Admins are shaking in there boots due to the Ms 09-001 Patch

I have to talk about this because this is a big deal.   According to Techworld and I’ll quote:

“This one scares me – a lot,” says Eric Schultze, CTO of Shavlik Technologies. “It is a lot like Blaster and Sasser. It is the same exploit vector. If I am an attacker and I can touch NetBios then I can execute code with no credentials.”

[via Techworld]

[ad]Now This is due to the fact of what is happening with an update that came a few months ago the MS 08 – 067 that still people haven’t patched their systems.  According to F-secure the Downadup/Conflicker has grown overnight by a million computers being infected.

Now why are they scared of the recent patch (MS 09-001), because of so many vectors of infection, you don’t need any credentials.  The virus  does not  need to know any passwords or user names to gain access.  Just like the Downadup variant that is hitting the internet right now, this virus tries to access accounts by guessing weak passwords or even putting itself on flash drives or other mobile media to get other systems infected.

So why are admins scared over this new patch?

Most  companies don’t patch there system as quickly as Microsoft would like them to.   You see most companies have quite a few computers depending on the size of the company it could be quite a lot.  So many in fact that it would have several IT personal just to keep the system going.
[ad]

So why don’t they just put the new patches on the systems?

Depending on the size of the company and what they do has a lot to do with them updating there systems.  Some use really special programs or have a network going that is vital.  Even the smallest update to the system could bring the network or the program down.  Most companies liketo test it out on test machine for a while to make sure that the patch doesn’t  prevent the business from doing business.   Here are a few articles that prove why companies do not want to just install patches automatically:

Some companies are using older systems like Windows ME or some older Windows Operating systesm.   Although there isn’t anything we can do about those because Microsoft has stopped supporting them with updates and all.  I know we are all thinking thesame question?

Is there a way to fix the problem with Windows Updates?

I personally don’t have an answer but I am sure hackers will find ways to exploit codes so they can get on your system so way.  I’ve recently read a story about Adware Author and now I understand even more about why people do all of this.

This is one of the questions every admin has to ask themselves?  How do we update all of the systems we are responsible for?  There are no easy answers to this.

Internet Explorer still has a Vulnerability after Tuesday Patch!!

I just read this on several blogs and thought I’d share the details with you, it seems that Microsoft didn’t know there was a problem with this Bug/Vulnerability.   Computer world has a great article and  says this:

[ad#ad2-right]“The updates Microsoft released yesterday do not address this possible vulnerability,” a Microsoft spokesman said today in an e-mail reply to questions, “but I can tell you that Microsoft is investigating these new public claims of a possible vulnerability in Internet Explorer.”


[Via ComputerWorld]

I can only hope that Microsoft fixes this Vulnerability soon, I would take a guess that they will try to get this out on the patch cycle if not they will push it out after.   Some things to remember with IE(Internet Explorer) is only use it with Microsoft Updates.   I also Suggest downloading FireFox and checking out my Anti-virus and Anti-Spyrware Page for ways to prevent from getting a virus.

Upcoming Patch Tuesday

[ad#ad2-right]I wanted to get prepared for the updates for this Tuesday and I thought I’d go through them and list what Microsoft said about each.   These are what’s been said on Technet and I am sure there will be more.   Each one of these don’t look to serious but I will post Tuesday if there is anything I’ve missed on this post.   As you might know this is not set in stone but just the direction of Microsoft for this Months Release.

KB955839

Update for Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP

Install this update to resolve an issue that is caused by revised daylight saving time laws in many countries. This update enables your computer to automatically adjust the computer clock on the correct date in 2008. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Server 2008 License Terms.

[ad#ad2-left]KB957388

Update for Windows Server 2008 and Windows Vista

Install this update to resolve a set of known application compatibility issues with Windows Server 2008. After you install this item, you may have to restart your computer.

KB890830

Windows Malicious Software Removal Tool

Microsoft released the Microsoft Windows Malicious Software Removal Tool to help remove specific prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000. After you download the Microsoft Malicious Software Removal Tool, it runs one time to check your computer for inflection by specific prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection it finds. Microsoft releases a new version of the tool every month.

[ad#ad2-right]KB905866

Update for Windows Mail Junk E-mail Filter [November 2008] (KB905866)

Install this update for Windows Mail to revise the definition files that are used to detect e-mail messages that should be considered junk e-mail or that may contain phishing content. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Vista License Terms.

