New Year Approaching

The last day of the year going here so it's time to wish everyone Happy and Successful Year 2011!

WordPress 3.0.4 Plugs A Critical Vulnerability

There's been released a new version of WordPress. Version 3.0.4 fixes a core security bug in KSES, WordPress' HTML sanitation library. New version is rated as critical and WordPress users should install it as soon as possible.

More information can be read from WordPress blog.

Opera 11 Released

Opera Software has released version 11 of their web browser.

Information about new features and other changes can be read from the version 11 changelog.

NSS Labs Browser Security Test Q3 2010 Report

NSS Labs has published a report of a test they made to compare how different browsers managed against socially-engineered malware.

Tested browsers were:
-Apple Safari 5
-Google Chrome 6
-Windows Internet Explorer 8
-Windows Internet Explorer 9 (beta)
-Mozilla Firefox 3.6
-Opera 10

Internet Explorer 9 beta became the winner. It was able to stop 98.7% of live threats. The second place was conquered by Internet Explorer 8 (90.2%). Firefox 3.6 came third (19.5%). Opera 10 was left the last. It didn't catch a single percent of live threats included in the test.

The full report can be viewed here.

Microsoft Security Bulletin Summary For December 2010

Microsoft has released security updates for December 2010. This month update contains fixes to 38 vulnerabilities.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Security Fixes From Mozilla

Mozilla has released security bulletins related to found issues in some of their products. Nine of the fixed vulnerabilities are categorized as critical, one as high and one as moderate.

Critical:
MFSA 2010-82 Incomplete fix for CVE-2010-0179
MFSA 2010-81 Integer overflow vulnerability in NewIdArray
MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver
MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh
MFSA 2010-78 Add support for OTS font sanitizer
MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree
MFSA 2010-76 Chrome privilege escalation with window.open and < isindex > element
MFSA 2010-75 Buffer overflow while line breaking after document.write with long string
MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

High:
MFSA 2010-83 Location bar SSL spoofing using network error page

Moderate:
MFSA 2010-84 XSS hazard in multiple character encodings


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Apple Patches Vulnerabilities In QuickTime

Apple has released new version of their QuickTime. Version 7.6.9 contains fixes for a bunch of vulnerabilities that could be exploited to run arbitrary code in target system.

QuickTime users with version older than 7.6.9 should update to the latest one available.

More information about security content of QuickTime 7.6.9 can be read here.

VMWare Updates Available

VMware has released security update to patch several vulnerabilities in their virtualization applications.

Affected versions:
- VMware Workstation 7.1.1 and earlier
- VMware Workstation 6.5.4 and earlier
- VMware Player 3.1.1 and earlier
- VMware Player 2.5.4 and earlier
- VMware Fusion 3.1.1 and earlier
- ESXi 4.1 without patch ESXi410-201010402-BG or newer
- ESXi 4.0 without patch ESXi400-201009402-BG or newer
- ESXi 3.5 without patch ESXe350-201008402-T-BG or newer
- ESX 4.1 without patch ESX410-201010405-BG
- ESX 4.0 without patch ESX400-201009401-SG
- ESX 3.5 without patch ESX350-201008409-BG.


Further information including updating instructions can be read from VMware's security advisory.

New Version Of Chrome Available

Google has released a new version of their Chrome web browser. Version 8.0.552.215 fixes over 800 bugs including several vulnerability patches. New version contains also an in-built PDF viewer that is secured in Chrome's own sandbox.

More information in Google Chrome Releases blog.

MessageLabs Intelligence Report: November 2010

MessageLabs has published their Intelligence report November 2010.

Some details:
*Email security threats
- spam rate was 86.4%, last month 87.5%
- virus rate 1 in 347.2, last month 1 in 221.9
- phishing rate 1 in 615.1, last month 1 in 488.0

*Web security threats
- new sites with spyware 235/day
- new sites with web viruses 6,720/day

Complete report can be viewed here.

Winamp Version 5.6 Released

Nullsoft has released version 5.6 of their popular media player, Winamp. Among some new and improved things there're some security vulnerabilities fixed. By exploiting these vulnerabilities in 5.581 and older versions an attacker may be able to execute arbitrary code in vulnerable system. Complete version history can be viewed here. New Winamp can be downloaded here.

WordPress 3.0.2 Released

There's been released a new version of WordPress which contains bug fixes and also patches a vulnerability that could allow a malicious Author-level user to gain further access to the site. This vulnerability affects earlier WordPress versions so it's recommended users of version older than 3.0.2 update their versions.

More information can be read from WordPress blog.

GpCode Makes A Comeback

Kaspersky warns about a new version of nasty Gpcode ransomware pest that encrypts files on infected system and tries to make victim pay for getting those decrypted. Preliminary analysis indicate that RSA-1024 and AES-256 crypto-algorithms are used to encrypt part of files, starting from the first byte.

The program spreads via malicious websites and P2P networks. Kaspersky detect the pest as Trojan-Ransom.Win32.Gpcode.ax.

More information can be read from Kaspersky blog.

Kaspersky's Spam Report of October 2010

Kaspersky has published their spam report of October 2010.

October in figures:
* The amount of spam in email traffic fell by 3.7 percentage points compared to September’s figure and averaged 77.4%.
* Phishing emails accounted for 0.87% of all mail traffic.
* Malicious files were found in 1.47% of all emails, a decrease of 2.86 percentage points compared with the previous month.
* In October, there were lots of emails containing links that exploited the Halloween theme.

The whole report can be read here.

Safari Security Updates Available

Apple has released new versions of their Safari web browsers. The new versions contain fixes to 27 different vulnerabilities. These may lead to an unexpected application termination or allow an attacker to execute arbitrary code in affected system.

Affected are Safari versions earlier than 5.0.3 or 4.1.3. Users of vulnerable Safari versions can get the latest version here.

More information of security content of 5.0.3 and 4.1.3 versions can be read here.

Security Patch For Adobe Reader And Adobe Acrobat

Adobe has released a security update for Adobe Reader and Adobe Acrobat.

Affected versions:
Adobe Reader 9.4 and earlier versions
Adobe Acrobat 9.4 and earlier versions

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
Acrobat 3D


More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Links Temporarily Disabled In Messenger 2009 To Prevent A Malicious Worm

Microsoft has temporarily turned off links (=made links appear as normal text instead of them being clickable) in Windows Live Messenger 2009 clients. Reason behind this is currently actively in instant messaging and social networks spreading worm. "The worm spreads by inserting a link into an IM conversation with a person whose computer is already infected. When someone clicks the link, it opens in a browser, downloads the worm on the recipient’s computer, and then repeats this process."

New Messenger 2011 isn't known to be affected in the same way thanks to its "Link Safety" feature.

More information can be read about related post in Windows Live Blog.

