Archive for the ‘Updates & Maintenance’ Category
Microsoft Releases Security Bulletin for December
If you don’t have your auto-update enabled, you may want to check out the Security Bulletin’s for December. There’s some important updates you need to address for Windows and Microsoft Office Suites!
MS09-069 – Important
A privately disclosed vulnerability in Windows could cause a Denial of Service attack.
MS09-070 – Important
In Microsoft’s words:
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities.
MS09-071 – Critical
2 more privately disclosed vulnerabilities, and this one’s a doozie! If you can past the jargon on how they explain this, the truth is the way Windows handle authentication is messed up in Windows! And that includes the MS-CHAP v2 handshake!
MS09-072 – Critical
4 privately disclosed vulnerabilities in IE!
- A remote code execution vulnerability exists in an ActiveX control built with vulnerable Microsoft Active Template Library (ATL) headers.
- A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. (PRICELESS! Now crap you delete in Windows makes you vulnerable!)
MS09-073 – Important
Fixes a privately reported vulnerability in Microsoft WordPad and Microsoft Office text converters.
MS09-074 – Critical
Only affects you if you use Project!
Get patching but be careful what you delete!
ROFLMAO
1 Comment »
Patch Tuesday Patches Critical Bugs
I should rephrase that because I actually liked the headlines that InfoWorld used: Microsoft patches ’super nasty’ Windows bugs.
I love it!
I’ll get back to that article in a minute. First, we need to address this update.
1. Yes you should get it!
2. Immediately!
Okay?
Seriously, the patch fixes two undisclosed vulnerabilities and one publicly disclosed vulnerability in the Microsoft Server Message Block (SMB) Protocol.
Now don’t let the name of the protocol fool you – this does not mean the patch is meant for servers only.
First, for those of you new to our blog and our education site, let me explain that a protocol is nothing more than a set of rules or ordered steps. In computing, you use IP (Internet Protocol) all the time to surf the web. It’s the set of steps that your computer takes to make those necessary connections. (And geekie people and techies, please don’t give me a lot of comments about this definition – it’s aimed at the beginners! I know what and how protocols are programmed – k?)
That being said, SMB Protocols main purpose is file sharing but, that’s not all it does. (Are you surprised? NOT) It also covers: determining other Microsoft SMB Protocol servers on the network, or network browsing, printing over a network, file, directory, and share access authentication, file and record locking, file and directory change notification, and a few more things I didn’t want to include because of the technical nature of what they do. (Geekie people and Techies: Please feel free to visit the overview at Microsoft’s Tech Net for more info!)
The first vulnerability in this protocol is – can you guess? - A BUFFER OVERFLOW! (Don’t even get me started again!)
The fix validates the fields in the protocol packets to prevent the overflow. Microsoft programmers – how many more unchecked buffers are still there? Huh???
The next vulnerability, although being billed as: SMB Validation Remote Code Execution Vulnerability, is nothing more than the same unchecked buffer. But in this instance, it’s Microsoft’s software not validating the size of the buffer before writing it. (Now why does that totally NOT surprise me?)
And the final vulnerability again is related to the same unchecked, unvalidated buffer size which in turn creates a Denial of Service vulnerability.
If your reading this and you’re one of my students from the hacking course, do you remember this problem? (Hint: Following Shirley Hacker)
Now, this whole mess causes a big problem for the users when someone sends you a packet with a huge amount of data inside that this buffer (or placeholder) can’t handle. I’ve used this example before repeatedly but you’ve experienced a buffer overflow when you tried to send too much information to print on your printer and you got page after page of one line filled with wingding type characters. That’s because your printer didn’t know what to do with all the excess data so it got all confused.
It’s worse in the situation we’re talking about with the Microsoft packets because malware writers know how to put programming code inside those over stuffed packets that allows them to remotely access your computer. Instead of crashing, restarting, or spewing out junk like a printer, the overflow delivers a set of instructions to your operating system that allows this access!
So that is why I really feel it’s important that you get this update! If you do not have your auto-updates turned on, then go to the Windows update site and get this critical update: MS09-001 or click here: Microsoft Update Site.
Now that we’re done with all that, let me go back a minute to the InfoWorld article mentioned above. Specifically, this one little paragraph:
“This is super nasty,” said Eric Schultze, the chief technology officer at Shavlik Technologies LLC, who also called today’s update “super critical” as he rang the alarm. “Expect to see a worm on this one in the very near future, [because] this is Blaster and Sasser all over again.”
My, my, my! Where have I heard that before? Let me see……oh yes! I remember now! I said it! No, actually, I predicted it on my Friday’s Quickie on December 12, 2008 only I state it will be much worse than Sasser and Blaster Mr. Schultze and InfoWorld!
2. There will be a IWMD (Internet Weapon of Mass Destruction) launched sometime during this year. It will be considered a mashup blended threat because it will take advantage of the security flaws in a multitude of web apps and will propagate through ad servers.
Enough said?
1 Comment »
Sun Java Update In Bed With Microsoft?
Software manufacturers like politics, makes strange bedfellows!
Imagine my surprise to see this upon initializing my Java update the other day:
I remember not long ago, that they were pushing the Google Toolbar on us.
Makes you wonder how much Microsoft is paying them to slide that bad boy in there?
I just gotta say, it’s bad enough we have to watch out for malware purveyors, but why must we continue to have to watch trusted software manufacturers? From this sneaky bastage to the crap Microsoft tries to install on our machines with their supposed updates. ENOUGH!
That being said, I haven’t forgotten about the blocking ads tutorial. I’m working on it. Will be posting the link here shortly!
Hope you had a wonderful holiday! Welcome back to reality!
2 Comments »
 |
 |
 |
|
||
 |
|
 |
|
||
