If you came to this page directly, click the icon at the left to be taken to our Home Page |
|
| If you came to this page directly, click the icon at the left to be taken to our Home Page |
|
|
Updated Friday, May 2, 2008 10:12 PM |
|||
|
|
5/1/2008: AVG, Grisoft's flagship AntiVirus (Anti-Spyware, Anti-Spam / Firewall) product has been giving upgraders fits over the last several weeks. The previous release, version 7.5, was superseded by version 8 months ago, but with the latest updates, old installations Nag users to upgrade constantly. Problems abound when the upgrade is processed. AVG 8 Internet Security is a complicated install, which also (by default) installs the hideous Yahoo Toolbar (misrepresented as the "AVG Security Toolbar") and if you don't uncheck this box before continuing, the only way to get rid of this resource-hogging pest is to completely uninstall AVG, then reinstall it, being careful to uncheck this junkware option. Grisoft should be ashamed of themselves for selling their souls to gain the piddly few cents Yahoo pays them for each install of their product. We've been removing the Yahoo Toolbar (actually everything Yahoo) for years to dramatically improve performance. As if the Yahoo Junkware wasn't enough of a headache it is common for workstations upgraded to AVG 8 to lose their ability to communicate with other computers and printers on the network. The only fix is to remove, then reinstall AVG correctly. AVG is still the best product on the market, but you should NOT upgrade to version 8 yourself. Call us and we'll schedule the time to do it properly. It will be less expensive and much less stressful than the DAYS of aggravation caused by trying to do it yourself. If you simply MUST do the upgrade yourself, read our instructions for Installation and Configuration of AVG Internet Security Version 8 on our Tips and Tricks page. Follow the instructions EXACTLY and you should be OK ("should" being the operative word here). 3/7/2008: Microsoft has released, then pulled a preliminary Vista SP1 that has been causing (reminiscent of XP SP2) endless reboots in many installations. The full SP1 release, originally scheduled for December of 2007, has been re-scheduled for mid-march. Those who have successfully installed this latest update report lackluster performance. Comparison tests show Vista still lagging behind the venerable XP's performance by as much as 40%. Meanwhile, it seems those who wisely have stayed with Windows XP will be receiving the newest service pack, SP3 in the foreseeable future. 3/9/2007: As you probably know by now, the beginning and end times for Daylight Savings Time (DST) are changing this year. Previously, DST would have been in effect from April 1, 2007 to October 28, 2007. The new schedule will be from March 11, 2007 to November 4, 2007. This has created a glitch in Outlook calendars and Microsoft has issued updates in an attempt to address this problem. Some tests to determine whether all appointments would be moved correctly if updates were applied have found numerous errors leading us to issue this advisory.
There is a high likelihood that some of your appointments between March 11, 2007 and April 1, 2007 will appear incorrectly and may show up an hour later or an hour earlier than you intend. Unfortunately there is no automated mechanism to correct these appointments. We advise everyone to manually review and correct their calendars after the time change on Sunday, March 11. Only appointments that fall between March 11 and April 1 are affected.
Prior to
correcting your appointments, make sure that your computer has all the
current updates from Microsoft by going to either Windows Update or Microsoft
Update on the start menu and installing any outstanding High-Priority
Updates.
In addition, the following recommendation from Microsoft should be followed:
Ultimately, individual calendar owners are the only ones who can validate their calendars are correct or not. To minimize confusion during the DST shift, follow these simple steps: When organizing a meeting during the extended DST period, type the correct meeting time in the subject line or body of the message (for example, Project planning meeting at 8:30 A.M.).
