Yesterday, Microsoft issued six security bulletins covering 11 vulnerabilities, 7 which are deemed critical and covers flaws in Excel, Windows Active Directory along with the .Net Framework.

Analysts had been sounding off about the flaws in .Net, as it serves a critical role in Window's applications, and has the potential to affect all of them. .Net vulnerabilities can effect pre-coded user interfaces, data access components, database connectivity, cryptography, Web application development, algorithms and network communications modules.

The .Net patch covers three critical vulnerabilities, two of which could allow remote code execution on systems with .Net Framework installed, and one could allow data leaks on servers running ASP.NET. These vulnerabilities could be easily exploited just by visiting a web site, which makes patching them a high priority.

Three of the critical patches focus on Excel, and all three could allow a Trojan horse attack to give remote control over a system. The final critical patch covers a vulnerability in the Windows Active Directory that could enable a system to be taken over. Active directory is an implementation of LDAP directory services and would most likely result in a Denial of Service (DoS) attack.

Microsoft chose not to patch a vulnerability in Internet Information Server 5.0 in this release, saying it is actually a feature, but does strongly urge users to upgrade to a later version of Internet Information Server. The rest of the patches were marked important, and for a full breakdown, click right here.

Tag: Patch Tuesday, .Net, Excel Vulnerability, Windows Active Directory,

Posted by pschooff in Microsoft | Permalink | Comments (0) | TrackBacks (0)

Another Microsoft Patch Tuesday is here, and on the menu is six patches, four deemed critical. One is categorized important, and the last one moderate.

Two critical patches are for the Vista operating system (with the moderate one as well), and the one marked important fixes Visio, which is business software used to create technical drawings.

Also, Microsoft said it will distribute an updated version of their Malicious Software Removal Tool along with seven non-security updates for MS Update and Windows Server Update Services.

FYI, this is Microsoft's first advance notification giving such detailed notification, with each bulletin containing a patch's security rating, vulnerability impact, detection information and affected software. And if you're reading this, so are the bad guys, so if you don't have Microsoft's automatic update, go here and look for the Microsoft Update link.

Tag: Patch Tuesday, Vista, Malicious Software Removal Tool, Visio,

Posted by pschooff in Microsoft | Permalink | Comments (0) | TrackBacks (0)

Microsoft announced it plans to release a patch for a dangerous security vulnerability in its Windows operating system that cybercriminals are actively exploiting. This fix comes a week earlier than Microsoft's typical patch Tuesday.

The company's break from standard operating procedure was clearly prompted by an unofficial patch release by third-party software vendors which include eEye Digital Security, Determina, and the Zero-Day Emergency Response Team (ZERT), a coalition of security experts who's goal is to provide timely fixes for unpatched software flaws that pose an active and serious risk to computer users.

The vulnerability stems from a flaw in Windows animated cursor files which hackers have been exploiting for the past week. All it takes is a user to open a specifically created email or a specially built webiste for an attacker to gain complete control over a Windows system.

The SANS Internet Storm Center raised the Internet Threat Level to yellow after observing several big blasts of spam and a growing number of websites designed to take advantage of the vulnerability. This is one of only a half-dozen times that SANS has increased the threat level due to a single threat.

What is most discomfiting about this vulnerabiilty is apparently Microsoft has known about this flaw for some time. One company stated that they notified Microsoft last December about this flaw. Microsoft's sudden rush to release this patch ahead of the standard monthly fixes is a good step, but only a first step in what needs to be a more proactive approach to threats to its ubiquitous operating system.

Tags: Microsoft, Patch Tuesday, Animated Cursor

Posted by pschooff in Microsoft | Permalink | Comments (0) | TrackBacks (0)

Microsoft is looking into a vulnerability in MS Word that could allow a hacker to gain control of a PC or Mac just from opening a malicious Word file attached to an email.

According to this Microsoft advisory, so far this previously unknown flaw has only been used in limited attacks and affects Word 2000, Word 2002, Word 2003, Microsoft Word Viewer 2003, Word 2004 for Mac, Word 2004 version X for Mac, and Works 2004, 2005, and 2006.

"In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker," the advisory stated.

Microsoft may release a patch for the issue on its regularly monthly patch schedule, which would fall on December 12, or could issue an emergency update before or after that date.

