Patch Tuesday List for April 14, 2009

So Microsoft has released the patches for April and here they are:

  1. Vulnerabilities in Windows Could Allow Elevation of Privilege (KB959454) — This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.
  2. Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (KB960803) — This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  3. [ad#cricket-right-ez]Cumulative Security Update for Internet Explorer (KB963027) — This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker’s server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  4. Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (KB959426) — This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances.
  5. Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (KB961759) — This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packages to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.
  6. Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (KB961373) –This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  7. Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (KB960477) — This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word.
  8. Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) — This security update resolves a privately reported and a publicly disclosed vulnerability. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

As you can see there are Eight updates and it seems Microsoft isn’t pushing anything else with this update.   We also have the Malicious Software Removal tool for this month as well as the Junk Filters.   If you want to keep your system secure I’d suggest getting a [intlink id=”2205″ type=”page”]Free Firewall and Free Anti-virus[/intlink].   If you have a lot of systems to update, I’d also suggest what I have been calling[intlink id=”2883″ type=”post”] Clone of Autopatcher[/intlink].  This will download them onto a ISO for you to burn and use around all the systems that are offline.

Mikeyy Worms stills going around Twitter

It seems Mikeyy has spawned a new and improved little advertisement:

Twitter, hire Mikeyy! (718) 312-8131 🙂

As you can see from tweets:
mikey12

It seems this is the new campaign started earlier this morning around 1am or so for Mikeyy and people have found this rather annoying but it is teaching Twitter a lesson, this would be good PR if they hired Mikeyy. Obviously he has a lot to offer but I guess who ever wrote this variant for the Mikeyy Worm went and found his number on a stickcam website:

mickstickcam

Anyone who just Google the number right now could find out the stickcam profile, so I won’t direct you to it. I just hope this doesn’t keep up to much longer. If you’ve been infected with this worm I would refer to my other [intlink id=”3308″ type=”post”]post about removing the worm[/intlink]. I do know if you aren’t logged into twitter through your browser you will not get the worm. This is a simple exploit where they use your browser cookies to infect your Twitter account. So if you view any twitter accounts just keep logged out of Twitter in your browser and you should help prevent this from happening until Twitter gets this under control.

StalkDaily.com was the culprit afterall!!

In my previous post, [intlink id=”3308″ type=”post”]about StalkDaily[/intlink] I thought they were the innocent party in all this:
stalkdaily3

[ad#cricket-right-ez]Now he talks about how he did this and claims responsibility for the Twitter calamity. According to him he did this out of boredom, and needed a way to make money. I am wondering if Twitter will do some legal actions against him for the time it took to fix the problem and fact that it caused so much widespread panic for people to not trust Twitter makes me think that Twitter would have a real good case against a 17 year old who was trying to gain the system.

Then the people who have lost followers or have had problems with their twitter are going to be mad to, They were the innocent party and did not know about the Cross Site Scripting Vulnerability, although it doesn’t appear to have gotten any passwords or sensitive data.

Although It does prove a p0int that the no script addon in Firefox is looking to be more and more needed as people search through the web.

Online Episodes helps Adware Installer Zango

I was surfing the web hoping that Mythbusters would start putting there episodes online and I the first link that I get a website that looks like this:

mythbusterzangosite

This site even has the Theme music playing as if it was affiliated with Discovery Channel’s Mythbusters show.   If you look at the screen shot above you will see who someone has been keeping this site updated with the most current episodes of Mythbusters.   So I check out The Season 7 Episode 1 – Demolition Derby Special and I was curious as to what would happened if I clicked that link, and this screen pops up:

mythzango1

So I have to install this Zango Software to view this show?  So I find out go doing my research about Zango and Wikipedia says:
Zango, formerly ePIPO, 180solutions and Hotbar, produces software that provides access to partners’ games and DRM-restricted videos and software. Zango software is listed as adware by Symantec.[1] McAfee states, “this program may have legitimate uses”, but describes it as a “potentially unwanted program”, and an “adware downloader”

[Via Wikipedia]

I didn’t like the sound of this but I wanted to see what my AVG would say when I downloaded this software, and it pops up with:

zangowindowsdef

[ad#cricket-right-ez]Windows Defender comes back with Win32/Zangosearchassistant warning,  and thus I go around checking out this adware out around Google and I am seeing reports after reports on asking how to get rid of this Adware.  Some of the ones that I think would help people get rid of this program is:

If you haven’t installed [intlink id=”2205″ type=”page”]anti-virus or Firewalls[/intlink] this would be the first thing to do.   I’ve also read some reports about Zango that are quite disturbing like these:

Although these are just a few examples of what I found out just Googling Zango, I thought I would share these with you.  There are more examples like Zango’s Facebook Widget that I will say acts like adware and encourages you to send to 5 different users.  Although Facebook as Stopped this widget, we all know that Spyware and Malware is being used on social networks and will be undoubtedly be more and more in the future.   Remember you’re the only one to prevent having a virus.

A side not, if you did  try to install this software you would need to be and Administrator and that also concerns me because the type of stuff they are claiming in the EULA is Browsers stuff which shouldn’t need Administrator rights or at least I am not going to give Adware that right.   Zango is being Classified as Adware and I am only reporting that the software is being clasfied as Adware, but Zango claims it not.   This is where the End Users decide if it is or not, I however think it is!! I am also sure there are other sites like this that are trying to get you to install this software to view movies, and shows. Your best bet is to not install the software and go to Hulu or Fancast to find safe movies and shows.

Spam Messages go out with Fake Conficker Alerts

Sopho’s blog is reporting:

This past weekend, SophosLabs noticed a new “Conficker” theme in the content of these spam messages. Instead of saying there is a critical windows update that needs to be applied, they say that “your Internet company” believes you to be infected, and to click the link to scan your computer

[Via Sophos]

[ad#cricket-right-ez]As in [intlink id=”3114″ type=”post”]previous post about fake Anti-virus Software[/intlink] sites trying to scare you into sending them free money.  You should always be cautious when it comes to these sites that make you think you have a virus.  Some things to consider when you visit sites that are claiming you have a virus:

  • Is this a true anti virus company?  If your unsure you can always google the company to better help you determine if this a fake site.
  • You also should consider going to the real deal on anti-virus there are several different companies that I know of off the top of my head but it should always be one that is not a fly by night type of anti-virus company.   The real companies have people and resources watching for the latest viruses, and other Maleware.

According to Sopho’s the Maleware site is detected as Mal/FakeAV-AH with there system.  Remember you don’t always have to buy anit virus software there are [intlink id=”2205″ type=”page”]several good free versions[/intlink] out there that do a pretty good job at defending against a virus, Trojan, or a Computer Worm.  If you feel you might have a virus you can do a free anti-virus scans to make sure you are not infected.   I also suggest having a firewall installed if you have not done that yet, that will also greatly help prevent a virus or worm but remember you are the last line of defense with Maleware!!