http://www.safercomputing.org Keeping your computer safe Copyright 2006 Thu, 05 Jan 2006 22:19:51 +0000 http://wordpress.org/?v=1.5-beta-1 2005-01-03 http://www.safercomputing.org/?p=39 http://www.safercomputing.org/?p=39#comments Thu, 05 Jan 2006 22:19:50 +0000 Alerts!!! http://www.safercomputing.org/?p=39 Microsoft has today released the fix for the serious bug in Windows, posted about below, related to the WMF image files. It is awailable for download at http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx There are patches for all the latest versions of Windows, 2000, XP, 64 bit XP and 2003. There are no patches for 98 and ME since 'No attack vectors have been found for these versions' even though the flawed component is included in 98 and ME. Read the FAQ on the linked page. This update is important, especially if you have not used one of the unofficial patches. http://www.safercomputing.org/wp-commentsrss2.php?p=39 http://www.safercomputing.org/?p=38 http://www.safercomputing.org/?p=38#comments Wed, 28 Dec 2005 15:23:25 +0000 Alerts!!! http://www.safercomputing.org/?p=38 2005 is almost over and 2006 is soon here. But don't forget to be careful! A new Windows WMF 0-day exploit is in the wild! Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq. This means that it is possible to go to a website and get infected from a bug that has no fix yet! Internet Explorer will automatically launch the "Windows Picture and Fax Viewer". Note that Firefox users are not totally immune either. In my install of Firefox, a dialog box will ask me if I would like to load the image in "Windows Picture and Fax ... http://www.safercomputing.org/wp-commentsrss2.php?p=38 http://www.safercomputing.org/?p=37 http://www.safercomputing.org/?p=37#comments Wed, 23 Nov 2005 20:48:22 +0000 Alerts!!! http://www.safercomputing.org/?p=37 In the last day or two there has been a major number of email sent, by infected computers, which contains a variant of the Sober virus. The email pretend to be sent from, among other, the fbi.gov domain. The email direct the recipient to open an attachment to answer questions regarding the recipients visits to 'some illegal' websites. The opening of the file activates the virus and causes it to spread to others. The virus has already spread worldwide and has on some security sites been called the worst virus outbreak this year. As we always say, do not click on any attachments in an email, especially not if the email comes from someone you do not know. Even if you do ... http://www.safercomputing.org/wp-commentsrss2.php?p=37 http://www.safercomputing.org/?p=36 http://www.safercomputing.org/?p=36#comments Tue, 22 Nov 2005 14:24:17 +0000 Alerts!!! http://www.safercomputing.org/?p=36 A new security problem with Internet Explorer has been found. Actually, it was found early this year but was not demed as very serious at the time. In the last couple of days the new exploit for Internet Explorer. Microsoft finally released a security advisory regarding this issue. Based on the advisory, Windows server 2003 and 2003 SP1 are not affected by this vulnerability. All other versions are vulnerable. We recommend follow Microsofts security advisory for a temporary workaround. You can read MS security advisory here The workaround mainly disable java script. Some sites may not work with the java script disabled. Another option is to use a different browser, for example Firefox or Opera. http://www.safercomputing.org/wp-commentsrss2.php?p=36 http://www.safercomputing.org/?p=35 http://www.safercomputing.org/?p=35#comments Sun, 13 Nov 2005 10:41:33 +0000 Alerts!!! http://www.safercomputing.org/?p=35 The update this month was few but important. The update is to the Graphical Rendering Engine and can allow someone to take over the computer remotely. The following is the information about the update: Microsoft Security Bulletin MS05-053 has been released. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical See Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) Published: November 8, 2005 Graphics Rendering Engine - CAN-2005-2123 Windows Metafile Vulnerability - CAN-2005-2124 Enhanced Metafile Vulnerability - CAN-2005-0803 Included in this month update is a new version of the Malicious Program detector/remover which detect and remove some of the current viruses and similar programs that may have been installed on your computer. If you haven't already made the update, please do so as soon as possible. http://www.safercomputing.org/wp-commentsrss2.php?p=35 http://www.safercomputing.org/?p=34 http://www.safercomputing.org/?p=34#comments Sat, 15 Oct 2005 07:51:05 +0000 Alerts!!! http://www.safercomputing.org/?p=34 Microsoft has released Microsoft Security Bulletin MS05-052 and reports the "Impact of Vulnerability: Remote Code Execution", "Maximum Severity Rating: Critical" and their "Recommendation: Customers should apply the update immediately.". Affected Software: • Microsoft Windows 2000 Service Pack 4 • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 • Microsoft Windows XP Professional x64 Edition • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems • Microsoft Windows Server 2003 x64 Edition • Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) As can be seen from the above, the updates cover most of the currently ... http://www.safercomputing.org/wp-commentsrss2.php?p=34 http://www.safercomputing.org/?p=33 http://www.safercomputing.org/?p=33#comments Thu, 18 Aug 2005 18:49:19 +0000 Alerts!!! http://www.safercomputing.org/?p=33 This has been a tough week, with numerous viruses / worms that are exploiting the very latest flaws, flaws that Microsoft released updates for just a week ago. Today the InfoCon warning at the bottom of these page is again set to Yellow. A new exploit for a function in Microsoft .Net functions, using Internet Explorer to access the .Net part, has been released while there is still no fix for this problem. Make sure that you update all your virus scanner files and Ad Ware scanners to help block the worms that are very likely to be released very shortly. Please visit http://isc.sans.org/diary.php?date=2005-08-18. An inofficial patch that may be used as a temporary protection is available there, as well as much more ... http://www.safercomputing.org/wp-commentsrss2.php?p=33 http://www.safercomputing.org/?p=32 http://www.safercomputing.org/?p=32#comments Fri, 12 Aug 2005 20:28:23 +0000 Alerts!!! http://www.safercomputing.org/?p=32 Microsoft have released their monthly updates. Please make sure you run Windows Update as soon as possible, there are already at least three separate exploits for the UPnP issue that have been released over the last 24 hours. So, please make sure you are up to date. More information can be found at http://isc.sans.org/ http://www.safercomputing.org/wp-commentsrss2.php?p=32 http://www.safercomputing.org/?p=31 http://www.safercomputing.org/?p=31#comments Sun, 24 Jul 2005 13:46:52 +0000 Alerts!!! http://www.safercomputing.org/?p=31 A new update of Firefox, version 1.0.6, was released a few days ago. This is an important update and it is highly recomended that you do this update as soon as possible. http://www.safercomputing.org/wp-commentsrss2.php?p=31 http://www.safercomputing.org/?p=30 http://www.safercomputing.org/?p=30#comments Thu, 14 Jul 2005 07:54:50 +0000 Alerts!!! http://www.safercomputing.org/?p=30 It is time again for the monthly Microsoft Updates. This time there are mainly three updates: Microsoft Security Bulletin MS05-036 -- Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214) CAN-2005-1219 http://www.microsoft.com/technet/security/Bulletin/MS05-036.mspx Affected: Win2K, XPSP1, XPSP2, Server 2003 and Server 2003SP1 (Critical); Win98, 98SE, and ME (Important). A flaw in validating the format tags within an image once again requires Windows be patched. Like MS04-028 (JPEGS) and MS05-009 (PNGS), MS05-036 patches a flaw in the way that an image format is parsed which could cause an exploitable buffer overflow. This time, the affected component is the Microsoft Color Management Module, which is used by Windows to provide consistent color mappings between different devices and applications and to transform colors from ... http://www.safercomputing.org/wp-commentsrss2.php?p=30 http://www.safercomputing.org/?p=29 http://www.safercomputing.org/?p=29#comments Thu, 16 Jun 2005 19:05:31 +0000 Alerts!!! http://www.safercomputing.org/?p=29 This month has a number of updates. Many of the updates are related to Internet Explorer security or other web related applications securiy. Several of the updates are considered critical or important, meaing that code can be executed remotly on the computer if not updated. In other words, make sure you do update