBScript and JavaScript. That article is titled: "An update is available for Internet Explorer that resolves issues that occur after you apply security update 974455 (MS09-054)."

The following warning appears on the aforementioned page:

Important Do not install this update if you have not installed security update 974455. If you install this update without first installing security update 974455, Internet Explorer may not work correctly. If this occurs, uninstall this update, install security update 974455, and then reinstall this update.

This update affects all versions of Internet Explorer, from 5.01 through 8.x. So, if you applied last month's Windows Updates (Oct 13, 2009) and allowed the IE patch to be installed, you will need to install this patched patch.

Many people will have already received this update automatically by the time I published this blog article. It requires a reboot to install the patch and you will be logged off and your PC will restart automatically, unless you intercept the pop-under notice giving you a 15 minute warning before shutdown (Maybe it was 20 minutes to start. When I first noticed it the timer said 15 minutes). Even Power Users and probably Limited Users are affected by the automatic installation and reboot process, if your PC is set to install Windows Updates automatically.

BTW: The "Restart later" button was grayed out for me, so I was forced to save all work in progress, close open applications to avoid data loss, then use "Restart Now" to let the inevitable update complete. The aggravating part of this process was that I don't browse at all with Internet Explorer! I only open it to obtain Windows Updates, after logging into a Administrator level account, or to check layouts of websites I design and maintain. I do all daily browsing on Mozilla's Firefox, using latest version. I operate as a Power User and was forced to allow the installation and forced reboot. Not much finesse on Microsoft's part.

Note, that if this patch causes you more problems that it solves, you can uninstall it via Control Panel > Add/Remove Programs, with the Show Updates option checked. After rebooting you will be rolled back to the previous state of "patchedness."

Note also that one can only avoid these forced installation/reboot routines by disabling Automatic Windows Updates. Anything less will allow critical patches to be downloaded and installed if you are browsing on a less privileged account type. People who (foolishly, in my opinion) insist on using Administrator level accounts will at least see the gold shield tray icon notification that an update is available. or has been downloaded. By the time a Power User sees the shield, the countdown timer has starting its countdown to a forced restart.

Posted by Wiz at 5:38 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

I have a couple of new items to alert my readers about today. First, Sun Corporation has just updated their Java Virtual Machine (JVM) to version 6, Update15 (build 1.6.0_15-b03), fixing vulnerabilities announced by Microsoft in ATL components of Visual Studio. Apparently, Java itself used some of the vulnerable ATL modules and had to re-code the JVM to prevent it from being exploited in drive-by attacks against these components. Go to www.java.com to download and install the current version of Java from your browser. You can also manually choose an online or offline setup version for various operating systems, from this page.

As of today, updating the Java VM does not automatically uninstall older versions of Java. This is by an executive decision made by Sun Corp. They are afraid of breaking existing programs that depend on certain versions of Java. However, cyber-criminals are known to write codes pointing to the default installation paths of vulnerable versions of Java. If you leave an exploitable Java executable on your computer, then accidentally surf to, or get redirected to a hostile website, that version of Java can be used against you! If at all possible, if you aren't running a critical application that depends on an older version of Java, uninstall older versions after you update to a new version. You must close all browsers for the updates to take effect. If an application stops working properly after you update the Java VM, go to the manufacturer's website or look for a built-in check for updates link, to see if they have released a patched version to work with the new JVM.

The second matter affects Windows PC users who download Hotmail messages to their desktops, via Microsoft's Outlook, Outlook Express or Entourage programs. Microsoft has decided to make code changes to the way the Hotmail email servers work and these changes will cause Outlook and Outlook Express to stop sending and receiving Hotmail messages on September 1, 2009. Hotmail is now called "Windows Live Hotmail."

To continue to receive e-mail from your Hotmail account, you will have to select one of the alternative solutions below before September 1, 2009. After that day, new Hotmail e-mail can only be delivered to, or sent from your mail programs through the following alternative solutions. However you can continue to view and send your Hotmail messages via your web browsers.

If you use Microsoft Office Outlook to view Hotmail, you can download the free Office Outlook Connector to continue accessing your Windows Live Hotmail within Outlook 2003 or 2007. If you run an older version, read this information.

