Tuesday, December 30, 2008
New Year Is Around The Corner
Once again 365 days is almost full and it's time to start a new year. I wish all my blog readers successful and safer year 2009!
Tuesday, December 23, 2008
ActiveX Vulnerability In Trend Micro House Call
There has been found a vulnerability in Trend Micro House Call online virus scanner. The vulnerability is in scanner's ActiveX control and may allow an attacker to execute arbitrary code in target system.
Vulnerable versions are:
Trend Micro HouseCall ActiveX Control 6.51.0.1028 and 6.6.0.1278
To fix the issue users of Trend Micro HouseCall should remove vulnerable ActiveX control and install fixed version 6.6.0.1285.
More information:
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646
http://www.securitytracker.com/alerts/2008/Dec/1021481.html
Vulnerable versions are:
Trend Micro HouseCall ActiveX Control 6.51.0.1028 and 6.6.0.1278
To fix the issue users of Trend Micro HouseCall should remove vulnerable ActiveX control and install fixed version 6.6.0.1285.
More information:
http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1038646&id=EN-1038646
http://www.securitytracker.com/alerts/2008/Dec/1021481.html
Vulnerability In Microsoft SQL Server
There has been found a vulnerability in Microsoft SQL Server which is related to sp_repwritetovarbin extended stored procedure bundled with SQL Server. The vulnerability may allow an attacker to execute arbitrary code in target system. To exploit the vulnerability successfully an attacker has to have proper username and password. Exception to this is a server to which an attacker has done a successful SQL injection attack already.
At the moment of writing this supported versions of following software are known to be vulnerable against this mentioned vulnerability:
- Microsoft SQL Server 2000 (Service Pack 4)
- Microsoft SQL Server 2005 (Service Pack 2)
- Microsoft SQL Server 2005 Express Edition (with Service Pack 2 or Advanced Services Service Pack 2)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) (Service Pack 4)
- Microsoft SQL Server 2000 Desktop Engine (WMSDE)
- Windows Internal Database (WYukon) (Service Pack 2)
Fix against the vulnerability isn't yet available. Microsoft says that it's investigating the issue and will take appropriate action when the investigation has been finished.
Workarounds to the issue have been released. About these and the status in overall can be read from correspondent Security Advisory.
At the moment of writing this supported versions of following software are known to be vulnerable against this mentioned vulnerability:
- Microsoft SQL Server 2000 (Service Pack 4)
- Microsoft SQL Server 2005 (Service Pack 2)
- Microsoft SQL Server 2005 Express Edition (with Service Pack 2 or Advanced Services Service Pack 2)
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) (Service Pack 4)
- Microsoft SQL Server 2000 Desktop Engine (WMSDE)
- Windows Internal Database (WYukon) (Service Pack 2)
Fix against the vulnerability isn't yet available. Microsoft says that it's investigating the issue and will take appropriate action when the investigation has been finished.
Workarounds to the issue have been released. About these and the status in overall can be read from correspondent Security Advisory.
Thursday, December 18, 2008
Update For Internet Explorer Available
Last Thursday I blogged about a vulnerability in Internet Explorer. Microsoft has now released an update (MS08-078) in order to fix the issue.
By exploiting the vulnerability an attacker may be able to execute arbitrary code in vulnerable system with logged in user's privileges or cause denial of service. The vulnerability can be exploited by luring user to open specially crafted web site. Public method to exploit the vulnerability exists at least for Internet Explorer 7.
Vulnerability affects Internet Explorer versions 5.01, 6, 7 and 8 beta.
Easiest way to update is to use Microsoft update service.
More information can be read form Microsoft security advisory.
By exploiting the vulnerability an attacker may be able to execute arbitrary code in vulnerable system with logged in user's privileges or cause denial of service. The vulnerability can be exploited by luring user to open specially crafted web site. Public method to exploit the vulnerability exists at least for Internet Explorer 7.
Vulnerability affects Internet Explorer versions 5.01, 6, 7 and 8 beta.
Easiest way to update is to use Microsoft update service.
More information can be read form Microsoft security advisory.
Wednesday, December 17, 2008
Opera Update Available
New update for Opera web browser fixes several vulnerabilities of which most may allow an attacker to execute arbitrary code in vulnerable browser. Users with version prior 9.63 are affected and should get the latest version here.
Detailed information about fixed issues and other version changes can be read from Opera 9.63 for Windows changelog.
Detailed information about fixed issues and other version changes can be read from Opera 9.63 for Windows changelog.
Updates For Mozilla Products
There has been released version 3.0.5 of Firefox web browser. Fixed are several vulnerabilities of which some may allow an attacker to execute arbitrary code on vulnerable system. Part of vulnerabilities affect also Thunderbird email client which updated version hasn't been released yet. Most Thunderbird related vulnerabilities can be limited by disabling Javascript support. Version 2.0.0.19 will be downloadable here when it becomes available.
