Arstechnica – Paul's Tech Talk

Microsoft Get Ready for Patch Tuesday. 6 Bulletins

PaulJuly 10, 2009

According to Arstechnica there will be 6 Bulletins and each of them are very interesting:

Bulletin 1: Critical (Remote Code Execution), Windows

Bulletin 2: Critical (Remote Code Execution), Windows

Bulletin 3: Critical (Remote Code Execution), Windows

Bulletin 4: Important (Elevation of Privilege), Virtual PC, Virtual Server

Bulletin 5: Important (Elevation of Privilege), ISA Server

Bulletin 6: Important (Remote Code Execution), Office

[ad]It looks like there will be another Directx Patch for those who have Directx 7 through 9.0c. It also seems they will be Patching the Virtual PC and Server and ISA Server. Microsoft will also be patching 2007 Microsoft Office System Service Pack 1. They will also Be Releasing 14 different patches for non Critical status.

The Directx Flaw that was reported in May is reportedly being patched and that is why we have these Directx updates that are comming down from Microsoft.

So Now is the time to get [intlink id=”2883″ type=”post”]Autopatcher[/intlink] updated to the lastest updates and schedule a time next week for you to test and install these updates. I would recommend updating your [intlink id=”2205″ type=”page”]anti-virus and Firewall[/intlink] software if you have any, if not it is time to get them and install them.

Electric Company fear Mongering gone wrong!!

PaulApril 9, 2009

I saw this talking going on at Arstechnica and SANS Interenet are Talking about the Elecric Company Fear mongering. Here’s what Ars Says:

It sounds like something straight out of Hollywood. Current and former US security officials have reported that foreign nations have penetrated the cybersecurity barriers surrounding the US electrical grid, water system, and even financial networks. Although no known attempts have been made to activate the booby traps said black hats left behind, such sleeper cells could activate suddenly during a war or crisis, plunging the nation into a disaster only Bruce Willis and that Mac dude could avert.

[Via Arstechnica]

[ad#cricket-right-ez]This was posted today with people asking the question Is the Electric company have a viruses or have a worm? I don’t know but these fears are coming from the Wall Street Journal:

WASHINGTON — Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

[Via Wall Street Journal]

Now let’s talk about this, This is being a talked about on a friends Podcast, The Caffination Podcast. This is where I have figure we should talk about this. I think Sans Internet Storm says it better than I could:

One email stated that The power systems we have in place today are ran by Knobs and Switches. Mostly built int he 70’s and 80’s, these power stations are mostly ran by manual intervention. The power stations that _have_ been stood up since then, a couple of Nuclear Power stations, are federally regulated to not have any connections to anything, let alone the Internet.

Since this particular email comes from a very trusted source, I am inclinded to believe this person. Is it possible that there ARE computers in power stations that are connected to the Internet? Yes, I am quite sure there are. However, is it possible that the computer or computers (if there are any) that actually CONTROL the power are connected to the internet, I tend to not believe that.

[Via Sans Internet Storm]

I agree with what Sans is saying but I don’t think there is anything to worry about, for the fact that I think that the computers that control electricity are not hard wired to be online. This is meaning that if someone virus or worm gets on those computers there is no way these viruses or worms could talk back to command and control. This is my Theory and I don’t work from the electric but I do think this is the most plausible way they are preventing this type of attack. The First Tier, just like tech support, is for Corporate and technicians to talk to eat other over the intranet. The 2nd Tier, this is the important computers that would control Electric process. I don’t know this for sure but I think the 2nd tier would be used to isolate the computers from being accessed externally. Like I said before I don’t work for the electric company and this is all theory on how the electric has this set up!! So you can take it with a grain of salt or come up with your own ideas.

Upcoming Patch Tuesday for February 10, 2009

PaulFebruary 5, 2009

Microsoft Today has released the list of patches for February. Here’s the List of things they will patch:

Internet Explorer — Remote Code Execution (Require restart) [ CVE-2009-0075 CVE-2009-0076 ]

Exchange — Remote Code Execution (No Restart Required) [CVE-2009-0098 CVE-2009-0099]

SQL — Remote Code Execution (May Require Restart) [CVE-2008-5416]

Visio — Remote Code Execution (May Require Restart) [ CVE-2009-0095, CVE-2009-0096 and CVE-2009-0097]

[ad#ad2-right]

The list of affected operating configurations includes Windows 2000, Windows XP (x86 and x64), Windows Server 2003 (x86 and x64), Windows Vista (x86 and x64), and Windows Server 2008 (x86 and x64). Microsoft Exchange Server 2000, 2003, and 2007, Microsoft SQL Server 2000 and 2005, as well as Visio 2002, 2003, and 2007 are also affected.
[Via Arstechnica]

We got several Non-critical updates. Here’s the List of them, some of these are monthly updates and some are just interesting to look at:

Update for Windows Mail Junk E-mail Filter [February 2009] (KB905866)

