Category Archives: Security Issues

Windows Updates For August 2009

Posted on by
Reply

Microsoft released a series of security updates for Windows and Office on August 11th 2009.

The following is a summary of these security updates.

If you have not already received these updates on your computer via Automatic Updates then manually install them by visiting the Microsoft Update website using Internet Explorer.

August 2009 Windows and Office Security Updates

Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (KB957638)

Maximum Severity Rating: Critical

This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Office XP & 2003, Microsoft Visual Studio 2003 SP1, Microsoft ISA Server 2004 & 2006, Microsoft BizTalk Server 2002, Small Business Accounting 2006

—-

Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (KB970927)

Maximum Severity Rating: Critical

This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Windows (All Versions), Microsoft Server 2008, Remote Desktop Connection Client for Mac

—-

Vulnerabilities in WINS Could Allow Remote Code Execution (KB969883)

Maximum Severity Rating: Critical

This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue.

Affected Software: Microsoft Windows 2000 SP4, Windows Server 2003 SP2

—-

Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (KB971557)

Maximum Severity Rating: Critical

This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Windows 2000 SP4, Windows Server 2003 SP2

—-

Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (KB973908)

Maximum Severity Rating: Critical

This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Windows 200 SP4, Windows XP SP2 & SP3, Windows Vista SP1 & SP2, Windows Server 2003 SP2 & 2008

—-

Vulnerability in Workstation Service Could Allow Elevation of Privilege (KB971657)

Maximum Severity Rating: Important

This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

Affected Software: Windows XP SP2 & SP3, Windows Vista SP1 & SP2, Windows Server 2003 SP2 & 2008

—-

Vulnerability in Message Queuing Could Allow Elevation of Privilege (KB971032)

Maximum Severity Rating: Important

This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue.

Affected Software: Windows XP SP2, Windows Vista, Windows Server 2003 SP2

—-

Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (KB970957)

Maximum Severity Rating: Important

This security update addresses a privately reported Denial of Service vulnerability in the Microsoft .NET Framework component of Microsoft Windows. This vulnerability can be exploited only when Internet Information Services (IIS) 7.0 is installed and ASP.NET is configured to use integrated mode on affected versions of Microsoft Windows. An attacker could create specially crafted anonymous HTTP requests that could cause the affected Web server to become non-responsive until the associated application pool is restarted. Customers who are running IIS 7.0 application pools in classic mode are not affected by this vulnerability.

Affected Software: Windows Vista and Vista SP1, Windows Server 2008

* Because IIS 7.0 does not run on Windows Vista Starter and Windows Vista Home Basic, the following editions are not affected: Windows Vista Starter (32-bit), Windows Vista Home Basic (32-bit), and Windows Vista Home Basic (64-bit).

—-

Vulnerability in Telnet Could Allow Remote Code Execution (KB960859)

Maximum Severity Rating: Important

This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Software: Microsoft Windows 200 SP4, Windows XP SP2 & XP SP3, Windows Vista and Vista SP1, Windows Server 2003 SP2, Windows Server 2008

—-

Trojans Accounted for 70 Percent of New Malware

Posted on by
Reply

Trojans accounted for 70 percent of the new malware detected during the second quarter of 2009

This type of malware was also responsible for over a third of all infections between April and June. The Downloader.MDW Trojan was the most active strain of malware during this period.

Trojans accounted for 70 percent of all new malware between April and June 2009, according to data compiled in the latest  PandaLabs Quarterly Report.

One of the most notable findings of the report is the 6.25% drop in spyware, which now represents just 6.9% of all new malware. In contrast, adware rose dramatically over this period, from 7.54 percent in the previous quarter to 16.37 percent. This is largely due to the increase in fake antivirus applications, a type of adware that passes itself off as a legitimate security solution. As for worms, their percentage has also risen slightly, now accounting for 4.4 percent of all malware.

Trojans were also responsible for more infections than any other type of malware over this period. This type of malware was behind 34.37 percent of all infections detected by PandaLabs, an increase of 2.86 percent with respect to the previous quarter. Adware infection levels remained stable, accounting for 19.62 percent of the total. Worms increased slightly (0.89%), staying in the picture due largely to the effectiveness with which they spread.

Dialers, at 4.48%, stubbornly refused to disappear despite the overriding trend for broadband instead of dial-up connections.

In terms of specific strains of malware, the number one ranked specimen between April and June 2009 was Downloader.MDW, a Trojan designed to download other malware on to computers. The Virtumonde spyware and Rebooter.J Trojan were also among the malicious codes that caused most infections.

When broken down geographically, Taiwan continues to top the list with 33.63 percent of computers infected with active malware. Turkey and Poland come next, with just under 30 percent. Three Scandinavian countries, Sweden (14.2%), Norway (12.48%) and Finland (12.17%), are the countries with the lowest number of computers infected by active malware during the first half of 2009.

Malicious use of Twitter

A worm appeared in April which used a cross-site scripting technique to infect Twitter users when they visited the profiles of other infected users. It then infected the new user’s profile to continue propagating. New variants appeared, and finally the creator’s identity was revealed: one Mikey Mooney, who apparently wanted to attract users to a service competing with Twitter.

In early June, Twitter was the focus of other attacks, this time using different techniques, above all BlackHat SEO. Twitter has a feature called “Trending Topics”, which is a list of the most popular topics that appears in the interface of all Twitter users. When users select a topic through this feature, they will see all ‘tweets’ published related to this issue. In this case, malicious users were writing tweets about the topics listed in Twitter Trends with links to malicious Web pages from which malware was downloaded. The first attack focused on just one of the topics, but just a few days later the scope of the attack increased and all popular topics contained malicious links. When the actor David Carradine died, in just a few hours there were hundreds of malicious tweets, and the same occurred with other popular issues on Twitter.

Panda Security Software:

Panda Security Anti-Virus Products

.

Microsoft Security Intelligence Report No 6

Posted on by
Reply

The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows users, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications.

The sixth video of the report is now available – join Tim Rains (Microsoft Trustworth Computing) and Vinny Gullotto (Microsoft Malware Protection Center) in this informative video on security:

Regards

Marc Liron – Microsoft MVP