Firefox receives critical security fixes – update now

Mozilla has released version 3.6.13 of its popular Firefox web browser.

 

This new version contains fixes for 11 security holes, nine of which have been given the worst rating of “critical” severity, as the vulnerabilities can be used to run malicious attack code and install software – the user has to do nothing to be hit in this way, just normal browsing is enough.

 

Fortunately Firefox contains an integrated update mechanism (Help / Check for Updates to kickstart the process) which can help ensure that most users are rapidly upgraded to the latest version.

 

 

However, don’t dawdle. Malicious hackers could try to exploit the vulnerabilities - described on Mozilla’s website – to infect your computer with malware.

 

By Graham Cluley @ nakedsecurity.sophos.com

 

5 Benefits of Automating Patch Management

You need a patch management solution for proper patch management. But what are the benefits of automating patch management for these companies?

 

1. Security

Security is the most obvious reason as to why companies would want to have an automated patch management solution in place. One of the main reasons why software vendors release new patches is to fix security vulnerabilities that can be exploited by malicious software or people intending to damage the IT systems or network.

 

Applying security patches in a timely fashion highly reduces the risk of having a security breach and all the related problems that come with it, like data theft, data loss, reputations issues or even legal penalties.

 

Read more

Critical patches for Windows and Flash Player

If you’re a user of Windows or Flash (and I would imagine that covers the vast majority of you) then it’s time to roll out the latest critical security patches, as Microsoft and Adobe have released updates to their software.

 

First up is Microsoft, who have released a bumper bundle of fixes as part of their regular “Patch Tuesday” cycle, issuing 14 bulletins to remedy 34 security holes in Windows, Internet Explorer, Microsoft Office, Silverlight, Microsoft XML Core Services and Server Message Block.

 

Eight of the bulletins have been Microsoft’s highest severity rating of “critical”, with the rest being labelled “important”.

 

The good news, as Chet Wisniewski explains, is that we haven’t yet seen any malware spreading by exploiting these vulnerabilities – but that may only be a matter of time.

 

Separately, Microsoft has also issued an advisory about a zero-day vulnerability, which could allow untrusted code to run on a user’s machine by exploiting a weakness in the Windows Service Isolation feature.

 

Meanwhile, another platform commonly targeted by malicious hackers has been updated to defend against security vulnerabilities.

 

Adobe has identified critical vulnerabilities in Adobe Flash Player version 10.1.53.64 and earlier, and urged users to update their installations of Flash and Adobe Air.

 

If you’re not sure which version of the Adobe Flash Player you have installed, visit the About Flash Player page. Remember that if you use more than one browser on your computer you should check the version number on each.

 

Read More…

 

 

 

Microsoft readies emergency patch for Shortcut zero-day flaw

Updated Good news from Microsoft. It has announced that it plans to release an emergency out-of-band update to patch a critical Windows security vulnerability that is being actively exploited by malware.

 

The so-called Shortcut exploit is being exploited by specially crafted shortcut (.LNK) files that point to malicious code and trick Windows into executing it without user interaction.

 

Malware exploiting the vulnerability have included Stuxnet, Chymin and Dulkis, Zbot, and – most recently – Sality.

 

“In the past few days, we’ve seen an increase in attempts to exploit the vulnerability. We firmly believe that releasing the update out of band is the best thing to do to help protect our customers,” Christopher Budd, Senior Security Response Communications Manager at Microsoft, wrote on the MSRC blog.

 

Microsoft normally publishes its security patches on the second Tuesday of each month, but this one is scheduled to be released today (Monday, August 2 2010) at 10am PST (1800 BST).

 

Whenever Microsoft releases an out-of-band patch it’s a big deal – they clearly think it’s an important enough issue to break their regular cycle and you should pay attention too. We would recommend that computer users apply the patch as soon as possible.

 

As Microsoft is issuing a permanent patch for the shortcut vulnerability, we would recommend that users uninstall the Sophos Windows Shortcut Exploit Protection Tool before applying the Microsoft fix.

 

 

Read More…

 

 

Critical security updates from Microsoft and Adobe

It was “Patch Tuesday” yesterday, which means another parcel of security updates for computer users to unwrap, and this time the fixes aren’t just from Microsoft, but from Adobe too.

 

First on the menu is Microsoft, which has served up two security bulletins detailing vulnerabilities that could be exploited by hackers to execute malicious code (such as a worm) on your computer.

 

The first of these security holes exists in Outlook Express, Windows Mail, and Windows Live Mail. Microsoft’s Security Research & Defense blog goes into some detail about the vulnerability, explaining that although the security hole is given a “critical rating” on Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008, it is considered less serious for Windows 7 users as Windows Live Mail is not installed by default on that platform.

 

The other patch from Microsoft addresses a vulnerability in Visual Basic for Applications, a component used by Microsoft Office and other third-party products. Microsoft has given this security update its highest possible rating – “Critical” – for all supported versions of Microsoft Visual Basic for Applications SDK and third-party applications that use Microsoft Visual Basic for Applications. It is also rated “Important” for all supported editions of Microsoft Office XP, Microsoft Office 2003, and the 2007 Microsoft Office System.

 

Next up is Adobe, who have released patches to squash over 20 security vulnerabilities in its Shockwave and ColdFusion products.

 

The critical vulnerabilities identified in Adobe Shockwave Player 11.5.6.606 and earlier versions impact both Windows and Macintosh users, and could allow attackers to run malicious code on your computer.

 

Adobe recommends that users update their version of Adobe Shockwave Player to version 11.5.7.609.

