Microsoft Get Ready for Patch Tuesday. 6 Bulletins

According to Arstechnica there will be 6 Bulletins and each of them are very interesting:

  • Bulletin 1: Critical (Remote Code Execution), Windows
  • Bulletin 2: Critical (Remote Code Execution), Windows
  • Bulletin 3: Critical (Remote Code Execution), Windows
  • Bulletin 4: Important (Elevation of Privilege), Virtual PC, Virtual Server
  • Bulletin 5: Important (Elevation of Privilege), ISA Server
  • Bulletin 6: Important (Remote Code Execution), Office

[ad]It looks like there will be another Directx Patch for those who have Directx 7 through 9.0c.  It also seems they will be Patching the Virtual PC and Server and ISA Server.    Microsoft will also be patching 2007 Microsoft Office System Service Pack 1.  They will also Be Releasing 14 different patches for non Critical status.

The Directx Flaw that was reported in May is reportedly being patched and that is why we have these Directx updates that are comming down from Microsoft.

So Now is the time to get [intlink id=”2883″ type=”post”]Autopatcher[/intlink] updated to the lastest updates and schedule a time next week for you to test and install these updates.   I would recommend updating your [intlink id=”2205″ type=”page”]anti-virus and Firewall[/intlink] software if you have any, if not it is time to get them and install them.

The Frustrations of Wordrpess 2.8

Photo By Nicholas Wang Photo By Nicholas Wang

WordPress 2.8 was released Yesterday morning, and by Yesterday afternoon people were complaining about it.  Some of the issues seemed to steam from a minor template change in 2.8 to prevent people from editing or using Plugins.

Now I have talked about [intlink id=”3171″ type=”post”]backing up important data[/intlink], that includes your website.   You will never know when that back up software will be valueable and when you need to restore it.

Just like everyone else I have had problems with my ability to update my blog or update my Advertising.  Although unlike others who have a lot of widgets on the sidebar for there users, mine are html and not a plugin version.   Although I didn’t have as much problems as others, I did however have problems with the Back up process.   I used WordPress Database Backup and I had the file that it gave me but the PHPMyAdmin would not restore the database that I was given from the plugin.   So in the process of trying to fix my database, I had a few hours of downtime on my blog.  If your a regular visitor you might of seen the message “Database Error” when you visted my site.  I have since then fixed the problem With the help of my support team to get my website back up and running.

[ad]I know the WordPress Database Backup plugin is good for 99% of people but I am going to assume that with the difficulties of this restore with the PHPMyAdmin,  I will be looking for some other PHP Database editor that will work just as good as that one.  Until then I will be doing a Manual back up of my Database because that way I know of having a working copy of my Database in case of a problem down the road.  If someone has a good Plugin or an Alternative to PHPMyAdmin by all means leave me a comment and I’ll check it out or you can [intlink id=”995″ type=”page”]email me[/intlink] and let me know.

I still love WordPress because of it not being open source and more transportable onto other servers unlike Blogger, but there will always be those bumps in the road.   I will always advise people to backup before doing anything major from a system upgrade to a website upgrade.   I hope others have not had this problem as I have but mine might of been just the luck of the draw with all the problems, you know what they say “When it rains, it pours” but there is a silver lining to this.  I have learned more about website backups then I previously did.

Microsoft released April Patch list for Patch Tuesday

aprilpatchtue

To see what systems are affected please see the bulletin for further details.   Some of the updates have to do with IE 6 and IE 7, maybe it is time to update to IE 8.  It looks like if you update to IE 8 you will not have to worry about the Remote Code Execution.  There also seems to be a remote code execution for DirectX 9.0A, B, and C.  This however doesn’t affect DirectX 10 and if you have a Vista machine please consider updating to DirectX 10.

[ad#cricket-right-ez]

The other one is a MSDTC program that has a vulnerability of Elevation of Privileges that needs to be fixed.  There will of course be more than this for April but these are the ones that Microsoft has determined to be release for Tuesday.  There are going to be at least 8 Different patches for Windows XP, and some For Vista.  Some will be only for XP and others will be for XP and Vista.

Then Microsoft Internet Security andAcceleration server will have an update to prevent a Denial of Service attack.  This will be needed to patch on the server side as soon as possible.  Then there is the Excel Remote Code execution that needs to be fixed.  It looks like CVE-2009-0238 is the one that this is being patched for but this is only a guess.

Now is the best time to get [intlink id=”2883″ type=”post”]Autopatcher[/intlink] ready for this update because this will be quite a big update.  You should also update your [intlink id=”2205″ type=”page”]anti-virus software and Firewall[/intlink].

