Tuesday, July 14, 2009

Windows Security Updates for July 2009

Patch Tuesday is here. From the Microsoft Security Bulletin, there are six security updates. There are two for the Windows operating system, one for the Microsoft Office system, one for the Windows Internet Explorer browser, one for Microsoft ISA Server, and one for Microsoft Virtual PC.

Most important I believe is the fix for the Internet Explorer Video Active X exploit. Microsoft Security Bulletin MS09-032 patches this one by setting killbits in IE to stop the exploit before it can do anything.

Here are the specific updates:

MS09-032 - addresses a vulnerability in Microsoft Internet Explorer (KB 973346) - This one is mentioned above with the Video Active X issue.

MS09-028 - addresses a vulnerability in Microsoft Windows (KB 971633) - This addresses vulnerbilities in DirectShow that could allow specially crafted Quicktime files to gain the same rights as the current user. Not good if you are logged in as an admin user, like most people are.

MS09-029 - addresses a vulnerability in Microsoft Windows (KB 961371) - Embedded OpenType Font Engine which could allow your computer to be taken over.

MS09-030 - addresses a vulnerability in Microsoft Office (KB 969516)
MS09-031 - addresses a vulnerability in Microsoft ISA Server (KB 970953)
MS09-033 - addresses a vulnerability in Microsoft Virtual PC (KB 969856)

You can see all the gory and boring details on the July 2009 Security Bulletin. Of course, the easy way to get patched against these threats is to go to Windows Update.

Friday, July 10, 2009

Imageshack got Hacked

Looks like Imageshack left the backdoor of their server open. All images hosted by them are showing the hacked image, but the wording seems to indicate that no pictures were deleted.

Imageshack, one of the web's largest image hosts, was attacked tonight by a movement called "Anti-Sec". The result of the attack has been toreplace all ImageShack hosted images with a manifesto for the movement (below).

Still breaking, see more plus the hacked image at Mashable

Tuesday, July 07, 2009

Google Chrome Operating System

The Google Chrome blog announced just recently that they are planing an operating system. Initially geared for netbooks, but I'm sure there's more in plan. I'm guessing they wpn't target full blown computers for awhile, but this is probably an extension of Android that Google aready has for the cell phone market.

Google Chrome OS is an open source, lightweight operating system that will initially be targeted at netbooks. Later this year we will open-source its code, and netbooks running Google Chrome OS will be available for consumers in the second half of 2010. Because we're already talking to partners about the project, and we'll soon be working with the open source community, we wanted to share our vision now so everyone understands what we are trying to achieve
Google Empire marches on.

Monday, July 06, 2009

Internet Explorer Video Active X Exploit

Been awhile since Windows had a zero day exploit that would allow the bad guys to take over your computer just by visiting a web site. Got one now. All you need to do is to visit a web site that has been set up to use this vulnerability with Internet Explorer and boom, they got you. Apparently, a flaw in Microsoft directShow( MSVIDCTL.DLL ) lets them do it. It does need to be IE 6 or 7 with Windows XP or Windows 2003. Yay! Vista and presumably Windows 7 aren't affected.

One way to avoid this is to not use IE. Firefox, Opera, Safari and other browsers aren't affected. The bad guys could try to open IE or trick you into opening it, so it's best to the video Active X advisory page and use the fix it button to turn off the part of IE that allows the exploit.

F-secure detects it as Exploit:W32/Agent.LBV. They have a write up and plug for their free beta of ISTP or ExploitShield that also protect you. Also has video link showing them trying to get infected with it and failing.

McAfee detects it as Exploit-MSDirectShow.b and has their write up here that says this has been around since last December and only has become widely know recently.

The Registry key that the Microsoft advisory page modifies is this. Best to not mess around in the registry. Might be more, but I'm not going to list them all.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
"Compatibility Flags"=dword:00000400

More tech details at Microsoft Security Advisory 972890.

Wednesday, July 01, 2009

Somewhat new rogue Barracuda Antivirus gets wrath of legit Barracuda Networks

Another day, another rogue. This time it's named Barracuda Antivirus. I guess they wanted to ride the coattails of the real Barracuda firewall products. As usual, the fake Barracuda Antivirus will pop fake warnings and try to goad you into buying it.

The real Barracuda Networks had this to say:
This rogue ‘Barracuda Antivirus’ program is in no way affiliated with Barracuda Networks and is just one of a string of recent examples of hackers attempting to spread malicious programs using an established and trusted Internet security brand,” said Stephen Pao, vice president of product management for Barracuda Networks.

Barracuda is a successor to AntivirusBest. You can probably get rid of it with Malwarebytes Antispyware using the removal guide at Bleeping Computer for AntispywareBest. Screen shot of Barracuda Antispyware here.

More information about the real and legit Barracuda Networks here. They make hardware products to filter malware and spam for large networks, not really a home consumer solution.

iPhoto update 8.0.4 available

I don't use iPhoto too much, but it has it uses. There's a nice 103 MB update for it that fixes the issue from the iPhoto 8.03 update that caused iPhoto to crash. You could work around it by holding the Option key and then choosing your library, but what fun was that. I didn't have that problem, but this should help those that did.