2009 – Page 52 – Paul's Tech Talk

Upcoming Patch Tuesday for February 10, 2009

PaulFebruary 5, 2009

Microsoft Today has released the list of patches for February. Here’s the List of things they will patch:

Internet Explorer — Remote Code Execution (Require restart) [ CVE-2009-0075 CVE-2009-0076 ]

Exchange — Remote Code Execution (No Restart Required) [CVE-2009-0098 CVE-2009-0099]

SQL — Remote Code Execution (May Require Restart) [CVE-2008-5416]

Visio — Remote Code Execution (May Require Restart) [ CVE-2009-0095, CVE-2009-0096 and CVE-2009-0097]

[ad#ad2-right]

The list of affected operating configurations includes Windows 2000, Windows XP (x86 and x64), Windows Server 2003 (x86 and x64), Windows Vista (x86 and x64), and Windows Server 2008 (x86 and x64). Microsoft Exchange Server 2000, 2003, and 2007, Microsoft SQL Server 2000 and 2005, as well as Visio 2002, 2003, and 2007 are also affected.
[Via Arstechnica]

We got several Non-critical updates. Here’s the List of them, some of these are monthly updates and some are just interesting to look at:

Update for Windows Mail Junk E-mail Filter [February 2009] (KB905866)

Windows Malicious Software Removal Tool – February 2009 (KB890830)/Windows Malicious Software Removal Tool – February 2009 (KB890830) – Internet Explorer Version

Cumulative Update for Media Center for Windows Vista (KB960544)

Cumulative Update for Media Center TVPack for Windows Vista (KB958653)

Update Rollup for ActiveX Killbits for Windows (KB960715)

We got an Update to Media Center and TVPack for Windows Vista to resolve issues with software. The ActiveX Killbits issues have been identified in ActiveX controls that could allow an attacker to compromise a system that is running Microsoft Internet Explorer and gain control over it. So we don’t exactly know what what issues they are talking about. I hope this helps your system administrators get ready for this update. If I were you, I’d having Clone of Autopatcher ready for these updates. Remember to patch as soon as your company will allow, because waiting to long could make you have even more of an headache. I’ll update the others as soon as I find out the updates.

Scams about Stimulus Checks

PaulFebruary 5, 2009

It’s that time of year where people are hearing about the Stimulus Checks and some Phishing people are still trying to get people’s information for your bank account and steal your identity. One such one is sending out email for the 2008 Stimulus Program this email account looks to be “stumulusref@i-r-s.com”. As you can see this is a .com email address and not a .gov address.

[ad#ad2-right]The IRS will never send out email. The IRS will never ask you for your PIN or Any personal information. Don’t reply and don’t open any attachments, more like is if they send out any attachments they are going to be a virus and you will infect your system with any number of possible viruses out there. To protect yourself from virus you should consider installing one of the many free anti-virus softwares and also installing a firewall will help protect you. Only true way to prevent yourself from being a victim is YOU. No one else can keep your information private but you.

Offline Update 5.0, Clone of Autopatcher to Some!!

PaulFebruary 3, 2009

Offline updater 5.0 has been released a couple months ago and I just realized it now. This is an excellent tool for IT professionals who want to keep all your Systems up-to-date with the last patches from Microsoft. The systems it supports are Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 x64, And Windows Vista / Server 2008.(32 bit and 64 Bit updates).

[ad#ad2-right]I find this a very useful program for people who have a multitude of problems, from not being able to get on the net to computer virus infections. This is really good for big businesses that want to update a lot of systems in easy way without having to wait for downloads of updates to install. You can take a DVD and update on the fly within Mins. DVD being Cheap or buying them in bulk helps saves time and money for the company. Less time spent downloading the updates and more time actually getting work done. As with the Conflicker, Downadup, and to some the Conflickr Trojan, if you got infected with that little worm. This would help install the updates that it prevented you from doing in the first place. I also found that once you download do the update the files are kept on the hard drive so you no longer have to redownload them again. You just update the updates every second Tuesday of the month and it downloads the newest patches and creates a whole new ISO for you to burn.

Q: How can I create the offline update CD images automate, for example via a “scheduled job”?
A: Create a new batch file in the “cmd”, eg “DownloadUpdatesAndCreateISOImage.cmd”. Add the desired calls of

“DownloadUpdates.cmd” and “CreateISOImage.cmd” with the necessary parameters in this new file. The file might for

example have the following contents:

@ echo off
call WXP download updates eng
call CreateISOImage WXP eng

Then set a “time-controlled contract” for the new script “DownloadUpdatesAndCreateISOImage.cmd” to your desired

time. For example, after each Microsoft Patchday create new images, select every second Wednesday of the month.

[Via The FAQ’s Documentation (Translated Via Google)]

As you can see you can have it do a script and be ready for you in the morning. You then just take it out of the drive and install where you need to install the day after the updates are issued. On another Note if you have clients who use Windows office Xp, 2000, 2003, 2007 then this will also help:

This is nice if you have clients who use the Microsoft Office Suites also. Some Malware will often try to infect people’s systems through a office script or some other vector. So this will also prevent infections or hackers from getting onto the system by updating this also. You can have this added to each and every DVD ISO you make to include these as you update the patches also.

Download:

Offline update 5.0 Download site

Official Site for Offline Update (Translated into English)

Superbowl 2009 Ad’s are on HULU

PaulFebruary 2, 2009

Now I don’t have to watch the Superbowl to see all the ads. The Day after the Superbowl, Hulu releases the ads that were at the half time. So here they are:

So what ones do I like:

Firestone : Taters

Star Trek Trailer — I can’t wait for the movie to come out.

Monster’s VS Aliens (3D Glasses required) — Dreamworks is now only doing 3D.

Transformers 2 Revenge of the Fallen Trailer

Race to Witch Mountain Trailer

Alec in Huluwood — Hulu gets even more people to come to their site.

Up Trailer

These where the ones that I liked, they had some other ads for like Monster.com and Cars.com, and also Careerbuilder.com. I see they had some Budweiser advertising in there too but really don’t get me interested as for trailers and the really funny ones. Hope you get a laugh like I do.

Windows 7 UAC a Security Risk?

PaulFebruary 2, 2009

I just got done reading a blog post about how you could with an easy to make script disable UAC all together. According to Long Zheng, he states that how a malicious software could circumvent the UAC by turning it off. I simply love the new look and feel of the UAC and hope they can come up with a way to fix the problem. [ad#ad2-right]According to him there is a way to fix this and keep all the new features set. He has provided the proof of concept for turning of UAC without having it ask. You can download it yourself and try it out, but be careful it will disable UAC.
I hope Microsoft fixes this little flaw and makes it more secure than Vista. According to Microsoft though, they claim UAC functionality is “by Design“. I don’t know if it is or isn’t but I do know that it could easily let more Malware into Windows 7 before it got enough people on board. That is one of the reasons I don’t want Windows 7 Released now. I don’t want this to become a failure in the minds of people. I want to look back and see this being successful. Hopefully Microsoft fixes this and makes it even more secure in the future.