Until then, and even after than, it's a good idea never to open an attachment from a sender you don't directly know. And even if you do get an attachment from someone you know, it's probably a good idea to approach attachments cautiously, and if anything about the email seems even a little bit off (I once got an email from a lawyer friend that started off with "Yo," and my friend would never say that), check with the sender directly.

Tags: Microsoft Word, Email Virus

Posted by pschooff in Hackers • Microsoft • Patches | Permalink | Comments (0) | TrackBacks (0)

Using the argument that phishing is damaging Microsoft’s image, the company has started fighting phishing in court. A report at ARS Technica says that Microsoft has filed 129 lawsuits against phishers across Europe and the Middle East.

As most of the defendants in these suits are young, mostly teenagers, Microsoft has proved willing to settle for payments between 1,000 to 2,000 euros (and I bet they keep pretty close tabs on them thereafter). But a recent criminal suit involving phishing did send a Turkish man to prison for two and half years. Other criminal suits have been filed in Germany and France and Britain.

This represents a new front in the attack on phishing for Microsoft, which so far has mostly centered on improving the Internet Explorer phishing filter (which some have declared all but useless in stopping phishing). The first lawsuit against phishing was filed by the FTC in January of 2004 against a California teen. The teen was banished from sending spam for life and fined $3,500 Dollars.

Tags: Microsoft, Phishing

Posted by pschooff in Microsoft • Phishing | Permalink | Comments (0) | TrackBacks (0)

Yesterday, Microsoft issued patches to correct nine vulnerabilities in the Windows operating systems and Internet Explorer as well as other software. 3 of the patches fixed security holes in Internet Explorer that could install malware onto a computer just by visiting a specially built website. Another exploit with IE can occur if someone merely views a tainted HTML message in an email preview pane.

Microsoft said the IE flaws are much less a problem on Window Server 2003 systems or with IE7, as their default settings won’t allow those flaws to activate.

Other security patches fixed a flaw in Windows “Microsoft Agent” that again could be exploited simply by visiting a site, while another corrected serious flaws in Adobe’s Macromedia Flash player that comes bundled with Windows XP.

Microsoft also patched a critical bug in their “workstation service” Windows XP and Windows 2000. This problem is more of a problem for businesses, as it’s most likely to be exploited by someone with access to a company’s internal network.

Finally, two critical flaws in “XML Core Services” and “Client Service for Netware” were corrected, but neither are automatically installed by default on Windows machines. Users can download and install the patches via Microsoft or with the company’s Automatic Update service.

Tags: Microsoft, Patch Tuesday

Posted by pschooff in Microsoft • Patches | Permalink | Comments (0) | TrackBacks (0)

The Macintosh has become a tantalizing challenge for hackers precisely because it is seen as somewhat unimpenetrable. A report from TechNewsWorld also indicates that, although the virus free image of the Mac is a big feature in Apple’s advertising, that perception may not be altogether accurate.

This past May Internet Security Systems, a security vendor, found that there were three times as many vulnerabilities for the Macintosh then there were for Windows. Some have referred to this trend as Mac becoming the Apple of hackers’ eyes.

As you would expect, this growing interest has translated into the discovery of even more Mac vulnerabilities. McAfee found that vulnerabilities for Mac went up 228 percent, while for Windows they only increased 78 percent. Of course some of this percentage can be explained by the fact that Mac also starts with a much lower number of vulnerabilities (there are 2,000 known viruses for the Mac, compared to 70,000 for the PC).

It was in February 2006 that the first worm created for Mac OS X was discovered, named OSX/Leap.A, which is an instant messaging worm capable of infecting the Mac.

This increase is party due to the Mac’s success, as the Mac has seen double digit growth, as well as the growth in iPod and iTunes. The increase can also be attributed to sheer boredom, as hackers have been focusing on Windows for so long, Apple simply presents a new challenge.

There is good news in all this, for both platforms. The fact is, the number of serious problems resulting form virus attacks have dropped considerably. In 2004, McAfee counted 48 virus outbreaks of at least moderate severity, and in 2005 that number dropped to 12, and this year stands at zero. Let’s hope it stays that way.

Tags: Macintosh, Hackers

Posted by pschooff in Apple • Hackers • McAfee • Microsoft | Permalink | Comments (0) | TrackBacks (0)

In what is starting to resemble nothing less than the gunfight at the OK Corral, the white hat firm of Authentium announced that they have created a new version of their product that circumvents PatchGaurd’s kernel protection technology. In an article at EWeek, The Palm Beach Gardens based company said that they have a new version of Authentium ESP Enterprise Platform that can bypass Patchguard without setting off desktop alarms. Expect the black hat hackers and internet nare-do-wells to soon follow.

In an attempt to stop hackers from attacking computers with rootkits, PatchGuard blocks any application from “hooking” Vista's kernel commands, a method also used by vendors for anti-tampering and behavior monitoring tools. But unlike McAfee and Symantec, which have demanded access to the kernel, Authentium has simply circumvented the feature. Whereas any program that attempts to modify the kernel will result in a blue screen computer stoppage, Authentium said they have been able to access the kernel without incurring a shut-down.

The loophole used to bypass PatchGuard is simply the result of Vista’s need to support older hardware. As Mike Rothman said on his Daily Incite blog, "This is the fundamental truth of Microsoft's problem. As long as they are constrained by requiring backwards compatibility, the problem is NOT going to get better and we are not going to make much progress."

Because hackers will quickly copy this method of defeating Patchguard, Corey O’Donnell, vice president of marketing at Authentium, said that was why his company is not waiting to see what Microsoft’s APIs will allow for. Said O’Donnell, "Good and bad guys have the same job, to identify holes in whatever software is delivered and beat it."

Tags: Microsoft Vista, Authentium, PatchGuard

Posted by pschooff in Better Protection • Hackers • McAfee • Microsoft | Permalink | Comments (0) | TrackBacks (0)

While McAfee and Symantec have been battling furiously with Microsoft over the Vista operating system, Sophos’ believes, as quoted on the website Softpedia, that Symantec and McAfee have simply been caught unprepared by Microsoft's new operating system.

Richard Jacobs, CTO of Sophos, explained, “Symantec and McAfee may be struggling with HIPS because they haven't coded their solutions with 64-bit Vista in mind. We’ve taken a different approach to HIPS, by focusing more on catching bad behavior by analyzing code before it executes. Additionally, we are building our technology by making use of supported Microsoft interfaces rather than by trying to subvert the kernel by 'hooking' calls to it. That's why we're ready for 64-bit Vista, and others aren't."

Sophos’ believes Patch Guard is a positive step for Microsoft’s security and dismiss the claim of anti-competitiveness. Their conclusion, though, is dependent on Microsoft’s commitment to deliver a similar level of kernel support of third party integration as it does to its in house security team.

Sophos also declares Vista “more secure” but by no means completely secure, thereby justifying the need for additional security measures. Richard Jacobs continued, “PatchGuard is a step in the right direction for customers, and we believe that security vendors should embrace and work with PatchGuard rather than fight it."

Tags: Microsoft's Vista, Sophos, McAfee, Symantec

Posted by pschooff in McAfee • Microsoft | Permalink | Comments (0) | TrackBacks (0)

To most people, patch Tuesday means a chance to shore up their Microsoft programs and hopefully make their desktops more secure. For hackers, it means Microsoft is pretty much finished fixing their vulnerabilities for a month, so why not maximize the time they have for the next series of exploits. So, according to Brian Krebs Security Fix, as regular as patch Tuesday has become, the day after has become known as exploit Wednesday.

The day or two after, the hacker bulletin boards light up with the newest found flaws. Just yesterday hackers revealed a serious flaw in the Powerpoint files of Office 2003, which means someone up-to-no-good can install malicious software on your computer just by having you open a document. For it's part, Microsoft has acknowledged reports of a possible vulnerability.

To me, it seems like it's time to stop this too predictable cycle. While I know it's not practical to have IT administrators updating their systems daily, and it is good to have a deadline for patches, it's not like we're ever likely to see the following announcement from our IT Admins: Employees, please turn off your computers between 3 and 4 PM today because cyber criminals have told us they're going to be launching an attack. Microsoft needs to adopt an approach that is as dynamic and unpredictable as those of the hackers.

