Newsletter Archives

• Microsoft Security Essentials – get yours today

  Posted on September 29, 2009 at 16:06 CDT by woody • Comment in the Forums

  I’ve been using Microsoft Security Essentials (code-name Morro) on a dozen computers for more than a month.

  I like it. I bet you’ll like it too.

  I like it so much that I’ve thrown away my old antivirus programs and replaced them. All of them.

  MSE is free. It works, and works well. I’ve written about it several times on this site, and cover it extensively in my new Windows 7 book.

  According to a Microsoft Press Release, it will be widely available today.

  Microsoft Security Essentials, Microsoft Corp.’s new no-cost, core anti-malware service that helps protect consumers against viruses, spyware and other malicious software, will be available tomorrow, Tuesday, Sept. 29. Microsoft Security Essentials, independently certified by West Coast Labs, is backed by the company’s global security response team and is built on the same award-winning core security technology found in the company’s security solutions for businesses. It requires no registration, trials or renewals and will be available for download directly from Microsoft at http://www.microsoft.com/security_essentials.

  There may be some glitches, so I don’t yet recommend that you throw caution to the wind and change immediately. But you should certainly watch closely.

  UPDATE: It’s up.

  Windows Patches/Security Microsoft Security Essentials, Morro

• Conficker keeps on ficking

  Posted on September 26, 2009 at 06:47 CDT by woody • Comment in the Forums

  Deborah Hale at the SANS Storm Center reports that SANS continues to get notifications about Conficker infections.

  I heard about a local company today who on Monday of this week started having some pretty strange goings on in their network and called in their consultants to try to figure out what was happening. It turns out after much time spent trying to determine what was going, it was “just another Conficker Outbreak”. (Still working on it as a matter of fact). They do have anti virus however the infection went undetected for quite some time. Why? Because Conficker did what Conficker does and it over rode the security software and antivirus software to allow them to do their dastardly deeds while remaining undetected. This company has close to 100 computers and more than 50% of them have been infected, some for a while it seems.

  If you haven’t checked your Windows XP computers recently, run over to the Conficker Eye Chart and make sure you can see all six pictures. Anything less, and your computer is likely infected.

  Conficker may be the single best reason to upgrade to Windows 7…

  Windows Patches/Security

• Your biggest vulnerabilities aren’t what you think

  Posted on September 16, 2009 at 07:32 CDT by woody • Comment in the Forums

  SANS Institute just released a security vulnerability analysis covering real infections and vulnerabilities on 9,000,000 real computers at big companies. Interesting reading, with some surprising conclusions.

  According to SANS:

  Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have Internet access… Because the visitors feel safe downloading documents from the trusted sites, they are easily fooled into opening documents and music and video that exploit client-side vulnerabilities… In many cases, the ultimate goal of the attacker is to steal data from the target organizations and also to install back doors through which the attackers can return for further exploitation.

  Other than Conficker/Downadup, no new major worms for OSs were seen in the wild during the reporting period. Even so, the number of attacks against buffer overflow vulnerabilities in Windows tripled from May-June to July-August and constituted over 90% of attacks seen against the Windows operating system.

  World-wide there has been a significant increase over the past three years in the number of people discovering zero-day vulnerabilities, as measured by multiple independent teams discovering the same vulnerabilities at different times. Some vulnerabilities have remained unpatched for as long as two years. There is a corresponding shortage of highly skilled vulnerability researchers working for government and software vendors. So long as that shortage exists, the defenders will be at a significant disadvantage in protecting their systems against zero-day attacks.

  Bottom line: stay cautious. Realize that even big-name Web sites can have infected files (as Graham Cluley explains, even the New York Times site was hit recently). For heaven’s sake, don’t install or run programs that you don’t know. Keep your whole system patched, using a tool like Secunia Personal Software Inspector. And stay away from ActiveX controls, the biggest source of buffer overflow vulnerabilities – which, in my opinion, means, you should be running Firefox (or Chrome or Opera or anything but Internet Explorer).

  Office Patches/Security, Windows Patches/Security 0day, SANS, Secunia PSI

• Five security bulletins coming

  Posted on September 4, 2009 at 06:58 CDT by woody • Comment in the Forums

  Microsoft has pre-announced that there will be five security bulletins coming next Tuesday.

  I don’t see anything particularly interesting.

  Now’s a good time to make sure you’re all patched up, and that you’ve turned off automatic updating.

  Windows Patches/Security September 2009 Black Tuesday

• MS-DEFCON 5: Get patched now

  Posted on September 2, 2009 at 19:54 CDT by woody • Comment in the Forums

  There have been a few minor problems with the August Black Tuesday patches, but nothing seems to have turned belly-up. Right now is a good time to get completely patched up – apply all outstanding Microsoft patches.