Microsoft Security Updates For November 2010

Microsoft has released security updates for November 2010. This month update contains fixes for three vulnerabilities - one critical and two important ones:
MS10-087: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
MS10-088: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)
MS10-089: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Update For Google Chrome

Google has released a new version of their Chrome web browser. The new version contains fixes to ten "high" categorized vulnerabilities + updated version of Flash. Details about the vulnerabilities hasn't been made public yet.

Chrome users with version 7.0.517.44 or older should update to the latest version. The easiest way is to use Chrome's in-built updater. Fresh version can be downloaded also from http://www.google.com/chrome.

More information can be read from Google Chrome Releases blog.

MessageLabs Intelligence Report: October 2010

MessageLabs has published their Intelligence report that sums up the latest threat trends for October 2010.

Report highlights:
• Spam – 87.5% in October (a decrease of 4.2
percentage points since September)
• Viruses – One in 221.9 emails in October contained
malware (a decrease of 0.01 percentage points
since September)
• Phishing – One in 488.0 emails comprised a
phishing attack (a decrease of 0.06 percentage
points since September)
• Malicious websites – 2,280 websites blocked per day
(a decrease of 23.9% since September)
• 51.3% of all malicious domains blocked were new in
October (an increase of 17.7 percentage points
since September)
• 24.7% of all web-based malware blocked was new in
October (an increase of 2.9 percentage points since
September)
• A review of targeted attacks, what they are, how they
work and how MessageLabs Intelligence measures
them
• In October the Retail sector becomes the most
targeted industry; a closer look at one retailer that
may have fallen victim to a targeted attack without
Skeptic™
• Defending against targeted attacks

The report can be viewed here.

Flash Player Security Update

Adobe has released updated version of their Flash Player. The new version fixes a bunch of vulnerabilities:
- a memory corruption vulnerability that could lead to code execution (CVE-2010-3654). More information

- an input validation issue vulnerability that could lead to a bypass of cross-domain policy file restrictions with certain server encodings (CVE-2010-3636).

- a memory corruption vulnerability that could lead to code execution (ActiveX only) (CVE-2010-3637).

- an information disclosure vulnerability (Macintosh platform, Safari browser only) (CVE-2010-3638).

- a Denial of Service vulnerability. Arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-3639).

- multiple memory corruption vulnerabilities that could lead to code execution:
* (CVE-2010-3640)
* (CVE-2010-3641)
* (CVE-2010-3642)
* (CVE-2010-3643)
* (CVE-2010-3644)
* (CVE-2010-3645)
* (CVE-2010-3646)
* (CVE-2010-3647)
* (CVE-2010-3648)
* (CVE-2010-3649)
* (CVE-2010-3650)
* (CVE-2010-3652)

- a library-loading vulnerability that could lead to code execution (CVE-2010-3976)


Users of Adobe Flash Player 10.1.85.3 and earlier should update to Adobe Flash Player 10.1.102.64. More information can be read from Adobe's security bulletin.

Unpatched Vulnerability In Internet Explorer

Microsoft is investigating public report of new vulnerability in supported versions of Internet Explorer. "The vulnerability exists due to an invalid flag reference within Internet Explorer. It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution." Microsoft states that they are aware of targeted attacks trying to exploit the vulnerability.

Information about workarounds and mitigations for the issue can be read from Microsoft's security advisory.

Mozilla Security Patch On Critical Vulnerability

Mozilla has released a new update to address a critical vulnerability present in their products.

Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Critical Unpatched Vulnerability In Adobe Shockwave Player

There has been found a critical vulnerability in Adobe Shockwave Player. The vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the vulnerable system. Details about the vulnerability have been disclosed publicly but Adobe states that they are not aware of any attacks exploiting the vulnerability at the moment.

Adobe's security advisory can be read here. Also, Secunia has an advisory available.

Google Patches Vulnerabilities In Chrome

Google has released a new version of their Chrome web browser. Version 7.0.517.43 fixes ten vulnerabilities (two affecting Linux only) of which one is categorized as critical, five as high, two as medium and two as low.

More information in Google Chrome Releases blog.

Mozilla Updates

Mozilla has released security bulletins related to found issues in some of their products. Five of the fixed vulnerabilities are categorized as critical, two as high, one as moderate and one as low.

Critical:
MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)
MFSA 2010-65 Buffer overflow and memory corruption using document.write
MFSA 2010-66 Use-after-free error in nsBarProp
MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
MFSA 2010-71 Unsafe library loading vulnerabilities

High:
MFSA 2010-68 XSS in gopher parser when parsing hrefs
MFSA 2010-69 Cross-site information disclosure via modal calls

Moderate:
MFSA 2010-70 SSL wildcard certificate matching IP addresses

Low:
MFSA 2010-72 Insecure Diffie-Hellman key exchange


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Security Updates For RealPlayer

RealNetworks has released updated version of their RealPlayer. New version contains fixes to seven vulnerabilities:

CVE-2010-2998
RealPlayer Malformed IVR Pointer Index Code Execution Vulnerability
Affected software: Windows RealPlayer SP 1.0.1 and prior.

CVE-2010-3747
RealPlayer ActiveX Control CDDA URI Uninitialized Pointer Vulnerability
Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior.

CVE-2010-3750
RealPlayer RJMDSections Remote Code Execution Vulnerability
Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior.

CVE-2010-2578
RealPlayer QCP parsing heap-based buffer overflow vulnerability.
Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior.

CVE-2010-3751
RealPlayer ActiveX Control Multiple Protocol Handlers Remote Code Execution Vulnerability
Affected software: Windows RealPlayer SP 1.1.4 and prior.

CVE-2010-3748
RealPlayer RichFX Component Stack Overflow Vulnerability
Affected software: Windows RealPlayer SP 1.1.4 and prior; RealPlayer Enterprise 2.1.2 and prior.

CVE-2010-3749
RealPlayer Browser Extension RecordClip Parameter Injection Vulnerability
Affected software: Windows RealPlayer SP 1.1 and prior.


Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.

Opera Updated

Opera Software has released an update for their Opera web browser. Version 10.63 contains fixes to five security vulnerabilities.

critical:
* Fixed an issue with reloads and redirects that could allow spoofing and cross-site scripting; advisory.

moderate:
* Fixed an issue that allowed cross-domain checks to be bypassed, allowing limited data theft using CSS, as reported by Isaac Dawson; advisory.
* Fixed an issue that allowed private video streams to be intercepted, as reported by Nirankush Panchbhai of Microsoft Vulnerability Research; advisory.
* Fixed an issue that caused JavaScript to run in the wrong security context after manual interaction; advisory.

low:
* Fixed an issue where manipulating the window could be used to spoof the page address; advisory.

Opera users are strongly recommended to update to 10.63 version. New version can be downloaded here.