Consider any appointments and meetings in the extended DST period to be suspect. When in doubt, verify the correct time with the organizer. Please also watch out for hoax emails during this time telling you to go to a certain web site to download updates or anything else that looks suspicious. 12/4/2006: Unpredictable and varied problems have beset users of Adobe's Acrobat Reader 7.x series for several months. We have found printing problems, lockups, errors and no solutions on Adobe's site, in spite of vast numbers of Internet postings seeking resolutions to the problems. We have reviewed solutions and, at the time of this writing are recommending the following resolution: If you are currently using Acrobat Reader version 5 or 6 you can keep using these products with no problems. If you are using version 7, we recommend uninstalling it, then downloading and installing the Free PDF tool from Foxit Software. This product has proven to be fast, trouble-free and easy to install. Version 2.0 is a small, 1.5MB download and can be found here. 11/1/2006: Hackers have published code that can let an attacker disable the Windows Firewall and many Windows XP-equipped computers. The code, posted on the Internet Sunday morning, can be used to disable the built-in Firewall in a fully-patched version of Windows XP running Windows' Internet Connection Service (ICS). ICS allows users to turn their PC into a router and share their Internet connection with other computers on the same network. Mitigating factors in staging this new threat are that ICS is disabled during normal installation and would have to be intentionally enabled by the end user and the attack would have to come from an internal source, not from the Internet. Users can avoid the attack by disabling ICS, but this will also shut down the shared Internet connection. 8/14/2006: Dell Inc., the world's largest PC maker announced Monday it would recall 4.1 million notebook computer batteries manufactured by Sony Corp. The recall was issued in cooperation with the Consumer Product Safety Commission. In some cases, the lithium-ion batteries can overheat causing smoke and fire, Dell spokesman Jess Blackburn said. The recall of batteries manufactured between April of 2004 and July of 2006 covers Dell's Latitude, Inspiron and Precision models and involves 18% of dell's 22 million notebook computers sold during this period. To date, Dell has received six reports of damage to furniture and personal belongings as a result of battery overheating. To find out if your battery is one of the recalled versions, click here. 5/25/2006: In a warning from Internet security experts, a gaping security flaw in the latest versions of Symantec's antivirus products could put millions of users at risk. According to the company that discovered the flaw, eEye Digital Security, remote hackers exploiting the flaw could take complete control of the target machine without any user action. "We have confirmed that an attacker can execute code without the user clicking or opening anything" according to a representative for eEye. 5/19/2006: A warning was issued today by the SANS Internet Storm Center (ISC) and Antivirus companies about sophisticated e-mail attacks using an unknown hole in Microsoft Word to compromise computers on the Internet. The warning came after "limited targeted attacks" from China and Taiwan were directed against an unnamed company. Word attachments were used in the attacks to install Trojan horse programs on corporate computers. Symantec issued a warning to its DeepSight Threat Management Service that it had confirmed reports of active exploitation of a hole in MS Word 2003. Word documents are used in the attacks to trigger the security hole and run code giving attackers control over vulnerable systems. The hole caused MS Word 2000 to crash, but did not allow the "shell code" that can be used to control the machines to run. Sophos PLC researchers are also tracking the malicious Word file being used to distribute a Trojan horse called Oscor-B. That program was designed to give malicious hackers remote access to infected computers according to Graham Cluley, a senior technology consultant at Sophos. Since it is not unusual to have a fully patched Windows system running a version of Microsoft office that has not been patched in a year or more, MS Office programs make a good target. Until virus signatures are developed and distributed to detect this new attack, antivirus companies recommend blocking Word e-mail attachments and advise "extreme caution" when they receive any unexpected MS Word attachment.
The latest Security Advisory from Microsoft exposes a previously unknown hole in Microsoft's Windows Operating Systems. The problem creates a vulnerability to viruses, spyware and other malicious programs that could take control of Windows-enabled computers. The hole is "being actively exploited" according to Microsoft in an online posting. Microsoft has no current 'fix' for this problem, but is working on a patch and recommends all users not to click on website links in emails without first verifying the safety of the link. 12/22/2005: In response to the massive negative press associated with the rootkit software contained on Sony Music CDs, Sony has published removal tools for both the XCP rootkit product and the MediaMax copy protection module as well. Select the links below to remove these products if you have ever played a Sony Music (BMG) CD on your computer: To
Uninstall Sony Music's XCP copy protection: To Uninstall Sony Music's MediaMax copy protection: http://www.sunncomm.com/support/tools/uninstall2.asp 11/22/2005: As The Computer Wizard has been saying for years, Music Sharing Software is very dangerous. Not just for the illegality of sharing copyrighted material. Not because of the growing likelihood of downloading a virus or trojan instead of your favorite song. WFAA TV Dallas reported today a massive security hole in Limewire, one of the file-sharing industry's most popular Spyware-laced programs. Anyone running Limewire software exposes not only the Shared Folder to browsing from all other Limewire users, but the entire hard drive and everything on it is completely accessible to other Limewire subscribers. If
you have any files with banking, credit card, password lists or
Social Security information anywhere on your computer -- and you're using
