Category: Windows Update

Miketechshow Listener Roundtable : #242 Backups

Paul

We had a great time talking about backing up our system. On a side note, I’d like to tell people that During the Round table, I was restoring my system due to a major network issue. The system wouldn’t stay connected at all to my network or my [intlink id=”3059″ type=”post”]USB A600 Cricket Modem[/intlink].  I used the A600 Modem during the podcast [intlink id=”2601″ type=”post”]with Skype[/intlink], so the quality isn’t as good as it should but that is due to two different factors.  One I had a cheap headset and two the bandwidth limitations.  This however shows that this is possible and works really well.  I also used the [intlink id=”3387″ type=”post”]Antenna[/intlink] for the Skype meeting.   It actually seems like a stable connection.   Although Mike has told us in his email this might be the last Round Table, so if you want this to continue you can either email him or twitter him telling him you want to keep seeing these podcasts.  I also talk about [intlink id=”2646″ type=”post”]Roboform[/intlink] and how I make sure the passwords are backed up.   We did talk about making sure to test our backups, so we know if the backup process works.   I have to say my backup procedure was without doubt working for me.   Even though I had some issues with Vista security updates after the restore, my restore to laptop didn’t take more than an hour to get the programs that I wanted back on the system.
Mike Tech Show Listener Roundtable #242 Backups

Follow us on Twitter –

IRC chat log from show [here]

Show Links –

System Image:

Syncronization Programs:

Backup Software:

Online Backups:

Online Photo Backups:

Other Solutions:

Microsoft sends out KB955430 to get ready for SP2

Paul3 Replies

kb955430

This looks like it is to help with some problems with other issues of updates that they have been having.  I am unsure of why they are wanting to install this update but it doesn’t look to be harmful.  I am betting this is to fix a flaw that has been exploited by the warez community to make them either pay for there copy or go with another OS.   For the one fact that this “will enable future updates” and “This update may be required before selected future updates can be installed“.

[ad#cricket-right-ez]I went to  KB9555430 support page:

Updates to the Windows Vista and Windows Server 2008 installation software are included in this update. The installation software is the component that handles the installation and the removal of software updates, language packs, optional Windows features, and service packs. This update is necessary to successfully install and to remove Windows Vista SP2 and Windows Server 2008 SP2 on all versions of Windows Vista and Windows Server 2008. This update is not necessary to successfully install the service pack if you install the full file version of the service pack. The full file version of the service pack includes this update.

This is probably to get ready for the Service Pack that they are going to release soon for Vista. So I am guessing this will be required when the Service Pack comes out.

Dear Friend Spam Emails from Yahoo

Paul4 Replies

The email from our[intlink id=”3233″ type=”post”] old friend has come back[/intlink] into now compromising Yahoo accounts by sending out this email:

Dear friend:
What are u doing these days?I am going to recommend a Eshop to you.Yesterday I found a web of a large trading company from China,which is an agent of all the well-known digital product factories,and facing to both wholesalers, retailsalers,and personal customer all over the world. They export all kinds of digital products and offer really competitive and reasonable price and high quality goods for their clients,so i think you will make a big profit if you did business with them.And they promise they will provide the best after-sales-service.If you are interested to do business with them,in my opinion, you can make a trial order to test that.
Their Web address: www.nekcn.com

In what seems to be the way of this advertisment company, it seems they have been doing what they did with Hotmail.  Deleting your contact list and emailing your friends with this message.  Now I am thinking it is being done by them [intlink id=”2660″ type=”post”]Phishing for the password and Account name[/intlink], they probably set up an web page to look like Hotmail or Yahoo.  One thing to remember to do is check to see that you address bar looks like this:

yahoomailloginYou should make sure you see the “https”, meaning that is a encrypted login and also make sure you see either Mail.yahoo.com or Login.yahoo.com.  If you see anything else included in your the screen like maybe a .ru or .pl then you aren’t logining into the true yahoo account.  Obviously the website shouldn’t be trusted until they advertise the right way, and find ways to advertise online other than spam.  If you get an email saying you need to do something with your Hotmail account or yahoo mail account you should not click any links and go to the site manually to investigate the problem.  You should never click links in email that you don’t know where they are going.  Thanks to Jazzcorner for Alerting me that they have started to do this with yahoo.  I am betting the next one will be for Google Mail, or Gmail as some will call it. It wouldn’t hurt to have a [intlink id=”2205″ type=”page”]firewall and Anti-virus[/intlink] and also check your system out just to be sure.

Patch Tuesday List for April 14, 2009

Paul

So Microsoft has released the patches for April and here they are:

  1. Vulnerabilities in Windows Could Allow Elevation of Privilege (KB959454) — This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.

  2. Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (KB960803) — This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  3. [ad#cricket-right-ez]Cumulative Security Update for Internet Explorer (KB963027) — This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker’s server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  4. Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (KB959426) — This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances.

  5. Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (KB961759) — This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). These vulnerabilities could allow denial of service if an attacker sends specially crafted network packages to the affected system, or information disclosure or spoofing if a user clicks on a malicious URL or visits a Web site that contains content controlled by the attacker.

  6. Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (KB961373) –This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

  7. Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (KB960477) — This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word.

  8. Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) — This security update resolves a privately reported and a publicly disclosed vulnerability. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

As you can see there are Eight updates and it seems Microsoft isn’t pushing anything else with this update.   We also have the Malicious Software Removal tool for this month as well as the Junk Filters.   If you want to keep your system secure I’d suggest getting a [intlink id=”2205″ type=”page”]Free Firewall and Free Anti-virus[/intlink].   If you have a lot of systems to update, I’d also suggest what I have been calling[intlink id=”2883″ type=”post”] Clone of Autopatcher[/intlink].  This will download them onto a ISO for you to burn and use around all the systems that are offline.

Mikeyy Worms stills going around Twitter

Paul

It seems Mikeyy has spawned a new and improved little advertisement:

Twitter, hire Mikeyy! (718) 312-8131 🙂

As you can see from tweets:
mikey12

It seems this is the new campaign started earlier this morning around 1am or so for Mikeyy and people have found this rather annoying but it is teaching Twitter a lesson, this would be good PR if they hired Mikeyy. Obviously he has a lot to offer but I guess who ever wrote this variant for the Mikeyy Worm went and found his number on a stickcam website:

mickstickcam

Anyone who just Google the number right now could find out the stickcam profile, so I won’t direct you to it. I just hope this doesn’t keep up to much longer. If you’ve been infected with this worm I would refer to my other [intlink id=”3308″ type=”post”]post about removing the worm[/intlink]. I do know if you aren’t logged into twitter through your browser you will not get the worm. This is a simple exploit where they use your browser cookies to infect your Twitter account. So if you view any twitter accounts just keep logged out of Twitter in your browser and you should help prevent this from happening until Twitter gets this under control.