Changelog of Windows version

Java Security Update Available

Oracle has released update for Java SE and Java for Business. The update fixes 29 security vulnerabilities of which 28 may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Affected versions are:
- Java SE:
• JDK and JRE 6 Update 21 and earlier for Windows, Solaris, and Linux
• JDK 5.0 Update 25 and earlier for Solaris
• SDK 1.4.2_27 and earlier for Solaris

- Java for Business:
• JDK and JRE 6 Update 21 and earlier for Windows, Solaris and Linux
• JDK and JRE 5.0 Update 25 and earlier for Windows, Solaris and Linux
• SDK and JRE 1.4.2_27 and earlier for Windows, Solaris and Linux

More information about the update can be read from Java critical patch update document.

Java users are recommended to update their versions to the latest one available.

Big Bunch of Patches To Oracle Products

Oracle has released updates for 85 security vulnerabilities as a part of their quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

The next Oracle CPU is planned to be released in January 2011.

Microsoft Security Updates For October 2010

Microsoft has released security updates for October 2010. This month update is big containing 16 updates of which four are categorized as critical, ten as important and two moderate.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Global Threat Trends Report From Trend Micro

Trend Micro has released a report about global threat trends. The report, covering January to June 2010, takes a look at various cybercrime incidents, the criminal's use of multiple tools (i.e. botnets) and look at threat trends and activity currently causing cost and disruption to connected users globally.

The report can be found here.

Adobe Reader And Acrobat Update

Adobe has released big batch of security updates for Adobe Reader and Adobe Acrobat.

Affected versions:
Adobe Reader 9.3.4 and earlier versions
Adobe Acrobat 9.3.4 and earlier versions

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
Acrobat 3D


More information about fixed vulnerabilities can be read from Adobe's security bulletin.

MessageLabs Intelligence Report: September 2010

MessageLabs has published their Intelligence report that sums up the latest threat trends for September 2010.

Report highlights:
• Spam – 91.9% in September (a decrease of 0.3 percentage points since August)
• Viruses – One in 218.7 emails in September contained malware (an increase of 0.15 percentage points since August)
• Phishing – One in 382.0 emails comprised a phishing attack (a decrease of 0.01 percentage points since August)
• Malicious websites – 2,997 websites blocked per day (a decrease of 10.8% since August)
• 33.6% of all malicious domains blocked were new in September (a decrease of 0.7 percentage points since August)
• 21.8% of all web-based malware blocked was new in September (an increase of 8.9 percentage points since August)
• Understanding and Managing a Mobile Workforce – Malicious Threats and Policy Controls
• Blog Update: “Here you have” mass-mailing worm

The report can be viewed here.

Out of Band Update For ASP.net Issue

Microsoft is going to release out of band update to address issue described in security advisory 2416728. Patch is scheduled to be released on Tuesday, September 28, 2010. More information can be read from related entry of the Microsoft Security Response Center (MSRC) blog.

Hotmail Security Updates To Prevent From Account Hijacking

Microsoft has made some security updates to their popular Hotmail web mail service. Seeing people posting to antimalware forums asking for help with their spam sending, hijacked accounts these new improvements will likely be nothing but a positive thing. Details about new security features can be read from Windows Live blog.

"MouseOver" Security Flaw On Twitter

"A new Twitter security flaw has been widely exploited on thousands of Twitter accounts, redirecting users to third-party websites without their consent.

The bug is particularly nasty because it works on mouseover only, meaning pop-ups and third-party websites can open even if you just move your mouse over the offending link.

For now, the best course of action is using only third-party apps such as TweetDeck to access Twitter, as the bug only seems to affect Twitter’s web interface."

More information > http://mashable.com/2010/09/21/twitter-mouseover-bug/

Unpatched Vulnerability In ASP.NET

Microsoft is investigating public report about vulnerability in ASP.NET. By exploiting the vulnerability an attacker may be able to view data encrypted by the vulnerable server or read data from files on the vulnerable target server.

More information:
- http://www.microsoft.com/technet/security/advisory/2416728.mspx
- http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx
- http://blogs.technet.com/b/msrc/archive/2010/09/17/security-advisory-2416728-released.aspx

QuickTime 7.6.8 Released

Apple has released new version of their QuickTime. Version 7.6.8 contains fixes for two vulnerabilities that could be exploited to run arbitrary code in target system:


QuickTime users with version older than 7.6.8 should update to the latest one available.

More information about security content of QuickTime 7.6.8 can be read here.

Microsoft Security Updates For September 2010

Microsoft has released security updates for September 2010. This month update contains nine updates of which four are categorized as critical and five as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

New Vulnerability In Adobe Products

Just some days ago I blogged about unpatched vulnerability affecting Adobe Reader and Acrobat versions. Unfortunately, there's been found another critical unpatched vulnerability in Adobe's products. This vulnerability (CVE-2010-2884) affects Flash Player, Adobe Reader and Adobe Acrobat programs. By exploiting the vulnerability an attacker may be able to cause a crash or execute arbitrary code in affected system. According to reports Flash Player vulnerability is actively exploited in the wild. Adobe says that they're not aware of any attacks exploiting this new vulnerability against Adobe Reader or Acrobat at the moment.

Affected software:
-Adobe Flash Player 10.1.82.76 and earlier
-Adobe Reader 9.3.4 and earlier versions
-Adobe Acrobat 9.3.4 and earlier versions


There are no patches available yet. To avoid exploitation users of the affected versions are advised to keep their antivirus protection definitions updated and open Flash (SWF) files from reliable sources only.

Adobe plans to bring update for Flash Player during the week of September 27, 2010 and for Adobe Reader and Acrobat during the week of October 4, 2010.

More information in the security advisory.

Critical Vulnerability In Adobe Reader and Acrobat

There has been found a critical vulnerability in Adobe Reader and Acrobat products. The vulnerability (CVE-2010-2883) is related to font handling and it could cause a crash and potentially allow an attacker to take control of the affected system. The vulnerability is actively exploited in the wild.

Affected are:
-Adobe Reader 9.3.4 and earlier versions
-Adobe Acrobat 9.3.4 and earlier versions

There is no patch available yet. To avoid exploitation users of the affected versions are advised to keep their antivirus protection definitions updated and open PDF files from reliable sources only.

More information in Adobe's security advisory.

Security Updates From Mozilla

Mozilla has released security bulletins related to found issues in some of their products. Ten of the fixed vulnerabilities are categorized as critical, two as high, one as moderate and two as low.

Critical:
MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)
MFSA 2010-50 Frameset integer overflow vulnerability
MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array
MFSA 2010-52 Windows XP DLL loading vulnerability
MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText
MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection
MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView
MFSA 2010-57 Crash and remote code execution in normalizeDocument
MFSA 2010-58 Crash on Mac using fuzzed font in data: URL
MFSA 2010-59 SJOW creates scope chains ending in outer object

High:
MFSA 2010-60 XSS using SJOW scripted function
MFSA 2010-61 UTF-7 XSS by overriding document charset using < object > type attribute

Moderate:
MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS

Low:
MFSA 2010-55 XUL tree removal crash and remote code execution
MFSA 2010-63 Information leak via XMLHttpRequest statusText


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Security Updates For Safari

Apple has released new versions of their Safari web browsers. The new versions contain fixes to three different vulnerabilities. These may lead to an unexpected application termination or allow an attacker to execute arbitrary code in affected system.