  Yes, I know there are ongoing problems with the .NET Framework patches, but I’ve already thrown in the towel on those.

  After you’re patched up, make sure your computer is set to notify but don’t download or install updates. Another crop of security bulletins is due next Tuesday.

  I’m moving us down to MS-DEFCON 5: All’s clear. Patch while it’s safe.

  One historical note: Microsoft discovered a bug in Vista Service Pack 2 that caused it to crash some systems with a Blue Screen of Death error 0xc0000034. Details on the TechNet blog. There was also a problem that caused an error 0x0000007e or 0x00000050, which has been fixed in an update to SP2, as documented in Knowledge Base article 973879.

  At this point, those of you running Vista should be absolutely convinced that you want to upgrade to Windows 7. And if you’re definitely going to upgrade to Win7, I don’t see any reason at all to install Vista Service Pack 2.

  Windows Patches/Security 0x00000050, 0x0000007e, 0xc0000034, August 2009 Black Tuesday, KB 973879, MS-DEFCON 5

• Use Windows XP? Get this product NOW

  Posted on August 12, 2009 at 10:07 CDT by woody • Comment in the Forums

  If you use Windows XP, you need to download and run  the latest version of Sophos Anti-Rootkit, like, right now.

  As far as I know, nobody has ever seen a rootkit in the wild that works on Vista or Windows 7. I also don’t know of any real-live rootkits that work with 64-bit Windows XP. But the vast majority of Windows XP users are vulnerable, and should check their machines.

  Now.

  This new version of Sophos Anti-Rootkit will run on Windows XP, Vista or Windows 7, both 32-bit and 64-bit. It’s absolutely free, as always. Good product from a good company.

  Windows Patches/Security rootkits, Sophos Anti-Rootkit, Vista rootkit, Windows 7 rootkit, XP rootkit

• Conficker keeps on ficking

  Posted on August 12, 2009 at 07:46 CDT by woody • Comment in the Forums

  Why don’t we hear anything about the Conficker worm these days?

  Rob Rosenberger says it’s boring, so the media’s lost interest. The threat’s still there. Conficker is still out infecting lots and lots and lots of Windows XP machines. But there’s no spectacular new, uh, news, so Conficker no longer rates as a good water cooler discussion topic.

  Too bad. I’m going to great lengths to upgrade all of my XP machines – and all of my friends’ and clients’ XP machines – to Windows 7, specifically because of Conficker.

  While Windows 7 is far from impervious, it’s a couple of orders of magnitude more difficult to crack than XP. (At least, if you don’t count ActiveX controls – but don’t get me started.)

  Conficker alone should have you worried enough to look at upgrading. It’s still out there, even if you don’t hear about it.

  Windows Patches/Security

• MS-DEFCON 2: August Black Tuesday unleashed

  Posted on August 12, 2009 at 07:23 CDT by woody • Comment in the Forums

  It’s going to be a bloody month.

  Microsoft just released nine security bulletins, covering 19 separate security holes.

  Five of the bulletins have an exploitability rating of “1” which means Microsoft “expect[s] there to be consistent, reliable code in the wild seeking to exploit one or more of these vulnerabilities within the first 30 days from release.”

  Sorry, I don’t buy it.

  This month we get two ActiveX security bulletins, with a total of nine separately identified security holes. That’s just for ActiveX – the evil spawn of Internet Explorer.

  MS09-037 is the patch for the Active Template Library that I talked about two weeks ago. If you recall, there was an out-of-band patch that was supposed to fix the problem. Again. Security Advisory 973882 goes into the details of how MS09-032, MS09-034, MS09-035 and MS09-037 are inter-related. Man, what a mess. Keystone Kops time.

  The other ActiveX security bulletin, MS09-043, fixes ActiveX holes in the Office Web Components.

  Those are the two bulletins I’ll be watching most closely. I may advise you to apply the patches earlier this month than usual. Let’s see what happens.

  As usual, the most thorough analysis is at the SANS Internet Storm Center – although I don’t recommend that you follow their “damn the torpedoes, patch it now” advice.

  We’re at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

  UPDATE: In response to a request from Vaughn, here are the KB numbers for the August Black Tuesday patches:

  MS09-036
  Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)

  MS09-037
  Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)

  MS09-038
  Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)

  MS09-039
  Vulnerabilities in WINS Could Allow Remote Code Execution (969883)

  MS09-040
  Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)

  MS09-041
  Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)

  MS09-042
  Vulnerability in Telnet Could Allow Remote Code Execution (960859)

  MS09-043
  Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)

  MS09-044
  Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)

  Windows Patches/Security August 2009 Black Tuesday, MS09-032, MS09-034, MS09-035, MS09-037, MS09-043, SA 873882
• « Older Entries

  Newer Entries »