Firefox users should get their versions updated either thru built-in updater or by getting the latest version here. Firefox 2 users should make sure they use version 2.0.0.19. SeaMonkey users should have version 1.1.14.
More information:
Firefox 3.0.5 release notes
Firefox 2.0.0.19 release notes
SeaMonkey 1.1.14 release notes
Firefox users should get their versions updated either thru built-in updater or by getting the latest version here. Firefox 2 users should make sure they use version 2.0.0.19. SeaMonkey users should have version 1.1.14.
More information:
Firefox 3.0.5 release notes
Firefox 2.0.0.19 release notes
SeaMonkey 1.1.14 release notes
Thursday, December 11, 2008
FTC After Scareware Scammers
"The US Federal Trade Commission (FTC) has announced a successful move to persuade a US district court to shut down a major player in the rogue anti-spyware business", writes Virus Bulletin.
"The defendants in the case are Innovative Marketing, registered in Belize but apparently based in Kiev, Ukraine, and ByteHosting Internet Services, run out of Cincinnati, Ohio, as well as several individuals running or profiting from the companies, both of which operated under a range of other names. The U.S. District Court for the District of Maryland approved the FTC's request to call a halt to the companies' activities and freeze the assets of those behind the scams."
FTC's press release can be read here.
"The defendants in the case are Innovative Marketing, registered in Belize but apparently based in Kiev, Ukraine, and ByteHosting Internet Services, run out of Cincinnati, Ohio, as well as several individuals running or profiting from the companies, both of which operated under a range of other names. The U.S. District Court for the District of Maryland approved the FTC's request to call a halt to the companies' activities and freeze the assets of those behind the scams."
FTC's press release can be read here.
Vulnerability In Internet Explorer 7
There has been found a vulnerability in Microsoft Internet Explorer (IE) 7 web browser. The vulnerability is related to IE 7 way to handle XML content. By exploiting the vulnerability an attacker may be able to execute arbitrary code with currently logged on user's rights or cause a denial of service in vulnerable system.
The vulnerability can be exploited by luring user to open specifically crafted web site. Exploits are publicly available and the issue is being actively exploited in the wild.
Affected are Internet Explorer 7 on Microsoft Windows XP, Windows Server 2003, Windows Server 2008 and Windows Vista; other versions may also be affected.
Currently there's no patch available to fix the issue. Reportedly, Microsoft is investigating the issue and will release updates upon completion of this investigation. Please see the Microsoft advisory for more information.
More information:
- http://www.vupen.com/english/advisories/2008/3391
- http://www.securityfocus.com/bid/32721/info
- http://isc.sans.org/diary.html?storyid=5458
- http://research.eeye.com/html/alerts/zeroday/20081209.html
- http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/
- http://secunia.com/advisories/33089/
The vulnerability can be exploited by luring user to open specifically crafted web site. Exploits are publicly available and the issue is being actively exploited in the wild.
Affected are Internet Explorer 7 on Microsoft Windows XP, Windows Server 2003, Windows Server 2008 and Windows Vista; other versions may also be affected.
Currently there's no patch available to fix the issue. Reportedly, Microsoft is investigating the issue and will release updates upon completion of this investigation. Please see the Microsoft advisory for more information.
More information:
- http://www.vupen.com/english/advisories/2008/3391
- http://www.securityfocus.com/bid/32721/info
- http://isc.sans.org/diary.html?storyid=5458
- http://research.eeye.com/html/alerts/zeroday/20081209.html
- http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/
- http://secunia.com/advisories/33089/
Vulnerability In Microsoft WordPad
Microsoft has released an advisory on a vulnerability in WordPad. Vulnerability is in WordPad text converter and could allow remote code execution. It can be exploited by luring user to open specifically crafted Word 97 file with WordPad. Microsoft says that it's investigating the issue.
Mentioned vulnerability affects Microsoft WordPad on Windows 2000 SP 4, Windows XP SP 2, Windows Server 2003 SP 1 and Windows Server 2003 SP 2. At the moment, general fix doesn't exist. Windows XP users can fix the vulnerability by installing service pack 3.
To limit vulnerability effects opening .doc, .wri or .rtf files with unknown origin should be avoided.
According to the advisory effects can be limited also by disabling the WordPad Text Converter for Word 97 file format. That will be done by running following command:
echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd8.wpc" /E /P everyone:N
About the impact of the workaround can be read from the advisory.
Mentioned vulnerability affects Microsoft WordPad on Windows 2000 SP 4, Windows XP SP 2, Windows Server 2003 SP 1 and Windows Server 2003 SP 2. At the moment, general fix doesn't exist. Windows XP users can fix the vulnerability by installing service pack 3.