Affected are Safari versions earlier than 5.0.2 or 4.1.2. Users of vulnerable Safari versions can get the latest version here.

More information of security content of 5.0.2 and 4.1.2 versions can be read here.

iTunes 10 Available

Apple has released version 10 of their iTunes media player. New version fixes a bunch of security vulnerabilities of which some allow an attacker to execute arbitrary code in target system.

More information about the security content of iTunes 10 can be read from related security advisory.

Old version users should update to the latest one available.

RealNetworks Patches RealPlayer

RealNetworks has released updated version of their RealPlayer. New version contains fixes to seven vulnerabilities:
CVE-2010-2996
RealPlayer malformed IVR pointer index code execution vulnerability.
Affected software: Windows RealPlayer 11.1 and prior.

CVE-2010-3002
RealPlayerActiveX unauthorized file access vulnerability.
Affected software: Windows RealPlayer 11.1 and prior.

CVE-2010-0116
RealPlayer QCP files parsing integer overflow vulnerability.
Affected software: Windows RealPlayer SP 1.1.4 and prior.

CVE-2010-0117
RealPlayer processing of dimensions in the YUV420 transformation of MP4 content vulnerability.
Affected software: Windows RealPlayer SP 1.1.4 and prior.

CVE-2010-0120
RealPlayer QCP parsing heap-based buffer overflow vulnerability.
Affected software: Windows RealPlayer SP 1.1.4 and prior.

CVE-2010-3001
RealPlayer ActiveX IE Plugin vulnerability opening multiple browser windows.
Affected software: Windows RealPlayer SP 1.1.4 and prior.

CVE-2010-3000
RealPlayer FLV parsing multiple integer overflow vulnerability.
Affected software: Windows RealPlayer SP 1.1.4 and prior.

Users of affected versions are advised to update their RealPlayer to the latest one available. More information can be read from related security advisory.

Vulnerability In Apple QuickTime ActiveX Component

There has been found a vulnerability in QTPlugin.ocx ActiveX component in Apple QuickTime. The vulnerability may allow arbitrary code execution on vulnerable installations of Apple QuickTime. It can be exploited by luring user to visit a malicious site or open a malicious file.

Vulnerable are Apple Quicktime 7.x and 6.x series (also versions released in 2004, older ones were not checked) on Windows XP, Windows Vista and Windows 7 with Internet Explorer in use. At the moment there's not a patch available yet but vulnerable control can be blocked by setting a kill bit on CLSID {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} or renaming QTPlugin.ocx file.

More information:
http://www.securityfocus.com/archive/1/513444
http://www.exploit-db.com/exploits/14843/
http://www.techworld.com.au/article/358857/old_apple_quicktime_code_puts_ie_users_harm_way

TDSS Disguised As Tweetdeck Update

Trend Micro warns in their company blog about fake Tweetdeck (popular Twitter application) update that in its true form is a variant of TDSS (aka Alureon, TDL3, Hiloti, Tidserv) rootkit. Tweetdeck has also published a warning announcement on their site.

MessageLabs Intelligence Report: August 2010

MessageLabs has published their Intelligence report that sums up the latest threat trends for August 2010.

Report highlights:
• Spam – 92.2% in August (an increase of 3.3 percentage points since July)
• Viruses – One in 327.6 emails in August contained malware (a decrease of 0.02 percentage points since July)
• Phishing – One in 363.1 emails comprised a phishing attack (an increase of 0.10 percentage points since July)
• Malicious websites – 3,360 websites blocked per day (a decrease of 24.1% since July)
• 34.3% of all malicious domains blocked were new in August (an increase of 3.8 percentage points since July)
• 12.9% of all web-based malware blocked was new in August (a decrease of 0.2 percentage points since July)
• Battle of the botnets - Rustock remains dominant
• US hosts the greatest number of bots, but Europe becomes home to new botnet hotspots
• Less is more: Rustock moves away from TLS encrypted spam

The report can be found here.

TDL Goes 64-bit

64-bit Windows versions have so far been pretty secure to use. However, that thing is changing now. Researcher Marco Giuliani from Prevx writes in the company blog about new variant of TDL, advanced rootkit, that has successfully rooted itself into 64-bit Windows. Marco's blog post can be read here.

Links to other related articles:
http://www.computerworld.com/s/article/9182238/Rootkit_with_Blue_Screen_history_now_targets_64_bit_Windows
http://www.symantec.com/connect/fr/blogs/tidserv-64-bit-goes-hiding

Adobe Shockwave Player Updated

Adobe has released a new version of their Shockwave Player. Update contains fixes to several critical vulnerabilities that can be exploited to execute arbitrary code in target system.

Users with Shockwave Player 11.5.7.609 or older should update their players. The latest version (11.5.8.612 at the moment) can be downloaded here.

More information can be read from the correspondent security bulletin.

Rogue Behaving Like A Retrovirus

Symantec writes in their blog about a rogue that pushes user to uninstall present antivirus protection. Rogue named as AnVi Antivirus shows a message about detected, uncertified antivirus software presence. Clicking on "ok" or "close" button (x on the top right corner of the window) triggers uninstall process of current antivirus protection by using that protection's own legit uninstaller.

At least solutions from Symantec, Microsoft, AVG, Spyware Doctor, and Zone Labs are detected by the pest. If any of these are present the pest will push user to uninstall.

Source

Patches For Adobe Reader And Acrobat Available

Adobe has released their earlier promised out-of-band update for Adobe Reader and Adobe Acrobat.

Affected versions:
Adobe Reader 8.2.3, 9.3.3 and earlier versions
Adobe Acrobat 9.3.3 and earlier versions

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
Acrobat 3D


More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Opera 10.61 Available

Opera Software has released an update for their Opera web browser. Version 10.61 contains fixes to three found security vulnerabilities (high, moderate and low) and to a batch of other bugs.

Opera users are strongly recommended to update to 10.61 version. New version can be downloaded here.

Opera 10.61 for Windows changelog

Security Patch For QuickTime Player

Apple has released a new version of their QuickTime media player. New version fixes a vulnerability that may make it possible for an attacker to cause system crash or to execute arbitrary code on target system. To exploit the vulnerability attacker can lure user to open specially crafted file.

The vulnerability affects QuickTime 7 for Windows versions prior 7.6.7. Users of vulnerable version should update to the latest one available.

More information about the security content of QuickTime 7.6.7 can be read here.

