Security News and Updates for Nov 8 - 21, 2010
There have been some very important security updates issued over the last 2 weeks, for commonly used and exploitable programs. Patching vulnerable software will help you protect your computers from hostile takeover, and/or having them drafted into spam botnets.
Here's the rundown of the latest updates that affect millions of computer users, the World over.
On November 9, 2010, Microsoft released critical patches for several of its newer MS Office applications. One patch plugged a security issue involving .dll path hijacking, which affects 20 top Microsoft programs, including Windows itself. Unfortunately, this vulnerability was not patched for Windows XP users running Office XP. Microsoft also released its monthly update to the Malicious Software Removal Tool. The MSRT runs during your Windows Updates process and automatically removes certain malicious software, such as botnets and other crimeware it has been updated to target.
Solution: Turn on Automatic Windows Updates. Set the time to check for updates to a time when the PC is usually on. Check manually by opening going to the Start Button, then up/over to the link for Windows Update, or Microsoft Update. Clicking that link opens Internet Explorer to the Windows Update page. Note; you must be logged in as an administrator to run manual Windows Update checks and installations.
Adobe comes through with a big update!
On November 16, 2010, Adobe released the promised security updates for its ubiquitous PDF Reader and Acrobat PDF encoder. The latest version is 9.4.1 and you can download it, and future updates, by opening Adobe Reader, or Acrobat, then go to Help, then click on "Check for Updates." If an update is available, take it! Vulnerabilities in Adobe Reader can lead to takeover of your computer, should you be tricked into opening a malicious PDF file (like those delivered in spam email as fake scanned documents, or fake courier delivery labels).
You can also download Adobe Reader updates directly from www.adobe.com. Click on the button for "Adobe Reader." This also installs an online PDF creation and sharing application called Adobe Air.
On November 12, 2010, Apple Released Mac OS X v10.6.5 and Security Update 2010-007, to address multiple vulnerabilities affecting a number of packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, conduct cross-site scripting attacks, cause a denial-of-service condition, or bypass security restrictions. Use your built in Mac software updater to get these critical patches.
On November 19, 2010, Apple Released updated Safari 5.0.3 and 4.1.3 web browsers, to address multiple vulnerabilities in the Safari and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
The Windows Applications Insecure Dll Library Loading vulnerability that was disclosed several months ago now has at least 222 programs on the Secunia list. Microsoft has 20 programs listed, with only one patched (on Nov 9). They have supplied a workaround and Fix It Tool that renders exploit attacks targeting these dll paths ineffective. I advise you to install the workaround and test your programs to make sure none break as a result of securing your PC from this exploit path.
That covers the most important security updates of the last two weeks. Stay tuned for more news as updates roll in. Criminals are not resting in their efforts to take over your PCs and you need to keep your guard up and your installed software updated. Also, operating your PC with reduced user privileges can render over 90% of malware ineffective and uninstallable. I have written several articles about this, including these:
Running a PC with reduced user privileges stops 92% of malware
Limited User Privileges Protect You
Windows 2000, XP, Vista & 7 User Account Privileges Explained
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.