Category: Microsoft

Everything about Microsoft

A few Zero Day Exploits in the wild — Heads up

Paul

Several different Security Vendors are Reporting that there is an ActiveX and Directshow exploits out in the wild.

The Directshow file in question is : msvidctl.dll

[A work around to prevent this]

[ad]It involves an ActiveX control called the Microsoft Streaming Video control and there is no workaround that I know of just yet.   Microsoft is aware of these exploits but we don’t know when they will release the patches.
These flaws mean that if you visit an Infected site you will most likely install software that you really don’t need or want.   You should be cautious where you go especially on chinese servers because some of them are reporting that they have seen an overnight bloom of sites that have these exploits in place.

People should take care and [intlink id=”2205″ type=”page”]install anti-virus and firewalls[/intlink] even the free ones are the best choices right now to defend againts these types of attacks.  You should also make sure you have the updated virus definitions and make sure you have the latest version of the AV program.

It is also suggest for users to not use Internet Explorer to prevent some of these exploits but take care and install a good browser, I would suggest Firefox to better protect your computer from some of these exploits.

Microsoft Drops a 9 Security updates on Patch Tuesday

Paul

So I get home and here is what they updated for those who would like to keep track:

  • Vulnerabilities in Active Directory Could Allow Remote Code Execution (KB971055) — This update is only for Microsoft Windows 2000 Server, Windows Server 2003, Windows XP Professional and Windows Server 2003.  This one is Rated critical due to Remote Code Execution, which means a program can install malware or viruses on your system and you wouldn’t know it.

  • Cumulative Security Update for Internet Explorer (KB969897) —This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer.

  • Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (KB970483) —This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication.

  • Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (KB969462) — This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object.

  • Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (KB961501) — This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request.

  • Vulnerability in Windows Search Could Allow Information Disclosure (KB963093) — This security update resolves a privately reported vulnerability in Windows Search. The vulnerability could allow information disclosure if a user performs a search that returns a specially crafted file as the first result or if the user previews a specially crafted file from the search results.

  • Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (Kb957632) — This security update resolves a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file.

  • Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (Kb968537) — This security update resolves two publicly disclosed and two privately reported vulnerabilities in the Windows kernel that could allow elevation of privilege.

    • [ad]

  • Vulnerability in RPC Could Allow Elevation of Privilege (Kb970238) — This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately.

  • Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (Kb969514) — This security update resolves two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Word file.

As you can see these are rated from being Critical to Moderate.   Each and every one of these should be updated and can be easily done using [intlink id=”2883″ type=”post”]Autopatcher[/intlink].   Something you should consider before doing these updates is to make a Restore point before proceeding or a [intlink id=”682″ type=”post”]Complete backup[/intlink], just in case.  Also it is suggested to install these at your earliest convenience due to the fact that the malware authors will start using and is called Exploit Wednesday. Also it wouldn’t hurt to install some[intlink id=”2205″ type=”page”] free Anti-virus and Free Firewalls[/intlink] instead of using Windows Firewall. This will help protect your in the future also.

Ms Patch Tuesday For June 2009

Paul

Photo by Andrew Magill Photo by Andrew Magill

Microsoft has released the upcoming patch information for this Tuesday, and boy does it look like a big one. It looks like there will be 10 bulletins this time around:

  • Bulletin 1: Critical (Remote Code Execution):   Windows

  • Bulletin 2: Critical (Remote Code Execution):   Windows

  • Bulletin 3: Critical (Remote Code Execution):   Windows, Internet Explorer

  • Bulletin 4: Critical (Remote Code Execution):   Office

  • Bulletin 5: Critical (Remote Code Execution):   Office

  • Bulletin 6: Critical (Remote Code Execution):   Office

  • Bulletin 7: Important (Elevation of Privilege):        Windows

  • Bulletin 8: Important (Elevation of Privilege):        Windows

  • Bulletin 9: Important (Elevation of Privilege):        Windows

  • Bulletin 10: Moderate (Information Disclosure):    Windows

It will also include one or more updates on WSUS and Windows update, and Microsoft Windows Malicious Software Removal Tool.   This looks to be quite a big set of updates.   Each one is very serious and will probably be a big download.   If your in corporate IT you may want to get ready the [intlink id=”2883″ type=”post”]Autopatcher program [/intlink]this will help update all the important files on each system without having to have a internet Connection.