I am sure there are going to be others but right now this looks like the normal things Microsoft sends out.  I am sure they are keeping a tight lid on the really serious stuff until last second so I’ll have to report the really important stuff Tuesday.

Facebook : Beware Spam for breakfast. (Virus)

In today’s society, we’ve been to complacent with people with people clicking links for the social group. In one such article on Channel Web, a nice little blog, says this:

[ad#ad2-right]

The worm was discovered by IT security provider Kaspersky Lab, which said the threat, Net-Worm.Win32.Koobface.b, is targeting Facebook users by creating spam messages and sending them to the infected user’s friends via the site.

“Unfortunately, users are very trusting of messages left by ‘friends’ on social networking sites,” said Alexander Gostev, senior virus analyst at Kaspersky Lab, in a statement. “So, the likelihood of a user clicking on a link like this is very high.”


[Via Channel Web]

This seems to be a problem people thinking that a link someone sends them is a real good link but actually is a link to a video site. According to this article the links people are sending are actually a fake video link, telling you have to download some update to flash player, by downloading this program. The user gets involved with the virus and the fun begins. So how can you prevent this from happening, two ways one is a very good group of software to make sure you have the latest and greatest video codecs. That too can be something they’ll say you need and if you’ve already installed this list of codecs then you know they’ll not telling the truth and you can quickly get away from the site laughing.

[ad#ad2-left]What’s this program name, it is call the K-lite Mega Codec pack. In this Pack you will be able to play almost everything without having to go download another program. This is done by people who want you to have all the latest codecs installed so you don’t have to go by a program you’ll only going to use once a month.

Once you’ve done that, you’ll no longer have to worry for the most part about codecs. There will be times when you might have to visit that site and update them but that will be far less.

The other thing you must remember is if it says you must update your player. That should be a sign that there is something. I’ll always go to the site and check for example Adobe. If it says I need to update my flash I’ll manually type it into my browser. This way you will know you have the latest updates, if you need to update the flash player by all means go to here and update.

If you got the virus I’d check out my Anti-virus and Anti-Spyware page and that should show you will you need to get rid of the Virus. This virus is very easy to get rid of, just download any one of the anti-virus software and install it. Don’t forget to update the virus database while your at it. That should fix the problem pretty fast. Remember the only way to prevent from getting the virus is YOU.

Microsoft issues Vista patches out of Monthly Patch Cycle!

KB957321,KB959108,KB959130


Microsoft issues Out of cycle patch for Vista.   These patches are as Followed:
[ad#ad2-right-1]

Kb957321

An update rollup is available for the Microsoft Windows Imaging Component (WIC) in Windows Vista or in Windows Server 2008. This update rollup resolves the problems that are documented in the following articles in the Microsoft Knowledge Base:

954708 An update to add support for the serialization of complex Extensible Metadata Platform (XMP) data types in the Windows Imaging Component

945060 There may be inconsistencies in the Extensible Metadata Platform (XMP) and Exchangeable Image File (EXIF) values for an image file in Windows Vista and in Windows XP

The Windows Portable Device (WPD) API collects and transfers Software Quality Metrics (SQM) data to Microsoft servers. The SQM data is collected only on an opt-in basis through the Microsoft Customer Experience Improvement Program. An update is available that disables the collection and transfer of SQL data to Microsoft servers.

This update affects Windows Vista-based computers, Windows Vista Service Pack 1 (SP1)-based computers, and Windows Server 2008-based computers that are in the Microsoft Windows Media Player Customer Experience Improvement Program.

On a Windows Vista-based computer or on a Windows Server 2008-based computer, you install a third-party Web browser. You set the third-party Web browser as the default Web browser. Then, you run the Connect to the Internet Wizard. However, if you select the Browse the Internet now option, Windows Internet Explorer starts instead of the third-party Web browser that you set as the default Web browser.


[ad#ad2-right]This seems to be not so important.  All of these are not really security related but it does surprise me that Microsoft wanted to release these out of Cycle.   If your planning on using your Vista laptop during the holidays you might want to update your vista machine before you go.  I don’t think there is going to be any major issues with this but if there is, you can always remove these updates later.