Last Wednesday Microsoft announced that it had been granted a court order that would help in tearing down Waledac botnet. Now after a few days later Microsoft announced that it has several other botnets in its target too.
Whole Computerworld article can be read here.
Sunday, February 28, 2010
Thursday, February 25, 2010
Vulnerability In Picasa
There has been found a vulnerability in Google Picasa. The vulnerability is caused due to an integer overflow error in PicasaPhotoViewer.exe when processing JPEG files. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted JPEG file and e.g. zooming in. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code in target system.
The issue affects PicasaPhotoViewer.exe version 3.6.95.25, included in Google Picasa 3.6 build 95.25. Older versions may be affected too. Users of Google Picasa should update their versions to 3.6 build 105.41.
The issue affects PicasaPhotoViewer.exe version 3.6.95.25, included in Google Picasa 3.6 build 95.25. Older versions may be affected too. Users of Google Picasa should update their versions to 3.6 build 105.41.
Saturday, February 20, 2010
Unpatched Vulnerability In Firefox
Mozilla released security updates for its products a few days ago. None of those affected the latest Firefox version 3.6. However, there has been found a new vulnerability and this time the latest version is affected.
The found vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code. At the moment, there's no patch or workaround available. Firefox users should avoid visiting untrusted websites and following untrusted links.
The found vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code. At the moment, there's no patch or workaround available. Firefox users should avoid visiting untrusted websites and following untrusted links.
Thursday, February 18, 2010
Mozilla Fixes Some Vulnerabilities
Mozilla has released security bulletins related to found issues in some of their products. Three of the found vulnerabilities are categorized as critical and two other as moderate. The latest 3.6 version of Firefox is not affected by any of these listed vulnerabilities.
Critical:
MFSA 2010-01 Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- Thunderbird prior 3.0.2
- SeaMonkey prior 2.0.3
MFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- SeaMonkey prior 2.0.3
MFSA 2010-03 Use-after-free crash in HTML parser
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- Thunderbird prior 3.0.2
- SeaMonkey prior 2.0.3
Moderate:
MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- SeaMonkey prior 2.0.3
MFSA 2010-05 XSS hazard using SVG document and binary Content-Type
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- SeaMonkey prior 2.0.3
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey
Critical:
MFSA 2010-01 Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- Thunderbird prior 3.0.2
- SeaMonkey prior 2.0.3
MFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- SeaMonkey prior 2.0.3
MFSA 2010-03 Use-after-free crash in HTML parser
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- Thunderbird prior 3.0.2
- SeaMonkey prior 2.0.3
Moderate:
MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- SeaMonkey prior 2.0.3
MFSA 2010-05 XSS hazard using SVG document and binary Content-Type
*Affects:
- Firefox prior 3.5.8
- Firefox prior 3.0.18
- SeaMonkey prior 2.0.3
Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey
Wednesday, February 17, 2010
Updates For Adobe PDF Products
There has been detected critical vulnerabilities in Adobe Reader and Acrobat PDF products. One of the vulnerabilities (CVE-2010-0186) could subvert the domain sandbox and make unauthorized cross-domain requests. The second patched vulnerability (CVE-2010-0188) could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Vulnerable are Adobe Reader 9.3 and earlier versions & Adobe Acrobat 9.3 and earlier versions. Users of Adobe Reader are recommended to update their versions to 9.3.1. For those Adobe Reader users who can't update to this version Adobe has provided Adobe Reader 8.2.1 update. Fresh versions are available here.
More information can be read from Adobe's security bulletin.
Vulnerable are Adobe Reader 9.3 and earlier versions & Adobe Acrobat 9.3 and earlier versions. Users of Adobe Reader are recommended to update their versions to 9.3.1. For those Adobe Reader users who can't update to this version Adobe has provided Adobe Reader 8.2.1 update. Fresh versions are available here.
More information can be read from Adobe's security bulletin.
Monday, February 15, 2010
OpenOffice 3.2 Released
OpenOffice.org has released a new version of OpenOffice. The fresh version contains fixes for several vulnerabilities:
* CVE-2006-4339: Potential vulnerability from 3rd party libxml2 libraries
* CVE-2009-0217: Potential vulnerability from 3rd party libxmlsec libraries
* CVE-2009-2493: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime
* CVE-2009-2949: Potential vulnerability related to XPM file processing
* CVE-2009-2950: Potential vulnerability related to GIF file processing
* CVE-2009-3301/2: Potential vulnerability related to MS-Word document processing
More information can be found here. OpenOffice 3.2 can be downloaded here.
