December 21, 2006
December Mozilla Vulnerabilities
New versions of Firefox, Thunderbird, and SeaMonkey have been released to fix several vulnerabilities. Users should upgrade to Firefox 1.5.0.9, Firefox 2.0.0.1, Thunderbird 1.5.0.9, or SeaMonkey 1.0.7. These products will automatically check for updates and apply if necessary. Furthermore, at the end of April 2007, support for Firefox 1.5 is scheduled to end. Users are encouraged to upgrade to Firefox 2.
Posted by Richard Frovarp at 8:48 AM
September 27, 2006
Early Fix for IE VML Vulnerability
MS has released a patch out of their standard patch cycle to fix a vulnerability in the VML handling code of IE. There are active exploits of this hole, and this patch should be applied via the usual methods.
Posted by Richard Frovarp at 11:03 AM
September 14, 2006
Multiple vulnerabilities in multiple products
Update Tuesday for Microsoft has passed. This round of patches fixed isses with Publisher, pragmatic general multicast (PGM) networking communications protocol, and the indexing service. However, this round did not include a patch for a vulnerability that is currently being exploited in Microsoft Word. This patch may not appear until next month.
Adobe has released a critical security alert for Macromedia Flash Player versions 8.0.24.0 and less across all platforms.
Apple has released a security update for Quicktime 7.1.3 on both OS X and Windows.
Posted by Richard Frovarp at 8:16 AM
August 9, 2006
August Microsoft Update
A total of 12 updates have been released in this month’s update. 3 fix browser problems, 3 fix windows problems, 1 fixes Power Point, and 2 fix windows server service problem, three others are not classified as critical. It is expected that network based attacks for some of the vulnerabilities could show up in the wild in 48-72 hours. As always, it is very important to keep up on all critical updates for all operating systems.
Posted by Richard Frovarp at 9:12 AM
June 19, 2006
Excel Vulnerability with Wild Threats
There is a critical vulnerabilyt in Microsoft Excel 2003, XP, and Excel for Mac. Since Microsoft Office documents can contain embedded Excel objects, a Word doc or PowerPoint file can be used to compromise a system as well. According to Symantec, there are threats that exist and do exploit this problem. Currently files named “okN.xls” contain Mdropper.J and Booli.A. The names and contained trojans can change at anytime. Currently it is unkown if Microsoft will release a patch for Excel before July 11th. In previous cases, Microsoft has not released a patch, and it is speculated that the attackers are trying to take advanged of past actions.
For more, see US-CERT TA06-167A.
Posted by Richard Frovarp at 8:49 AM
June 14, 2006
June Windows Update
This month’s update from Microsoft affects pretty much anyone running Windows. A fix for the zero-day vulnerability in Microsoft Word has finally been released. Fixes for Word, PowerPoint, Windows Media, Microsoft Internet Explorer, Exchange and Windows itself are all available. There is a fix for PowerPoint on OS X as well for Apple users. For details see US CERT TA06-164A.
Posted by Richard Frovarp at 8:53 AM
May 11, 2006
Multiple vulnerabilities in QuickTime
QuickTime 7.1 Update is now available. There are functionality imporvements and the update does fix 12 security vulnerabilities on both OS X 10.3.9 and later, Windows XP and WIndows 2000. See QuickTime 7.1 Update for more information.
Posted by Richard Frovarp at 4:02 PM
May 9, 2006
Exchange and Flash Vulnerabilities
There is a security hole in how Microsoft Exchange handles vCal and iCal properties. There are several vulnerabilities in Adobe Macromedia Flash. Microsoft has posted a critical update to fix the problem with Exchange. Microsoft and Adobe have both posted fixes for the Flash problems. The Flash problems are present in Flash for Windows, Macs, and Linux. See Macromedia APSB06-03 for details.
Posted by Richard Frovarp at 7:44 PM
April 12, 2006
April Windows Updates
Microsoft on Tuesday, April 11th, released several security patches. These patches fix 7 security vulnerabilities in IE, 1 in ActiveX, and 1 in Explorer. All of the vulnerabilies allow an unauthenticated remote attack to execute arbitrary code on the victim machine. Users should use Microsoft update to patch their machines soon. Some exploits for the vulnerabilities have existed for several weeks. To read more, see US-CERT TA06-101A
Posted by Richard Frovarp at 8:54 AM
March 15, 2006
Microsoft Office and Excel Vulnerabilities
There are multiple vulnerabilities in MS Office and Excel for both the WIndows and Mac OS X platforms. Exploits of these vulnerabilities allow the attacker to gain remote access to the machine and execute arbritrary code. To fix the exploits, Microsoft has released patches, which should be applied as soon as possible. Read the CERT Advisory.
Posted by Richard Frovarp at 8:24 AM
February 15, 2006
Microsoft Windows Security Patches
The latest round of patches from Microsoft came out on the 14th. Several fixes prevent the arbritrary execution of code from malformed WMF and other types of files. Furthermore, a fix was made to the TCP/IP protocol to properly validate IGMP packets to prevent denial-of-service attacks. See US-CERT for more details.