Windows Malicious Software Removal Tool – February 2009 (KB890830)/Windows Malicious Software Removal Tool – February 2009 (KB890830) – Internet Explorer Version

Cumulative Update for Media Center for Windows Vista (KB960544)

Cumulative Update for Media Center TVPack for Windows Vista (KB958653)

Update Rollup for ActiveX Killbits for Windows (KB960715)

We got an Update to Media Center and TVPack for Windows Vista to resolve issues with software. The ActiveX Killbits issues have been identified in ActiveX controls that could allow an attacker to compromise a system that is running Microsoft Internet Explorer and gain control over it. So we don’t exactly know what what issues they are talking about. I hope this helps your system administrators get ready for this update. If I were you, I’d having Clone of Autopatcher ready for these updates. Remember to patch as soon as your company will allow, because waiting to long could make you have even more of an headache. I’ll update the others as soon as I find out the updates.

Admins are shaking in there boots due to the Ms 09-001 Patch

PaulJanuary 14, 2009

I have to talk about this because this is a big deal. According to Techworld and I’ll quote:

“This one scares me – a lot,” says Eric Schultze, CTO of Shavlik Technologies. “It is a lot like Blaster and Sasser. It is the same exploit vector. If I am an attacker and I can touch NetBios then I can execute code with no credentials.”

[via Techworld]

[ad]Now This is due to the fact of what is happening with an update that came a few months ago the MS 08 – 067 that still people haven’t patched their systems. According to F-secure the Downadup/Conflicker has grown overnight by a million computers being infected.

Now why are they scared of the recent patch (MS 09-001), because of so many vectors of infection, you don’t need any credentials. The virus does not need to know any passwords or user names to gain access. Just like the Downadup variant that is hitting the internet right now, this virus tries to access accounts by guessing weak passwords or even putting itself on flash drives or other mobile media to get other systems infected.

So why are admins scared over this new patch?

Most companies don’t patch there system as quickly as Microsoft would like them to. You see most companies have quite a few computers depending on the size of the company it could be quite a lot. So many in fact that it would have several IT personal just to keep the system going.
[ad]

So why don’t they just put the new patches on the systems?

Depending on the size of the company and what they do has a lot to do with them updating there systems. Some use really special programs or have a network going that is vital. Even the smallest update to the system could bring the network or the program down. Most companies liketo test it out on test machine for a while to make sure that the patch doesn’t prevent the business from doing business. Here are a few articles that prove why companies do not want to just install patches automatically:

Windows patch is flawed (Dated March 31, 2005 8:31 AM PST)

Stealth Windows update prevents XP repair (Dated Sept 27, 2007)

Patch Tuesday security update causes problems with IE for some (Dated Dec 18, 2007)

Some companies are using older systems like Windows ME or some older Windows Operating systesm. Although there isn’t anything we can do about those because Microsoft has stopped supporting them with updates and all. I know we are all thinking thesame question?

Is there a way to fix the problem with Windows Updates?

I personally don’t have an answer but I am sure hackers will find ways to exploit codes so they can get on your system so way. I’ve recently read a story about Adware Author and now I understand even more about why people do all of this.

This is one of the questions every admin has to ask themselves? How do we update all of the systems we are responsible for? There are no easy answers to this.

Windows 7 will sport Direct X 10 Compliance!

PaulDecember 3, 20081 Reply

The new feature is called WARP10, for “Windows Advanced Rasterization Platform,” and it’s essentially a DX10-compliant, software-only rasterizer that was written by Microsoft; it runs directly on the CPU. In a situation where a DX10 app needs to run but can’t find DX10-compliant hardware, it will run on WARP10, albeit very, very slowly. Ultimately, you can think of WARP10 as a “software DX10 GPU” that will exist as a fallback in Windows.

[via Arstechnica]

[ad#ad2-left-1]This will make Windows 7 work more smoothly with Windows XP and Vista games. This looks to be like having more compatibility with the older games. When Vista came out they were complaining about not being able to play games on Vista. Vista has been really updated with being able to play games. People are starting to play games on a Vista machine. This is also a step for Windows 7 to be one that Microsoft, being that they are trying to get the next O/s to look like an Angel probably. What I expect is Microsoft will advertise about Windows 7 will be gamer friendly. This is a move on Microsoft to get gamers on board with this release and to try to get people to forget about Vista.

[ad#ad2-right]Having said that here’s some things that will be most likely be Advertised with Windows 7 when it comes out. Microsoft will want it to be game friendly, User Account Control to be less obtrusive, and program compatibility. These the main points to get people to start buying Microsoft’s products. Microsoft should be worried because of Apples comments about how you should use an Anti-virus for Macintosh’s. This is definitely worrying Microsoft. It means Microsoft has an competitor that Hackers are trying to exploit. I would be willing to guess that Microsoft is worried people are switching to Apple products. These are just guesses but I am quite certain Microsoft is really worried. What do you think, do you think it will happen?