* CVE-2006-4339: Potential vulnerability from 3rd party libxml2 libraries
* CVE-2009-0217: Potential vulnerability from 3rd party libxmlsec libraries
* CVE-2009-2493: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime
* CVE-2009-2949: Potential vulnerability related to XPM file processing
* CVE-2009-2950: Potential vulnerability related to GIF file processing
* CVE-2009-3301/2: Potential vulnerability related to MS-Word document processing
More information can be found here. OpenOffice 3.2 can be downloaded here.
Sunday, February 14, 2010
Fake AV With Online Support
Fake antivirus programs showing false alerts of different malware types is unfortunately quite common sight nowadays. Live PC Care named rogue AV differs from other similar ones by having support function included. Yellow "online support" -button in the program launches live online support chat session with a live "support agent". The purpose of this is to alleviate doubt and to convince unaware user to purchase the product.
The whole story can be read from Symantec's Blog.
The whole story can be read from Symantec's Blog.
Friday, February 12, 2010
Updated Adobe Flash Player Available
Adobe has released updated version of their Flash Player. The new version fixes critical categorized vulnerability (CVE-2010-0186) that could subvert the domain sandbox and make unauthorized cross-domain requests. The patch also resolves a potential Denial of Service issue (CVE-2010-0187).
Users of Adobe Flash Player 10.0.42.34 and earlier should update to Adobe Flash Player 10.0.45.2. Also, users of Adobe AIR version 1.5.3.1920 and earlier should update to Adobe AIR 1.5.3.1930.
More information can be read from Adobe's security bulletin.
Users of Adobe Flash Player 10.0.42.34 and earlier should update to Adobe Flash Player 10.0.45.2. Also, users of Adobe AIR version 1.5.3.1920 and earlier should update to Adobe AIR 1.5.3.1930.
More information can be read from Adobe's security bulletin.
Tuesday, February 9, 2010
February 2010 Security Updates From Microsoft
Microsoft has released update packet that contains 13 updates. Of these updates five are categorized as critical, seven as important and one as moderate.
New version of Windows Malicious Software Removal Tool (MSRT) was also released.
More information of the updates can be read from Security Bulletin Summary For February.
New version of Windows Malicious Software Removal Tool (MSRT) was also released.
More information of the updates can be read from Security Bulletin Summary For February.
Thursday, February 4, 2010
New Vulnerability In Internet Explorer
Microsoft is investigating new publicly reported vulnerability in Internet Explorer. If a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.
The versions not running in Protected Mode include Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.
There's no patch released yet. More information including some workarounds can be read from the security advisory.
The versions not running in Protected Mode include Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.
There's no patch released yet. More information including some workarounds can be read from the security advisory.
Tuesday, February 2, 2010
Watch Out IQ Test Posing Pest
ESET and BitDefender researchers have discovered malicious worm that disguises itself as IQ test. So far, two variants, Win32/Zimuse.A and Win32/Zimuse.B, have been seen.
"Upon execution, the malware will attempt to spread through removable media using a time-based logic bomb, and overwrite the MBR (Master Boot Record) of all available drives after 40 days for variant A, and 20 days for variant B, making the host’s data inaccessible."
Since 64 bit versions of Windows Vista and Windows 7 require digitally signed drivers the pest fails to install itself on machine with either of these operating systems installed.
Both BitDefender and ESET have Zimuse removal tool available.
More information:
BitDefender blog entry
ESET press release
Source
"Upon execution, the malware will attempt to spread through removable media using a time-based logic bomb, and overwrite the MBR (Master Boot Record) of all available drives after 40 days for variant A, and 20 days for variant B, making the host’s data inaccessible."
Since 64 bit versions of Windows Vista and Windows 7 require digitally signed drivers the pest fails to install itself on machine with either of these operating systems installed.
Both BitDefender and ESET have Zimuse removal tool available.
More information:
BitDefender blog entry
ESET press release
Source
Subscribe to:
Posts (Atom)
