Newsletter Archives

  • Kiwi Man-in-the-middle attack?

    Posted on November 24, 2007 at 01:56 CST by Comment in the Forums

    Patrick Gray, writing in The Age, reports that New Zealander Beau Butler has discovered a big-time security hole in some versions of Windows – but apparently not in the American versions.

    Two days earlier, in a TechToday posting, Gray described Butler’s recent presentation at the Kiwicon conference thusly:

    In the most sensational presentation of the conference, security researcher Beau Butler showed us how Microsoft’s completely half-arsed fix of a known issue – problems with Windows Proxy Autodiscovery – could be used by the more evil among us to seize control of vast numbers of workstations. Due to a bug in Microsoft’s WPAD functionality, proxy auto-configuration requests frequently wind up popping out on to the Internet.

    That means bad, bad people can load up your workstations with false proxy information. That’s right, Butler had figured out a way to run a man-in-the-middle attack on hundreds of thousands, if not millions, of workstations in his home country. You’ll be hearing more on this, but in the mean time it would make sense to configure a wpad server in your organisation to stop Microsoft’s silly software from seeking proxy configuration files from evil hackers outside your organisation.

    I don’t have any other details, but it sounds as if this might be a significant problem. (In particular, this many be the same WPAD problem that was reported back in March and addressed, if not solved, in KB article 934864) Certainly, Microsoft is now listening. Will keep you posted.

    Thanks to JT for the heads-up.

    Windows Patches/Security

  • Get yourself patched

    Posted on November 21, 2007 at 03:24 CST by Comment in the Forums

    The difficulties with MS07-061 seem to be subsiding, although there’s still an unresolved problem with Word Perfect 11. Basically, if you have Word Perfect 11 installed, at least in some cases you won’t be able to double-click on a WPD file and have it launch automatically.

    MS07-061 fixes a security hole introduced by Internet Explorer 7 – a hole that Microsoft originally denied, ultimately acknowledged and finally (more than a month later) patched. It’s being actively exploited. Time to get the hole plugged.

    I’m moving us down to MS-DEFCON 4: check the Microsoft Patch Reliability Page for an important note about one really lousy patch that’s still making the rounds, then get yourself updated.

    Windows Patches/Security

  • Big Windows Home Server patch coming

    Posted on November 20, 2007 at 10:56 CST by Comment in the Forums

    Philip Churchill on his Windows Home Server blog reports that a major update to Windows Home Server is imminent.

    The security certificate error in a web browser has finally gone. Data files which contain alternate data streams (ADS) which can potentially become corrupted when copied to shared folders on WHS has also been resolved and Microsoft Money backup files can now be stored on Home Server without an issue… We expect this to be available as an automatic download for Windows Home Server from the Windows Update site within the next 24 hours.

    UPDATE: The Knowledge Base article, 941914, is up. Expect the update to hit your Windows Home Server early next week. I, personally, turn off automatic updates on Windows Home Server (see the book), but at this point Microsoft doesn’t have much of a track record with automatically applied updates to WHS.

    In a, uh, related vein, Terry Walsh on his We Got Served blog announced that Windows Home Server For Dummies has hit the stands. I got my copies about a week ago. I like it – but then again, you expected me to say that, didn’t you?

    UPDATE: Microsoft has just released a white paper entitled, “Windows Home Server Technical Brief for Home Computer Backup and Restore.” If you’re interested in learning about the inner workings of WHS’s amazing backup and restore capabilities, it’s well worth a gander.

    Windows Patches/Security

  • Still more problems with 943460

    Posted on November 17, 2007 at 06:55 CST by Comment in the Forums

    It looks like this month’s Black Tuesday patch KB 943460, which fixes Internet Explorer’s URI hole, is causing problems with WordPerfect 11.

    The fixes posted in Knowledge Base article 943460 aren’t working in some cases.

    I really, really want to give the go-ahead to install this patch, but until we know more about the problems introduced by the ptach (and their possible solutions), I figure the cure is worse than the disease.

    We remain at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    Windows Patches/Security

  • Black Tuesday URI patch 943460 may have problems

    Posted on November 15, 2007 at 02:19 CST by Comment in the Forums

    Just a quick heads-up.

    I had hoped to “fast track” this week’s Black Tuesday patches, particularly because the URI hole has several known exploits in the wild.

    Unfortunately, I’m starting to see reports that the patch may prevent Windows Media Player from seeing Firewire devices and it’s possible that significant groups of applications may not work right.

    Microsoft posted a Registry hack workaround for some known problems in KB 943460, but it’s tedious and undoubtedly difficult if you have to patch more than a couple of applications.

    Stay tuned.

    Windows Patches/Security

  • Black Tuesday has one biggie

    Posted on November 13, 2007 at 16:37 CST by Comment in the Forums

    No surprise, but Microsoft’s Black Tuesday patches include a fix to the “URI handling problem” that I talked about more than a month ago.

    This is the 0day security hole that Microsoft first denied existed, then begrudgingly agreed to fix.

    Adobe went so far as to patch Adobe Reader so it couldn’t be coerced into taking advantage of the security hole. Now Microsoft has issued a fix for the underlying problem, described in Security Bulletin MS07-061.

    The security hole only exists on Windows XP and Windows 2003 systems that have had Internet Explorer 7 installed. Apparently putting the latest, greatest, most secure Microsoft Web browser on your system also left your computer wide open to attack, not just directly via IE 7, but also “Outlook, Firefox, Adobe, Skype, and other applications,” according to CVE 2007-3896, the definitive reference on the topic.

    I’ll be watching this one closely. Stay tuned. In the interim, we remain at MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    Windows Patches/Security

  • Going up to MS-DEFCON 2

    Posted on November 12, 2007 at 21:54 CST by Comment in the Forums

    In anticipation of the Black Tuesday patches coming shortly (probably on Wednesday, for most folks), I’m raising the flag and moving us up to MS-DEFCON 2.

    Take a few moments to make sure that Automatic Updates are turned off for all of your machines. Then watch here for the all-clear.

    Let the other guys test Microsoft’s patches for you.

    MS-DEFCON 2: Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don’t do it.

    Windows Patches/Security

  • Windows Server Update Services hosed again

    Posted on November 12, 2007 at 21:51 CST by Comment in the Forums

    For the second time in a month, Microsoft completely hosed Windows Server Update Services.

    If you’re attached to a corporate network, or you run Windows Small Business Server, you’re in for some interesting times – or at least your Network Admin should be ready to yank out his/her few remaining strands of hair. Gregg Keizer at Computerworld writes:

    If the problem in Windows Server Update Services (WSUS) is not fixed before tomorrow, administrators will not be able to download and deploy the vulnerability patches and other nonsecurity updates Microsoft Corp. has planned for tomorrow, said Andrew Storms, director of security operations at security tools vendor nCircle Inc. “It appears that anybody who synced WSUS [with Microsoft’s Windows Update servers] today or yesterday is essentially DOA,” he said. The default WSUS setting is to sync daily.

    So have pity on your Admin. The patches coming on Black Tuesday aren’t likely to rate as earth-shattering. For home users or folks with peer-to-peer “Workgroup” networks they’ll probably rate a real yawners. But if you’re running a Windows Server server, you not only have to struggle with bad patches, you have to struggle with bad patching software.

    Remember that fact the next time someone tells you that Microsoft is taking over the server software market.

    Windows Patches/Security
  • « Older Entries
    Newer Entries »
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.