To limit vulnerability effects opening .doc, .wri or .rtf files with unknown origin should be avoided.
According to the advisory effects can be limited also by disabling the WordPad Text Converter for Word 97 file format. That will be done by running following command:
echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd8.wpc" /E /P everyone:N
About the impact of the workaround can be read from the advisory.
Tuesday, December 9, 2008
Security Update For December 2008 From Microsoft
Microsoft released its monthly security update packet today. December update contains eight updates. Six of those are critical and two important. In total, the updates fix 28 vulnerabilities.
Summary of affected software:
- Windows and its components,
- Microsoft Office,
- Microsoft developer tools and software,
- Sharepoint Server.
Among the updates a new version of Microsoft Windows Malicious Software Removal Tool is released too.
More information about the updates can be read here.
The easist way to get the updates is to use Microsoft automatic update service.
Summary of affected software:
- Windows and its components,
- Microsoft Office,
- Microsoft developer tools and software,
- Sharepoint Server.
Among the updates a new version of Microsoft Windows Malicious Software Removal Tool is released too.
More information about the updates can be read here.
The easist way to get the updates is to use Microsoft automatic update service.
PHP Version 5.2.8 Released
There has been released version 5.2.8 of PHP scripting language. New version fixes security problem that arose in version 5.2.7. The problem was in magic_quotes_gpc functionality and was caused by an incorrect fix to the filter extension.
All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively they can apply a work-around for the bug by changing "filter.default_flags=0" in php.ini.
Source
All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively they can apply a work-around for the bug by changing "filter.default_flags=0" in php.ini.
Source
Sunday, December 7, 2008
Koobface Spreading On Facebook
Social networking service Facebook told to Computerworld that they're quickly updating their security systems to minimize further impact of malware spreading on Facebook. Passwords of infected accounts are being resetted and spam messages are being removed. Facebook is also coordinating with third parties to remove redirects to malicious content elsewhere on the web.
The guilty one in the problem is a new variant of Koobface worm which is targeting Facebook. Last summer its earlier variants caused harm to Facebook and MySpace users.
In a nutshell, bad guys try to fool Facebook victims by sending spam with a link claiming to contain a video. When user clicks the link (s)he is redirected to a page that then displays a fake error message claiming that Adobe System Inc.'s Flash is out of date, and prompts user to download an update. Instead of being an update the executable file installs variant of Koobface worm which in turn installs a background proxy server that redirects all Web traffic.
On infected system at least all searches made on Google, Microsoft and Yahoo search engines are redirected to find-www.net web address. The hackers are making money by redirecting users' searches to their own results, collecting cash from the ensuing clicks.
Facebook has posted a short message on its security page acknowledging the worm's attack. The notice urged users whose accounts had already been compromised to scan their PCs for malware and then reset their passwords.
The guilty one in the problem is a new variant of Koobface worm which is targeting Facebook. Last summer its earlier variants caused harm to Facebook and MySpace users.
In a nutshell, bad guys try to fool Facebook victims by sending spam with a link claiming to contain a video. When user clicks the link (s)he is redirected to a page that then displays a fake error message claiming that Adobe System Inc.'s Flash is out of date, and prompts user to download an update. Instead of being an update the executable file installs variant of Koobface worm which in turn installs a background proxy server that redirects all Web traffic.
On infected system at least all searches made on Google, Microsoft and Yahoo search engines are redirected to find-www.net web address. The hackers are making money by redirecting users' searches to their own results, collecting cash from the ensuing clicks.
Facebook has posted a short message on its security page acknowledging the worm's attack. The notice urged users whose accounts had already been compromised to scan their PCs for malware and then reset their passwords.
Friday, December 5, 2008
PHP Version 5.2.7 Is Out
PHP development team has released 5.2.7 version of PHP scripting language. New version focuses on improving the stability of the PHP 5.2.x branch with over 120 bug fixes. Several of these are security related. All PHP users are recommended to upgrade their versions to this latest release.
More details about 5.2.7 release can be read from official version 5.2.7 release announcement.
More details about 5.2.7 release can be read from official version 5.2.7 release announcement.
Wednesday, December 3, 2008
Java SE Runtime Environment (JRE) Update Available
Sun has released update for Java SE Runtime Environment (JRE) 6. JRE allows end-users to run Java applications. The latest update can be downloaded from Sun's <Java SE Downloads site.
Unlike Update 10, Update 11 is a bug fix and security release. Upgrading to it is advisable. More information about contents of the update can be read from Release Notes of Java SE 6 Update 11.
Unlike Update 10, Update 11 is a bug fix and security release. Upgrading to it is advisable. More information about contents of the update can be read from Release Notes of Java SE 6 Update 11.
Subscribe to:
Posts (Atom)