[ad]We don’t know what they will be until they have dropped from Microsoft, but we can guess that the Latest Directx vulnerability isn’t going to be one of them.  I wouldn’t be surprised if this was going to be pushed out of cycle but that is going to have to wait a see.

The Affected systems are Windows 2000 Through Windows Vista and Server 2008.   Which means if you have windows it most likely will need to be updated.   Although on a side not the Office suite from 2000 to 2008 also will be patched and that includes the Macintosh systems.

It also looks like 7 out of the 10 will require restarts, so the autopatcher will save you time.  I wouldn’t expect this to notbe exploited on Wensday because most of them are Remote Code Execution which means it is easy for a hacker to take control of your system.   These should be installed ASAP and you also should have a [intlink id=”2205″ type=”page”]Firewall and Antivirus installed[/intlink] to better protect your system.

Microsoft to Release One Crictical update for Tuesday

Paul

Microsoft has release the information for May’s Patch Tuesday and it looks like there is one major update for Power point:

ms09patchtuesday1

The Affected software is MS Office 2000, MS office Xp, MS Office 2003, Ms Office 2007, Power point viewer, and MS compatibility pack for Word, Excel, and Power point 2007.

[ad]What will be coming out for Tuesday is as Followers for Non-security Releated:

  • Windows PowerShell 1.0 for Windows Vista (KB928439)

  • Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847)

  • Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

  • Windows Malicious Software Removal Tool – May 2009 (KB890830)/Windows Malicious Software Removal Tool – May 2009 (KB890830) – Internet Explorer Version

  • Update for Windows Mail Junk E-mail Filter [May 2009] (KB905866)

Although some of this is usual like the Malicious software removal tool, and Windows Junke e-mail filter, we won’t know what else will be released until Tuesday.  Some of the updates will be minor like the Powershell, I am guessing tis will help get ready for SP2, and the SP1 for the .NET framwork also looks to be getting ready for SP2.  So I will keep you updated if i find out what else is released on Tuesday!

Miketechshow Listener Roundtable : #242 Backups

Paul

We had a great time talking about backing up our system. On a side note, I’d like to tell people that During the Round table, I was restoring my system due to a major network issue. The system wouldn’t stay connected at all to my network or my [intlink id=”3059″ type=”post”]USB A600 Cricket Modem[/intlink].  I used the A600 Modem during the podcast [intlink id=”2601″ type=”post”]with Skype[/intlink], so the quality isn’t as good as it should but that is due to two different factors.  One I had a cheap headset and two the bandwidth limitations.  This however shows that this is possible and works really well.  I also used the [intlink id=”3387″ type=”post”]Antenna[/intlink] for the Skype meeting.   It actually seems like a stable connection.   Although Mike has told us in his email this might be the last Round Table, so if you want this to continue you can either email him or twitter him telling him you want to keep seeing these podcasts.  I also talk about [intlink id=”2646″ type=”post”]Roboform[/intlink] and how I make sure the passwords are backed up.   We did talk about making sure to test our backups, so we know if the backup process works.   I have to say my backup procedure was without doubt working for me.   Even though I had some issues with Vista security updates after the restore, my restore to laptop didn’t take more than an hour to get the programs that I wanted back on the system.
Mike Tech Show Listener Roundtable #242 Backups

Follow us on Twitter –

IRC chat log from show [here]

Show Links –

System Image:

Syncronization Programs:

Backup Software:

Online Backups:

Online Photo Backups:

Other Solutions: