Thursday, December 29, 2011

Out-of-Band Critical Security Update MS11-100


Microsoft ended the year with a critical security update.  Security Update MS11-100 was released to address the issue described in Security Advisory 2659883.

The update resolves a publicly disclosed remote unauthenticated Denial of Service issue in ASP.NET versions 1.1 and above on all supported versions of .NET Framework.

Update:   December 2011 Out-Of-Band Security Bulletin Webcast Q&A

Known Issues

See KB Article 2638420, MS11-100: Vulnerability in the .NET Framework could allow elevation of privilege: December 29, 2011.

Reminder

When updating .NET Framework, always install the update separately from other updates and follow with a shutdown/restart.

Support

The following additional information is provided in the Security Bulletin:
  • The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
  • Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
  • International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

References





    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Saturday, December 24, 2011

    Merry Christmas, Ukrainian Style

    Merry Christmas to all my family, friends and Security Garden readers.

    Sending warmest wishes to you and your family. May you enjoy the spirit of Christmas every day of the coming year.

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~


    Our family celebrates Christmas Eve in the Ukrainian tradition.  The video below includes examples of some of the traditional foods that are part of the Christmas Eve celebration. 





    References:


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, December 20, 2011

    Mozilla Firefox 9 Released, Includes Critical Security Fixes


    Mozilla released Firefox 9 today, in keeping with the rapid release schedule,

    As expected when a version update is released, you may find that many of your favorite add-ons are not compatible with the new release.  Use Add-on Compatibility Reporter to test and report on your favorite add-ons in version 9.

    Security Updates

    The following security updates are included in the release of Firefox 9, in which MFSA 2011-58, MFSA 2011-55, MFSA 2011-54 and MFSA 2011-53 are rated Critical, with MVSA 2011-57 High and MVSA 2011-56 as Low.

    MFSA 2011-58 Crash scaling to extreme sizes
    MFSA 2011-57 Crash when plugin removes itself on Mac OS X
    MFSA 2011-56 Key detection without JavaScript via SVG animation
    MFSA 2011-55 nsSVGValue out-of-bounds access
    MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
    MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)

    What's New

    The Release Notes listed the following new features in version 9:

    The upgrade to Firefox 9 will be offered through the browser update mechanism.  However, as the upgrade includes critical security updates, it is recommended that the update be applied as soon as possible.  To get the update now, select Help, About Firefox, Check for Updates.

    If you do not use the English language version, Fully Localized Versions are available for download.

    References




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    Friday, December 16, 2011

    Critical Security Update for Adobe Reader/Acrobat



    Adobe released a critical security update addressing vulnerabilities being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.

    The vulnerability relates to memory corruption vulnerabilities which could cause a crash and potentially allow an attacker to take control of the affected system.

    Acrobat and Reader users can update to the latest version using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from http://www.adobe.com/products/reader/

    Adobe plans on updating all other versions as part of the next quarterly update scheduled for January 10, 2011.  According to Adobe, Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing.

    Release Details

    • Release date: December 16, 2011
    • Vulnerability identifier: APSB11-30
    • CVE number: CVE-2011-2462, CVE-2011-4369
    • Platform: Windows

    Alternatives

    Several years ago, I tired of Adobe Reader and switched to Sumatra PDF, an alternate PDF reader.  After I got past the bright yellow GUI, I found Sumatra PDF to be a nice, light-weight option with no unnecessary add-ons or toolbars.  There are a number of open source readers available from http://pdfreaders.org/.

      References





      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Tuesday, December 13, 2011

      Microsoft December 2011 Security Bulletin Release


      Microsoft released thirteen (13) bulletins addressing 19 vulnerabilities in Microsoft Windows, Microsoft Office (including Microsoft Office for Mac) and Internet Explorer.

      Three bulletins are rated Critical with the remaining ten rated as Important.  Most updates will require a restart to complete the installation.

      Originally, 14 bulletins were planned one was withdrawn after Microsoft discovered a compatibility issue between the bulletin-candidate addressing Security Advisory 2588513 and a major third-party vendor.  Microsoft is working with that vendor to address the issue on their platform.  Microsoft has been monitoring the issue in Security Advisory 2588513 and has not seen active attacks in the wild.

      Disable Microsoft Fix it

      MS11-087 was issued to address Security Advisory 2639658.  If you installed Microsoft Fix it 50792, before installing the updates released today, I recommend disabling the Fix it

      Direct download link:  Microsoft Fix it 50793


      Support

      The following additional information is provided in the Security Bulletin:
      • The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
      • Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
      • International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

      References





      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Thursday, December 08, 2011

      Security Bulletin Advance Notification for December, 2011


      On Tuesday, December 13, 2011, Microsoft is planning to release fourteen (14) Security Bulletins, of which three bulletins are identified as Critical with the remaining as Important.

      The bulletins address vulnerabilities in Microsoft Windows, Microsoft Office (including Microsoft Office for Mac) and Internet Explorer.  Most updates will require a restart to complete the installation.

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Tuesday, December 06, 2011

      Windows Defender Offline Beta, formerly Standalone System Sweeper

      Although the Microsoft Standalone System Sweeper is currently still available at Connect, it can now also be found as Windows Defender Offline Beta on the Microsoft Help & How-to web pages.

      Windows Defender Offline Beta Information


      Related Articles





      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Security Advisory for Adobe Reader and Acrobat (APSA11-04)



      Adobe released a Security Advisory (APSA11-04) which references a critical vulnerability in Adobe Reader X and Adobe Acrobat X (10.1.1) and earlier versions for all versions.

      The vulnerability relates to a memory corruption vulnerability which could cause a crash and potentially allow an attacker to take control of the affected system.  Adobe indicates that there are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows.

      An update for Adobe Reader and Acrobat 9.x only for Windows is expected no later than the week of December 12, 2011.  Adobe plans on updating all other versions as part of the next quarterly update scheduled for January 10, 2011.  According to Adobe, Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing.

      Alternatives

      Several years ago, I tired of Adobe Reader and switched to Sumatra PDF, an alternate PDF reader.  After I got past the bright yellow GUI, I found Sumatra PDF to be a nice, light-weight option with no unnecessary add-ons or toolbars.  There are a number of open source readers available from http://pdfreaders.org/.

      Advisory Details

      • Release date: December 6, 2011
      • Vulnerability identifier: APSA11-04
      • CVE number: CVE-2011-2462
      • Platform: All

      References





      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Friday, November 25, 2011

      No, it isn't the Blaster Worm

      There has been a rash of posts in help forums by people reporting their computer is infected with the Blaster Worm, w32blaster/worm.  It is not the Blaster Worm that has infected these computers but rather a fake/rogue antispyware program called "Spyware Protection".

      Those who have attempted self-help fixes are reporting that they are unable to boot the computer in any mode.  If you are getting notices that your computer is infected with  the w32blaster/worm, follow the following steps:

      1. Please restart the computer in Safe Mode with Networking. (To do this, turn your computer off and then back on.  Immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. Windows will now boot into safe mode with networking and prompt you to login as a user.)
      Note:  If you are unable to connect to the Internet, it will be necessary to go to an uninfected computer and download both RKill and Malwarebytes and transport the files to the infected computer via CD/DVD or memory stick.
      2. Please download RKill from one of the following links at Bleeping Computer and save to your Desktop:

      One, Two,Three or Four

      • Double-click RKill to run.
      • A command window will open then disappear upon completion, this is normal.
      • Please leave RKkill on the Desktop until otherwise advised.
      • Do NOT restart your computer after running rkill as the malware program(s) will start again.
      Note: If you you receive security warnings about RKill, please ignore and allow the download to continue.

      3. Please download Malwarebytes' Anti-Malware to your desktop.
      • Double-click mbam-setup.exe and follow the prompts to install the program.
      • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
      • If an update is found, it will download and install the latest version.
      • Once the program has loaded, be sure Quick scan is selected, then click Scan.
      • When the scan is complete, click OK, then Show Results to view the results.
      • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:


      • Click Remove Selected.
      • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
      • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
      ** Note **

      If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

      After completing the above steps, take the additional time to update the third-party software on your computer, particularly Adobe products and Java.  Also, double-check that any old, vulnerable versions of Java have been uninstalled.

      ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

      If you are still having problems with your computer after completing the above instructions, assistance is available from trained analysts trained in malware removal at the sites listed in Malware Removal Help Sites.  As each site has different requirements, please follow the instructions provided at the site.



      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Wednesday, November 23, 2011

      Safety Tips for Online Shopping

      Online shopping is no longer reserved for Cyber Monday, the Monday after Thanksgiving when most Americans return to work after the long Thanksgiving Holiday weekend.  However, during the Holidays, online shopping does increase.

      Along with the increased shopping, there is also increased opportunities for scams, phishing, and identity theft.  If the deal sounds too good to be true, most likely there are hidden strings, such as high shipping costs. 

      .

      Protect Your PC

      Before you start shopping, take care of basic security.  This includes having a software firewall and up-to-date antivirus and anti-malware software.
      • If your antivirus software license expired, either renew the license or uninstall it and download and install Microsoft Security Essentials.  (If the replaced antivirus was a "security suite", be sure to activate the Windows Firewall when uninstalling.)
      • Now run a full system scan with your updated antivirus software.
      • Next, scan with an anti-malware software.  If you do not have an anti-malware software, my favorite is Malwarebytes' Anti-Malware.  Another popular program is SUPER AntiSpyware.
      • Check for and install Security Updates, including third-party software such as Adobe Flash and Java.
      • Be sure you are using an updated browser.  Each version release includes security updates.


      Protect Your Credit

      Your computer is ready and so are you.  But, safety precautions do not end with your computer.  Now the onus is on you to protect your credit.
      • Shop at reputable websites.  If the offer sounds too good to be true, it is probably a scam. Customer evaluations are available at sites like Epinions.com or BizRate to help you determine the legitimacy of a company.
      • ONLY do your online shopping from home and never from an insecure public WiFi spot or public area like an Internet cafe.
      • To complete your purchases, checking out will require creating an account.  It is not advisable to store your credit card and other personal information on the website.
      • At checkout, the site web address should be https: and there should be a closed padlock there or in the lower right corner of your browser.  If not, forget about it.  You will be giving away your credit card information!
      • It is best to use a "true" credit card, rather than a debit card as it is better fraud protection.
      • At the completion of your order, print or make a screen copy, including the confirmation number, as a receipt for your purchase.

      Tips

      Finally, a couple of money-saving tips that may result in additional savings when you shop online.
      • Be wary of most of the "coupon sites".  However, there is at least one that I am aware of that appears to have a good reputation and is "McAfee Secure":
      "Hundreds of well-known online stores like Barnes and Noble, Staples, and Overstock.com have a place within their shopping cart for a "coupon code" that gives a percent or dollar amount off your purchase. If you don't know the code, you can't take advantage of the discount. You can find these secret discount codes and coupon codes listed on many sites across the internet but the problem with these sites is that they're usually personal homepages and they don't maintain their lists! Currentcodes.com has a full-time staff of trained individuals whose only job is to find new coupon codes and discount codes and verify the accuracy of the existing database. We don't flood you with ads and we don't throw deals in your face. No hype, just current codes."
      • Check CyberMonday.com which includes special offers, including free shipping, at hundreds of online merchants.  On the actual Cyber Monday, the site will provide hourly specials and exclusives from popular online retailers.  A portion of the proceeds from CyberMonday.com supports the Ray Greenly Scholarship Fund.
      • RetailMeNot.com has printable coupons as well as coupon codes for online shopping.  It is definitely worth checking.



      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Friday, November 11, 2011

      Lest We Forget

      At the the 11th hour of the 11th day of the 11th month, set aside politics and petty grievances and take time to pay tribute to all who died for their country.  As it happens, the 11th hour this year will occur on 11/11/11.

      As in previous years, I am republishing my friend Canuk's last tribute. The comment he posted provides one example of why he was a special person:
      "I too "will remember your friends who never had a full life", while thanking you and your comrades who have served with pride, honesty and honour.

      Despite anyone's thoughts of the current conflict in Iraq - opposition or agreement, we must always remember that these brave young men and women are fighting for a cause they also may or may not agree with. The huge difference between them and us is that they are putting their lives on the line 24/7 while we sit in our homes in comfort, using the freedom of speech previous warriors won for us, and for that they deserve our love, respect, and support."
      LEST WE FORGET








      We Shall Keep the Faith by Moira Michael, November 1918

      Oh! you who sleep in Flanders Fields, Sleep sweet - to rise anew! We caught the torch you threw And holding high, we keep the Faith With All who died. We cherish, too, the poppy red That grows on fields where valor led; It seems to signal to the skies That blood of heroes never dies, But lends a lustre to the red Of the flower that blooms above the dead In Flanders Fields. And now the Torch and Poppy Red We wear in honor of our dead. Fear not that ye have died for naught; We'll teach the lesson that ye wrought In Flanders Fields.
      Flags courtesy of3DFlags.com







      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Thursday, November 10, 2011

      Microsoft Security Advisory 2641690 Addresses Fraudulent Digital Certificates

      Microsoft released Security Advisory 2641690 which relates to the revocation of trust in an Intermediate Certificate Authority, DigiCert Sdn. Bhd. (Digicert Malaysia). 

      The subordinate CA issued 22 certificates with weak 512 bit keys.  The subordinate CA has also issued certificates without the appropriate usage extensions or revocation information. to a Windows kernel issue related to the Duqu malware, a trojan that injects malicious code into other processes.

      If you do not have automatic updating enabled, the update is available by checking for updates or can be downloaded from KB Article 2641690.


      References





      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Adobe Releases Critical Update for Flash Player and AIR


      A critical update was released today by Adobe for Adobe Flash Player and Adobe AIR.  The update was released to address critical security issues in which all except one of the CVE's relate to vulnerabilities that could result in code execution.  The remaining vulnerability could lead to a cross-domain policy bypass for Internet Explorer users.


      Release date: November 10, 2011
      Vulnerability identifier: APSB11-28
      CVE number: CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460
      Platform: All Platforms

      Update Instructions

      Adobe Air

      The update to Adobe AIR 3.1.0.4880 can be obtained from the following locations:


      Adobe Flash Player

      The latest version for Adobe Flash Player for Android is 11.1.102.59.  It is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

      The newest version of Flash Player for Windows, Macintosh, Linux and Solaris is 11.1.102.55.

      Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, the direct download links are as follows:

      (Edit Note:  Download links updated.  Thank you, ky331!)

      Flash Player 11 (32-Bit)
      Flash Player 11 (64-Bit)

      If you use the Adobe Flash Player Download Center, be careful to UNCHECK the box shown below. It is not needed for the Flash Player update.  In addition, any toolbar offered with Adobe products can be unchecked if not wanted.





      Verify Installation

      To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.

      Do this for each browser installed on your computer.


      References





      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Tuesday, November 08, 2011

      Mozilla Firefox 8 Released, Includes Critical Security Fixes


      Mozilla released Firefox 8 today, in keeping with the rapid release schedule,

      As expected when a version update is released, you may find that many of your favorite add-ons are not compatible with the new release.  Use Add-on Compatibility Reporter to test and report on your favorite add-ons in version 8.

      Security Updates

      The following security updates are included in the release of Firefox 8, in which MFSA 2011-48, MFSA 2011-49 and MFSA 2011-52 are rated Critical, with the other three updates rated High.
      • MFSA 2011-52 Code execution via NoWaiverWrapper
      • MFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU
      • MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D
      • MFSA 2011-49 Memory corruption while profiling using Firebug
      • MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)
      • MFSA 2011-47 Potential XSS against sites using Shift-JIS

      What's New

      The Release Notes listed the following new features in version 8:
      • Add-ons installed by third party programs are now disabled by default
      • Added a one-time add-on selection dialog to manage previously installed add-ons
      • Added Twitter to the search bar for select locales. Additional locale support will be added in the future
      • Added a preference to load tabs on demand, improving start-up time when windows are restored
      • Improved performance and memory handling when using
      • Added CORS support for cross-domain textures in WebGL
      • Added support for HTML5 context menus
      • Added support for insertAdjacentHTML
      • Improved CSS hyphen support for many languages
      • Improved WebSocket support
      • Fixed several stability issues
      • Fixed several security issues

      The upgrade to Firefox 8 will be offered through the browser update mechanism.  However, as the upgrade includes critical security updates, it is recommended that the update be applied as soon as possible.  To get the update now, select Help, About Firefox, Check for Updates.

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Microsoft November 2011 Security Bulletin Release


      Microsoft released four (4) bulletins addressing vulnerabilities in Microsoft Windows. One bulletin is rated Critical, two Important and one Moderate. 

      The Critical update, MS11-083, Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516), requires a restart.

      Three three threat families are included in the November edition of the Microsoft Malicious Software Removal Tool - Win32/Carberp, Win32/Cridex and Win32/Dofoil. Additional information about Win32/Carberp is available in MSRT November '11: Carberp.

      Support

      The following additional information is provided in the Security Bulletin:
      • The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
      • Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
      • International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

      References





      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Adobe Releases Critical Update for Shockwave Player


      An update to Adobe Shockwave Player has been released to address critical vulnerabilities in version 11.6.1.629 and earlier version on both Windows and Macintosh systems. If successfully exploited, malicious code could be executed on the system.



      Release date: November 8, 2011
      Vulnerability identifier: APSB11-27
      CVE number: CVE-2011-2446, CVE-2011-2447, CVE-2011-2448, CVE-2011-2449
      Platform: Windows and Macintosh

      Update Information


      The newest version of Shockwave Player 11.6.3.633 is available here: http://get.adobe.com/shockwave/.

      Please remember to uncheck any unwanted 3rd party toolbars/programs during installation. Also please do not confuse this with Adobe Flash Player which is a different program.

      For how to disable the auto-update setting in Shockwave Player, see http://kb2.adobe.com/cps/166/tn_16683.html (This must be set every time Shockwave Player is updated if you do not want auto-updating.)



      Reference

      Adobe - Security Bulletins: APSB11-27 - Security update available for Adobe Shockwave Player


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Friday, November 04, 2011

      Microsoft Fix it for Duqu Malware, Security Advisory 2639658


      Microsoft released Security Advisory 2639658 which relates to a Windows kernel issue related to the Duqu malware, a trojan that injects malicious code into other processes.

      As illustrated in the image below of the Duqu infection schematics, provided by Symantec in Duqu: Status Updates Including Installer with Zero-Day Exploit Found,  once infected, the trojan can then install programs; view, change, or delete data; or create new accounts with full user rights.



      Microsoft is aware of targeted attacks that try to use the reported vulnerability and reports that at this time they see "low customer impact". Work continues to provide a security update for the vulnerability, either via an out-of-band update or during the regular monthly release process.  An update is not expected to be ready for delivery with the scheduled November update.


      Microsoft Fix it

      As an interim work-around, Microsoft has provided a Microsoft Fix it solution to simplify the work-around for workaround to deny access to t2embed.dll. 

      The Fix it solution is available from Microsoft KB Article 2639658, with direct links to the download files to enable and disable the solution below.

      EnableDisable
      Fix this problem
      Microsoft Fix it 50792
      Fix this problem
            Microsoft Fix it 50793

      References





      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      Thursday, November 03, 2011

      Security Bulletin Advance Notification for November, 2011


      On Tuesday, November 8, 2011, Microsoft is planning to release four (4) Security Bulletins, addressing four (4) CVEs in Windows. One bulletin is identified as Critical, two as Important and one Moderate.

      The bulletins address Remote Code Execution, Elevation of Privilege and Denial of Service, several requiring a restart. Whether required or not, it is advised to restart your computer after installing updates. 

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Tuesday, October 18, 2011

      Oracle Java SE Critical Security Update

      java

      Oracle Java released a critical security update to Java Runtime Environment (JRE).  The full internal version number for this update release is 1.6.0_29-b11 (where "b" means "build"). The external version number is 6u29.

      The critical update is a collection of patches for multiple security vulnerabilities in Oracle Java SE.  The update includes twenty (20) new security vulnerability fixes, of which six (6) are applicable to JRockit.

      The update to Java SE 6u29 follows Java SE 6u27. Java SE 6u28 was used as an internal build and by-passed in favor of the current release of Java SE 6u29.

      Although Java is not required (See Do You Need Java?), if you do have Java installed on your computer, it is advisable to install the latest update.  It is also advised that all prior (and vulnerable) versions of Java SE be uninstalled from your computer.

      Download Update: Java SE Runtime Environment 6u29


      Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.


      Affected Java SE Products and Components

      • JDK and JRE 7
      • JDK and JRE 6 Update 27 and earlier
      • JDK and JRE 5.0 Update 31 and earlier
      • SDK and JRE 1.4.2_33 and earlier
      • JavaFX 2.0
      • JRockit R28.1.4 and earlier(JDK and JRE 6 and 5.0)
      The next scheduled Oracle Java SE Critical Patch Update is 14 February 2012.

        References






        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...

        SUPERAntiSpyware Adds Opt-in Toolbar

        Personally, I prefer not to use toolbars.  However, there are many people who like add-on toobars on their browser of choice.

        Something that has been a point of contention, particularly within the security community, is the inclusion of pre-checked toolbars with security software.  This practice has resulted in discontinuing recommendations for those programs, even though the software is offered free for personal use.

        SUPERAntiSpyware has apparently found it necessary to supplement the support of the free version of SUPERAntiSpyware by the inclusion of the Ask Toolbar.  The difference between the inclusion of the toolbar by SUPERAntiSpyware and other vendors is that it is opt-in rather than opt-out (pre-checked).




        Nick Skrepetos*, developer of SUPERAntiSpyware, provided the statement below at Wilders Security Forums:
        "It's not bundled, but rather an optional install that, if elected, enables a Professional feature - scheduled scanning at no charge. A "bundle" means it's included and installed as part of the package - we have an optional install. Nothing is disabled or features lost if the user elects not to install - it's still the great free SUPERAntiSpyware we have always produced!"