Security Update For Adobe Flash Player

Adobe has released updated version of their Flash Player. The new version fixes some critical categorized vulnerabilities:
- a memory corruption vulnerability that could lead to code execution (CVE-2010-0209)
- a memory corruption vulnerability that could lead to code execution (CVE-2010-2188)
- multiple memory corruption vulnerabilities that could lead to code execution (CVE-2010-2213)
- a memory corruption vulnerability that could lead to code execution (CVE-2010-2214)
- a vulnerability that could lead to a click-jacking attack. (CVE-2010-2215)
- a memory corruption vulnerability that could lead to code execution (CVE-2010-2216)

Users of Adobe Flash Player 10.1.53.64 and earlier should update to Adobe Flash Player 10.1.82.76. Also, users of Adobe AIR version 2.0.2.12610 and earlier should update to Adobe AIR 2.0.3.

More information can be read from Adobe's security bulletin.

Microsoft Security Bulletin Summary For August 2010

Microsoft has released security updates for August 2010. This month update contains 15 updates (14 new among earlier released out-of-band update, MS10-046) of which nine are categorized as critical and six as important.

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

FreeType Library Vulnerable

FreeType is generally used open source library for font type handling. There has been found a vulnerability in its Compact Font Format (CFF) font processing. The vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability is being used in the iPhone PDF JailBreak exploit.

Affected vendors are:
- Apple Inc
- Foxit Software Company
- RedHat, Inc

More information:
- http://www.kb.cert.org/vuls/id/275247
- http://secunia.com/advisories/40816
- http://www.foxitsoftware.com/pdf/reader/security_bulletins.php#iphone

Tips for Safer Facebooking From F-Secure

F-Secure has published a 6 tips containing list for safer facebooking. Those can be viewed in the company's Safe and Savvy blog here.

Adobe To Release Out-of-band Updates

Adobe is planning to release out-of-band updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues. Adobe expects to make these updates available during the week of August 16, 2010.

More information:
Adobe Blog
Security Advisory

Out-of-band Update For Windows

Microsoft has released a fix for actively exploited vulnerability in shortcut icon loading. The vulnerability is categorized as critical and the fix for it should be installed as soon as possible. All supported editions of Windows are affected by this vulnerability.

More information can be found from the security bulletin MS10-046.

For consumer the easist way to get the update is to use Microsoft Update service.

Vulnerabilities In Wireshark

There has been found vulnerabilities in Wireshark, free open source program for analyzing network protocols. By exploiting the vulnerabilities an attacker may be able to make Wireshark crash, hang, or execute code by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.

Vulnerable versions are all versions prior 1.0.15, 1.2.10 or 1.4.0rc2.

Non vulnerable version of Wireshark can be downloaded here.

More information can be read from these advisories:
http://www.wireshark.org/security/wnpa-sec-2010-07.html
http://www.wireshark.org/security/wnpa-sec-2010-08.html

Vulnerabilities In Lotus Notes File Viewers

IBM has released an update for Lotus Notes email client. The update fixes vulnerabilities that are related to way how Notes handles file attachments. By exploiting these vulnerabilities it may be possible to execute arbitrary code in vulnerable system.

Affected versions are:
- Lotus Notes 8.5 series prior version 8.5.1 Fix Pack 4
- Lotus Notes 8.0 series prior version 8.0.2 Fix Pack 6
- Lotus Notes 7 series
- Lotus Notes 6.5 series
- Lotus Notes 5 series

Solution:
IBM recommends to install Lotus Notes 8.0.2 Fix Pack 6 or Lotus Notes 8.5.1 Fix Pack 4. If that's not possible then workarounds can be used. More about these and other details can be read from related support document.

Vulnerability Fix For Safari

Apple has released new versions of their Safari web browsers. The new versions contain fixes to 15 different vulnerabilities. Some of these may allow an attacker to execute arbitrary code in affected system.

Affected are Safari versions earlier than 5.0.1 or 4.1.1. Users of vulnerable Safari versions can get the latest version here.

More information of security content of 5.0.1 and 4.1.1 versions can be read here.

PHP Updates Available

PHP development team has released new versions for 5.3.x and 5.2.x series of PHP scripting language.

PHP 5.3.3 for 5.3.x series fixes in total over 100 bugs and vulnerabilities. Details of fixed issues are not published.

PHP 5.2.14 for 5.2.x series fixes in total over 60 bugs and vulnerabilities. Details of fixed issues are not published. 5.2.14 version was the last one for PHP 5.2.x series. Users of this series are recommended to update to PHP 5.3.3. Migration guide for 5.2.x series users can be found here.

More details about 5.3.3 release can be read here and 5.2.14 release here.

Patched Version of Chrome Available

Google has released a new version of their Chrome web browser. Version 5.0.375.125 contains fixes to seven vulnerabilities of which two are categorized as critical, three as high, one as medium and one as low.

More information in Google Chrome Releases blog.

New Updates For Mozilla Products

Mozilla has released security bulletins related to found issues in some of their products. Eight of the fixed vulnerabilities are categorized as critical, two as high and other four as moderate.

Critical:
MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-35 DOM attribute cloning remote code execution vulnerability
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-36 Use-after-free error in NodeIterator
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-38 Arbitrary code execution using SJOW and fast native function
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Thunderbird 3.1.x series prior 3.1.1

MFSA 2010-39 nsCSSValue::Array index integer overflow
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-41 Remote code execution using malformed PNG image
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

High:
MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-43 Same-origin bypass using canvas context
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Thunderbird 3.1.x series prior 3.1.1

Moderate:
MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Thunderbird 3.1.x series prior 3.1.1

MFSA 2010-45 Multiple location bar spoofing vulnerabilities
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-46 Cross-domain data theft using CSS
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-47 Cross-origin data leakage from script filename in error messages
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

ITunes 9.2.1 Released

Apple has released version 9.2.1 of their iTunes media player. New version fixes a security vulnerability that could allow an attacker to execute arbitrary code in target system.

More information about the security content of iTunes 9.2.1 can be read from related security advisory.

Old version users should update to the latest one available.

Vulnerability in Windows Shell

Microsoft says that they're investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell. "The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled." By exploiting the vulnerability an attacker may be able to execute arbitrary code in affected system.

Affected operating systems are:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems


More information about the vulnerability and workarounds can be read from the correspondent security advisory.

Other references:
http://www.kb.cert.org/vuls/id/940193
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/

Security Updates For Oracle Products

Oracle has released updates for their products that fix 59 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in October 2010.

Microsoft Security Bulletin Summary for July 2010

Microsoft has released security updates for July 2010. This month update contains four updates of which three are categorized as critical and one as important.

Critical:
MS10-042: Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)
MS10-043: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)
MS10-044: Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)

Important:
MS10-045: Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

New Antimalware Engine For MSE Coming On 15 July 2010

"As part of regular update of our Antimalware technology to address the latest in the threat landscape, the Microsoft Antimalware Team is planning to release a new antimalware engine on 15 July 2010.
Affected products: Microsoft Security Essentials (MSE), Forefront Client Security (FCS)
Engine Version will be in the range of 1.1.600X.0"

Source

Fake IME Trojan

Websense reports in their blog about a trojan that uses the Windows input method editor (IME) to inject a system. An IME is an operating system component or program that allows users to enter characters and symbols not found on their input device.

