JusticeDept.com

October 18, 2009

Microsoft Malware Spam

Filed under: Uncategorized — Tags: , , , , , — @ 2:19 pm

Malware Spam Messages Related to Microsoft Outlook, SSL Certificates

US-CERT is aware of public reports of an increased number of spam messages related to Microsoft Outlook or SSL certificates. These messages contain a malicious file or link that claims to provide an update, but in reality, attempts to launch malware on a user’s system. Typically, the messages instruct the user to click on a link to save a file or to open an attachment, either of which could infect the user’s system.

To help protect against this type of attack, US-CERT recommends that users avoid opening attachments or links contained in unsolicited email messages. Additional tips regarding email attachments can be found in the US-CERT Cyber Security Tip Using Caution with Email Attachments.

August 2, 2009

Vulnerability: Microsoft ActiveX

Filed under: Uncategorized — Tags: , , , , — @ 11:32 pm

US-Cert — ActiveX controls built with Microsoft ATL fail to properly handle initialization data
Overview
ActiveX controls that are built using a Microsoft ATL template may fail to properly handle initialization data, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
I. Description
Microsoft Active Template Library (ATL) is a set of C++ classes that are designed to simplify the creation of COM objects and ActiveX controls. An ActiveX control can be designated as “safe for scripting,” which means that it can be used by an untrusted caller such as JavaScript in a web page, and/or it may be designated as “safe for initialization,” which means that it can accept untrusted initialization data. ActiveX controls that are developed using the Microsoft ATL technology may fail to properly handle initialization data. The specific vulnerabilities include the use of uninitialized objects, unsafe usage of OleLoadFromStream, and the failure to check for a terminating NULL character. This may result in memory corruption that can be leveraged to execute code, or it may bypass Internet Explorer kill bit restrictions on unsafe controls.
II. Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code.
III. Solution
Apply an update

This vulnerability has been addressed in the update for Internet Explorer provided in Microsoft Security Bulletin MS09-034. This update helps prevent ActiveX controls that were built with the vulnerable ATL versions from being initialized with unsafe data patterns in Internet Explorer. This also includes techniques that can be used to bypass the kill bit in Internet Explorer.

Update and recompile ActiveX controls

Developers who have created ActiveX controls using Microsoft ATL should install the update for Microsoft Security Bulletin MS09-035 and recompile the ActiveX controls. This will cause the controls to use an updated ATL version that addresses these vulnerabilities.

Disable ActiveX

Disabling ActiveX controls in the Internet Zone (or any zone used by an attacker) appears to prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in the “Securing Your Web Browser” document.

June 23, 2009

Update for Microsoft Outlook Phishing Scams

Filed under: Uncategorized — Tags: , , , , , — @ 1:15 pm

A massive phishing scam similar to the recent bank fraud scams is being sent in emails that look like the following:

From: “Microsoft Customer Support”
Subject: Update for Microsoft Outlook

Critical Update

Update for Microsoft Outlook / Outlook Express (KB910721)

Brief Description

Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.

Instructions

* To install Update for Microsoft Outlook / Outlook Express (KB910721) please visit Microsoft Update Center:
http://update.microsoft.com/microsoftofficeupdate/isapdl/default.aspx?ln=en-us&id=860973044736591820463007000000

Quick Details

* File Name: officexp-KB910721-FullFile-ENU.exe
* Version: 1.4
* Date Published: Tue, 23 Jun 2009 07:21:24 -0400
* Language: English
* File Size: 81 KB

System Requirements

* Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista
* This update applies to the following product: Microsoft Outlook / Outlook Express
Contact Us
© 2009 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy Statement

The above URL is not the actual link. Hidden in the HTML code it the domain name that the link really take you to –
http://update.microsoft.com.ilfl1i1.net/microsoftofficeupdate/isapdl/default.aspx?ln=en-us&id=860973044736591820463007003404087″>http://update.microsoft.com/microsoftofficeupdate/isapdl/default.aspx?ln=en-us&id=86097304473659182046300700340000

If you get one of these emails, you should safely clear it from your computer and under no circumstance visit the website. In fact, if you are using a Microsoft based computer and / or email program, you should not open the email.