What will happen on April 1? Conficker discussion!

I saw that F-secure has posted what a Question and Answer on the Conficker Worm.  I wanted to talk about this a little myself:

Q: I heard something really bad is going to happen on the Internet on April 1st! Will it?
A: No, not really.

Q: Seriously, the Conficker worm is going to do something bad on April 1st, right?
A: The Conficker aka Downadup worm is going to change it’s operation a bit, but that’s unlikely to cause anything visible on April 1st.

[Via F-secure Website]

[ad#cricket-right-ez]I am like everyone else, I really don’t know what will happen it is always going t to be media exposure when it comes to Worms, Viruses, or Trojans.  Virus Writers whoever “THEY” are, will always want to update there infected systems to keep the virus(Also worms, and Trojans) on peoples systems.   This is the way of security firms will always have to predict them, keep up with them, or just follow them.  This will never  change because as virus writers want to find even more ways to infect systems that is the necessity of Anti-virus Software.

I don’t know what will happen on April 1, you most likely will be fine if not you won’t know it until you try to update your system or update your anti-virus software.  One way you can find out if your infected is by trying to serf to security vendors like F-secure, Norton, and Kasperky.  If you Can’t get to those sites then you most likely have a Virus or Worm, and it could be this worm!!

  1. Make the worm harder to detect — This is a common practice they want to be able to hide the worm for as long a possible.  So they will always tweak it to make it that much hard to detect and remove.
  2. Make the Worm easier to infect systems —  This is another common practice, because without having systems there is no need for a Command and Control server.  The worm could do things such as Denial of Service, Or send out spam, or steal sensitive information.  This is the nature of why people make viruses, Trojans, or Worms.
  3. Easily update the virus software — as with any software the virus writers will come up with easier ways of updating the software, because the security will do whatever they can to prevent the update.  This is also the nature of why there will always be updating of the code.  They will put in more ways to keep the virus, worm or Trojan from being blocked.   Like the Conflicker has some Peer to Peer functionality, so if one company blocks the update another way it could get the update is Peer to Peer.  So you can’t block it very easily.

So what will happen April 1?  Who knows it could be a normal day, or it could be the biggest [intlink id=”3208″ type=”post”]April Fools joke[/intlink] ever.  That is why I put that in my last blog post.  With so much Media Frenzy the security firms don’t know what the Worm will do when it updates, all they can do is wait.   So let’s take a deep breath and relax, there’s nothing we can do just yet!!

Thinking back to PIFTS.EXE.

Thinking to this very incident looks to something out of the movie “Lemony Snicket’s A Series of Unfortunate Events“.  I won’t go into much detail but here is what I want answers to about the PIFTS.EXE.  You see after I have read a great article talking in detail about this, I have also come to the conclusion something isn’t right.

[ad#cricket-right-ez]The blog owner known as Anshar in the forums on the Symantec points out some key events. He wanted to point out that the users who were posting were not violating the TOS and was posting questions that look to asking about this file. See screen capture of what I took. This one picture doesn’t prove his theory in whole, but does bring up some suspicions. This actually might be them trying to find a ‘scapegoat’ so to speak. He also talks about what others are asking? What is PIFTS.EXE? People seem to still have not be answered that question.

Although, in Norton’s defense there seems to be a lot of information that they have to sort through. I’ll admit this information people are asking should be really simple to find in the Symantec Databases somewhere. I will not say they are hiding anything major but I do think something is going on that we are not aware of. Here’s some other thoughts to considers? If Norton needed to find out who was using Windows 7, couldn’t they of asked or even made a simple site redirect to find that information, after all anytime you visit a site you have that information sent to the stats. I could in theory find out how many visitors are visiting from Macs and how many are on older systems. That would be very easy to do with Google Analytics.

Now with that said let’s talk about Why it took almost a whole day for them to release a public statement about what happened.  I might be wrong but if I was a stockholder, I’d of demanded them to send that out ASAP instead of waiting 20 to 24 hours.  Although I’m not trying to make any more conspiracy theories, I do think the Streisand effect came into effect and people are feeling like Norton did something they shouldn’t have.  In which case, Norton probably made “A fail whale” attempt of making it better when they started to delete the post.

I’ve been watching the Norton forums trying to make sense of all this, and I do know that Norton have lost people’s faith in them and people are removing their product off there systems if Norton doesn’t start answering questions that need to be answered.

Norton has released the information of PIFTS.EXE and what it does. Although I am sure people are going to argue about what it does or doesn’t. I wanted to post this for people to check out and consider for yourself.