If you use Outlook Express (OE) to view Hotmail, you can choose to download the free Windows Live Mail (WLM), which resembles Outlook Express, but is much more powerful, less prone to crashes and contains a junk filter. You can import all of your saved .eml messages and accounts from OE into WLM (via Export/Import, or drag and drop between email clients). You can also import your personal folders from OE. The view is a little different, but you'll get used to it. You can find help on this page with exporting messages from Outlook Express into WLM.

If you are using Entourage to send and receive Hotmail, read these instructions to continue connecting to the new servers.

Why did this change happen? Because Microsoft Outlook, Outlook Express, and Entourage use a legacy communications method, known as the DAV protocol, to access Hotmail. Because the DAV protocol is not optimally suited for programs to access large inboxes such as Hotmail which now provides users ever-growing storage*, new alternatives have been built. Microsoft postponed their initial plans to retire the DAV protocol until more options were available. Now that these options (including the POP3 protocol) are available, they are ready to retire the DAV protocol, on September 1, 2009.

Posted by Wiz at 4:04 AM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

July 25, 2009

There are some new vulnerabilities to be alerted to that are being exploited in the wild right now and may impact you. Some affect Windows computers, while others are cross platform (Linux, Mac, Solaris). Foremost among the vulnerable software are Internet Explorer, Visual Studio components and three Adobe programs.

First off, Microsoft just announced that they will be releasing two out-of-cycle security patches on Tuesday, July 28, 2009. This is very rare for Microsoft, who mainly stick to a Patch Tuesday happening just once a month schedule. The two vulnerabilities are being actively exploited in the wild and cannot wait until August 11 to be fixed. Too many PCs would be compromised by then.

If you have followed Microsoft's recommendation and set your Windows PCs to download and install Windows Updates Automatically, you will receive them sometime during the day of July 28, 2009, depending on where you are located. For folks living in the Eastern US time zone these updates will probably show up around 2 PM. If you are going to be away from your PC during that afternoon you should save any work in progress, because Windows Update will reboot your computer without interaction, if required to install those updates, after popping up a pending shutdown alert. If you aren't there to dismiss that alert your PC will be automatically rebooted to finish installing these critical patches.

Adobe has three products being exploited by cyber criminals this week. They are Adobe's Acrobat, Reader and Flash Player. This time the exploit lies in the way in which Adobe Reader and Acrobat are set to automatically run embedded Flash code whern a person opens a .pdf document (pdf = Portable Document Format) in any current version of Reader or Acrobat. In case you were wondering, Acrobat is an expensive program used to create pdf documents. Reader opens them for reading and printing. Flash is active content for interactive forms and video presentations on web pages, or for embedding into pdf files. YouTube videos are encoded using Adobe Flash and are viewed in Flash Player.

Adobe will be releasing patches on two days this month. An update for Flash Player v9 and v10 for Windows, Macintosh, and Linux will be available by July 30, 2009. They expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX by July 31, 2009. While you patiently wait for those patches you can protect you computers from getting hacked from hostile pdf documents by applying two officially recommended workarounds.

UPDATE:
August 2, 2009

Both Microsoft and Adobe did release the promised, out-of-band, critical updates, fixing the reported vulnerabilities in Microsoft's Internet Explorer and Visual Studio ATL and in Adobe's Flash, Reader and Acrobat. If you have not already done so, please run the Secunia Online Software Inspector, to see what insecure software is installed on your computers. Download links are provided in its report.

Note: If you are a programmer and have written any code that utilizes the Microsoft Visual Studio ATL, you may need to make changes to get those controls working again. See this MSDN page for more information about how the security update of 7/28/09 will impact your code.

Details about the Adobe vulnerabilities and their workarounds are in my extended content.

Continue reading "Microsoft and Adobe to release out-of-band patches" »

Posted by Wiz at 6:29 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

There have been significant program updates issued for Microsoft Windows, the Firefox browser, Adobe Acrobat and Reader and Apple's QuickTime browser plug-in. All updates were released this week to fix critical vulnerabilities that were reported and were being exploited by hackers and cyber-criminals. These criminal elements hijack legitimate websites and install hidden codes to redirect innocent visitors to hostile websites loaded with exploit attack codes.

Most of the successful attacks exploit vulnerabilities in browsers (usually Internet Exploder), or their installed add-ons and plug-ins. like Apple QuickTime, Adobe Flash and Reader (and other PDF readers) and Sun's Java plug-in. If any of these items are a vulnerable version you may have your computer hijacked by cyber-criminals who will make it a zombie member of their Botnet. This will turn your PC into a spam machine, or it could be used to attack websites or Governments, with whom the hackers have a difference of opinion.

In order to stay safe from the barrage of hack attacks targeting browsers and their plug-ins it is imperative that you keep Windows and its components and all third party add-ons up to date. One way is to always select the option to automatically check for, download and install updates to those programs. If there is no automatic update mechanism for a program you use you should check to see if it has been updated. This could be at the manufacturer's website, or by using the free Secunia Online Software Inspector (requires current version of Java).

The details of this week's updates are below, in my extended comments.

Continue reading "Windows, Firefox, Adobe Reader and Apple QuickTime updated" »

Posted by Wiz at 1:07 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

From the security desk of Wiz Feinberg
March 11, 2009

On March 9 and 11, Foxit then Adobe released patched, updated versions of their PDF readers, responding to critical vulnerabilities, like the JBIG exploit, currently being exploited in the wild. Until the Foxit patch was announced on the 9th, many people believed that it was a safe alternative to the Adobe Reader. Not so. The Adobe exploits are targeting all Reader and Acrobat versions 7, through 9.0.

Foxit has patched three critical vulnerabilities with version 3.0 Build 1506. You can download the latest patched Foxit PDF Reader here. Interestingly, Foxit was only notified about these exploitable vulnerabilities a few weeks ago, in mid-February and were able to push out a patch in a short time.

Adobe, on the other hand, has been aware of the vulnerabilities in it's PDF Reader and Acrobat PDF encoder for three months (since early January 2009) and just today released the patch. When these security concerns were publicized Adobe recommended disabling JavaScript and browser plug-in functions in the Adobe Reader and in Acrobat. However, it was later demonstrated in a lab test at Secunia that Reader and Acrobat are still exploitable with these functions disabled. The patched versions released on March 11 finally plugs the holes that allow these exploits to occur. JavaScript and displaying a pdf in your browser can now be re-enabled, after you upgrade to Adobe Reader and Acrobat 9.1. Older Readers version 7 and 8 x will be patched on March 18, 2009.

You can download the current version of Adobe Reader here. This Adobe page has links to patch your version of Adobe Acrobat.

Adobe has published a security bulletin about the vulnerabilities affecting its Reader and Acrobat software, with the dates the vulnerabilities were announced and the release dates for the patches. This page goes far back and shows how they have responded to exploitable weaknesses for years.

If you missed the news, Adobe also released a patched version of Adobe Flash Player, on February 24, 2009. Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87 by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.

The risk of browsing the Internet or opening emails containing links to or attachments containing rigged Flash and PDF files, without being fully patched against the exploit codes, is total system compromise. There have been malicious Flash banner ads released through some affiliate ad services that are capable of redirecting your browser to a hostile web server, where it will attempt to forceably and invisibly download exploit codes to your computer, if you have installed a vulnerable version of Flash Player, or Adobe (PDF) Reader or Acrobat.

You can scan your PCs online at Secunia.com, using their Online Software Inspector tool. It requires Java to operate and will report on any missing Windows patches, as well as any left over insecure versions of third party applications, like Flash, Reader and Java. It provides direct download links to obtain the latest patched versions, plus shows you the exact path to the old, exploitable versions still installed on your PC. I use it and recommend you do so every week, say on Tuesday evenings (after Windows Updates are released on Patch Tuesdays). It usually takes under a minute to complete the online scans. You must uninstall old software and install the updates yourself.

Posted by Wiz at 8:32 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

A faulty definitions update issued on November 9, 2008 caused AVG Anti Virus 7.5 and 8.0 (free and paid versions) to either automatically or manually delete and/or quarantine a required Windows XP System file; User32.dll, as soon a scheduled scan came to that file, or when a user opened the System32 directory to search files in it. Without this file in the System32 directory, Windows will not boot! AVG released updated definitions shortly thereafter to fix the false positive detection. If your computer was still on and you checked for AVG updates again before shutting it down, you may have received the patched definitions and are OK to operate as usual. You will know the next time you reboot or shut down and restart your computer!

If this bad update occurred while your PC was operating and you either rebooted, or shut it down, before obtaining the updates that fixed the false detection, it will not boot into Windows again until you disable the AVG Resident shields using the Recovery Console and restore user32.dll from a backup image, or location, or from your Windows XP CD.

The system can be restored by using the Windows XP Recovery Console to copy a backup of User32.dll into the System32 directory. If you have already installed the Recovery Console as a boot option, boot into it, then run the copy command listed in the next paragraph.

If you haven't installed the Recovery Console, but you do have your bootable Microsoft XP CD, it contains the Recovery Console. Boot from the Microsoft Windows XP CD and choose Setup Option "R" to Repair your Windows Installation using the "Recovery Console." You will be taken to a black screen with white text which will halt at a blinking command prompt (just like MS DOS). The Recovery Console command to type in would be as follows:

copy c:\windows\system32\dllcache\user32.dll c:\windows\system32\user32.dll

Press Enter and wait a second or two. If it reports "1 file copied" then the Windows boot portion of the problem is fixed. However, you will still need to disable the AVG Resident shields from the Recovery Console, as described in my extended comments and on the AVG Support website, until you are able to boot into Windows and run a manual check for AVG updates and receive the patched definitions file. Don't forget to reactivate the resident shields after updating the definitions (as described in my extended comments or on the AVG Support site)!

If the above code fails, try the following:

copy c:\windows\servicepackfiles\i386\user32.dll c:\windows\system32\user32.dll

If that doesn't work you will have to expand and copy it from the XP CD, as follows:

copy d:\i386\user32.dl_ c:\windows\system32\user32.dll

The above uses drive letter "d:" as the source for the CD drive containing the recovery media. Your CD drive letter may be different, depending on how many hard disks or partitions you have installed. So, for instance, if your Windows CD is in drive F, substitute F: for D: in the last command.

If this, or another update or software installation has crippled your PC and you use Acronis True Image to make daily backups, insert your bootable Acronis Recovery CD (you were told to create that CD when you installed Acronis True Image), boot into the rescue interface, locate the most recent backup of the entire computer and restore it to the C drive. You should be up and running within about a half hour, or so.

If you don t have any recent backup images, nor a Windows operating system CD, your OEM hard drive might have a hidden recovery partition on it. Reboot your computer and press the Pause key when the first screen appears. It will usually contain information about pressing a particular key to restore your computer to "Day-1" condition. You will lose everything you have saved or created since that day, but at least the PC will boot into Windows. This is a worse case scenario for most of you.

Continue reading "AVG False Positive Cripples Windows XP PCs, on November 9, 2008" »

Posted by Wiz at 4:48 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

May 2, 2007

Apple today released QuickTime 7.1.6 for Mac and QuickTime 7.1.6 for Windows which delivers numerous bug fixes, addresses a critical security issue with QuickTime for Java and includes support for:

Final Cut Studio 2
Timecode and closed captioning display in QuickTime Player

This update is recommended for all QuickTime 7 users, including Firefox users. (Firefox uses the QuickTime Plug-in which is vulnerable and needs updating)

About the security content of QuickTime 7.1.6:

CVE-ID: CVE-2007-2175
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9, Windows XP SP2, Windows 2000 SP4

Impact: Visiting a malicious website may lead to arbitrary code execution

Description: An implementation issue exists in QuickTime for Java, which may allow reading or writing out of the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously-crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. The code will run with the privileges of the target user.

QuickTime 7.1.6 is available via Software Update and also as standalone installers, using the following links:

QuickTime 7.1.6 for Mac (43.6MB)
http://www.apple.com/support/downloads/quicktime716formac.html

QuickTime 7.1.6 for Windows (19.1MB)
http://www.apple.com/support/downloads/quicktime716forwindows.html

The official Apple advisory is available at:
http://docs.info.apple.com/article.html?artnum=305446

Posted by Wiz at 7:54 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

Three flawed Windows security and driver updates were released on Patch Tuesday, February 13, and continued through Friday, February 16, 2007. The first one involves a defective "signed" VIA IDE driver update that places most computers into endless reboot cycles. The second involves installing an unnecessary Alps Pointing Device driver, on computers that don't have such a device. The third is a patch for PowerPoint that fails to fix the stated vulnerabilities it is meant to address.

The flawed VIA Primary IDE driver only appeared under optional Hardware Updates, if you ran manual updates, using the Custom Option. I first became aware of the problem on Friday, February 16, when I performed Windows Updates for a client, at his office. The first and second machines to receive updates had the VIA Primary IDE Driver listed under Hardware Updates, so I installed it and rebooted, and rebooted, and rebooted... After the third time I realized that there was a problem with that driver and I used F8 to get to the boot menu, where I selected "Last Known Good Configuration," which succeeded in getting back into Windows. From there I right-clicked on My Computer, selected Properties, then Hardware, then Device Manager > IDE ATA ATAPI Controllers, then rolled-back the VIA Primary Channel IDE driver update to the previous driver, rebooted, and all was well again.