your computer. http://www.safercomputing.org/wp-commentsrss2.php?p=29 http://www.safercomputing.org/?p=28 http://www.safercomputing.org/?p=28#comments Thu, 02 Jun 2005 07:04:58 +0000 Alerts!!! http://www.safercomputing.org/?p=28 New Mytob worm poses as IT administrator It warns recipients that their e-mail accounts are about to be suspended Another variant of the Mytob worm began wiggling its way into mailboxes this week, enticing recipients to open an e-mail attachment that could allow a remote hacker to access and perform commands on an infected machine. The variant, dubbed "Mytob.bi" by some security researchers, scans the hard drive of an infected machine and sends copies of itself to e-mail addresses it finds in the Windows Address Book. The worm poses as a message from an IT administrator, warning recipients that their e-mail accounts are about to be suspended. Possible subject headers for the worm include "*IMPORTANT* Please Validate Your Email Account" and "Notice: **Last ... http://www.safercomputing.org/wp-commentsrss2.php?p=28 http://www.safercomputing.org/?p=27 http://www.safercomputing.org/?p=27#comments Sun, 29 May 2005 06:57:10 +0000 Alerts!!! http://www.safercomputing.org/?p=27 Worm.Gibe.F, a mass-mailing worm written in Visual Basic. It disguises itself as a Microsoft security update, the worm usually arrives as an attachment named Q216309.exe. The worm arrives in an official looking Microsoft email, similar to the one shown below: From: Microsoft Corporation Security Center mailto:rdquest12@microsoft.com] To: Microsoft Customer Subject: Internet Security Update Attachment: q216309.exe Microsoft Customer, this is the latest version of security update, the update which eliminates all known security vulnerabilities affecting Internet Explorer and MS Outlook/Express as well as six new vulnerabilities, and is discussed in Microsoft Security Bulletin MS02-005. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to run code on your computer. The email continue to describe ... http://www.safercomputing.org/wp-commentsrss2.php?p=27 http://www.safercomputing.org/?p=26 http://www.safercomputing.org/?p=26#comments Thu, 12 May 2005 15:15:52 +0000 Alerts!!! http://www.safercomputing.org/?p=26 An updated version of Firefox, version 1.0.4, was released yesterday, 05/11/05. It fixes two vulnerabilities in Mozilla Firefox 1.0.3, when combined they allow an attacker to run arbitrary code. The Mozilla Suite version 1.7.7 is only partially vulnerable. If you are using Forefox 1.0.3 (or any older version) please update as soon as possible to version 1.0.4. The download site may be slow currently due to a large number of users trying to download. Users of Mozilla Suite 1.7.7 (or older) should update to Mozilla Suite 1.7.8. For more information about the update, please see http://www.mozilla.org/security/announce/mfsa2005-42.html http://www.safercomputing.org/wp-commentsrss2.php?p=26 http://www.safercomputing.org/?p=25 http://www.safercomputing.org/?p=25#comments Wed, 11 May 2005 15:13:39 +0000 Alerts!!! http://www.safercomputing.org/?p=25 Microsoft has only one update this month. This one is the MS05-024, and will affect only Windows 2000 with SP3 and SP4. For users that are using older versions, i.e., Windows 98, Windows 98SE or Windows ME, there are no updates for these versions, but Microsoft recommend to read the FAQ about these versions. See http://www.microsoft.com/technet/security/bulletin/MS05-024.mspx for more information. Windows XP has no real updates, the only download for XP is an updated version of the Malicious Software Removal Tool, a tool that only run once to detect, and remove, a number of worms and other viruses, for a complete list see http://www.microsoft.com/security/malwareremove/families.mspx. On another subject, during the last week and a half, we have seen an increasing number of infected email ... http://www.safercomputing.org/wp-commentsrss2.php?p=25 http://www.safercomputing.org/?p=24 http://www.safercomputing.org/?p=24#comments Tue, 03 May 2005 17:41:41 +0000 Alerts!!! http://www.safercomputing.org/?p=24 A new sober variant is making the rounds, spreading surprisingly quickly. We have received multiple reports, the file name we have seen is our_secret.zip. Your anti-virus vendor of choice will have named it something interesting, with 'sober' somewhere in there. For more information: http://vil.nai.com/vil/content/v_133409.htm and http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.o@mm.html As usual, never click on a file attachment in an email! Even if the email seems to be coming from a friend, do not click on the attachment without checking with the sender if he/she actually have sent a file to you. In addition, there were multiple reports this weekend of malware spreading via AIM and other instant messaging, which then logged the compromised systems into an IRC channel to be fed instructions on where to download more nasties. http://www.safercomputing.org/wp-commentsrss2.php?p=24 http://www.safercomputing.org/?p=23 http://www.safercomputing.org/?p=23#comments Tue, 19 Apr 2005 13:23:35 +0000 Alerts!!! http://www.safercomputing.org/?p=23 It is not only Microsoft that have released updates, as mentioned here, Mozilla also released an update to the popular Firefox web browser, an update to version 1.0.3. It is not very long since the updates to version 1.0.1 and 1.0.2 was released. Version 1.0.3 is mostly a security updates. The following information can be found on the Mozilla Firefox site: "Firefox 1.0.3 is a security update that is part of our ongoing program to provide a safe Internet experience for our customers. We recommend that all users upgrade to this latest version. Here's what's new in Firefox 1.0.3:    Several security fixes.    Fix to improve update process. Stay secure, update to the latest version. http://www.safercomputing.org/wp-commentsrss2.php?p=23 http://www.safercomputing.org/?p=22 http://www.safercomputing.org/?p=22#comments Wed, 13 Apr 2005 15:48:00 +0000 Alerts!!! http://www.safercomputing.org/?p=22 Microsoft yesterday released thirteen new security fixes. It may be more or less on your system depending on the version of Windows you use. Five of them are considered Critical which means that it is possible for someone to execute programs on the computer, using flaws that these updates fix. Another three of the fixes are considered Important, even these pose a risk that programs can be downloaded and executed from the Internet. In addition to releasing new patches, Microsoft updated three of its previously-published security bulletins today, and released a new version of its Malicious Software Removal Tool. The information below is rather technical but you don't need to know any of that information unless you are interested in what kind of ... http://www.safercomputing.org/wp-commentsrss2.php?p=22 http://www.safercomputing.org/?p=21 http://www.safercomputing.org/?p=21#comments Fri, 08 Apr 2005 15:14:42 +0000 Alerts!!! http://www.safercomputing.org/?p=21 Notice that the Internet Storm Center status at the bottom of this page still shows yellow. In addition, as you may know, Microsoft release most of their patches and security fixes on the second Tuesday of every month. With Microsoft Patch Tuesday looming on the horizon we thought it wise to alert everyone to a malicious email that is circulating the globe. "A mass SPAM email has been sent out claiming to be from Microsoft. This email spoofs users into thinking that they must update their Windows software. Upon clicking on the link, users are forwarded to a fraudulent website. This website is hosted in Australia, and was up at the time of this alert." More information at http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=163 When the link is ... http://www.safercomputing.org/wp-commentsrss2.php?p=21 http://www.safercomputing.org/?p=20 http://www.safercomputing.org/?p=20#comments Tue, 05 Apr 2005 17:20:09 +0000 Alerts!!! http://www.safercomputing.org/?p=20 04/05/2005 12:50 PM EST. As you may have seen already, the Internet Storm Center is showing Yellow today. For a couple of days there have been a form of attacks on the Internet DNS servers and it seems like the attacks are getting worse. What is the DNS servers? The DNS servers are the system that allows us to type a readable name when we want to go to a web site, like www.safercomputing.org, instead of trying to remember the numerical code that all the computers use to connect to the website. The DNS system convert that name, www.safercomputing.org, to the numerical address, 68.255.227.184. Most ISP's and companies have their own DNS servers. When a user of an ISP or an employee of a ... http://www.safercomputing.org/wp-commentsrss2.php?p=20