Category: Will

Microsoft Releases the Patch Information for March

Paul

Microsoft Has Released the Patch information For march and This is what is expected to be patch on March 11, 2009:

  • Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (Kb949029) — This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  (affected System : Microsoft Office)

    • [ad#ad2-right]

  • Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (Kb949031) — This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane. (affected System : Microsoft Office)

  • Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (Kb949030) — This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (affected System : Microsoft Office)

  • Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (Kb933103) — This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  (affected System : Microsoft Office)

These Four are all Critical and should be applied the week of March 11, 2009.  Their are Seven Patches coming out, but these are the main focus.   According to Microsoft they have released MS08-014, MS08-015, MS08-016 and MS08-017 to better help you find out which ones are affected.

Now is the time to get AutoPatcher ready and make sure it is up to date on any patches that might of came out this month that you didn’t know about.  Also consider downloading the new version of Anti-virus and Firewall software while you are it.  In case you come accross a rogue virus and need to disinfect it!!  Some of these patches for this month is due to the EXCEL vulnerability that is out right now and is in the wild, so that should be your top priority once Tuesday come around.  Remember hackers will start exploiting these patches on Wensday and you will be racing against the clock.   One last bit of information for the Mac Users you should also apply these patches they are vulnerable to according to Microsoft.  I’ll update as more information becomes available!!

Cracking and Warez sites are Host of Trouble!!

Paul2 Replies

It is nothing to laugh at and should be understood that gamers have no freedom right now.   That said this new Variant to Virux Trojan is in regards to Win32/Vitro Trojan.  It seems tobe infecting .exe and .Scr files just like this.

According to Trend Micro:
[ad#ad2-right]

The downloaded malware include variants under the FAKEAV, TDSS, and VUNDO families. Infection chains, however, are notable for the presence of VIRUT and VIRUX malware. VIRUX and VIRUT attacks were initially about the volume of infected PCs. The numbers are massive enough to worry Web users and security researchers: around 20,000 PCs are infected per day
Read more: “Crack Sites Distribute VIRUX and FakeAV

Now it seems to be more and more sites with getting computer infected. It also seems the Malware writers are using these servers for helping infect essentially gamers computers. So for the time being, if you have a favorite game and you want to:

  • No-CD Crack (This is good for those who want to play the game without the CD)

  • Key Gen Cracks (This is used for pirated version of a game)

  • Update Cracks (This is used to prevent CD checking or Also prevent Version Checking)

  • Game Cheats (This is usually a small program like a bot or some other way for the gamer to cheat)

And should not be Downloaded or USED!! I don’t say that lightly, because Gamers feel they should be able to play any game they want. Although this post will probably make the Gamer developers happy, I do this to tell people that these virus writers are using the gamers to distribute the Virus.   I encourage all the gamers out there, that don’t want to loose their games to not download any more of these types of cracks.  It seems the virus writers are wanting to infect systems and slow you down.  You don’t want to slowed down do you?  Please consider getting a Firewall and a Free Anti-virus software to better protect your system.

Rogue Fake Codecs on the Rise

Paul

Panda Labs has been talking about Adware/VideoPlay and they are seeing a lot of variants on this.   They even play a game, find the difference in the installation screen:

Now as you can see this look to be the same agreement in all those difference installation.  Some things to consider Never install any software from a website that you don’t know Nothing about about.

Panda Labs also talks about these new variants in regards to what they do:

This file spreads by making copies of itself in the removable drives and it also creates an autorun.inf in order to be run when they are accessed. This file collects the data stored in the browsers, such as cookies, passwords, profiles, email accounts, etc, and connects to a remote address to send the information.
[Via Panda Labs Blog]

[ad#ad2-right]As you can see this makes you have very little security with your system.  I talk about Identity theft, and why you should always worry about your identity.   This however will make your passwords less secure and maybe even compromise you system to the point of having a data breach.   You need to be careful when you come by this, some fake codecs have been know to be scareware.  In which, the fake codecs installs a Trojan to tell you have a virus and try to make you buy a fake program to get rid of the Virus.  In one of my recent posts about Codecs and Facebook, I talked about the K-Lite Mega Codec Pack and how that will prevent you from installing these sociable links from friends and family.  The nice thing about this pack is it install all the really good codecs that you might come across on the web.  If you have this installed and there’s a website that says you need a special codec, you’d know that it is either a fake codec or the author who made the video doesn’t standardize.   In which case you will be more willing to leave that site without installing that codec.

If you follow these steps and also consider installing an Anti-virus and Firewall, you will be in a much better shape then when you first started out. Remember only you can prevent from getting a virus. You should also consider doing the registry edit that will prevent Autorun. As you can tell these new variants also are spread through USB and other removable media. This is the other way these programs are using to infect other systems.

The Next big Wave of Layoffs is Sony. (9,000 workers)

Paul

In a report from Engadget, there seems to be more Layoffs going on.   One such one is Sony.  Here is what Engadget said:

[ad#ad2-right]

The bad news from the Japanese consumer electronics industry continues. Sony just announced plans to cut about 8,000 global jobs from its beleaguered electronics business while making unspecified reductions to its seasonal and temporary workforce. The move, as Sony explains it, comes “in response to the sudden and rapid changes in the global economic environment.” Ominously, it looks like Sony will also be raising prices in the countries where “Sony makes significant sales” (read: US and Europe) if we’re reading this statement correctly:

[Via Engadget]

[ad#ad2-left]In Today’s economy, you need to be prepared.  So I thought I bring back some old Favorites of mine and talk about them.  To see the other layoffs that I’ve talked about CLICK HERE.   If you wanted to know what you can do to be prepared here are some great resources for people who are worried about there jobs:

If you have any others you would like to suggest please leave a comment and let everyone know.   These are hard economic times and we all could use the help.

Are you patched, Secunia Says NO

Paul

Secunia BlogThink you’ve got nothing to worry about, according to Secunia 98% of computers are not fully patched and are vulnerable to some kinda of attack. [ad#digg-right]So I wanted to talk about this a little and give you a few good ways to make sure you are patched.  There are several ways to get your system up to almost 100%.

[ad#ad2-left]Some things to do is make sure you have your Windows systems updated.  This is easy to make sure, if you have an internet connection you can just check for updates.  If you don’t know how to do it, it is quite simple, Just go here.    If you have Windows Vista all you have to do is hit Start and type in the search box “Windows Update” and hit Enter and you will be taken to the update page.


If you have a system that is off of the Net you could use the Clone of Autopatcher Program to do it for you.   You also need to update all your secondary programs such as Audacity, Open Office, and other programs that you use weekly.

[ad#ad2-right]If you don’t know what you need to update sometimes just having a program check for you can make a really good difference.   The one that I like to use is Appsnap and it actually searches you computer to see what might need to be updated.   I also suggest for the final suggestion is check out my Anti-Virus and Anit-Spyware Resources and make sure you have a firewall and anti-virus software.  This will greatly reduce your chances of getting a virus but that isn’t all you have to be careful on what you click on read this article on Some Important programs to prevent yourself from having viruses and Malware!! Read that carefully to better understand how you can protect yourself in the future.