Microsoft Get Ready for Patch Tuesday. 6 Bulletins

According to Arstechnica there will be 6 Bulletins and each of them are very interesting:

  • Bulletin 1: Critical (Remote Code Execution), Windows
  • Bulletin 2: Critical (Remote Code Execution), Windows
  • Bulletin 3: Critical (Remote Code Execution), Windows
  • Bulletin 4: Important (Elevation of Privilege), Virtual PC, Virtual Server
  • Bulletin 5: Important (Elevation of Privilege), ISA Server
  • Bulletin 6: Important (Remote Code Execution), Office

[ad]It looks like there will be another Directx Patch for those who have Directx 7 through 9.0c.  It also seems they will be Patching the Virtual PC and Server and ISA Server.    Microsoft will also be patching 2007 Microsoft Office System Service Pack 1.  They will also Be Releasing 14 different patches for non Critical status.

The Directx Flaw that was reported in May is reportedly being patched and that is why we have these Directx updates that are comming down from Microsoft.

So Now is the time to get [intlink id=”2883″ type=”post”]Autopatcher[/intlink] updated to the lastest updates and schedule a time next week for you to test and install these updates.   I would recommend updating your [intlink id=”2205″ type=”page”]anti-virus and Firewall[/intlink] software if you have any, if not it is time to get them and install them.

Microsoft released April Patch list for Patch Tuesday

aprilpatchtue

To see what systems are affected please see the bulletin for further details.   Some of the updates have to do with IE 6 and IE 7, maybe it is time to update to IE 8.  It looks like if you update to IE 8 you will not have to worry about the Remote Code Execution.  There also seems to be a remote code execution for DirectX 9.0A, B, and C.  This however doesn’t affect DirectX 10 and if you have a Vista machine please consider updating to DirectX 10.

[ad#cricket-right-ez]

The other one is a MSDTC program that has a vulnerability of Elevation of Privileges that needs to be fixed.  There will of course be more than this for April but these are the ones that Microsoft has determined to be release for Tuesday.  There are going to be at least 8 Different patches for Windows XP, and some For Vista.  Some will be only for XP and others will be for XP and Vista.

Then Microsoft Internet Security andAcceleration server will have an update to prevent a Denial of Service attack.  This will be needed to patch on the server side as soon as possible.  Then there is the Excel Remote Code execution that needs to be fixed.  It looks like CVE-2009-0238 is the one that this is being patched for but this is only a guess.

Now is the best time to get [intlink id=”2883″ type=”post”]Autopatcher[/intlink] ready for this update because this will be quite a big update.  You should also update your [intlink id=”2205″ type=”page”]anti-virus software and Firewall[/intlink].

I hate Snopes Spam

As you know Snopes is used to find out about urban Legend and Rumors:

I received a Virus alert from my RSS feed about Email virus warning.  It even adds a Snope URL.  The Author just copies and pasted the virus warning into the blog without even going to Snopes.
[ad#ad2-right]

According to Snopes and I’ll quote:
Although the Postcard virus is real, it isn’t a “BIG VIRUS COMING” (it’s already been around in multiple forms for a long time now), it will not “burn the whole hard disc” of your computer, CNN didn’t classify it as the “worst virus” ever, and it doesn’t arrive in messages bearing a subject line of ‘Invitation.’

[Via Snopes]

Now as you can tell the link described in the blog post was “http://www.snopes.com/computer/virus/postcard.asp”. If you went there, you’d have seen this as a not really true and some parts of this might be but that part about burning your Hard drive or even consider the Worst virus isn’t true.

Some things you need to consider before forwarding anything is:

  • Is it completely True?
  • Is it Legitimate?  (True blown warning about something like a product recall  or something important like that)
  • Does it Say to Forward? (if so it is probably not wise)
  • is it from a Friend (If so you might want to remind the friend nicely that it isn’t nice to send spam)

If you follow some of these suggestions you’ll be making the Internet a far better place for everyone.  Remember if you don’t know, it’s time to learn.  if you do know, it is time to teach.  These are the fundamental aspects of using the internet the right way.  Also if it is a fake virus warning you should tell them to get a Free Anti-virus and Firewall to better protect them.  Also  remind them that if they keep their system updated then they shouldn’t be too worried.  Remember only you can prevent a Computer Virus and it’s up to you keep your system up to date.

Microsoft Releases the Patch Information for March

Microsoft Has Released the Patch information For march and This is what is expected to be patch on March 11, 2009:

  • Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (Kb949029) — This security update resolves several privately reported and publicly reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  (affected System : Microsoft Office)
  • [ad#ad2-right]

  • Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (Kb949031) — This security update resolves a privately reported vulnerability in Microsoft Office Outlook. The vulnerability could allow remote code execution if Outlook is passed a specially crafted mailto URI. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This vulnerability is not exploitable by simply viewing an e-mail through the Outlook preview pane. (affected System : Microsoft Office)
  • Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (Kb949030) — This security update resolves two privately reported vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a malformed Office file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (affected System : Microsoft Office)
  • Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (Kb933103) — This critical update resolves two privately reported vulnerabilities in Microsoft Office Web Components. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  (affected System : Microsoft Office)

These Four are all Critical and should be applied the week of March 11, 2009.  Their are Seven Patches coming out, but these are the main focus.   According to Microsoft they have released MS08-014, MS08-015, MS08-016 and MS08-017 to better help you find out which ones are affected.

Now is the time to get AutoPatcher ready and make sure it is up to date on any patches that might of came out this month that you didn’t know about.  Also consider downloading the new version of Anti-virus and Firewall software while you are it.  In case you come accross a rogue virus and need to disinfect it!!  Some of these patches for this month is due to the EXCEL vulnerability that is out right now and is in the wild, so that should be your top priority once Tuesday come around.  Remember hackers will start exploiting these patches on Wensday and you will be racing against the clock.   One last bit of information for the Mac Users you should also apply these patches they are vulnerable to according to Microsoft.  I’ll update as more information becomes available!!

Zero Day For IE7 Being used in the wild.

It looks like IE7 patches are being used right now in the wild.  According to TrendMicro:

HTML_DLOADER.AS exploits the CVE-2009-0075 vulnerability, which is already addressed by the MS09-002 security patch released last week. On an unpatched system though, successful exploitation by HTML_DLOADER.AS downloads a backdoor detected as BKDR_AGENT.XZMS.

How the IE7 Exploits are being used

[Image from TrendMicro Blog]

[ad#ad2-right]As you can see this this can be very bad for the companies who wait a while.  Internet Explorer is still being used 1 out of 4 users and I see it it all the time on my stats.   The Good news is this isn’t as hard to get rid as the Conflicker but should be taken serious because the writers might start to want to get even more malicious and make it even harder.

This is the next step to prevent yourself from getting caught with your pants down so to speak, you need to patch all systems that have internet access.  I still like the Autopatcher because it will do the job with very little input from the user.   It also makes it easier for people to patch big systems.  You should also consider installing some Free Anti-virus software to help protect the systems you do have.

From the looks of this virus, someone could easily make this into a botnet and you know how that can could affect your systems and your ISP.  So it is best to get this months patches on the floor of your company as soon as possible.

You should also consider telling your users to start using Firefox to prevent infection from even happening. Until you patch, you are vulnerable.