June 14, 2009

Microsoft Security Bulletin

Filed under: Uncategorized — Tags: , , , , — @ 1:14 pm

Microsoft has released an update to address vulnerabilities in Microsoft Windows, Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for June 2009. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, or obtain sensitive information.

May 8, 2009

Warning — Microsoft Powerpoint Alert

Filed under: Uncategorized — Tags: , , , — @ 7:40 pm

Microsoft Releases Advance Notification for May Security Bulletin
added May 7, 2009 at 02:58 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that the May release cycle will contain one bulletin with a maximum severity rating of Critical. The notification states that the Critical bulletin is for Microsoft PowerPoint. The release is scheduled for Tuesday, May 12.

US-CERT will provide additional information as it becomes available.

April 19, 2009

Microsoft Windows, Office and Internet Explorer

Filed under: Uncategorized — Tags: , , , , , — @ 1:49 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, and Forefront Edge Security as part of the Microsoft Security Bulletin Summary for April 2009. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with escalated privileges.

Microsoft Windows Malicious Software Removal Tool
Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

April 7, 2009

Microsoft Security Advisory: Power Point

Filed under: Uncategorized — Tags: , , , , — @ 6:28 pm

Microsoft has released security advisory 969136 to address reports of a vulnerability in Microsoft Office PowerPoint. By convincing a user to open a specially crafted Office file, a remote attacker may be able to gain access to the affected system with the same rights as the user running PowerPoint.

US-CERT encourages users and administrators to review Microsoft Security Advisory 969136 and implement the suggested workarounds listed in the advisory to help mitigate the risks.

March 30, 2009

Tracking GhostNet: Investigating a Cyber Espionage Network

Filed under: Uncategorized — Tags: , , , , , — @ 1:12 pm

This report documents the GhostNet – a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.

The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured.

The report concludes that who is in control of GhostNet is less important than the opportunity for generating strategic intelligence that it represents. The report underscores the growing capabilities of computer network exploitation, the ease by which cyberspace can be used as a vector for new do-it-yourself form of signals intelligence. It ends with warning to policy makers that information security requires serious attention.

Conficker Worm Targets Microsoft Windows Systems

Filed under: Uncategorized — Tags: , , , , — @ 12:58 pm

US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across the network if the host is not patched with MS08-067.

The presence of a Conficker infection may be detected if a user is unable to navigate to the following websites:
http://www.symantec.com/norton/theme.jsp?themeid=conficker_worm&inid=us_ghp+link_conficker_worm
http://www.mcafee.com

If a user is unable to reach either of these websites, the Conficker infection may be indicated (the most current variant of Conficker interferes with queries for these sites, preventing a user from visiting them). If a Conficker infection is suspected, the infected system should be removed from the network. Major anti-virus vendors and Microsoft have released several free tools that can verify the presence of a Conficker infection and remove the worm. Instructions for manually removing a Conficker infection from a system have been published by Microsoft in Knowledgebase Article 962007.

US-CERT encourages users to prevent a Conficker infection by ensuring all systems have the MS08-067 patch (part of Security Update KB958644, which was published by Microsoft in October 2008), disabling AutoRun functionality (see US-CERT Technical Cyber Security Alert TA09-020A), and maintaining up-to-date antivirus software.

US-CERT will provide additional information as it becomes available.

March 28, 2009

Microsoft Updates for Multiple Vulnerabilities

Filed under: Uncategorized — Tags: , , , , — @ 1:54 pm

Source: US-CERT
As part of the Microsoft Security Bulletin Summary for March 2009, Microsoft released updates to address vulnerabilities that affect Microsoft Windows and Windows Server.

A remote, unauthenticated attacker could gain elevated privileges, poison the DNS cache, execute arbitrary code, or cause a vulnerable application to crash.

Solution

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for March 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

Older Posts »

Powered by WordPress