Limewire, you are at risk for Identity Theft! First, remove Limewire immediately from any computers under your control. Second, change all passwords associated with any accounts accessed by your computer. If you find any suspicious activity in any of your banking or credit card accounts, notify your vendor immediately. 11/03/2005: A rootkit is software which alters the way the operating system works. The purpose of this is to hide files, folders and processes while they are running on the system. They were used in the old days, long before Windows was created, to take over UNIX computers. With a good rootkit, you can hide any piece of software from all but the most determined search. Today, they are used frequently by trojans, spyware and viruses. When any Sony music CD is put into a Windows computer, a license agreement pops up declaring that a small program will be installed. The license agreement claims that the software will be used to play the music files and to allow you to make a limited number of copies of the music. It also claims that you cannot play the music files without installing the program. The agreement contains significant omissions. The fact that a rootkit is installed is not disclosed. The fact that device drivers are installed is not disclosed. That these device driver will disable the CD burner if someone attempts to copy the CD is not disclosed. The NT service is not disclosed and in fact, is given a deceptive name: "Plug and Play Device Manager". Multiple hidden device drivers. A piece of software that can disable a hardware device at will. Deceptively named NT services. All of it hidden from sight by a rootkit. Removing this software breaks the computer, unless you know EXACTLY what you are doing. And none of it is disclosed in the license agreement. All of these things happen just because a person wants to listen to the music they have purchased from Sony. Sony came out with a tool, not to remove, but to make the cloaker & files visible. It is called AURORA update. Aurora is one of the most-invasive and hardest-to-remove pieces of Malware on the planet at the time of this writing.
Meanwhile, when installed, any file starting with $sys$ becomes invisible. There are already cheats & other software (including viruses & spyware) taking advantage of it. 11/03/2005: Two patches released by Microsoft Corp. earlier this year for its Internet Explorer browser may cause some Web sites not to load properly. The bulletins, MS05-038 and MS05-052, removed "unsafe functionality" and changed how the browser handles ActiveX controls for security reasons. Microsoft has published instructions on how to resolve the MS05-038 issues at http://support.microsoft.com/kb/906294. Instructions
for the two possible problems with MS05-052 can be found at http://support.microsoft.com/kb/909889
and http://support.microsoft.com/kb/909738. 6/14/2005: Microsoft Corp. today released a total of 10 software patches designed to repair vulnerabilities in Windows and Internet Explorer. In its monthly Security Bulletin Update, Microsoft said the three critical updates should be applied immediately to guard against remote attackers being able to take complete control of a user's computer. The three critical patches are a Cumulative Security Update for Internet Explorer, a Fix for the HTML help section in Windows and an Update for the Server Message Block Module. 2/8/2005: Microsoft Corp. today released a total of 12 software patches designed to fix 16 vulnerabilities in Windows, Office and other products. Eight of the new patches are for “critical” security holes that could be used to run malicious code on affected computers, Microsoft said. The group of fixes represents one of the largest single-day releases of software updates since Microsoft switched to a monthly patching approach in October 2003. Microsoft provided patches for almost every supported version of Windows, including the recently issued Windows XP Service Pack 2. The company is trying to plug security holes in critical Windows components and in products such as its Internet Explorer Web browser and MSN Messenger instant messaging application. Among the critical problems addressed: A vulnerability in a component of MSN Messenger that renders the Portable Network Graphics image files used to display icons, such as smiley faces. If the flaw is successfully exploited, malicious code could be hidden in a buddy icon and launched whenever MSN users load their IM contact lists. A flaw in the Server Message Block (SMB) protocol that affects Windows XP, Windows 2000 and Windows Server 2003 and could be used to launch attacks on vulnerable systems from Web pages. A vulnerability in the License Logging Service (LLS) used in Windows Server 2003, Windows 2000 and Windows NT Server 4.0. The logging service is a tool that helps customers manage software licenses for Microsoft’s server products. The company said a remote attacker could use the vulnerability to cause LLS to fail, creating the potential for denial-of-service attacks on systems running Windows Server 2003. Attackers could install programs; view, change or delete data; or create new user accounts on Windows 2000 and NT Server 4.0 systems. Four holes in Versions 5 and 6 of Internet Explorer. One of the patches includes a fix for a "drag and drop" vulnerability that could allow a remote attacker to use the Web to place an executable file on a Windows system without the user of the machine being shown a dialog box asking for approval for the download. 2/9/2005: Symantec Corp. has issued patches to fix a "high impact" security hole that affects almost every product it sells. According to security rival ISS, which unearthed the vulnerability, the problem lies with the DEC2EXE module in the Symantec Anti-Virus Library, a part of the virus detection engine that makes it possible to detect malware inside executable files compressed using the freeware UPX (Ultimate Packer for eXecuteables) format. The vulnerable module fails to properly check within files when looking for viruses, a flaw that could allow an attacker to cause a software "heap overflow" using a specially crafted UPX file. ISS stated that this could, in turn, give an attacker unauthorized access to a network or its client PCs, as well as confidential information. Symantec
emphasized that it had started removing the DEC2EXE module from its software
before the issue came to light. Prior to ISS contacting Symantec with
this vulnerability, Symantec had already removed the DEC2EXE engine from
the scan engine upgrades implemented in the majority of Symantec products.