After the trojan has installed itself as an IME it then kills any running antivirus processes and also deletes the installed antivirus executable files. Deeper description of trojan's doings can be read from the correspondent entry of Websense blog.

Adobe PDF "Launch" Issue Not Fully Fixed

Adobe released update to fix bunch of security vulnerabilities in their PDF Reader and Acrobat software. Among fixed ones was "Launch" vulnerability. Senior security researcher Le Manh Tung points out in his blog that vulnerability can still be exploited when the command is included in quotes. The fake warning message is fixed though. In another blog entry Le Manh Tung gives his advice for fixing the issue.

Updates For Adobe Reader And Acrobat

There has been detected critical vulnerabilities in Adobe Reader and Acrobat PDF products. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Affected versions:
Adobe Reader 9.3.2 and earlier versions
Adobe Acrobat 9.3.2 and earlier versions

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
Acrobat 3D


More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Technical White Paper of TDL3

TDL3 (aka TDSS or Tidserv) and its different variants are one of the most common threats at the moment. Ace Portuguez from F-Secure has written an analysis of this highly advanced rootkit. The paper can be downloaded here.

Firefox 3.6.4 Released

Mozilla has released new updates for Firefox 3.6.x and older 3.5.x versions. 3.6.4 version fixes seven vulnerabilities of which four are categorized as critical, two as moderate and one as low. Update 3.5.10, meant for older 3.5.x series, fixes nine vulnerabilities of which six are categorized as critical, two as moderate and one as low. 3.6.4 contains also some stability functionality to prevent Adobe Flash, Apple Quicktime or Microsoft Silverlight plugins crash from crashing whole browser process. If a plugin crashes or freezes, it will not affect the rest of Firefox. One will be able to reload the page to restart the plugin and try again.

Update can be obtained by using inbuilt updater of Firefox or by downloading it manually.

Download links and related extra information:
Release notes for 3.6.4 version
Release notes for 3.5.10 version

Mozilla recommends 3.5.x series users to switch to 3.6.x series version. Security and stability updates for 3.5.x versions will be released until August 2010.

Opera Version 10.54 Released

Opera Software has released an update for their Opera web browser. Version 10.54 contains fixes to five found security vulnerabilities. Details about four of these (one extremely severe, one highly severe, one moderately severe and one less severe) details will be disclosed later. The other, extremely severe categorized vulnerability is related to earlier found and patched vulnerability in Windows (MS10-032).

Opera users are strongly recommended to update to 10.54 version. New version can be downloaded here.

Changelog of Opera 10.54 Windows version

ITunes 9.2 Available

Apple has released version 9.2 of their iTunes media player. New version fixes a few security vulnerabilities of which some allow an attacker to execute arbitrary code in target system.

More information about the security content of iTunes 9.2 can be read from related security advisory.

Old version users should update to the latest one available.

Vulnerability In Windows Help And Support

Microsoft says that they're investigating public reports of a possible vulnerability in the Windows Help and Support Center delivered with supported editions of Windows XP and Windows Server 2003. By exploiting the vulnerability an attacker may be able to execute arbitrary code in affected system. Proof of concept exploit code for the vulnerability has been made public but Microsoft says that they're not currently aware of active attacks using it. However, they're monitoring the situation.

More information about the vulnerability and workarounds can be read from the correspondent security advisory.

Security Patch For Adobe Flash Player

Adobe has released a new version of their Flash Player. Version 10.1.53.64 fixes many critical vulnerabilities in Flash Player version 10.0.45.2 and earlier. Users of Adobe AIR 1.5.3.9130 and earlier versions are also affected and they are recommended to update to Adobe AIR version 2.0.2.12610.

More information about vulnerabilities and instructions for updating can be read from the correspondent security bulletin.

Fixed Version of Google Chrome Available

Google has released a new version of their Chrome web browser. The new version contains fixes to 11 vulnerabilities of which nine are categorized as high and two as medium. One of the high critical vulnerabilities, [43304] High Linux sandbox escape, affects only Linux versions. Details about the vulnerabilities hasn't been made public yet.

More information can be read from Google Chrome Releases blog.

Microsoft Security Updates For June 2010

Microsoft has released security updates for June 2010. This month update consists of ten updates. Three are categorized as critical and seven as important:

Critical:
MS10-033: Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)
MS10-034: Cumulative Security Update of ActiveX Kill Bits (980195)
MS10-035: Cumulative Security Update for Internet Explorer (982381)

Important:
MS10-032: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
MS10-036: Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
MS10-037: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
MS10-038: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
MS10-039: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
MS10-040: Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
MS10-041: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Apple Fixes Safari Vulnerabilities

Apple has released new versions of their Safari web browsers. The new versions contain fixes to 48 different vulnerabilities. Some of these may allow an attacker to execute arbitrary code in affected system.

Affected are Safari versions earlier than 5.0 or 4.1. Users of vulnerable Safari versions can get the latest version here.

More information of security content of 5.0 and 4.1 versions can be read here.

OpenOffice 3.2.1 Available

OpenOffice.org has released a new version of OpenOffice. The fresh version contains fixes for two vulnerabilities:
-CVE-2009-3555: OpenOffice.org 2 and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party Libraries
-CVE-2010-0395: Security vulnerability in OpenOffice.org related to python scripting

More information about OpenOffice security fixes can be found here and about other changes can be read from Release Notes. OpenOffice 3.2.1 can be downloaded here.

Vulnerability In Adobe Acrobat, Reader And Flash Player

There has been found a critical vulnerability in Adobe Acrobat, Reader and Flash Player. By exploiting the vulnerability an attacker may be able cause a system crash or execute arbitrary code in target system.

The vulnerability is related to a way the authplay.dll library (used for handling SWF content) of the affected software handles SWF content. The vulnerability can be exploited by luring affected software user to access specially crafted web site or to open crafted PDF file. Adobe says that the vulnerability is currently exploited in the wild.

Affected software are:
- Adobe Flash Player 10.0.45.2, 9.0.262 and earlier 10.0.x & 9.0.x series versions
- Adobe Reader and Acrobat 9.3.2 and earlier 9.x series versions

At the moment, there is no patch against the vulnerability available but Flash Player users can mitigate the problem by installing The Flash Player 10.1 Release Candidate available at http://labs.adobe.com/technologies/flashplayer10/.

In Adobe Reader and Acrobat cases deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

“Tequila Botnet” Targets Mexican Users

Senior Threat Researcher Ranieri Romera writes in Trend Micro blog about botnet that is targeting Mexican users, particularly PayPal's local site and Bancomer that is the biggest bank in Mexico. Client program of Tequila botnet can arrive to user's computer via different ways.