Tags:Brian Krebs Security Fix, Microsoft

Posted by pschooff in Hackers • Microsoft • Patches | Permalink | Comments (0) | TrackBacks (0)

An article from Search Security reports that no matter the size of your company, your IT must always keep tight control over authenticating users and controlling network behavior. But where large companies have the resources to implement controls such as two-factor authentication, smart cards and tokens, that technology is not always affordable to small and medium sized enterprises.

So many SMEs try to make best with the Network Access Controls (NAC) offered by Microsoft and Cisco Systems, two companies that recently announced plans to provide better interoperability between them. Many security vendors have also gotten in the game trying to entice midmarket companies with more affordable options.

Amer Deeba, VP of business development for Qualys, said that while some mid-sized companies may have decent internal controls, they often lack adequate NAC for their outside contractors, many who frequently sign-on to the network. "That's why NAC is becoming a big deal," Deeba stated.

Security vendors have been trying to develop inexpensive tools, and while that has created a growing number of choices, they often lack interoperability. Unfortunately, for SMEs, there is still no magic bullet. Todd Towles, an IT security consultant, was quoted saying, "Products that work in and of themselves and enable IT administrators to see the big picture are the most value." It is also important that the solution is scalable so they can accomodate a company's growth.

Also, the problem remains that midsized companies often don't view security as important or strategic, and it's hard to see any return on such an investment. Jonathan Penn, an analyst at Forrester Research in Cambridge, MA, said that it's up to IT professionals to help their bosses understand what's at stake. Penn also said, “IT professionals should frame the need for new investment not in terms of cost, but in terms of how it will help the company manage its risk."

If that doesn't work, there is always compliance to consider. The PCI Data Security Standard has motivated plenty of SMEs to take action. So no matter what sized company you are, in this day and age of twenty-four seven security threats, simple password verification just doesn't cut it anymore.

Tags:Search Security, NAS, Microsoft, Cisco, Qualys, Forrester Research, PCI Data Security Standard

Posted by pschooff in Better Protection • Cisco Systems • Microsoft • Small Medium Enterprise | Permalink | Comments (0) | TrackBacks (0)

According to market analysts at Gartner, we are about to enter a brand new age of computer security. The company predicts that the third phase for the security market will integrate security into each new wave of technology as it enters the market, and not, as in its current phase, after the security attack has occurred.

Gartner believes that the current phase in security has fallen behind IT trends allowing hackers and cyber criminals too much room to exploit vulnerabilities. This has forced many security firms to react to each new threat and always playing catch-up.

John Pescatore, a vice president at Gartner, was quoted saying at OneStopClick, "This next phase of security is about building security in as the users' needs more forward, not chasing them."

While this certainly sounds good, to me it sounds a little too good to be true. The fact is, in this constantly changing security war (and it is a war), those who create computer security products aren't the only side with a say in the matter. Hackers and cyber criminals get their say as well, and they don't always follow a predictive pattern. And don't hackers, at least the successful ones, already take security into account and work tirelessly to circumvent it.

In an ideal world all software would come entirely hacker-free, but my sense tells me that with any semi-open system, sometimes the security will be ahead to the hackers, and other times the hackers will be ahead of us. Certainly, with Microsoft's new Vista, security will be much more at the forefront of new software, but in my experience, never discount the ingenuity of hackers.

Tags:Gartner, Microsoft

Posted by pschooff in Better Protection • Microsoft • Small Medium Enterprise | Permalink | Comments (0) | TrackBacks (0)

Microsoft, which has been downplaying a recently discovered VML (vector markup language) vulnerability, has "rush released" a patch to resolve the problem, making one believe that it was more critical then they let on. The vulnerability primarily targets those who are logged on that have full administrative rights, and an attacker could gain complete control over an affected system where they could install programs, view, change, or delete data, and even create new accounts with full rights. Users without full rights are less vulnerable, and now that zero-day attacks have become a real possibility, Microsoft recommends that the update is applied immediately. You can download the update here.

Also, the Patch Adams in the title refers to the reported Javascript flaw in Mozilla, which was announced by two presenters at the ToorCon hacking convention in San Diego, was, like the doctor who healed through humor, actually intended as a joke. Said the 19 year old Mischa Spiegelmock, "The main purpose of our talk was to be humorous...the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has."

Tags:Microsoft, Patches

Posted by pschooff in Microsoft • Patches | Permalink | Comments (0) | TrackBacks (0)