Symantec had planned the DEC2EXE engine removal from all affected Symantec
product versions during upcoming maintenance updates. 1/11/2005: This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system. This vulnerability is documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges. We recommend that customers install the update immediately. 1/11/2005: An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, install programs; view, change, or delete data; or create new accounts that have full privileges. We recommend that customers apply the update immediately. 12/30/2004: Symantec Corp. is warning users of a newly discovered Trojan horse named Phel -- an anagram of the word help -- that attacks Windows XP. The Trojan is capable of remotely controlling a user's system even if the latest Windows XP Service Pack, SP2, has been installed. The Trojan horse, distributed as an HTML file, attempts to exploit a vulnerability in Internet Explorer's HTML Help Control component in all versions of Windows. Microsoft is actively investigating new public reports of a criminal attack, according to a Microsoft spokesperson. For the exploit to succeed, an attacker would need to entice a user to visit a malicious Web site and then would have to place the Trojan horse on the user's machine. If the Trojan executes successfully, potentially malicious software could be downloaded and run on the user's system. Microsoft said customers in North America who think they may have been affected can receive help with security update issues or viruses at no charge by calling Product Support Services at 866-727-2338. International customers can receive the same level of support online at http://support.microsoft.com. Customers in the U.S. who believe they have been attacked should contact their local FBI office or post their complaint online at www.ifccfbi.gov. Customers outside the U.S. should contact the national law enforcement agency in their country.12/24/2004: Antivirus company Symantec Corp. warned its customers about a number of critical holes in Microsoft Corp.'s Windows operating system that surfaced late yesterday and that could make Windows systems vulnerable to compromise by remote attackers. The flaws affect most supported versions of Windows, but Microsoft has not yet issued a patch for the newly disclosed holes. Windows users are vulnerable to Internet based attacks until patches are issued. Researchers at Venustech Security Lab described a vulnerability in a component of Windows, winhlp32.exe, that processes Help files. Attackers could launch attacks using a Help file created to trigger the overflow vulnerability, though victims would have to be tricked into downloading and opening the malicious file on their computers for it to be compromised. Most supported versions of Windows are affected by the LoadImage flaw, including versions of Windows NT, Windows XP, Windows 2000 and Windows Server 2003. Windows
users should exercise caution when receiving and opening files from unknown
sources. 12/20/2004: The vulnerability lets an attacker display any Web site while the address bar in Internet Explorer displays a trusted Web address -- https://www.paypal.com, for example -- and even shows the icon indicating that Secure Sockets Layer security technology is in use, security researchers warned on Thursday. The flaw could result in more sophisticated phishing scams, which are online attacks that typically use spam e-mail messages with links to phony Web pages that look like legitimate e-commerce sites, where users are duped into revealing sensitive information such as passwords and credit card numbers. The problem was discovered by a security researcher from the Greyhats Security Group and reported by Danish security company Secunia. The vulnerability lies in an ActiveX control in Internet Explorer and has been found to affect Version 6.0 of the browser running on Windows XP with Service Pack 2 and earlier versions, according to a Secunia advisory. Secunia suggests that users protect themselves by disabling ActiveX in Internet Explorer or setting the Internet Explorer security level to "high" for the Internet zone. 12/01/2004: It has come to our attention that SBC is slowly rolling out changes to their standard DSL accounts. Existing accounts will soon not be able to send email, as SBC is blocking port 25, the port required to send email. The only 'fix' according to SBC is to sign up for their 'Enhanced' DSL service with static IP. Another heavy-handed trick by SBC to get more of your dollars -- and waste a lot of time on the phone with Tech Support. 10/12/2004: Risk
Date Discovered
Description Microsoft Windows contains a buffer overflow in the Compressed (zipped) Folders feature. A maliciously crafted compressed file could overrun an internal buffer causing arbitrary code to be executed in the security context of the current user. Microsoft Security Bulletin MS04-034 Components
Affected: Read the full story here 10/07/2004: Risk
Date Discovered
