Tuesday, December 29, 2009

The Five Essential Security Patches of 2009

To find out the most essential security patches of 2009 Computerworld polled a panel of patch and vulnerability experts to find the five security fixes everyone should deploy from the last 12 months.

The five essential patches are:
- Microsoft's ATL fixes, July and later (MS09-035)
- Latest Adobe Reader patch (here, at the moment one from October but Adobe has promised new patch in the middle of January)
- Microsoft .Net Framework, October (MS09-061)
- SMBv2, October (MS09-050)
- Conficker patch (MS08-067) from last year but still essential to have installed

Read the whole article here.

Thursday, December 24, 2009

New Winamp Version Released

Nullsoft has released version 5.571 of their popular media player, Winamp. New version contains some new features like full support for Windows 7. Even more important thing is that there're security vulnerabilities fixed as well. By exploiting these vulnerabilities in 5.56 and older versions an attacker may be able to compromise the vulnerable system. Complete version history can be viewed here.

Monday, December 21, 2009

"Real World" 0Day Malware Blocking Test Published

AV-Test GmbH has published a report of their test that measured how well 12 major security suites protected Internet-connected physical computers against up-to-the-minute threats. Three best scored products were Norton Internet Security 2010, Kaspersky Internet Security 2010 and PC Tools Internet Security 2010. More test results can be read here.

Friday, December 18, 2009

Comeback of mp3 Spam

Spammers have decided to dig up from the naftaline a trick they used over two years ago. Instead of easily detectable subjects and message contents just a small mp3 file has been attached to the spam message. A few seconds long mp3 file contains voice promoting Viagra pills and advertising site address that leads to infamous Canadian pharmacy sites.

Some related posts in security vendors' blogs:
http://www.symantec.com/connect/blogs/recycled-mp3-spam-cheap-pills
http://blog.trendmicro.com/mp3-spam-is-back/
http://www.viruslist.com/en/weblog?weblogid=208187948

Wednesday, December 16, 2009

Firefox Updates Available

Mozilla has released new updates for Firefox 3.5.x and older 3.0.x versions. 3.5.6 version fixes seven vulnerabilities of which three are categorized as critical, one as high, two as moderate and one as low. Update 3.0.16, meant for older 3.0.x series, fixes five vulnerabilities of which one is categorized as critical, one as high, two as moderate and one as low.

Update can be obtained by using inbuilt updater of Firefox or by downloading it manually.

Download links and related extra information:
Release notes for 3.5.6 version
Release notes for 3.0.16 version

Mozilla recommends 3.0.x series users to switch to 3.5.x series version. Security and stability updates for 3.0.x versions will be released until January 2010.

Tuesday, December 15, 2009

Vulnerability Affecting Adobe Reader And Acrobat

Adobe is investigating currently in wild exploited vulnerability (CVE-2009-4324) in Adobe Reader and Acrobat 9.2 and earlier versions. At the moment of writing this there is no patch available yet. Adobe has promised to update their blog as soon as they have new information available. While the fix is under work the issue can be mitigated by disabling Javascript support in vulnerable version.

Saturday, December 12, 2009

Fake Microsoft Support endorsement Used For Selling Rogues

Security company Sunbelt Software describes in their blog post how new DefenceLab rogue security program is taking advantage of social engineering by tricking infected users to believe Microsoft recommends it.

What it does is that it redirects infected systems to Microsoft Support portal. Instead of showing the real content it injects HTML code into the page making it look like Microsoft is recommending the purchase of the full version of the rogue. Users visiting the link on the Windows Support site referenced in the DefenceLab from a clean system will get a 404 'page not found' message.

Wednesday, December 9, 2009

Updates For Adobe Flash Player And Adobe AIR

There has been found critical categorized vulnerabilities in Adobe Flash Player 10.0.32.18 and earlier. The vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Flash Player 10.0.32.18 and earlier versions update to Adobe Flash Player 10.0.42.34. Users of Adobe AIR version 1.5.2 and earlier versions are recommended to update to Adobe AIR 1.5.3.

More information on Adobe's security advisory.

The latest Adobe Flash Player version can be downloaded here and Adobe AIR version here

Tuesday, December 8, 2009

December 2009 Updates From Microsoft

Microsoft has released December updates for their products. This time there are six updates included of which three are critical and three important.

Critical:
MS09-071: Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)
MS09-074: Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)
MS09-072: Cumulative Security Update for Internet Explorer (976325)

Important:
MS09-069: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)
MS09-070: Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)
MS09-073: Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)


New version of Microsoft Windows Malicious Software Removal Tool was released too.

More information of the update and its contents can be read from here.

For consumer the easist way to get the update is to use Microsoft Update service.

Friday, December 4, 2009

2009 Q4 Security Threat Summary From F-Secure

F-Secure has released the final threat summary report for year 2009. Topics of this latest report are:
- Conficker
- Windows 7
- Social Networking
- SEO Attacks and Rogue Scareware
- iPhone Worms
- Cloud Security

The Data Security Wrap-up 2009 -video can be viewed here. Written version of the report here.

Tuesday, December 1, 2009

Ransomware Locks Internet Access

Zarestel Ferrer, Senior Research Engineer in CA Internet Security, writes in company's blog about a nasty pest that takes internet access hostage.

CA detects the pest as Win32/RansomSMS.AH. It arrives bundled with uFast Software Manager named software and gets installed without end user's permission. When installed, it blocks internet access and only way to unlock is to send an SMS message to given number to get activation code. CA has released activation code generator that can be used to generate working code and unlock the access.

Screenshots and other info about the pest can be viewed here.