Microsoft Patch Tuesday

As announced, Microsoft have updated a number or Windows files. if you run a PC please ensure you run Windows Update to take advantage of these.

The following files have been patched

Patches are available for the following:
- (MS12-023) Cumulative Security Update for Internet Explorer (2675157)
- (MS12-024) Vulnerability in Windows Could Allow Remote Code Execution (2653956)
- (MS12-025) Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2671605)
- (MS11-026) Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860)
- (MS12-027) Vulnerability in MSCOMCTL.OCX Could Allow Remote Code Execution (2664258)
- (MS12-028) Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185)

Posted on April 11, 2012 by Jonathan Green and tagged Patch Tuesday Windows.

Microsoft Security Bulletin For June 2010

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint, and .NET Framework as part of the Microsoft Security Bulletin Summary for June 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges

Microsoft Security Bulletin

Posted on June 8, 2010 by Jonathan Green and tagged Microsoft Windows.

New Windows Update

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, and Visual Basic for Applications as part of the Microsoft Security Bulletin Summary for May 2010. These vulnerabilities may allow an attacker to execute arbitrary code.

Posted on May 11, 2010 by Jonathan Green and tagged Microsoft Office Windows security updates.

Google Chrome Update

Google has released Chrome 4.1.249.1059 for Windows to address
multiple vulnerabilities. These vulnerabilities may allow an attacker
to execute arbitrary code, conduct cross-site scripting attacks, or
conduct cross-site request forgery attacks.

Please review the Google
Chrome Releases blog entry and update to Chrome 4.1.249.1059 for
Windows to help mitigate the risks.

Relevant Url(s):
http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html

Posted on April 21, 2010 by Jonathan Green and tagged Chrome Google Windows software update.

Hotmail Spam Problems

If you've been receiving spam from a friend with a Hotmail account, or you own the Hotmail account that is sending out spam, please read the info below from Microsoft:

Recent reports of Account hijacks

This solution article provides information about the increase in reports that we have received about accounts been hijacked and spam mails been sent to customer's contact list without customer's knowledge.

Hotmail is seeing instances of accounts being "hijacked" by spammers who send emails out advertising an electronics website. The spam mails usually have subjects like "Good shopping good mood" and may go to your contact list in addition to a random list of emails. Indications that this is happening to you may include you being required to match the characters in the picture (to verify that you're a person and not an automated program) to send mails when you reach your limits.

Some of the other symptoms that our customers have noticed are:
- Deleted contacts
- Safe sender's list is deleted
- Deletion of Junk messages is set to "Immediately"
- Junk Mail Settings is set to "Exclusive"

The last symptom would prevent messages from being delivered to your Inbox. If you would like to change the Junk Mail Filter settings, visit this Solution Article for the steps.

Some of the other account setting that might be affected by this issue is your Signature.

To know how to delete the Signature that appears on your e-mail, follow these steps:
1. In the upper-right corner of the Windows Live Hotmail home page, click "Options" and then click "More options"
2. Under Customize your mail, click "Personal e-mail signature"
3. Delete the text or any image in the signature box, and then click "Save."

Note that you will still be able to login, and are in fact, "sharing" your account with the spammer.

Hotmail believes that this may be due to one of these reasons:
1. The user has fell victim to some type of phishing scheme - either they replied to an email threatening to close their account if they didn't provide their password, or they went to a website that looked like the Hotmail login page and provided their password.

If you have access to your account, we recommend that you change your password and secret question and answer immediately.

If you have lost access to your account, click here to regain access.

2. A virus on a computer that you have used to login to Hotmail at some point in the past.

If you login and see in your "sent items" folder mails that you haven't sent, or receive Non Delivery reports (NDRs) in your inbox, we recommend that you scan your computer for viruses and malware using a reliable Antivirus product (click here to go to Microsoft's anti-virus page). Once your computer has been cleaned, immediately change your current password to a "strong" password. Click here to know how to create a strong password.

The worm/virus sends various messages that entice users to click on a malicious link that leads to a Web site. Clicking on the said link downloads a copy of the worm onto message recipients' computers. Upon download, it then gathers e-mail addresses saved on the recipient's computer and sends itself out to all of those addresses.

There are a number of ways you can protect your computer against these viruses:
- Obtain the most recent virus definitions. You can visit your anti-virus company's website or call them to get more information.
- Be cautious about opening messages that contain links to websites.
- Be cautious when opening embedded links. Point your mouse cursor on the link and look at the underlying URL that displays in your browser status bar at the bottom and ensure that the URL makes sense for what the link states. Never login from one of these links. If a link directs you to login to a service that you use, instead go to that service by accessing the services website directly from your browser and not use the embedded link.
- Do not open attachments unless you are expecting them.
- Download the latest Microsoft updates frequently. To download the latest updates for Microsoft software, please visit the following links:
   http://update.microsoft.com/windowsupdate/
   http://office.microsoft.com/productupdates
If you feel that a virus has already infected your computer, you can get online support (or toll-free telephone support in the U.S. and Canada) for security-related issues such as viruses and security updates from the Microsoft Security Help and Support Team. Please click on the link below:
    http://support.microsoft.com/default.aspx/gp/securityhome

For more information on how you can protect your computer, please click on the link below:
    http://www.microsoft.com/security/default.mspx

In addition, to ensure the security of your Hotmail account, we highly recommend that you change your Hotmail password and Secret Question. To do this, please follow the steps below:
To change your Hotmail password, sign in to https://account.live.com and select the "Change" option next to Password. Or if you want a direct link, you can go directly to the Change Password Page.