Description Microsoft Windows Program Group Converter (grpconv.exe) is reported prone to a buffer overrun vulnerability. The issue is reported to exist due to a lack of sufficient validation performed on filename data. An attacker may craft a malicious file and present it to a victim in order to exploit this vulnerability. Additionally, it is demonstrated that this vulnerability may also be exploited using a series of separated vulnerabilities in Internet Explorer in order to exploit this vulnerability when a malicious website is viewed. It is reported
that exploitation may be hindered because parameter data is stored in
Unicode format. Microsoft Security Bulletin MS04-037 Components
Affected: Read the full story here 09/14/2004: Microsoft (Graphics Device Interface) GDI+ JPEG handler is reported prone to an integer underflow vulnerability when handling JPEG format images. This issue presents itself due to a lack of sufficient sanity checks performed on certain JPEG data before this data employed as a bounds value for a memory copy operation. A specially crafted JPEG image may trigger this vulnerability and result in the execution of arbitrary attacker-supplied code. Code execution would occur in the context of the user who is running the vulnerable software. Read the
full story here 09/16/2004: After carefully monitoring the various XPSP2 installations we have encountered over the last month, we feel the advantages of Windows XP Service Pack 2 XPSP2) definitely merit its installation -- but only under certain conditions. We have found the 'downloaded' installation of XPSP2 (75MB) fails more often (1 out of 10) than an installation directly from the Microsoft-issued CD (266MB) and, therefore, we only recommend installing from CD. When XPSP2 installations fail, the result is a computer that will not boot. While some can be 'rolled back' to a pre-XPSP2 state, the majority of these cases will require reinstallation of Windows XP. We routinely install XPSP2 in our shop, under carefully controlled conditions with no problems whatsoever. Prior to installation, the following MUST be done: •
ALL AntiVirus applications must be disabled and removed from memory.
09/02/2004: Winzip, the most popular compression / decompression tool in use for the Windows platform has announced a security vulnerability involving versions 3.x, 6.x, 7.x, 8.x and 9.x. Previous versions of WinZip contain potential buffer overflows which could allow an attacker to execute malicious code, according to WinZip. Winzip has released a fix for this vulnerability, but users must upgrade to version 9 to obtain it. WinZip 9.0 Service Release 1 (SR1). WinZip Computing recommends that all WinZip users upgrade to WinZip 9.0 SR1 to avoid the possibility of future exploitation of these vulnerabilities. 07/30/2004: Microsoft Corp. today released an out-of-cycle patch to fix three critical and previously disclosed holes in Internet Explorer. The latest cumulative patch is contained in Security Bulletin MS04-25 and is aimed at fixing a series of flaws in Internet Explorer that were publicly disclosed in late June. Read the full story here 07/13/2004: Microsoft Task Scheduler is reported prone to a remote buffer overflow vulnerability. The issue is reported to exist due to a lack of sufficient validation performed on user-supplied data, before the data is copied into an allocated buffer. It is reported that a remote attacker may exploit this vulnerability through a malicious Web site or a job file. It should be noted that while this issue does not affect Windows NT 4.0 SP6a, it may affect this platform if Internet Explorer 6 SP1 is installed. Systems affected: Windows NT, Windows 2000, Windows XPRead the full story here 07/13/2004: Antivirus
and e-mail security companies sent out warnings today about a new Trojan
horse program that they claim is being mass distributed on the Internet
using unsolicited commercial e-mail, or spam. Read the full story here 06/24/2004: An employee of America Online Inc. (AOL) was arrested Wednesday for stealing AOL user screen names and selling them to an unsolicited commercial (spam) e-mail operation, AOL said in a statement. Read the full story here 06/11/2004: JUNE 11, 2004 (IDG NEWS SERVICE) - Four new holes have been discovered in the Internet Explorer (IE) Web browser that could allow malicious hackers to run attack code on Windows systems, even if those systems have installed the latest software patches from Microsoft Corp., security experts warned. Word of the four vulnerabilities surfaced in security discussion newsgroups in recent weeks. Two of the vulnerabilities posted to the NTBugtraq discussion list, allows attackers to load content from malicious Web pages while displaying the Web address of legitimate sites in the Web browser's address bar. Attackers could trick users into clicking on the bogus Web links using e-mail messages or by linking from other Web pages. Another unpatched hole, called a "cross-zone scripting" vulnerability, allows attackers to trick IE into loading insecure content using relaxed security precautions typically applied to files stored on the local hard drive or obtained from a trusted Web site such as www.microsoft.com. Two more unpatched IE holes surfaced yesterday that are variations on the same themes. One is a spoofing vulnerability that works on IE, as well as the Mozilla and Safari browsers, and allows attackers to fake the address displayed in the address bar. The other is a cross-zone scripting hole that lets users load insecure Web pages as if they were trusted Web pages, Larholm said. Newport Beach, Calif.-based PivX also offers Windows users a free tool, Qwik-Fix, which locks down Windows and prevents many common exploits, Larholm said.Read
