Wednesday, August 31, 2011
Mozilla Firefox 6.0.1 Update Released
As a result of the Fraudulent *.google.com SSL Certificate, Firefox has been updated to version 6.0.1. Thunderbird and SeaMonkey have also been updated.
The upgrade to Firefox 6 is being offered through the browser update mechanism. To get the update now, select Help, About Firefox, Check for Updates.
Tuesday, August 30, 2011
Fraudulent *.google.com SSL Certificate
A fraudulent SSL certificate was issued for the .google.com domain name from Diginotar, a Dutch Certificate Authority on July 10,2011. The articles referenced below provide background information and a time-line about the events.
Of concern, is whether your browser is protected from spoofs, phishing attacks, or man-in-the-middle attacks from subdomains of google.com.
All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Should you land on a website or attempt to install a program signed by the DigiNotar root certificate, you will receive an invalid certificate error.
A future update will be released to address this issue for all supported editions of Windows XP and Windows Server 2003.
Rather than waiting for the update, action can be taken now by following the instructions at Deleting the DigiNotar CA certificate.
Google Chrome is expected to be updated soon. Chrome 13 and newer have legitimate Google certificates, hard-coded.
No official word has been issued regarding an update for either the Safari or Opera browser.
F-Secure: Diginotar Hacked by Black.Spook and Iranian Hackers
PC World: Google One of Many Victims in SSL Certificate Hack
Of concern, is whether your browser is protected from spoofs, phishing attacks, or man-in-the-middle attacks from subdomains of google.com.
Internet Explorer
Microsoft issued Security Advisory (2607712): Fraudulent Digital Certificates Could Allow Spoofing, indicating that the precautionary step of removing the DigiNotar root certificate from the Microsoft Certificate Trust List.All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Should you land on a website or attempt to install a program signed by the DigiNotar root certificate, you will receive an invalid certificate error.
A future update will be released to address this issue for all supported editions of Windows XP and Windows Server 2003.
Mozilla Firefox
The Mozilla Security Blog reported at Fraudulent *.google.com Certificate at Mozilla Security Blog that new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9), Thunderbird (3.1.13, and 6.0.1) and SeaMonkey (2.3.2) will be released shortly that will revoke trust in the DigiNotar root.Rather than waiting for the update, action can be taken now by following the instructions at Deleting the DigiNotar CA certificate.
Other Browsers
As reported in the Google Online Security Blog at An update on attempted man-in-the-middle attacks, steps were taken to disable the DigiNotar certificate authority in Chrome. This was done while the investigations continues because it is not known if other fraudulent certificates were exist that have yet to be discovered.Google Chrome is expected to be updated soon. Chrome 13 and newer have legitimate Google certificates, hard-coded.
No official word has been issued regarding an update for either the Safari or Opera browser.
Background Articles
Computerworld: Hackers stole Google SSL certificate, Dutch firm admitsF-Secure: Diginotar Hacked by Black.Spook and Iranian Hackers
PC World: Google One of Many Victims in SSL Certificate Hack
Monday, August 22, 2011
WinPatrol PLUS available for $9.99
Anyone who knows me as well as those I have helped clean their computer in the forums, knows that WinPatrol is a particular favorite. I've been using WinPatrol since Windows 95 and it hasn't let me down yet. The tabbed interface is easy to use and the features are abundant.
Bill Pytlovany is providing a great opportunity for WinPatrol fans to upgrade to WinPatrol PLUS for a one-time fee of $9.99! Click here to upgrade to WinPatrol PLUS now!
Read more about Bill's offer and C|Net's latest annoyance at WinPatrol PLUS available for $9.99 while CNET Annoys Users.
Need additional information about WinPatrol? See a list of the numerous at LandzDown Forum in WinPatrol Features.
Bill Pytlovany is providing a great opportunity for WinPatrol fans to upgrade to WinPatrol PLUS for a one-time fee of $9.99! Click here to upgrade to WinPatrol PLUS now!
Read more about Bill's offer and C|Net's latest annoyance at WinPatrol PLUS available for $9.99 while CNET Annoys Users.
Need additional information about WinPatrol? See a list of the numerous at LandzDown Forum in WinPatrol Features.
Tuesday, August 16, 2011
Mozilla Firefox 6 Released, Includes Critical Security Updates
In keeping with the rapid release schedule, Mozilla released Firefox 6 today.
As expected when a version update is released, you may find that many of your favorite add-ons are not compatible with the new release. Use Add-on Compatibility Reporter to test and report on your favorite add-ons in version 6.
What's New
- The address bar now highlights the domain of the website you're visiting
- Streamlined the look of the site identity block
- Added support for the latest draft version of WebSockets with a prefixed API
- Added support for EventSource / server-sent events
- Added support for window.matchMedia
- Added Scratchpad, an interactive JavaScript prototyping environment
- Added a new Web Developer menu item and moved development-related items into it
- Improved usability of the Web Console
- Improved the discoverability of Firefox Sync
- Reduced browser startup time when using Panorama
- Fixed several stability issues
- Fixed several security issues
Fixed in Firefox 6
MFSA 2011-29 includes eight (8) critical and two (2) high security updates.Miscellaneous memory safety hazards (rv:4.0)
Impact: CriticalUnsigned scripts can call script inside signed JAR
Description: Mozilla identified and fixed several memory safety bugs in the browser engine used in Firefox 4, Firefox 5 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
JavaScript crashCrash in the Ogg reader which affected Firefox 4 and Firefox 5.Memory safety issues which affected Firefox 4 and Firefox 5.
Impact: Critical
Description: Unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR.
This is a distinct issue from MFSA 2008-23 and did not affect Firefox 3.6.
References:
String crash using WebGL shaders
Impact: CriticalHeap overflow in ANGLE library
Description: An overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code.
References:
Impact: CriticalCrash in SVGTextElement.getCharNumAtPosition()
Description: Potentially exploitable heap overflow in the ANGLE library used by Mozilla's WebGL implementation.
References:
Impact: CriticalCredential leakage using Content Security Policy reports
Description: A SVG text manipulation routine contained a dangling pointer vulnerability.
References:
Impact: HighCross-origin data theft using canvas and Windows D2D
Description: Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy.
References:
Impact: High
Description: When using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain.
References:
The upgrade to Firefox 6 will be offered through the browser update mechanism. However, as the upgrade includes critical security updates, it is recommended that the update be applied as soon as possible. To get the update now, select Help, About Firefox, Check for Updates.
References
- Common questions after updating Firefox
- Mozilla Firefox Release Notes
- Mozilla Foundation Security Advisory 2011-29
Thursday, August 11, 2011
Adobe Flash Player Critical Update
Adobe Flash Player was updated to version 10.3.183.5 to address critical vulnerabilities in the previous version. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.
Release date: August 9, 2011
Vulnerability identifier: APSB11-21
CVE number: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2425
Platform: All platforms
Adobe Flash Player for Android 10.3.186.3 by downloading it from the Android Marketplace by browsing to it on a mobile phone.
Browser Update Instructions
Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, the direct download links are as follows:- IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
- Non-IE (Opera, Firefox etc) http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe
Verify Installation
To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.Do this for each browser installed on your computer.
Additional Recommendations
The latest version of Adobe Flash Player for is available for download from the Android Marketplace by browsing to it on a mobile phone.
Adobe further recommends users of Adobe AIR 2.7 for Windows and Macintosh update to Adobe AIR 2.7.1. Users of Adobe AIR 2.7 for Android should update to Adobe AIR 2.7.1.1961 from the Android Marketplace by browsing to it on a mobile phone.
References
- Adobe Security Advisory: Security update available for Adobe Flash Player
- Adobe PSIRT Blog: Adobe produce security update available
Microsoft Update Impacts WinPatrol Cookie Monitoring
WinPatrol fans who monitor cookies in Internet Explorer will discover after installing the latest Microsoft security updates that cookies do not display as expected in WinPatrol.
Instead of seeing the expected site or cookie name displayed, cookies are identified as alpha-numeric.txt files (i.e., HILD912G.txt).
In testing, I intentionally started installing the security updates one-by-one, selecting Microsoft Security Bulletin MS11-057 - Critical: Cumulative Security Update for Internet Explorer (2559049) first since it applies to all three operating systems and browsers. Indeed, following a restart, I was able to confirm the change in cookie display for IE9 on Windows 7.
Based on feedback from WinPatrol users, this issue has been confirmed in Windows XP, Windows Vista and Windows 7 with IE8 and IE9. (IE6 and IE7 have not been tested but will likely be impacted the same since the update applies to all versions of Internet Explorer.)
MS11-057 is a critical security update and it is strongly advised that it be installed. Cookies are a minor issue compared to the fix in this update, which, as described in the MSRC Blog:
Instead of seeing the expected site or cookie name displayed, cookies are identified as alpha-numeric.txt files (i.e., HILD912G.txt).
In testing, I intentionally started installing the security updates one-by-one, selecting Microsoft Security Bulletin MS11-057 - Critical: Cumulative Security Update for Internet Explorer (2559049) first since it applies to all three operating systems and browsers. Indeed, following a restart, I was able to confirm the change in cookie display for IE9 on Windows 7.
Based on feedback from WinPatrol users, this issue has been confirmed in Windows XP, Windows Vista and Windows 7 with IE8 and IE9. (IE6 and IE7 have not been tested but will likely be impacted the same since the update applies to all versions of Internet Explorer.)
MS11-057 is a critical security update and it is strongly advised that it be installed. Cookies are a minor issue compared to the fix in this update, which, as described in the MSRC Blog:
"resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer."Bill Pytlovany has been advised of the situation and is actively working on a solution.
Tuesday, August 09, 2011
Microsoft August 2011 Security Bulletin Release
Microsoft released thirteen (13) bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer, .NET and Visual Studio. Two are rated Critical in severity, nine Important and two Moderate.
Below is a quotation of the description of the priority bulletins, from the MSRC Blog:
- MS11-057 (Internet Explorer). This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Microsoft is not aware of any attacks leveraging the vulnerabilities addressed in this bulletin.
- MS11-058 (DNS Server). This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a specially crafted Naming Authority Pointer (NAPTR) query to a DNS server. Servers that do not have the DNS role enabled are not at risk.
In reviewing the Executive Summaries from the Microsoft Security Bulletin Summary for August 2011, most of the updates will require a restart. Regardless of the recommendation, it is always best to restart your computer after applying updates. If you have had problems with .NET Framework updates in the past, consider installing MS11-066 and MS11-069 separately, followed by a restart.
Support
The following additional information is provided in the Security Bulletin:- The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
- Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.
References
- MSRC: A live BlueHat Prize webcast and the August 2011 security updates
- Security Research and Defense: Assessing the risk of the August security updates
- TechNet: Microsoft Security Bulletin Summary for August 2011
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
Thursday, August 04, 2011
Security Bulletin Advance Notification for August, 2011
On Tuesday, August 9, 2011, Microsoft is planning to release thirteen (13) bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer, .NET and Visual Studio.
Two of the updates are identified as Critical, nine as Important and the remaining two as Moderate, with most requiring a restart.
Although, whether required or not, it is advised to restart your computer after installing updates, a number of the scheduled bulletins will require a restart in order to complete the installation. Even though the updates to .NET Framework are identified as "may require a restart", I recommend installing them separate from the other updates.
References
- MSRC Blog: Advance Notification Service for the August 2011 Bulletin Release
- TechNet: Advance Notification Service for the August 2011 Security Bulletin Released
Wednesday, August 03, 2011
Solve Microsoft Standalone System Sweeper Errors
Edit Note: *The Microsoft Standalone System Sweeper Beta has been renamed to "Windows Defender Offline Beta".
There is a lot of interest in the Microsoft Standalone System Sweeper Beta, a recovery tool currently available from Microsoft Connect. Most people using the tool have not had any problems. However, as is inevitable, there are several error codes that some people have experienced.
Below is a summary of the common error codes and suggested trouble-shooting steps.
Error Code 0x8004cc04 relates to missing definitions.
Recommendation: Run the tool again and select the USB drive option. The USB drive will be reformatted and a Standalone System Sweeper will be installed on the USB drive. This will convert the USB to a bootable USB drive. Be sure to click Yes, download the latest definitions. You must be connected to the Internet to complete this process.
(Added 12SEP2011)
Error Code 0x8004cc05 appears to be more common on systems with an AMD processor. I also found that Error Code 0x8004cc05 is also more likely on systems with a 3.5" floppy drive. Disabling the floppy drive either via Device Manager or BIOS appears to solve the problem.
For additional assistance, see the problems listed below addressed in Microsoft Standalone System Sweeper Beta Help & How-To
There is a lot of interest in the Microsoft Standalone System Sweeper Beta, a recovery tool currently available from Microsoft Connect. Most people using the tool have not had any problems. However, as is inevitable, there are several error codes that some people have experienced.
Below is a summary of the common error codes and suggested trouble-shooting steps.
Items of note
- At least 1 GB RAM is required in order to run the Standalone System Sweeper.
- A minimum of at least 250 MB of free space on the selected media (CD, DVD or USB drive) is required.
- The correct version of the tool (32- or 64-bit) is required for the infected operating system where the tool will be used.
- The System Sweeper will not be able to scan if there are no definitions.
- An Internet connection is needed in order to update the definitions.
Error Code 0x8004cc04
Error Code 0x8004cc04 relates to missing definitions.
Recommendation: Run the tool again and select the USB drive option. The USB drive will be reformatted and a Standalone System Sweeper will be installed on the USB drive. This will convert the USB to a bootable USB drive. Be sure to click Yes, download the latest definitions. You must be connected to the Internet to complete this process.
Error Code 0x8004cc05
Update: Error Code 0x8004cc05 has also occurred in situations where no floppy drive is enabled. In those cases, a solution that has worked is to boot without the network cable. After the Microsoft Standalone System Sweeper launches, reconnect the network cable and download the current definitions.(Added 12SEP2011)
Error Code 0x8004cc05 appears to be more common on systems with an AMD processor. I also found that Error Code 0x8004cc05 is also more likely on systems with a 3.5" floppy drive. Disabling the floppy drive either via Device Manager or BIOS appears to solve the problem.
- To Disable the Floppy Drive in Device Manager: Go to Device Manager. (Accept any UAC Prompt in Windows Vista or Windows 7). Locate and Expand FloppyDiskdrives. Right-click on the FloppyDiskDrive and select Disable. Close Device Manager and restart the computer.
- To Disable the Floppy Drive in BIOS: On most computers you can access the BIOS by tapping the Delete key when restarting the Computer, although some use the F2, F10 or ESC key. In CMOS Setup, click the device associated with the drive, generally Floppy Drive A and select Disabled. Press F10 to save and select Yes to confirm your changes and restart the computer.
Error Code 0x8050800c
There are a couple of issues that may result in Error Code 0x8050800c.- At least 1 GB RAM is needed in order to run the Standalone System Sweeper
- The ISO created may be defective. Try creating a new ISO, allowing it to download the newest definitions (Note: You will not be able to scan if there are no definitions.)
- Run chkdsk /r on the drive and see if system sweeper will work correctly
Additional Help
For additional assistance, see the problems listed below addressed in Microsoft Standalone System Sweeper Beta Help & How-To
- I can’t create a bootable CD or DVD
- I can’t create a bootable USB
- The files cannot be downloaded by Microsoft Standalone System Sweeper Beta
- The CD or DVD is not detected by Microsoft Standalone System Sweeper Beta
- How do I start my computer from a CD, DVD or USB?
- How do I use the Microsoft Standalone System Sweeper ISO file?
- How do I restart my computer after using the bootable media?
Related Topics
- *Windows Defender Offline Beta, formerly Standalone System Sweeper
- Setting Up the Microsoft Standalone System Sweeper Beta
- How to Use the New Microsoft Safety Scanner
- Understanding Microsoft Anti-Malware Software 2012
Subscribe to:
Posts (Atom)