Computer Security Information Center

Mission Statement

The Computer Security Information Center is one of the newer sections here on 5 Star Support. It is one of the ten major sections of the Web site. We are dedicated to assisting you with security threat concerns to your computer from various sources on the Internet. While we cannot say "Don't worry, we've got your back", nobody else can either. What we are all about here is trying to keep you as safe as possible by supplying concise security information organized in one place so you won't have to waste a lot of time looking all over the Internet for it yourself. We hope to improve your computer security and help you both avoid and solve problems by:

Raising your awareness to security risks through tutorials and news articles
Provide tutorials explaining how to fix problems related to security issues
Provide high-quality information regarding virus risks and solutions
Increase your knowledge of needed security related skills
Help you set up your computer to avoid major security related problems
Provide assistance in treating and removing virus issues you may encounter

If we can accomplish this, then we feel very good about the free security assistance we have provided for you. If you agree, please let us know we have helped - it's what keeps us going. Stay safe by visiting us often here at the 5 Star Support Security Center.

For Free Spyware scanners and other security related downloads, please visit our Free Anti-Virus and Anti-Spyware Software page.

Weekly Virus Article

Remove Spyware/Malware or ANY Virus - FOR FREE
Source: 5 Star Support

4.10.10
Spyware/Malware and computer viruses are a big problem that nearly all computer users face. The greatest defense against these parasites is awareness. If you visit web sites of questionable integrity or if you download files frivolously, you are taking huge risks. Many viruses these days are programmed with very harmful intent. They can log your keystrokes on your computer so that banking information is compromised. Granted, I have used probably the worst case scenario for my example, but this is a very real scenario that happens all the time.

If you need help, there are many Security Experts at your disposal that are willing to give you their free time to either coach you on how to keep your files safe or for safely removing threats from an infected machine. All of this we provide to you for free!

We are here for you when you need our help!

http://www.5starsupport.com/ipboard/index.php

Week of 04/11/10 –

General -

This has been a very big week and month for updates and patches from all major vendors. You should plan to check all your software and applications to be sure everything is updated and all current patches are applied. There is active exploit code on the Internet and attacks are underway for a number of products in use by most computer users on a world-wide basis.

Microsoft –

The following 11 bulletins were released by Microsoft to address 25 vulnerabilities:

This security update resolves two privately reported vulnerabilities in Windows Authenticode Verification that could allow remote code execution. An attacker who successfully exploited either vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

This security update is rated Critical for all supported versions of Microsoft Windows. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerabilities by performing additional verification operations when signing and verifying a portable executable or cabinet file.

This security update resolves one publicly disclosed and several privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit these vulnerabilities, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.

This security update is rated Critical for all supported editions of Microsoft Windows. The security update addresses the vulnerabilities by correcting the manner in which the SMB client handles SMB responses, allocates memory, and validates fields within the SMB response.

This update applies, with the same severity rating, to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation option.

This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users.

This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and the original release version of Windows Vista. This security update is rated Moderate for all supported versions of Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

The security update addresses the vulnerabilities by correcting validations, the creation of symbolic links, the resolution of virtual registry key paths, and exceptions handling.

Remember the snafu regarding MS10-015 last time the Kernel was patched, and Microsoft was wrongfully blamed for causing BSOD’s (it was later traced to the PC’s being infected with malware) – this time we have additional information:

MS10-021, one of the 11 updates issued yesterday as part of Microsoft's monthly Patch Tuesday cycle, also fixed flaws in the Windows kernel. But Microsoft is hoping that this month's update won't trigger a repeat Blue Screen of Death.

This security update includes package detection logic that prevents the installation of the security update if certain abnormal conditions exist on 32-bit systems. "These abnormal conditions on a system could be the result of an infection with a computer virus that modifies some operating system files, which renders the infected computer incompatible with the kernel update."

Bottom line – if MS10-021 fails on installation, you are probably infected, and the AV you are using has possibly let you down. If the installation fails and returns error code 0x8007F0F4, or error code 0XFFFFFFFF, then you have this issue, and your machine is infected. Microsoft offers help with this here: http://www.microsoft.com/security/updates/015/ including steps that need to be taken to resolve the issue.

If you run into this, I would suggest you might want to take a good look at what you are using for security software and a firewall. Trust me – what comes free with Windows doesn’t cut it with me. You need something far better, much faster, and something that updates daily; not to mention a firewall that does not leak and is fast enough to beat the bad stuff to the punch, both incoming and outgoing.

This security update resolves a publicly disclosed vulnerability in VBScript on Microsoft Windows that could allow remote code execution. This security update is rated Important for Microsoft Windows 2000, Windows XP, and Windows Server 2003. On Windows Server 2008, Windows Vista, Windows 7, and Windows Server 2008 R2, the vulnerable code is not exploitable; however, as the code is present, this update is provided as a defense-in-depth measure and has no severity rating.