the full story here.
06/07/2004: Netgear's
WG602 (version 1) 802.11g-compatible wireless LAN access point contains
a hard-wired user account with a known password. Any user with access
to a LAN with an affected WG602 device connected to it would be able to
gain full administrator access to the device. Read the full story here. 06/08/2004: Risk
Date Discovered
Description Microsoft DirectX DirectPlay is affected by a remote denial of service vulnerability. This issue is due to a failure of the affected library to properly handle malformed network data. An attacker
can exploit this vulnerability to cause an application using the affected
DirectPlay library to crash, denying service to legitimate users. Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Server Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Terminal Services SP2 Microsoft Windows ME Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Datacenter Edition 64-bit Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Enterprise Edition 64-bit Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows XP 64-bit Edition Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP Home Microsoft Windows XP Home SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Professional Microsoft Windows XP Professional SP1 Components Affected Microsoft DirectX 7.0 a Microsoft DirectX 7.0 Microsoft DirectX 7.1 Microsoft DirectX 8.0 a Microsoft DirectX 8.0 Microsoft DirectX 8.1 b Microsoft DirectX 8.1 a Microsoft DirectX 8.1 Microsoft DirectX 9.0 b Microsoft DirectX 9.0 a Read
the full story here. 05/17/2004: Two security organizations have issued alerts warning of a flaw in wireless LAN equipment based on the 802.11b Wi-Fi standard that leaves the devices vulnerable to a denial-of-service (DoS) jamming attack. 802.11a and 802.11g networks do not suffer from this flaw. There is no foreseeable possibility of correcting this flaw in the 802.11b network. Read the full story here. 05/13/2004: Almost the entire range of Symantec Corp. security software, from Norton Internet Security through to the Symantec Firewall, requires urgent updates, the company has warned, after four critical vulnerabilities were found by security company eEye Digital Security Inc. One of the holes remains open even with all ports filtered and intrusion rules set thanks to a separate design flaw, eEye has warned. This makes it an almost certain target for worm writers, one of which -- if history is any indication -- may be put out on the Internet within 24 hours. Symantec was informed of the holes on April 19, and provided patches for them today. The patches should be installed as part of the Live Update feature in most packages, but some will require the manual download and installation of patches, and those that have automatic updating switched off will need to run Live Update as soon as possible. 05/11/2004: A security vulnerability has been reported in Microsoft Windows XP and Server 2003 operating systems. This issue exists in the Help and Support Center (HSC) and is due to how the feature handles HCP invocation URIs for DVD driver upgrades. This issue could be exploited from a malicious web page or HTML e-mail to cause a malicious executable to be run on a vulnerable system. This would occur in the context of the victim user, though it has been reported that significant user interaction is required for exploitation to occur. Read the
full release here. 04/20/2004: A vulnerability in TCP implementations has been reported that may permit unauthorized remote users to reset TCP sessions. This issue affects products released by multiple vendors. This issue may permit TCP sequence numbers to be more easily approximated by remote attackers. The cause of the vulnerability is that affected implementations will accept TCP sequence numbers within a certain range of the expected sequence number for a packet in the session. This will permit a remote attacker to inject a SYN or RST packet into the session, causing it to be reset and effectively allowing for denial of service attacks. An attacker would exploit this issue by sending a packet to a receiving implementation with an approximated sequence number and a forged source IP and TCP port. There are a few factors that may present viable target implementations, such as those which depend on long-lived TCP connections, those which have known or easily guessed IP address endpoints and those implementations with known or easily guessed TCP source ports. It has been noted that Border Gateway Protocol (BGP) is reported to be particularly vulnerable to this type of attack. As a result, this issue is likely to affect a number of routing platforms. It should be noted that while a number of vendors have confirmed this issue in various products, investigations are ongoing and it is likely that many other vendors and products will turn out to be vulnerable as the issue is investigated further. Other consequences
