Microsoft issues 1 Major update 1-13-09

Well it has been release Microsoft issued an update to the system:

[ad#ad2-right]

Vulnerabilities in SMB Could Allow Remote Code Execution

Microsoft Security Bulletin MS09-001 – Critical (KB958687)

This security update resolves several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol. The vulnerabilities could allow remote code execution on affected systems. An attacker who successfully exploited these vulnerabilities could install programs; view, change, or delete data; or create new accounts with full user rights. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

This is one of those updates you really need to install as soon as you can.   You should also get a free firewall or buy one.  I looks to be a vulnerability in the ports and if you’d have a firewall besides windows you should be safe but that is besides the point.   If you are security congenious then you should install this update ASAP.  If your worried this will effect you system then you will need to backup your system before you do this update.  If you feel you’ve might of been infected with this Vulnerability you could always go get a free antivirus program and scan your system.  This is the sure way of fighting a Virus and making sure your safe, although people argue that Paid virus programs are quicker to be updated with virus databases, it’s all in the matter of preferences.

IE vulnerability in the Wild

Well this was bound to happen, hackers found this vulnerability and is using it for their own purposes.  [ad#ad2-right]It seems they put a virus on your system.  Microsoft has issued an Recommendation and to check out Microsoft Security Bulletin MS06-055.

“What we’ve seen from the exploit so far is it stealing game passwords, but it’s inevitable that it will be adapted by criminals,” he said. “It’s just a question of modifying the payload the trojan installs.”

Said Mr Ferguson: “If users can find an alternative browser, then that’s good mitigation against the threat.”

[Via BBC News]

[ad#ad2-left]I personally like to recommend a program that will do a better job at security and that is Firefox,  I also suggest people use the Thunderbird and not Microsoft mail program.  This will greatly reduce your likely hood of getting a virus or Trojan.   Most of the time hackers like to find new ways to infection to get into your system.  If you want to preven having a virus in the future, I’d recommend going to my Malware Resource and check out a good firewall and anti-virus.   This will prevent you from getting some of the viruses and other types of malware.

Inside understanding of win32.netsky.q

Netsky.Q is a worm that spreads through e-mail. It is distributed as a 28,008 byte Win32 executable, compressed with PEtite, which drops a 23,040 byte DLL file. It also distributes itself inside ZIP archives.

I saw this on on the net and through we should talk about and let people know how you could get that the worm off your computer. It seems to be a self-replicating worm, it will continue to send out fake messages to people with the subject lines Like:
[ad#ad2-left]

  • Delivery Error
  • Delivery Failure
  • Delivery
  • Mail Delivery failure
  • Mail Delivery System
  • Mail System
  • Delivery
  • Delivered Message
  • Error
  • Status
  • Failure
  • Failed
  • Unknown Exception
  • Delivery Failed
  • Deliver Mail
  • Server Error
  • Delivery Bot

And with each message there is the reciepts email address at the end.  This worm seems to be spreading like wildfire today.   It is because people have not install

Microsoft Security Bulletin (MS01-020)

[ad#ad2-right]Now how do you get rid of it.  It seems that most of Anti-Virus software would get it done.  All you would need to do is scan for this virus with the latest updated virus databases and will go away.   According E-Trust Anti-Virus they say they can remove it.   This is a really old virus, according to my sources this was first seen in 2004.   In order to prevent this in the future I’d suggest installing a free anti-virus and using it.    This is one smart little worm according to CA IT.

If you have quite a few Desktops in your Office and want to update all of them to the newest patch all in one swoop, I’d suggest downloading Clone of Autopatcher and making an ISO image so you can go around to each computer and install the patches quickly and easily.  Prevent yourself from getting that virus and some others in the future.   This is a friendly tip for all those hard working IT workers.

The Important Windows patches Released Today

As many of you know we talked about the Non-critical patches that Microsoft will release today.  IF you want to read those please go and check it out.   I’ll be talking about the REALLY important ones that Microsoft has kept tight until now.    These are the more important ones but I will list the ones that I previous talked about to better help people recognize the non-important ones:

[ad#ad2-right]

  • KB955839
  • KB957388
  • KB890830
  • KB905866
  • These are just the tip of the iceberg. although this list are not A lot.  I’d wanted to let people know about what people coin “Exploit Wednesday“.  I really don’t know if this is a Myth or actually does exist but I’d figure we discuss the problems associated with installing the critical updates and try to tell you which ones should be installed As soon as possible.  Though people have in the past used a Virtual Machine to see if there is any problem, that should be your first step if you don’t want to have any problems with these updates.  I don’t suggest testing it more than a couple days.  Here are some good Virtual Machine software to try out yourself:

    Here is the list of updates that are critical that Microsoft released today.   Each one of these are quite important and should be considered installed when you get a chance.

    [ad#ad2-left]Microsoft Security Bulletin MS08-073 – Critical
    Cumulative Security Update for Internet Explorer (KB958215)

    This security update resolves four privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Microsoft Security Bulletin MS08-071 – Critical
    Vulnerabilities in GDI Could Allow Remote Code Execution (KB956802)

    This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these vulnerabilities could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    [ad#ad2-right]Microsoft Security Bulletin MS08-075 – Critical
    Vulnerabilities in Windows Search Could Allow Remote Code Execution (KB959349)

    This security update resolves two privately reported vulnerabilities in Windows Search. These vulnerabilities could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    KB952069
    (not quite sure what this one is, when I go do a Google search this is what pops up. It was in German but Google translated it for me)

    In the Windows Media Runtime to the default in Windows XP SP3 contains Windows Media Player (WMP) 9 were discovered vulnerabilities that could allow an attacker to compromise your Windows-based system and gain control over it. See Security Bulletin MS08-076 ( englisch bzw. deutsch ) See Security Bulletin MS08-076 (English or German)

    These are just ones that I found and wanted to let you know, the others have been explained on the other article.  So check them all out and I suggest installing them quickly as possible.