        Recommendation


        If SUPERAntiSpyware is your anti-malware software program of choice, consider purchasing a license for the software.  However, if your preference is to continue using the free version, the built in Windows Scheduler is an option to use in order to schedule scanning.

        *SUPERAntiSpyware was acquired by Support.com in June, 2011. Press Release: Support.com Expands Software Offerings With Acquisition of SUPERAntiSpyware


        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...


        Tuesday, October 11, 2011

        Microsoft October 2011 Security Bulletin Release


        Microsoft released eight (8) bulletins addressing vulnerabilities in Internet Explorer, .NET Framework & Silverlight, Microsoft Windows, Microsoft Forefront UAG, and Microsoft Host Integration Server.  Two of the bulletins are rated Critical and six are rated Important

        Note:  With the inclusion of .NET Framework updates, it is recommended that those updates be installed separately from the remaining updates.  This is due to issues many people experience when installing .NET Framework updates.  Shutdown/restart the computer to complete the installation.

        Below are the Bulletins identified as Critical.  As noted above, it is recommended that MS11-078 be installed separately.

        • MS11-081 (Internet Explorer): This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
        • MS11-078 (.NET Framework & Silverlight): This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.
        .

        Although the Executive Summaries indicate that some of the updates "may" require a restart, regardless of the recommendation, it is always best to restart your computer after applying updates.

        Support

        The following additional information is provided in the Security Bulletin:
        • The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
        • Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
        • International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

        References





        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...


        Sunday, October 09, 2011

        How Windows PCs Get Infected with Malware

        CSIS Security Group in Denmark conducted a study of almost three months where they collected real-time data from various so-called exploit kits that Danish users were exposed to.  As described by Peter Kruse, Partner and Security Specialist at CSIS:
        "An exploit kit is a commercial hacker toolbox that is actively exploited by computer criminals who take advantage of vulnerabilities in popular software. Up to 85 % of all virus infections occur as a result of drive-by attacks automated via commercial exploit kits."

        How PCs Get Infected

        The CSIS study revealed that as much as 99.8 % of all virus/malware infections were a direct result of not updating five specific software packages.  Aside from missing Microsoft security updates, the study revealed the following out of date programs as being the most used by malware:  Java JRE (37%), Adobe Reader and Adobe Acrobat (32%), Adobe Flash (16%) and Microsoft Internet Explorer (10%).

        Third-Party Software

        Setting aside browser and operating system for the moment, what is notable from the CSIS study is the impact of third-party software, notably Java JRE, Adobe Reader and Adobe Acrobat and Adobe Flash.

        Oracle Java JRE
        When it comes to Oracle Java JRE, you may have it installed on your computer but might not even need it.  Following are reasons why someone may need Oracle Sun Java installed on their computer:
        • Playing on-line games generally requires Java.
        • With OpenOffice, Java is needed for the items listed  here . 
        • It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over.
        • There may be commercial programs that depend on Java. If Java is needed for a software installed on your computer, there should be a prompt for it.
        If the above does not apply to you, consider uninstalling Java.  In the event you discover that it is needed, you can always download the most recent version.

        Adobe Products
        Regular readers of this blog are familiar with my postings of critical updates for Adobe products.  You may not realize, however, that there have been over a dozen critical updates of Adobe products just this year between February and September.  Combined, out-dated Adobe products were the direct result of 48% of the infections in the analysis.

        Although I will continue providing updates for these products, it is advisable that you check that you have the most recent versions of Adobe products.  Personally, I switched to an alternate PDF reader some time ago.  There are a number of open source readers available from http://pdfreaders.org/.  Others include Nitro Reader and Sumatra PDF.

        Internet Explorer

        Although Internet Explorer is listed as shown in the CSIS analysis as the most affected browser, the report falls short in not breaking down the statistics by browser version.  According to the IE6 Countdown, at the end of September, 2011, 9% of the world is still using IE6.

        It is not very likely that 66% of  reported thousands of users in the analysis who had been exposed to drive-by attacks were using IE9.  Nonetheless, Denmark should be commended with only 0.7% of the users still on IE6.  The percentage still using IE7 is unknown.  Considering the high percentage of affected Windows XP computers, it would not be surprising to learn that the majority have not updated to IE8.

        References

        CSIS: This is how Windows get infected with malware
        IE6 Countdown
        Microsoft Download Center - Windows Internet Explorer 8 for Windows XP


        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...