may also result from this issue, such as injecting specific data in TCP
sessions, though this has not been confirmed. Read the full release here. 04/13/2004: Read the full release and download the patches here. 03/09/2004: Microsoft MSN Messenger is prone to an information disclosure vulnerability. When a malformed file transfer request is initiated by a remote user, they may be able to view the contents of files on the remote system. Components
Affected Source: Microsoft Security Bulletin MS04-010 Read the bulletin here. 03/09/2004: Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer to load malicious content in the Local Zone. This vulnerability only affects Microsoft Office XP and Outlook 2002. This is related to how mailto URLs are handled by the software and may be exploited from a malicious web page or through HTML e-mail in situations where the Outlook Today page is the default folder home page in the client. This issue will permit a remote attacker to influence how Outlook invoked via mailto URIs, allowing for execution of malicious scripting in the Local Zone through an attacker-specified Outlook profile parameter. Read the Symantec security advisory here. 03/09/2004: It has been reported that Microsoft Windows Media Services is prone to a remote denial of service vulnerability. This may allow an attacker to cause the services to effectively deny access to legitimate users by sending specially crafted TCP/IP packets on TCP ports 7007 and/or 7778 This affects Windows 2000 Server only. Get the security update here 02/13/2004: AOL Instant Messanger (AIM) are experiencing Worm Spam. Osama Found Spam pops up a URL link in an incoming message during an AIM session and appears to come from someone on the user's buddy list. Users who click on the URL link are sent to a Web page where they are asked to download a program for an IM game application. PSD Tools LLC in Cambridge, Mass., through its BuddyLinks division are the distributors of the SPAM. Read the full story here. 02/10/2004: Microsoft
Security Bulletin MS04-007 The Microsoft Windows ASN.1 parsing library has been reported to be prone to an integer handling vulnerability. The issue is reported to exist because an integer value that is contained as a part of ASN.1 based communications is interpreted as an unsigned integer. Because this integer value is assumed trusted, unsigned, and conjectured to be then further employed in potentially sensitive computations, memory corruption may result. Click
Here to Read the Microsoft Security Bulletin and download the updates. 02/10/2004: Microsoft Windows Internet Naming Service Buffer Overflow Vulnerability Microsoft
Security Bulletin MS04-006 The Microsoft Windows Internet Name Service (WINS) is prone to a remotely exploitable buffer overflow condition. Sending a series of specially crafted packets to the service could cause it to fail. On some Windows platforms, this could also lead to execution of arbitrary code. Click Here to Read the Microsoft Security Bulletin and download the updates. 02/02/2004: Cumulative
Security Update for Internet Explorer (832894) Impact of vulnerability: Remote Code Execution Maximum Severity Rating: Critical Follow this link for the complete description and downloads for versions 5.x and 6.x of Internet Explorer 01/13/2004: W32.HLLW.Gaobot.AG
01/13/2004: It has been reported that the H.323 filter used by Microsoft ISA Server 2000 is prone to a remote buffer overflow vulnerability. The condition presents itself due to insufficient boundary checks performed by the Microsoft Firewall Service on specially crafted H.323 traffic. Successful
exploitation of this vulnerability may allow a remote attacker to execute
arbitrary code in the context of Microsoft Firewall Service running on
ISA Server 2000. This may lead to complete control of the vulnerable system. Click here for the advisory released January 14, 2004. 01/13/2004: Microsoft has released an advisory reporting a buffer overrun vulnerability in an MDAC function. This issue is exposed when an application makes a broadcast request to query for SQL Servers on the network and malformed data is returned in the broadcast response. Click here for the advisory released January 14, 2004. 01/05/2004: A vulnerability involving the do_mremap system function has been reported in the Linux kernel, allowing for local privilege escalation. Due to a bounds checking issue within the function, it is possible for local attackers to disrupt the operation of the kernel. Attack vectors also exist that may permit a local attacker to gain root privileges. This type of vulnerability will permit a remote attacker who has gain limited privileges on a host to fully compromise the system.