First, it takes advantage of the news about missing four-year-old girl, Paulette Gebara Farah. Users who are following the said news may fall prey to this attack by visiting the page http://www.knijo.{BLOCKED}0.net/fotografias-al-desnudo-de-la-mama-de-paulette.htm which contains an article about Paulette and claims to show nude photos of her mother. When user arrives at the page one is shown fake dialog trying to make user install "Adobe Flash Player". If user clicks "run" one is led to the download of the file video-de-la-mama-de-paulette.exe that is actually client of a bot detected as TSPY_MEXBANK.A by Trend Micro. Among spreading via malicious webpages the Tequila botnet may spread itself via USB devices and via MSN Messenger as well. It sends messages that either contain the file itself (as an attachment of sorts) or links that go to copies of the malware.

The whole blog post with more detailed description of Tequila botnet can be read here.

U.S. Indicts Cybercriminals in Scareware Scam Case

The United States have accused three men of running an operation that used fraudulent ads to dupe internet users in more than 60 countries into buying more than $100 million worth of rogue anti-virus software. This was done by showing false virus warnings or other fake warnings about critical system issues on the screen and convincing users to buy treatments for those.

The defendants took advantage of online ads that they were able to post on different internet publishers websites. The publishers were not aware of true nature of the ads that rode on well known company names. Some scam products sold were DriveCleaner, ErrorSafe, Malware Alarm, Antivirus 2008 and VirusRemover 2008.

The press release can be read here.

McAfee Buys Trust Digital To Get Foot-hold On Mobile Security

McAfee has announced that it's going to acquire Trust Digital. Trust Digital is a leading provider of enterprise mobility management (EMM®) and security software for Forbes Global 2000 companies. "McAfee expects that Trust Digital’s strong foot-hold in the mobile security market will extend McAfee’s endpoint market, addressing a wide range of mobile operating systems including iPhone OS, Android, Web OS, Windows Mobile, and Symbian."

The acquisition is expected to close by June 30 2010. McAfee press release can be read here.

McAfee Threats Report of First Quarter 2010

McAfee has released a report taking a look at the first quarter 2010 cyber threats. The report can be downloaded here.

Unpatched Vulnerability In Latest Windows Versions

Microsoft is investigating a reported vulnerability in the Windows Canonical Display Driver (cdd.dll). If successfully exploited, the vulnerability could allow code execution.

Affected Windows versions are:
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems (Server Core installation not affected)
Windows Server 2008 R2 for Itanium-based Systems


More information:
MSRC blog post
Related Microsoft Security Advisory

New Shockwave Player Available

Adobe has released a new version of their Shockwave Player. Update contains fixes to several critical vulnerabilities that can be exploited to execute arbitrary code in target system.

Users with Shockwave Player older than 11.5.7.609 should update their players. The latest version can be downloaded here.

More information can be read from the correspondent security bulletin.

Mozilla Plugin Checker To Check Other Browsers' Plugins Too

Last fall Mozilla made available a website that Firefox users could use to check if their browser plugins were outdated. Now Mozilla has extended the plugin check to other browsers too. At the moment, supported are Safari 4, Chrome 4 and Opera 10.5. Support for the most popular, but not for all yet, plugins of Internet Explorer 7 and 8 is included too.

More information in Mozilla blog.

Microsoft Security Bulletin Summary for May 2010

Microsoft has released security updates for May 2010. This month update contains fixes for two vulnerabilities which both are categorized as critical:
MS10-030: Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)
MS10-031: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Updated Foxit Reader Blocks "Launch" Issue

Foxit Software has released a new version of their PDF viewer software. Foxit Reader 3.3 contains "Trust Manager" that blocks all external commands that may be tucked into a PDF document. The update is a response to reported malware campaigns abusing unfixed "/Launch" flaw.

Source

Update For Opera Available

Opera Software has released an update for their Opera web browser. Version 10.53 contains fix to a vulnerability categorized as "extremely severe".

Extremely severe:
Multiple asynchronous calls to a script that modifies the document contents can cause Opera to reference an uninitialized value, which may lead to a crash. To inject code, additional techniques will have to be employed.

Opera users are strongly recommended to update to 10.53 version. New version can be downloaded here.

Changelog of Windows version

Vulnerability In Adobe Photoshop CS4

There has been found a critical vulnerability in Photoshop CS4. Successful exploitation of the vulnerability makes it possible for an attacker to take control of the affected system. This can be done by luring user to open specially crafted .TIFF file.

Users of the affected version are recommended to update their Photoshop CS4 to version 11.0.1. More information can be read from Adobe security bulletin.

Unpatched Vulnerability In Microsoft SharePoint

Microsoft is investigating reported cross-site scripting (XSS) vulnerability in SharePoint Services 3.0 and SharePoint Server 2007. "The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment."

More information and instructions how to mitigate the issue can be found here.

Storm Making A Comeback As A Modified Version

The bot code used in the infamous, massive Storm botnet that was taken down nearly two years ago is being used to build another spamming botnet.

Related links:
https://www.honeynet.org/node/539
http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml?articleID=224700110
http://krebsonsecurity.com/2010/04/infamous-storm-worm-stages-a-comeback/

Malware Targeting iPad Users

Security company BitDefender warns about malware that is targeting iPad owners. E-mail invitation promises to keep iPad software updated “for best performance, newer features and security”. Purpose is to lure user to click included web link that is said to contain new version of iTunes software needed to update iPad. Instead of being iTunes update the file is actually malware that BitDefender detects as Backdoor.Bifrose.AADY.

Read the story here.

Patched Version Of VLC Player Available

VideoLAN project has released a new version of their VLC media player. Version 1.0.6 fixes several vulnerabilities in different media format handling. By exploiting the vulnerabilities an attacker may be able to execute arbitrary code in target system.

Affected are VLC Player versions 0.5.0 - 1.0.5. Owners of those versions should update to the 1.0.6 version. Version 1.1.0 (currently in pre-release stage) is not affected by these vulnerabilities.

Symantec Internet Security Threat Report

Symantec has published "Global Internet Security Threat Report Trends for 2009" report. The report provides an overview and analysis of Internet threat activity worldwide, a review of known vulnerabilities, and highlights of malicious code. Other covered things are trends in phishing and spam. The report assess also observed activities on underground economy servers.

The report can be viewed here.

Update For Java Available

New Java version fixes vulnerability in Java Web Start control. The vulnerability is currently actively exploited and so it's important Java users update their versions to the latest version available.

The latest update can be downloaded here.

More information about contents of the update can be read from Release Notes of Java SE 6 Update 20.