The vulnerability could allow remote code execution if a malicious Web site displayed a specially crafted dialog box on a Web page and a user pressed the F1 key, causing the Windows Help System to be started with a Windows Help File provided by the attacker. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

The security update addresses the vulnerability by modifying the way that the VBScript engine processes help files in protected mode.

This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Important for supported versions of Microsoft Office Publisher 2002, Microsoft Office Publisher 2003, and Microsoft Office Publisher 2007.

The update addresses the vulnerability by correcting the way that Microsoft Office Publisher opens specially crafted Publisher files.

This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Exchange and Windows SMTP Service. The more severe of these vulnerabilities could allow denial of service if an attacker sent a specially crafted DNS response to a computer running the SMTP service. By default, the SMTP component is not installed on Windows Server 2003, Windows Server 2003 x64 Edition, or Windows XP Professional x64 Edition.

This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003; 32-bit and x64-based editions of Windows Server 2008; Windows Server 2008 R2 for x64-based Systems; and Microsoft Exchange Server 2003. This security update is rated Moderate for Microsoft Exchange Server 2000.

The security update addresses the vulnerabilities by correcting the manner in which SMTP parses MX records and the manner in which SMTP allocates memory for interpreting SMTP command responses.

This security update resolves a privately reported vulnerability in Windows Media Services running on Microsoft Windows 2000 Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted transport information packet to a Microsoft Windows 2000 Server system running Windows Media Services. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. On Microsoft Windows 2000 Server, Windows Media Services is an optional component and is not installed by default.

This security update is rated Critical for all supported editions of Microsoft Windows 2000 Server.

The security update addresses the vulnerability by modifying the way that the Windows Media Unicast Service (nsum.exe) handles transport info network packets.

This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file containing an MPEG Layer-3 audio stream. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003 (except Itanium-based editions), and Windows Server 2008 (except Itanium-based editions). For all supported editions of Windows Vista, this security update is rated Important. Itanium-based editions of Windows Server 2003 and Windows Server 2008, and all supported editions of Windows 7 and Windows Server 2008 R2, are not affected by the vulnerability.

The security update addresses the vulnerability by correcting the way that the Microsoft MPEG Layer-3 audio codecs decode the MPEG Layer-3 audio stream in specially crafted AVI files.

This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Windows Media Player 9 Series when installed on all supported editions of Microsoft Windows 2000 and Windows XP

The security update addresses the vulnerability by modifying the way the Windows Media Player ActiveX control handles specially crafted media content hosted on a malicious Web site.

This security update resolves two privately reported vulnerabilities in Microsoft Office Visio. The vulnerabilities could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Important for Microsoft Office Visio 2002 Service Pack 2, Microsoft Office Visio 2003 Service Pack 3, Microsoft Office Visio 2007 Service Pack 1 and Microsoft Office Visio 2007 Service Pack 2.

The security update addresses these vulnerabilities by correcting the way that Microsoft Office Visio validates attributes and calculates indexes when opening specially crafted Visio files.

This security update resolves one privately reported vulnerability in Microsoft Windows. This security update is rated Moderate for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. Windows 7 and Windows Server 2008 R2 are not vulnerable because these operating systems include the feature deployed by this security update.

This vulnerability could allow an attacker to spoof an IPv4 address so that it may bypass filtering devices that rely on the source IPv4 address. The security update addresses the vulnerability by changing the manner in which the Windows TCP/IP stack checks the source IPv6 address in a tunneled ISATAP packet.

MS10-018/KB980182 - Critical (2000, XP, Vista, 7, 2003, 2008, 2008 R2): This is a giant cumulative update for every version of Internet Explorer than Microsoft supports. It fixes a total of 10 security holes, some of which allow remote code execution, others which let the attacker get data they should not. There is also a huge pile of non-security fixes. You should install this immediately if you have not yet done so. 3.3MB - 40.6MB

Oracle (SUN) has released a new version of Java to combat a recent series of 0-day attacks. Users should now be running Java 6 update 20 (1.6.0.20) in order to avoid being vulnerable to attack.

Adobe has released v 9.3.2 for Adobe Reader to mitigate recent 0-day attacks. You should update to this latest version immediately. I also recommend making sure the following settings are made under Edit | Preferences:

During the last 30 days, Adobe has also released updated versions of Flash Player (for both Internet Explorer and Netscape based versions) and Shockwave. You should be sure you are updated if you use these application

Apple has released updates and patches for the second time this month for all currently supported versions of Mac OS X