12/19/2003: It
has been reported that the Internet Explorer patch supplied by Openwares.org
for the Multiple Browser URI Display Obfuscation Weakness (BID 9182) may
be prone to a buffer overflow condition that may allow an attacker to
execute arbitrary code on a vulnerable system in order to gain unauthorized
access. The condition is present due to insufficient boundary checking.
The problem is reported to exist in the BeforeNavigateEvent() function
of IETray.cpp module. This may also cause a denial of service condition
in Internet Explorer. 12/04/2003:
rsync
has been reported prone to an undisclosed heap overflow vulnerability
when running in daemon mode. The issue has been reported to be remotely
exploitable and will provide for an execution of arbitrary code. This
problem affects numerous Linux and Linux variants. 12/03/2003:
A
problem has been identified in the handling of some types of requests
by ActiveX controls installed with Yahoo! Messenger, exposing a remotely
exploitable buffer overrun. Because of this, it may be possible for an
attacker to execute arbitrary code on a vulnerable host. References
Microsoft Security Updates for November 12/03/2003: Symantec Releases Activation Patch In response to increasing complaints regarding Activation Errors with Symantec's Norton AntiVirus 2004 and other products, Symantec has released a patch to solve the problem. 11/26/2003: Microsoft Internet Explorer 6 Active Scripting Flaw Reported Security researchers in Denmark are warning users to disable "active scripting" in Microsoft Corp.'s Internet Explorer 6.0 Web browser to prevent attackers from targeting and taking remote control of their PCs. Niels Rasmussen, CEO of security research company Secunia ApS in Copenhagen, said yesterday that the latest vulnerabilities "allow malicious Web sites and viruses to bypass the security zone settings in Internet Explorer." The discovery was made by researcher Liu Die Yu, who posted it on public reporting bulletin boards. Presently, the only fix is to disable Explorer's active scripting so that the feature can't be used to attack the machine, according to Secunia. Other browsers that don't have the feature, such as Netscape Navigator, Mozilla or Opera, can be used without fear of attacks. 11/11/2003:
Microsoft Windows Workstation Service Remote Buffer Overflow Vulnerability 11/05/2003:
Microsoft Internet Explorer Self Executing HTML Arbitrary Code Execution
Vulnerability The issue presents itself when Internet Explorer is rendering malicious HTML pages that contain embedded executables that are invoked in a specific manner. When a malicious page is rendered the embedded code is executed with the privileges of the user running the vulnerable web browser. This affects all Windows32 systems and all versions of IE 5.5 and 6. Recommendations
11/02/2003:
(updated 1/26/2004) There
have been several variants of the Mimail virus (originally discovered
in August 2003) released recently. The variants include C, D ,E, F, G,
I, J, L through Q. They all have similar characteristics in that their
purpose is to utilize infected computers to relay SPAM to the rest of
the world. Be part of the solution and not part of the problem by making
sure your virus definitions are up to date and, if you notice unusual
activity on your Cable Modem or DSL Modem, disconnect your computer from
the modem until you are certain you are not infected. Version J is similar
to Paylap, which steals your PayPal and credit card information. 10/15/2003:
Microsoft
Releases Five Critical Patches DCOM
Threat due to be exploited: Bulletin: When in doubt about the veracity of an email 'patch' or virus 'warning' -- always go to S.A.R.C. (Symantec Anitivirus Research Center) for verification. With
this newest breed of viruses, the 'delivery mechanism' has changed. You
no longer need to be browsing the web or open (or even receive) email
to be infected. Several of these new trojans deliver themselves to you
via open ports in your operating system. The only defense is a firewall
or hardware router with these ports blocked! |
|
©
Copyright 1999 - 2008 The Computer Wizard
|
||||
