Category: Vista

Adobe PDF Zero Day Warnings : Experts agree

Paul

All the Security experts online are talking about The 2 Zero Day Adobe Vulnerabilities:

[ad#cricket-right-ez]As you can see this seems to be one of those Adobe problems we had in the past with [intlink id=”2963″ type=”post”]Javascript[/intlink].   They seem to be having a major problem with Javascript vulnerability and the old saying is to just to disable Javascript in PDF’S again.   Adobe is calling this a Potential Adobe Reader issue and is suggesting that the users disable Javascript until this is fixed with a security update.

This is mostly affect the corporate world more than the private sector because of the fact corporate world will use PDF by sending them through emails.   I suggest installing another reader and these are all free.

Be advised the vulnerabilities affects Linux, Windows, and Macintosh systems.  This will most likely mean that even Macintoshes could be used to [intlink id=”2173″ type=”post”]create even more botnets[/intlink] and will need to disable there Javascript until this issue is fixed or maybe they would like to find another reader themselves.  This also goes for Linux users but I have not heard of anything in the wild yet.

Don’t forget to install some [intlink id=”2205″ type=”page”]free Anti-virus and Free Firewalls[/intlink] to help protect your system from becoming a botnet.

Mebroot becomes More Stealthier!!

Paul

Well Here is something we should all be on the look out for:
[ad#cricket-right-ez]

Thousands of Web sites have been rigged to deliver a powerful piece of malicious software that many security products may be unprepared to handle.

Mebroot inserts program hooks into various functions of the kernel, or the operating system’s core code. Once Mebroot has taken hold, the malware then makes it appear that the MBR hasn’t been tampered with.

[Via Pcworld Magazine]

I will be updating my [intlink id=”2205″ type=”page”]Malware Resource[/intlink] for the Prevx Software, but this looks to be a very bad root kit.  From my understanding most of the security related software.   It seems this little program will become even harder to detect and remove.   It also looks like this is ready to start infecting people with this root kit.   You should update every part of your system from [intlink id=”3327″ type=”post”]Windows Patches[/intlink] to Browser. [intlink id=”2229″ type=”post”] Securnia once said[/intlink] that most people are not patched fully!!  Just like the [intlink id=”3301″ type=”post”]Conficker Worm[/intlink], if your not fully patched and keeping anti-virus and Firewalls on your system then you might as well be walking on nails.

Patch Tuesday List for April 14, 2009

Paul

So Microsoft has released the patches for April and here they are:

  1. Vulnerabilities in Windows Could Allow Elevation of Privilege (KB959454) — This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.

  2. Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (KB960803) — This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  3. [ad#cricket-right-ez]Cumulative Security Update for Internet Explorer (KB963027) — This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker’s server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  4. Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (KB959426) — This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances.

  5. Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (KB961759) — This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packages to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.

  6. Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (KB961373) –This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  7. Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (KB960477) — This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word.

  8. Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) — This security update resolves a privately reported and a publicly disclosed vulnerability. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

As you can see there are Eight updates and it seems Microsoft isn’t pushing anything else with this update.   We also have the Malicious Software Removal tool for this month as well as the Junk Filters.   If you want to keep your system secure I’d suggest getting a [intlink id=”2205″ type=”page”]Free Firewall and Free Anti-virus[/intlink].   If you have a lot of systems to update, I’d also suggest what I have been calling[intlink id=”2883″ type=”post”] Clone of Autopatcher[/intlink].  This will download them onto a ISO for you to burn and use around all the systems that are offline.

Small Towns are breeding grounds for Computer Viruses

Paul

I grew up in a small town, at the time the population of the town was like 29,000.  That isn’t really that small some of you might say, you’ve probably gone through towns that only had 500 or 100 people in it.   Which brings me to my point, Small towns are always going to be behind large towns in technology.

Most of us who have worked on computers or even been in the field for some time knows how hard it is to explain to the uneducated why they need to keep their systems up to date.  It gets really hard explaining to companies in small towns why they need to worry about security.   You try to explain this to a company Representative and you see t he glassy eyed stare that tells you they aren’t even listening anymore.

I’ve been debating talking about this post from the Washington Post, Security Fix.  Now the reason I’ve been having trouble is that the article talks about a town that I grew up, I think of this town as a hometown for me.  I remember Hopkinsville, Ky as a great experience, because the teachers at my school was not comfortable with the computer nerds.  Most of the time, I am sure they felt woefully uneducated about computers.

In my experience here are three reasons why Small towns will always be behind in Technology:

    [ad#cricket-right-ez]

  1. Education System — This is where we start, most of us know that it is our education that gives us our community understanding of the problem.   The education of the system of small towns will always be the last to get the newest stuff or the best stuff, in part because of grants from the local Government.  Nothing new there, because small towns can’t raise a lot of money with very few people in terms of taxes.

  2. Internet availability — You’ve probably experienced this in your lifetime.  You  go to a city or town and there is not a lot of places for you to get on the internet.  You get to a small town and have only 1 or 2 places you can go to check your email or do business stuff.   We are beginning to become an internet dependent society.  In the way of getting our information from the Internet.

  3. Local Government —  This is the most important aspect of why small towns will be behind in technology.  Most Governments in small don’t have the resources to require school systems to incorporate the newest technology or the fastest possible internet speeds.  I love to watch the Show Everwood, it actually speaks some very good truths about small towns.  They aren’t worried about the nation, they are only worried about what is going on Locally.  Until this changes they will never embrace technology like the big city.

Although some of this might of changed in the last few years, I don’t think so because of the report from The Washington post.   Companies in Small towns need to worry about Security.  They need [intlink id=”2205″ type=”page”]Anti-virus Software and Firewalls,[/intlink] even if it is Dialup they need something to keep them protected.  Remember there are eight levels of security, and you’re the last level!!