Updates For Adobe PDF Software

There has been detected critical vulnerabilities in Adobe Reader and Acrobat PDF products. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Affected versions:
Adobe Reader 9.3.1 and earlier versions
Adobe Acrobat 9.3.1 and earlier versions

Users of vulnerable versions are instructed to update their versions either by using automatic update functionality or by downloading fresh version manually. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Those who want to upgrade manually, can download the latest versions of the links below:
Adobe Reader
Acrobat Standard and Pro
Acrobat Pro Extended
Acrobat 3D


More information about fixed vulnerabilities can be read from Adobe's security bulletin.

Updates To Oracle Products Released

Oracle has released updates for their products that fix 47 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in July 2010.

Microsoft Security Updates For April 2010

Microsoft has released its monthly security updates. This month packet consists of 11 updates of which five are critical, five important and one moderate.

Critical:
MS10-019 - Vulnerabilities in Windows Could Allow Remote Code Execution (981210)
MS10-020 - Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)
MS10-025 - Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution (980858)
MS10-026 - Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (977816)
MS10-027 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)

Important:
MS10-021 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (979683)
MS10-022 - Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
MS10-023 - Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (981160)
MS10-024 - Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service (981832)
MS10-028 - Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094)

Moderate:
MS10-029 - Vulnerability in Windows ISATAP Component Could Allow Spoofing (978338)

Microsoft released a new version of its Windows Malicious Software Removal Tool (MSRT) too.


More information about the updates can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

VMWare Patches A Bunch of Vulnerabilities

VMware has released security update to patch several vulnerabilities in their virtualization applications.

Affected versions:
- VMware Workstation 7.0
- VMware Workstation 6.5.3 and earlier
- VMware Player 3.0
- VMware Player 2.5.3 and earlier
- VMware ACE 2.6
- VMware ACE 2.5.3 and earlier
- VMware Server 2.0.2 and earlier
- VMware Fusion 3.0
- VMware Fusion 2.0.6 and earlier
- VMware VIX API for Windows, version 1.6.x
- VMware ESXi 4.0 prior patch ESXi400-201002402-BG
- VMware ESXi 3.5 prior patch ESXe350-200912401-T-BG
- VMware ESX 4.0 without patches ESX400-201002401-BG and
ESX400-200911223-UG
- VMware ESX 3.5 without patch ESX350-200912401-BG
- VMware ESX 3.0.3 without patch ESX303-201002203-UG
- VMware ESX 2.5.5 without Upgrade Patch 15.

Further information including updating instructions can be read from VMware's security advisory.

Trapped Mobile Phone Game Making A Mess

F-Secure tells in their blog about trapped Windows Mobile game that calls expensive numbers without owner's awareness. Trojanized version was spread on several Windows Mobile freeware download sites. Long topic about the issue can be found for example on popular XDA-Developers forum.

PDF "/Launch" Issue Workarounds

Security researcher Didier Stevens demonstrated last week how it was possible to execute an embedded executable without exploiting any vulnerability. For this he used launch action triggered by the opening of specially crafted PDF file. Adobe Reader shows user a warning asking for permission to launch the action. Still the message could be partially modified to make user allow the action launch. Foxit Reader didn't display any warning letting the action be executed without user interaction.

Both Adobe and Foxit Software have reacted to this finding.

A few days after Stevens' finding, Foxit Software released a new version to fix the vulnerability. Yesterday Adobe published in their blog instructions for Adobe Reader and Acrobat users to mitigate risks. They also said that Adobe is currently researching the best approach for the functionality in Adobe Reader and Acrobat which may be made available in one of their quarterly released updates.

Instructions to mitigate the issue in Adobe Reader and Acrobat:
1. Open up the Preferences panel
2. Click on "Trust Manager" in the left pane.
3. Clear the check box "Allow opening of non-PDF file attachments with external applications".

There is also registry related solution available for administrators in the correspondent entry in Adobe's blog.

Vulnerability In Foxit Reader

There has been found a vulnerability in Foxit Reader, software for pdf file handling. The vulnerability may allow running an executable embedded program inside a PDF automatically without asking for user’s permission.

Affected is Foxit Reader 3.2.0.0303 version. Foxit Reader users should update their version to the latest one available either by using "Check for Updates Now" in Reader help menu or by downloading fresh version here (Note: remember to unselect toolbar related options during the installation process unless you really want that installed too).

More information here.

Mozilla Patches Security Hole In Firefox 3.6.x Versions

Mozilla has released a patch to critical categorized vulnerability that was found during the 2010 Pwn2Own contest by security researcher Nils of MWR InfoSecurity.

Firefox 3.6.x users with version prior 3.6.3 should upgrade to the latest version available by using the inbuilt updater (from Firefox menu: Help->Check for updates) or by downloading here.

Firefox 3.6.3 Release Notes

New Java Update Available

Oracle has released update for Java SE and Java for Business. The update fixes multiple security vulnerabilities and contains also some non-security patches.

Affected versions are:
- Java SE:
• JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux
• JDK 5.0 Update 23 and earlier for Solaris
• SDK 1.4.2_25 and earlier for Solaris

- Java for Business:
• JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux
• JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux
• SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux

More information about the update can be read from Java critical patch update document.

Java users are recommended to update their versions to the latest one available.

Apple Patches QuickTime Player Vulnerabilities

Apple has released a new version of their QuickTime media player. New version fixes 16 vulnerabilities that all make it possible for an attacker to execute arbitrary code in target system. To exploit the vulnerabilities attacker can lure user to open specially crafted file.

Vulnerabilities affect QuickTime versions prior 7.6.6. Users of vulnerable version should update to the latest one available.

More information about the security content of QuickTime 7.6.6 can be read here.

New Version Of iTunes Available

Apple has released new version of their iTunes media player application. Version 9.1 fixes security vulnerabilities of which some allow an attacker to execute arbitrary code in target system.

More information about the security content of iTunes 9.1 can be read here.

Old version users should update to the latest one available.

Out-Of-Band Update For Internet Explorer Released

Microsoft has released update for Internet Explorer out of their regular update cycle. MS10-018 update fixes ten vulnerabilities (nine privately reported and one publicly disclosed). The update is categorized as critical and consumers get it easiest by using Microsoft Update service.

Summary of Microsoft security updates for March 2010 can be viewed here.

Windows 2000, XP SP2 and Vista End of Life Support

Windows 2000 Professional and Windows 2000 Server are approaching 10 years since their launch and both products will go out of support on July 13, 2010.

Windows XP was launched back in 2001. While support for the product will continue, Service Pack 2 will go out of support on July 13, 2010. From that date onwards, Microsoft will no longer support or provide free security updates for Windows XP SP2.

Finally, Windows Vista with no Service Packs installed will end support on April 13 2010. Please install the free Service Pack 2 for Windows Vista to have the most secure and supported Windows Vista platform.

Users who still have Windows XP SP2 or Windows Vista with no Service Packs installed and are not planning to switch to Windows 7 yet should update their versions in order to get supported. XP users should install SP3 and Vista users should get SP2.

More information can be read here.