 

Details of the ColdFusion vulnerabilities, classed as “important”, are provided in Adobe Security Bulletin APSB10-11.

 

Enough of waffle. Download and install the patches if your computer is affected.

 

By Graham Cluley, Sophos

 

All Twitter Users Have 0 followers and 0 following !

Before 10 min I just want to follow some twitter users and I got this message

 

Then I refreshed the page to see Virus Experts profile and I saw it has 0 followers and 0 following !?

I thought we only have this problem with our account so I checked more than twitter account and I saw it has the same problem.

 

I think twitter is fixing followers spam problem.

 

we will wait…

 

Update : after 20 min twitter fixed the problem.

Removal tool for Mal/FakeAV-BW, Generic FakeAlert!hr, Packed.Win32.Krap.an (winupdate.exe, exec.exe, ppal.exe, MSe5ad.exe) Malware

 

 

 

 

 

Read more

McAfee signature update Kill Windows systems

 

A flawed signature update (DAT 5958) from McAfee yesterday (Wednesday) caused the system file svchost.exe to be identified and quarantined as the virus W32/Wecorl.a under Windows XP SP3. This resulted in affected systems rebooting (30 second countdown) and then entering an endless boot loop, repeatedly restarting.

 

According to McAfee’s user forum, large numbers of businesses are affected. To resolve the problem, the vendor is advising users to download an updated signature (DAT 5959) on an unaffected computer, copy it to a USB drive, restart the affected computer in safe mode with network support (press F8 while booting) and connect the USB drive. Double-clicking on the file 5959xdat.exe will then install the new signature. In most cases, users will then need to restore the svchost.exe file. McAfee has provided instructions for doing so.

 

Alternatively, the file extra.dat (direct download) can be used to prevent the flawed signature from disabling the system. Users should copy this file onto a USB drive, copy it from there into the c:\Program Files\Common Files\McAfee\Engine folder on the affected system (in safe mode) and restart the computer. Here again, svchost.exe will need to be manually restored or retrieved from quarantine.

 

These fixes involve a fair bit work for administrators, as it is not possible to resolve the problem from a central management console. On large networks this is likely to result in a few late nights. McAfee has also released an automated solution in the form of an executable file (direct download).

 

McAfee has a function for intercepting false positives, but this only works for files on the hard drive – the problem here, according to McAfee, is that the false positive is triggered by the memory scan, which can’t be intercepted.

 

As an interesting side note, McAfee’s bug added an extra dose of realism to a disaster exercise being held by one Iowa community, when the emergency centre computers and communications systems failed. The teams were forced tofall back on old radio systems.

 

As past stories from The H show, McAfee is not alone among anti-virus vendors in causing disruption through issuing a flawed update.

 

 

Source : www.h-online.com

How To Remove and fix Virus.Win32.Sality Win32/Sality.ah Win32/Sality.ag with Kaspersky Tools

The recommendations given concerning disinfection of a computer from Virus.Win32.Sality should be applied only if NO Kaspersky Lab product is installed on an infected computer, and/ or if the computer is already infected and a Kaspersky Lab product cannot be installed by regular means. Kaspersky Lab experts also recommend using Rescue Disk to disinfect an infected computer.

 

The SalityKiller.exe utility given in this article allows detecting and disinfecting only the following Sality modification Virus.Win32.Sality.aa, Virus.Win32.Sality.ag.

 

Read more

Adobe Patch Tuesday to bring automatic updates

On Tuesday April 13th it’s not only the regular appointment for system administrators around the world to expect the latest bunch of monthly security updates from Microsoft, it will also be time for a scheduled quarterly update from Adobe for its reader and Acrobat products.

 

Adobe says that its upcoming update to Adobe Reader and Acrobat 9.3.2 and 8.2.2 will utilise its new updater technology on Windows and Mac – previously only enabled for selected beta-testers.

 

Windows users will find an option to “Automatically install updates” on their Preferences/Updater tab. Alternatively they can select “Automatically download updates, but let me choose when to install them” or “Do not download or install updates automatically” (These last two options are the only choices presently available on the Mac version).

 

Adobe’s Steve Gottwals describes the new updating feature as a demonstration that user security is a key priority for the company. It is hoped that in the future Adobe’s PDF-handling software will include a screen prompting end-users to select auto-update to ensure further updates occur automatically behind the scenes.

 

The majority of attacks we are seeing are exploiting software installations that are not up-to-date with the latest security fixes. We therefore believe that the automatic update option is the best choice for most end-users. We are currently evaluating options for the best long-term solution for users, which could involve presenting the user with an opt-in screen for the automatic update option as part of the next phase in the roll-out.

Chances are that these new update preferences will be more eagerly welcomed amongst home users than corporations – as firms often wish to test security updates before rolling them out across their entire organisation.

 

But the security community as a whole should probably give this new Adobe feature a thumbs-up – if the new feature works as advertised it sounds like it will definitely be a step in the right direction. Let us hope that more of Adobe’s customers will do a better job of keeping their systems up-to-date as a result of this enhancement.

 

It’s also of note that there is no news yet of an auto-updating facility for Flash – another Adobe technology that is frequently exploited by hackers. Lets hope that that isn’t too far away.

 

Although Tuesday’s Adobe updates will resolve critical security issues in its Acrobat and Reader products, it is not yet known if the currently high profile PDF /Launch security hole will be amongst them.

 

By Graham Cluley, Sophos

 

 

Related Blogs

Next Page »