Posted by Richard Frovarp at 8:20 AM
January 11, 2006
Apple QuickTime Vulnerabilites
From the US Computer Emergency Response Team (US-CERT):
Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service.
Vulenerabilities exist for QTIF images, TGA images, TIFF images, GIF images, and media files. The vulnerabilities could be exploited by visiting a website that uses the QuickTime plugin for the web browser. No action other than visitng a site may be required of the users. The recommendation is to upgrade to latest version, 7.0.4.
For the full US-CERT advisory visit: http://www.us-cert.gov/cas/techalerts/TA06-011A.html
For the Apple release visit: http://docs.info.apple.com/article.html?artnum=303101
Posted by Richard Frovarp at 6:12 PM
January 5, 2006
Microsoft Releases Official WMF Patch
Microsoft has released the official security patch for the WMF vulnerability.
Official release information is available at this Microsoft Security Bulletin
Posted by John Gieser at 6:01 PM
January 3, 2006
Temporary WMF Exploit Patch Available
It’s only been about a week, but the newly discovered zero-day vulnerability affecting all versions of windows mentioned earlier already has over one hundred different explotations in the wild. Microsoft still hasn’t released an official patch to fix this huge security problem, and it isn’t known when they will make one available.
Fortunately, Steve and Leo of Security Now! are on the case, with lots of great information about this issue available. Most importantly, they’ve linked to a verified, high quality patch created by a third party that effectively eliminates the vulnerability (look for the green box on the page I’ve linked to right above). Until Microsoft is able to repair and update the affected DLL file, this is your best bet to reduce your risk.
Note that this patch only works for Windows 2000, XP, and 2003, so 95/98 have no short term fix available.
Posted by Web Developer at 9:38 AM
December 28, 2005
New Zero-Day Exploit Affects Patched Windows Computers
A new Windows exploit affects fully-patched XP and 2003 computers, letting malicious hackers successfully attack them.
Security firms warn that computers can be attacked if users do any of the following:
- Visit hostile web sites hosting exploits
- Open a malicious .WMF file in Windows Picture and Fax Viewer
- Preview a malicious .WMF file in Windows Explorer
There currently is no patch available to fix this exploit. Secunia classifies this one as extremely critical and advises not opening or previewing untrusted “.wmf” files and setting the security level to “High” in Microsoft Internet Explorer. Symantec also has additional information (it refers to it as Bloodhound.Exploit.56).
Posted by Web Developer at 2:38 PM
December 13, 2005
Microsoft update Tuesday for December
Today is update Tuesday for users of Microsoft Windows. The updates include fixes for security vulnerabilities in Internet Explorer. If you aren’t using automatic updates, remember that Microsoft usually releases security patches on the second Tuesday of the month.
Posted by Richard Frovarp at 6:10 PM
November 18, 2005
Sony Music CD Rootkits
Over the last week, you may or may not have heard all of the hullabaloo over the discovery that for about the last year, Sony has been secretly installing rootkits on consumer computers, all in the name of DRM copy protection. As I discussed earlier, rootkits are pieces of software that bury themselves so far into the operating system that it’s virtually undetectable. For a good summary of this story, please read the 2005 Sony CD copy protection controversy article at Wikipedia.
Whether you realize it or not, this is an extremely big deal. Beyond the fact that Sony has the ability to do anything they want on infected computers (including sending information about the songs you listen to, which they’re already doing), crackers have already found easy methods of exploiting this rootkit installed on at least half a million of computers. It appears that Sony has broken at least a few state laws by secretly installing its software on PCs and class action lawsuits are already in progress.
One of the most troubling parts of this story to me is the response, or lack of one, by security software vendors. As Bruce Schneier points out in an excellent essay at Wired News:
When a new piece of malware is found, security companies fall over themselves to clean our computers and inoculate our networks. Not in this case.
McAfee didn’t add detection code until Nov. 9, and as of Nov. 15 it doesn’t remove the rootkit, only the cloaking device. The company admits on its web page that this is a lousy compromise. “McAfee detects, removes and prevents reinstallation of XCP.” That’s the cloaking code. “Please note that removal will not impair the copyright-protection mechanisms installed from the CD. There have been reports of system crashes possibly resulting from uninstalling XCP.” Thanks for the warning.
Symantec’s response to the rootkit has, to put it kindly, evolved. At first the company didn’t consider XCP malware at all. It wasn’t until Nov. 11 that Symantec posted a tool to remove the cloaking. As of Nov. 15, it is still wishy-washy about it, explaining that “this rootkit was designed to hide a legitimate application, but it can be used to hide other objects, including malicious software.”
The only thing that makes this rootkit legitimate is that a multinational corporation put it on your computer, not a criminal organization.
Related Links:
- Sony, Rootkits and Digital Rights Management Gone Too Far (the original blog post that broke this story open)
- CD’s Containing XCP Content Protection Technology (rootkit technology)
- Sony Rootkit Roundup, part I and part II
- Security Now! Podcast: Sony’s “Rootkit Technology” DRM (copy protection gone bad)
- Sony Numbers Add Up to Trouble [Wired News]
- Sony CDs banned in the workplace [Boing Boing]
Posted by Web Developer at 12:45 PM