Posts Tagged ‘Microsoft security bulletin’
Microsoft Releases Security Bulletin for December
If you don’t have your auto-update enabled, you may want to check out the Security Bulletin’s for December. There’s some important updates you need to address for Windows and Microsoft Office Suites!
MS09-069 – Important
A privately disclosed vulnerability in Windows could cause a Denial of Service attack.
MS09-070 – Important
In Microsoft’s words:
This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server. An attacker would need to be an authenticated user in order to exploit either of these vulnerabilities.
MS09-071 – Critical
2 more privately disclosed vulnerabilities, and this one’s a doozie! If you can past the jargon on how they explain this, the truth is the way Windows handle authentication is messed up in Windows! And that includes the MS-CHAP v2 handshake!
MS09-072 – Critical
4 privately disclosed vulnerabilities in IE!
- A remote code execution vulnerability exists in an ActiveX control built with vulnerable Microsoft Active Template Library (ATL) headers.
- A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. (PRICELESS! Now crap you delete in Windows makes you vulnerable!)
MS09-073 – Important
Fixes a privately reported vulnerability in Microsoft WordPad and Microsoft Office text converters.
MS09-074 – Critical
Only affects you if you use Project!
Get patching but be careful what you delete!
ROFLMAO
1 Comment »
Microsoft Issues Critical Updates
Microsoft has released critical updates for the following systems and/or products!
- Microsoft Windows and Windows Server
- Microsoft Office
- Remote Desktop Connection Client for Mac 2.0
Please see:
http://www.microsoft.com/technet/security/bulletin/ms09-aug.mspx
Note to Students: Remember the Introduction to PC course where I have you disable remote desktop? Well, take a look here and thank me!
http://www.microsoft.com/technet/security/bulletin/MS09-044.mspx
RUBotted Popup and Microsoft Bulletins
I’d like to take this minute to publicly thank the donor who bought me a cup of coffee by dropping a tip in my tip jar! Thank you! That was very sweet of you and very much appreciated!
Sometimes it really bothers me to be right!
You may remember that throughout the RUBotted pop-up discussions and my predictions for the year, I stated that:
There will be a IWMD (Internet Weapon of Mass Destruction) launched sometime during this year. It will be considered a mashup blended threat because it will take advantage of the security flaws in a multitude of web apps and will propagate through ad servers.
The keywords in my rants and my predictions have always been that the new malware will be pumped through ad servers. Remember that?
Well, it’s not the huge Weapon of Mass Destruction but it could be heading in that direction.
Microsoft issued a security bulletin today. And it seems there is a bit of a problem with the way Internet Explorer handles CSS. Yes, you’ve read that right. Cascading Style Sheets! A standard on the web!
In fact, here’s what their Bulletin MS09-002 says:
A remote code execution vulnerability exists in the way Internet Explorer handles Cascading Style Sheets (CSS). An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.
And as they’ve told us repeatedly, Microsoft knows all about security and all about web standards!
But this is not the BEST part!
The Mitigating Factors section or the conditions in which this vulnerability becomes a problem states:
In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
Now, what was it I said in the RUBotted pop-up discussion about ad servers possibly pushing the malware? Hmmm, maybe I’m not such a joke after all Symantec employee – huh?
The other part of that above quoted section makes me want to laugh myself off my chair.
In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
Dear Idiots at Microsoft, if the fracking thing can be exploited through hosted ads, nobody needs to be directed to a website! Nearly every freaking website has hosted ads now!
Am I the only one that sees how lame and ridiculous this is?
So needless to say, if you’ve got your auto-updates turned off as I do, then make sure you install the fix for this baby. But since we know there will be more fixes just move to Firefox and be done with it!
For the technical information on the new release see: Microsoft Bulletin Summary for February.
On another note, the RUBotted issue. My pop-ups are not as frequent as they were in the beginning, but I’m still getting a few here and there.
I think I’ve found multiple reasons for the message and although I tried to contact TrendMicro through our partner program and their twitter account, no one is responding – so what else is new?
One web site set off my RUBotted pop-up and I found a piece of code in the header that could explain it. The code was trying to activate my Firefox Skype toolbar – which I don’t have.
I’ve inserted the code at the bottom of this post so you can see it for yourself.
Upon researching what this does, I found that this code snippet is inserted by accident when someone is editing a web page and using the Skype toolbar add-on for Firefox.
However, since the Skype toolbar add-on makes it easy to call from FireFox, the JS file associated with this toolbar led me to believe that it was trying to activate something on the toolbar which set off RUBotted.
Remember, all the RUBotted pop-up messages claim that something is trying to launch a program remotely! And that’s exactly what the script does!
(To see the JS file associated with this script code, visit here: Koders Code Search.)
Next, I have seen several other pop-ups associated with Flash files on a web site – either ads or just plain flash files on a web site.
Did you ever notice how you can right click over a flash file and get to the settings?
Just go to adobe.com and there’s a huge flash section in the upper section. Right mouse click and select the settings.
The first thing that appears is the privacy settings and you can allow or deny flash player to access your web cam or microphone – if you have them – and I do.
What if, there’s something attempting to access the flash player on those sites that are giving us the pop-up?
I don’t have the answer yet because it’s very time consuming and quite difficult to go through every flash ad and try to reverse engineer it to find out what it’s doing.
But I was correct about the ad servers and malware, just didn’t know about the CSS vulnerability. How many other ad server vulnerabilities are there that we still don’t know about? Or is this someone doing some testing for the next round of malware?
So, who’s to say I’m not right about these flash pop-ups either?
There is one flaw in my thinking however. My housemate didn’t have flash player installed when he first got hit with his pop-up. And…. he doesn’t have a web cam nor a microphone.
But! Could his pop-ups have been related to the Skype toolbar issue? Or something else?
I’ve had several people contact me with theories and thoughts, and another big possibility is the attempt to launch your messaging program, chat, or instant messenger.
We continue investigating flash files, JavaScript files, and lines and lines of code!
6 Comments »
 |
 |
 |
|
||
 |
|
 |
|
||
