MVP Jubo Security Blog

October: National Cyber Security Awareness Month

2008-10-03T23:58:00Z

Okay, I'm here in Holland. So, we don't really have a "national cyber security awareness month". But still... wherever you are, there should always be cyber security awareness and not only this month. There are always some basic steps to take like keep that firewall running, keep the Windows software updated and run only updated antivirus and spyware software.

For information about this year's events, visit the NCSA (National Cyber Security Alliance) Web site at http://www.staysafeonline.info.

Related link: Microsoft's Security at Home.

OneCare for server

2008-10-03T19:17:52Z

Good news: the Windows Live OneCare Team was blogging again and the news is that there's a version of OneCare for server, and in this case especially for Small Business Server 2008, available. Check the OneCare for server web site.

More info at the Windows Live OneCare Team blog article here.

MVP 2009, Re-awarded again!

2008-10-02T19:17:38Z

The last week of September is usually a bit weird the last couple if years. Actually for the last 5 years... ;) There's a lot of pacing, sleepless nights and the highlight is always the night of September 30th. Then I hope to receive an email that I'm re-awarded again as Microsoft MVP. You leave the computer running and hope to hear that an email has arrived with the good news... but not this year...

This year, thank goodness my wife Kim was, and still is, visiting family across the pond, the email arrived a bit late... to be exact it was 3:55PM on October 1st. But who cares! It came with the good news! Re-awarded for another year! And yes, I'm as happy as the first time I got it!

This year we couldn't make it to the MVP Summit in Seattle, but next year it will be in March. And Kim and I are definitely going to be there. And hopefully we'll meet some other MVP's from the McAfee Support Forums too. It's time to have a hamburger again with Harry even though he likes to eat them with beets... ;(

See you all in March!

"Scareware..."

2008-10-02T06:14:42Z

We all know what software is, we have heard of "spyware", we have heard of "malware". But ever heard of "scareware"? Well, I didn't until I saw this article "Fighting the scourge of scareware" at the BBC News web site. You know... sometimes you get those pop-ups saying: "you're system is corrupt... buy our software...", while your computer is perfectly okay and the problem doesn't even exists. It's just a trick to get you to buy their products, their software.

The good new is that Microsoft, together with the Washington State's Attorney General, is doing something about it. They already filed a lawsuit against a company in Texas which tries to trick you to get you their Registry Cleaner XP software.

Together with this, according to the news article, Microsoft also filed five other lawsuits for programs like "Scan & Repair", "Antivirus 2009", "MalwareCore", "WinDefender", "XPDefender" and "WinSpywareProtect".

Another step in the right direction to keep your computer safe and healthy. For the news article check the BBC web site.

An Online ticket?!?

2008-09-22T14:28:00Z

What a surprise... This morning I was happily working at the office, hhmm... okay, from home..., when Outlook notified me that I had received an email. When I checked it was from an unknown company USA3000 Airlines. When I read the email they even had a ticket for me and had charged the credit card for $646.27. I thought, that should be at least a ticket to fly across the pond. Well, could have been a surprise from my wife since she's visiting family in the USA. But no, I unzipped the file and there was a file called: "eTicket.doc.exe" and... not detected by McAfee's antivirus program... yet... Submitted the file to VirusTotal and you can find the result here.

Then I also submitted the file to McAfee's WebImmune and they found a "new detection" and named it "spy-agent.bw". Not really a new one but a new variant. Not long after that I received an "Extra.dat" file from AvertLabs for some extra protection. See also McAfee's Avert Labs Blog: Invoice Spam Takes Flight

No e-ticket for me this morning... but the computer is still safe. Now I only wonder how it came through the company's security. They run Symantec stuff...

Microsoft Security Bulletin Summary for September 2008

2008-09-12T07:04:10Z

On September 9, Microsoft released four security patches and all of them are "critical". So, if you haven't updated it yet then it's time to do so now. Move your mouse to the Microsoft Update web site to download and install the updates.

Critical:

MS08-054 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
MS08-052 - Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
MS08-053 - Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
MS08-055 - Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086.

Support:

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. International customers can receive support from their local Microsoft subsidiaries. Visit the International Help and Support.

See also MSRC blog: September 2008 Monthly Bulletin Release and for a more technical version, the Security Vulnerability Research & Defense blog.

Stay safe and have a great weekend!!

Microsoft Security Bulletin Summary for August 2008

2008-08-14T23:23:00Z

If you haven't updated your Windows version yet, then it's time to do this now. You'll be busy for a few moments because on August 12th, Microsoft released no less than 11 updates/patches. Can be more depending on your configuration. Of the 11 patches 6 of them are classified as "critical" and 5 are "important".

Critical:

MS08-046 - Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
MS08-045 - Cumulative Security Update for Internet Explorer (953838)
MS08-041 - Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
MS08-043 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
MS08-051 - Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
MS08-044 - Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)

Important:

MS08-047 - Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)
MS08-049 - Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
MS08-048 - Security Update for Outlook Express and Windows Mail (951066)
MS08-050 - Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
MS08-042 - Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

Support:

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. International customers can receive support from their local Microsoft subsidiaries. Visit the International Help and Support.

See also MSRC blog: August 2008 Monthly Bulletin Release

No need to tell you what to do... move your mouse to: Microsoft Update to see if you have to get a few patches...

Happy Friday...

Advanced notification August 2008

2008-08-08T08:04:54Z

On August 12 Microsoft plans to release 12 security updates, which affect Microsoft Windows as well as Microsoft Office software. There will be 7 "critical" and 5 "important" updates.

Olympic attachment?