To change your Secret Question, click here.

Please ensure that you have updated your passport profile information as much complete as possible including your alternate email address. The more complete and more recent this information is, the better chance we have of assisting you in the event your account gets compromised.
We want to assure you that your security and protection online is our top priority and we are dedicated to help you obtain support for security-related issues such as viruses and security updates.

Posted on April 17, 2010 by Jonathan Green and tagged Hotmail Windows spam.

Lady Gaga and Rhianna Lyrics sites exploit Java malware

It seems as though a vulnerability in Sun Java (which they say apparently isn't bad enough to patch out of band!) has already been exploited, whereby visitors to some lyrics sites will automatically be infected.

It appears as though Macs are not affected.

Please be aware and pass on to anybody who frequents these sites.

Here's a blog post by Roger Thompson of AVG

"Heads up - 0day ITW - Rihanna is a lure

Hi folks,

On April 9th, Tavis Ormandy published a proof of concept about how to use the latest version of Java to compromise a pc. You can read about it here. He notified Sun, but they weren't concerned enough to break their patch cycle, so he published the code.

The problem is that when Sun released Java 6, update 10 in April 2008, they introduced a new feature (it's not a bug, it's a feature folks) called Java Web Start. In order to make it easier for developers to install software, they created a method to execute a program from a website.

Duh

Now, hindsight is always 20-20, but it doesn't take a massive gift of insight to imagine the Bad Guys thinking that was a good idea for them too.

Because they designed it as a feature, it works, of course, with both IE and Firefox.

The code involved is really simple, and that makes it easy to copy, so it's not surprising that just five days later, we're detecting that code at an attack server in Russia.

The main lure so far seems to be a song lyrics publishing site, with Rihanna, Usher, Lady Gaga and Miley Cyrus being used, among others. Who'd have thought that Miley could be dangerous??? As soon as we figure out what's wrong with the lyrics site, we'll let them know so they can fix it.

Of course, this'll soon likely be everywhere, so Sun will need to issue an out of band patch.

In the mean time, to stay safe, you can either follow the mitigation strategies outlined by Tavis, or install LinkScanner.

So far, it's not in any of the exploit kits, as far as we can see, but it's a given that it soon will be. Tick.. tick.. tick..."

And a page about it a SC Magazine.

Posted on April 15, 2010 by Jonathan Green and tagged Java Windows exploit web.

Internet Explorer Vulnerability

A vulnerability in some versions of Microsoft Internet Explorer can allow remote code execution. The flaw is currently under analysis. Exploitation can occur via a specially crafted web page or email containing a malicious link. If successful, an attacker could gain control of the system. Microsoft has reported that functional, targeted attacks have been observed.

Microsoft will be issuing a patch update on March 30th, so check for software updates on Tuesday.

Posted on March 29, 2010 by Jonathan Green and tagged IE Internet Explorer Microsoft Vulnerability Windows.

Microsoft Patch Tuesday

Microsoft fixed eight vulnerabilities in it's recent patch update but reports on a zero day vulnerability that exists in Internet Explorer.

We would advise updating Windows if you haven't already, and use the latest build of Firefox rather than IE

Posted on March 11, 2010 by Jonathan Green and filed under OS Updates and tagged Patch Tuesday Vulnerability Windows zero day.

And yet more rogue AV software - Virus Protector

A brand new fake AV program Virus Protector is doing the rounds.

Hopefully by now you'll know never to install or run (or click) anything that pops up on your screen telling you there's a problem

File Changes:

RegistryEntries
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Value: Shell
Data: C:\WINDOWS\system32\agaz17mgx.exe

Posted on March 8, 2010 by Jonathan Green and tagged Malware Windows Winiguard virus protector.

Microsoft Security Update

A new Microsoft security update is due for release on Tue 9th March

Microsoft has issued a Security Bulletin Advance Notification,
indicating that its March release cycle will contain two bulletins.
These bulletins will have a severity rating of Important and will be
for Microsoft Windows and Microsoft Office.

Please keep an eye out for these updates

Posted on March 5, 2010 by Jonathan Green and tagged Microsoft Windows Word security updates updates.

Adobe releases security update for Reader & Acrobat

This new bulletin, APSB10-07, is a security update for Adobe Reader and Acrobat. These updates address two
critical vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, make unauthorised cross-domain requests, or cause a denial-of-service condition.

We advise you to update Adobe Reader and Acrobat (all platforms)

Please see our previous post for updates to Adobe Flash

Relevant Url:
http://www.adobe.com/support/security/bulletins/apsb10-07.html

Posted on February 16, 2010 by Jonathan Green and tagged Acrobat Adobe Mac OSX Reader Windows.