Another one of the Hardware updates seems to have placed an unwanted and unneeded Alps Touchpad/Pointing device driver and icon on the computers that did not have an Alps Touchpad attached to them. Using Device Manager > Mice/Pointing Devices I rolled-back the driver and the touchpad icon and other pointer problems were resolved, after a reboot.

The third problem was just announced via Microsoft Technet, in this security re-release notice: http://www.microsoft.com/technet/security/bulletin/ms06-058.mspx

Microsoft Security Bulletin MS06-058
Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
Published: October 10, 2006 | Updated: February 21, 2007

Recommendation: Customers should apply the update immediately

Security Update Replacement: This bulletin replaces a prior security update.

Why did Microsoft minor revise this bulletin on February 13, 2006?

Further investigation of CVE-2006-3877 as originally revealed that the update was not effective in removing the vulnerability from affected systems. The Microsoft Security bulletin, MS07-015 has been issued to properly address CVE-2006-3877 and customers should apply the updates in this bulletin immediately.

More information and links to download hotfixes are in the extended entry -->

Continue reading "Microsoft Releases Flawed Windows Updates in Feb 13-16, 2007 Patch and Hardware Updates" »

Posted by Wiz at 3:40 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

I am posting this for my viewers who use Apple's Mac operating systems, the percentage of which is not declining ;-)

Apple released Security Update 2006-007 in various versions. The update is available via Software Update and also as standalone installers.

Security Update 2006-007 is recommended for all users and improves the security of the following components:

- AirPort
- ATS
- CFNetwork
- Finder
- Font Book
- Font Importer
- Installer
- OpenSSL
- PHP
- PPP
- Samba
- Security Framework
- VPN
- WebKit
- gnuzip

About the security content of Security Update 2006-007:
http://docs.info.apple.com/article.html?artnum=304829

Continue reading "Apple releases Security Update 2006-007" »

Posted by Wiz at 6:20 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

YPOPs, a free POP3 email interface for sending and receiving Yahoo email via your POP3 email client, was updated on October 18, 2006. POP3 email clients include Outlook, Outlook Express, Thunderbird, Eudora, etc. If you use one of these programs and would like to be able use it to send and receive your Yahoo email, YPOPs will allow you to do so. Normally, Yahoo email must be accessed via HTTP, using a web browser. This program bridges the gap between HTTP and POP3 email.

I have written out instructions for configuring and using YPOPs on my Wiz's Workshop page. I am using YPOPs on various operating systems, including Windows Vista RC1. I am not affiliated with YPOPs in any way; I am just a happy user.

Download
You can download the latest version of YPOPs from Don Beusee's Download Site (He is involved in the project).

YPOPs Project information, documentation and discussion forums

Continue reading "YPOPs has been updated (delivers Yahoo email via POP3)" »

Posted by Wiz at 1:08 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.

Microsoft Security Bulletin MS06-055:

Vulnerability in Vector Markup Language Could Allow Remote Code Execution - Patched

Published: September 26, 2006

This information deals with the VML vgx.dll buffer overflow vulnerability announced on September 19, 2006, and the VML exploits that are currently in the wild.

http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx

VML Buffer Overrun Vulnerability - CVE-2006-4868:

A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows. An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially allow remote code execution if a user visited the Web page or viewed the message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft has issued an out-of-cycle patch for the Vector Markup Language vulnerability mentioned above and in a previous entry on my blog. This is a critical vulnerability and if you have not already obtained the patch you should do so immediately. Go to Windows Updates to receive it manually, or turn on Automatic Windows Updates (Control Panel > Automatic Updates), or visit the page linked to above and download the patch for your OS.

Undo the suggested Microsoft workaround if you applied it! See my extended comments for details.

Continue reading "Microsoft Patch MS06-055 Issued for VML Exploit" »

Posted by Wiz at 12:48 PM | Permalink

Get Norton 360 - All In One Security. Comprehensive, easy–to–use, all around protection for your computer, your browsers, your identity and your files! Read about the key features of Norton 360 Version 5.0.