2008-08-08T06:36:33Z

Not only the Olympic games have started, but also the malware games related to the Olympics. One of the latest is that if you receive an attachment named as: "ioc_guidelines_for_persons_accredited_at_the_xxix_olympiad.pdf" then delete this immediately. If you open it then it could execute a malicious JavaScript that exploits a patched Adobe Reader vulnerability. And it follows to install a backdoor detected as BackDoor-DMG.

McAfee has named this one: "Exploit-PDF.b"; for more detailed information about it check this article: Exploit-PDF.b.

Aliases:

EXPL_PIDIEF.O (TrendMicro)
Trojan.Pidief.C (Symantec)

If you do not have Adobe Reader version 9 installed, then you can download it from the Adobe Download. Unfortunately it comes with Adobe AIR, which you can uninstall through Windows "Add/Remove Programs". Also, during the installation process you might want to uncheck the option to install the Google toolbar.

McAfee's 5300 Scan Engine Released

2008-08-01T19:56:44Z

Few days ago McAfee released a new version of their VirusScan Scan Engine. So far only for corporate versions like VSE8.0i and/or VSE8.5i.

You can download it from the McAfee Enterprise download site.

Windows Search on Windows Update

2008-07-22T08:05:11Z

Good news from the Windows Search team. In late July Windows Search 4.0 will be available on the Windows Update. For XP users available as "Optional" update and Windows Vista users will see it as a "Recommended" update.

Me, myself and I really do like this tool. Searches the hard drive and network drives pretty fast and within documents too.

For more information check the web site: Windows Search 4.0

Source: The Windows Experience Blog.

Security update for Firefox 3.0

2008-07-22T06:04:43Z

Sorry if it's a bit late but I was on a trip to Germany... and no Internet connection... But about a week ago Mozilla released a security update version for Firefox: 3.0.1. If the automated update has not installed it yet, then you can get it at: GetFirefox. The update is also available for the Mac and Linux. Read the release notes at: Firefox 3 Release Notes.

Windows Live OneCare 2.5 Available

2008-07-10T07:13:24Z

Just read at the Windows Experience Blog that a new version of Windows Live OneCare is available. Version 2.5. It seems it is rolled out to new customers and or subscribers who do a manual uninstall and reinstall. Eventually all subscribers are getting the update automatically.

Possible vulnerability in Microsoft Office Word 2002 Service Pack 3

2008-07-09T08:48:03Z

Microsoft released an advisory for a Office Word 2002 SP3 vulnerability.

Investigation indicates that customers who use all other supported versions of Microsoft Office Word, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats, and Microsoft Office for Mac are not affected.

At this time, Microsoft is aware of limited, targeted attacks that attempt to use this vulnerability. While Microsoft Office Word 2000 does not appear vulnerable to this issue, Word 2000 may unexpectedly exit when opening a specially crafted .doc file that the attacker is using in an attempt to exploit the vulnerability.

More information: Microsoft Security Advisory (953635) and MSRC Blog.

From the BBC News Desk: Fix found for net security flaw

2008-07-09T08:37:09Z

This article at the BBC web site,

Computer experts have released software to tackle a security glitch in the internet's addressing system.
The flaw, discovered by accident, would allow criminals to redirect users to fake webpages, even if they typed the correct address into a browser.
Internet giants such as Microsoft are now distributing the security patch.

More at the BBC site here...

is related to the security patch Microsoft posted yesterday: Microsoft Security Bulletin MS08-037:

Summary:

This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008.

Microsoft Security Bulletin Summary for July 2008

2008-07-09T08:23:12Z

Patch Tuesday or patch Wednesday... it all depends on which part of the world you're in. For me it's patch Wednesday and yes, yesterday Microsoft released their monthly bulletin with 4 "important" updates.

On July 8th, Microsoft released the following updates:

Important:

MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
MS08-038 - Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
MS08-037 - Vulnerabilities in DNS Could Allow Spoofing (953230)
MS08-039 - Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

Support:

Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. International customers can receive support from their local Microsoft subsidiaries. Visit the International Help and Support.

See also: Microsoft Security Response Center (MSRC) blog

So, you all know the drill! If it's not downloaded by automatic updates then move your mouse pointer to Microsoft Update...

Snapshot Viewer MS Access ActiveX Control Vulnerability

2008-07-08T07:00:46Z

Microsoft has released an advisory for a MS Access remote code-execution vulnerability. The flaw lies in the Microsoft Snapshot Viewer ActiveX control, "snapview.ocx", which may allow remote code-execution attacks. This affects Office Access 2000, Office Access 2002 and Office Access 2003.

An attacker could exploit this vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.

There's no patch available yet, but there are manual workarounds. For more information see Microsoft's Security Advisory (955179) and MSRC Blog.

Security update for Opera 9.5

2008-07-07T09:09:22Z

Opera released a security and stability upgrade. For details see the Security section of the Changelog.

Download Opera's newest release Opera 9.51 for Windows.

Adobe Reader 9 is there...

2008-07-04T11:34:53Z

A few days ago Adobe released version 9 of their Adobe Reader. It seems to add new capabilities, better performance and stronger security, according to Adobe Reader Weblog.

You can download the new version here. This download also comes with the new online product(s) Acrobat.com (Beta), which is possible to uninstall later if you don't need/want it...

Patch Tuesday: Advanced Notification

2008-07-04T07:08:28Z

Last time I was a bit late to tell you about the Windows Updates, but this time we have an advanced notification. On July 8th, Microsoft is releasing 4 "important" updates.

For more detailed information check TechNet and the post at the blog of Microsoft Security Response Center: July 2008 Advance Notification.

If you want to get these advanced notifications by email, RSS or Messenger then signup at: Microsoft Technical Security Notifications.

Have a wonderful day...