Posts Tagged: windows

Time to Patch26 Comments
20
Feb 13

Critical Security Updates for Adobe Reader, Java

Adobe and Oracle each released updates to fix critical security holes in their software. Adobe’s patch plugs two zero-day holes that hackers have been using to break into computers via Adobe Reader and Acrobat. Separately, Oracle issued updates to correct at least five security issues with Java.

javaiconThe Java update comes amid revelations by Apple, Facebook and Twitter that employees at these organizations were hacked using exploits that attacked Java vulnerabilities on Mac and Windows machines. According to Bloomberg News, at least 40 companies were targeted in malware attacks linked to an Eastern European gang of hackers that has been trying to steal corporate secrets.

Oracle’s update brings Java on Windows systems to Java SE 7 Update 15, and Java 6 Update 41. Most consumers can get by without Java installed, or least not plugged into the browser. Because of the prevalence of threats targeting Java installations, I’d urge these users to remove Java or unplug it from the browser. If this is too much trouble, consider adopting a dual-browser approach, keeping Java unplugged from your main browser, and plugged in to a secondary browser that you only use to visit sites that require the plugin. To find out if you have Java installed, visit java.com and click the “Do I have Java?” link below the big red button. Existing users can update Java from the Java Control Panel, clicking the Update tab and then the “Update Now” button.

Apple has issued an update that brings Java up-to-date on security patches but also disables the Java plugin from Web browsers on the system. Apple also issued a malware removal tool that it said should remove from Macs the most common variants of malware that used the most recent Java exploits. Continue reading →

Time to Patch25 Comments
12
Feb 13

Fat Patch Tuesday

Adobe and Microsoft each have issued security updates to fix multiple critical vulnerabilities in their products. Adobe released updates for Flash Player, AIR and Shockwave; Microsoft pushed out a dozen patches addressing at least 57 security holes in Windows, Office, Internet Explorer, Exchange and .NET Framework.

winiconFive of the 12 patches Microsoft released today earned its most dire “critical” label, meaning these updates fix vulnerabilities that attackers or malware could exploit to seize complete control over a PC with no help from users.

Thirteen of the 57 bugs squashed in Microsoft’s patch batch address issues with Internet Explorer; other critical patches fix problems in the Windows implementation of Vector Markup Language (VML), Microsoft Exchange, and flaws in the way Windows handles certain media files. The remaining critical patch fixes a flaw that is present only on Windows XP systems.

Updates are available via Windows Update or from Automatic Update. A note about applying these Windows patches: Today’s batch includes an update for .NET, which in my experience should be applied separately. In nearly every case where I’ve experienced problems updating Windows, a huge .NET patch somehow gummed up the works. Consider applying the rest of the patches first, rebooting, and then installing the .NET update, if your system requires it.

And for the second time in a week, Adobe has released an update for its Flash Player software. This one addresses at least 17  distinct vulnerabilities; unlike last week’s emergency Flash Update, this one thankfully doesn’t address flaws that are already actively being exploited, according to Adobe. Check the graphic below for the most recent version that includes the updates relevant to your operating system. This link should tell you which version of Flash your browser has installed. The most recent versions are available from the Adobe download center, but beware potentially unwanted add-ons, like McAfee Security Scan). To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here.

Continue reading →

Latest Warnings / Security Tools / Time to Patch28 Comments
7
Feb 13

Critical Flash Player Update Fixes 2 Zero-Days

Adobe today pushed out an emergency update that fixes at least two zero-day vulnerabilities in its ubiquitous Flash Player software — flaws that attackers are already exploiting to break into systems. Interestingly, Adobe warns that one of the exploits in use is designed to drop malware on both Windows and Mac OS X systems.

brokenflash-aAdobe said in an advisory that one of the vulnerabilities — CVE-2013-0634 - is being exploited in the wild in attacks delivered via malicious Flash content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment.

Adobe also warned that a separate flaw – CVE-2013-0633 – is being exploited in the wild in targeted attacks designed to trick the user into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash content. The company said the exploit for CVE-2013-0633 targets the ActiveX version of Flash Player on Windows (i.e. Internet Explorer users).

Updates are available for Windows, Mac, Linux and Android users. The latest Windows and Mac version is v. 11.5.502.149, and is available from this link. Those who prefer a direct link to the OS-specific downloads can grab them here. To find out if you have Flash installed and what version your browser may be running, check out this page.

flash115502149

Flash Player installed with Google Chrome should automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player v. 11.5.31.139 for Windows, Macintosh and Linux. Likewise, Internet Explorer 10 for Windows 8 also includes an auto-update feature, which should bring Flash to version 11.3.379.14 for Windows.

Adobe’s advisory notes that the vulnerability that has been used to attack both Mac and Windows users was reported with the help of the Shadowserver Foundation, the federally funded technology research center MITRE Corporation, and aerospace giant Lockheed Martin‘s computer incident response team. No doubt there are some interesting stories about how these attacks were first discovered, and against whom they were initially deployed.

Latest Warnings / Security Tools / Time to Patch26 Comments
11
Dec 12

Critical Updates for Flash Player, Microsoft Windows

Adobe and Microsoft have each released security updates to fix critical security flaws in their software. Microsoft issued seven update bundles to fix at least 10 vulnerabilities in Windows and other software. Separately, Adobe pushed out a fix for its Flash Player and AIR software that address at least three critical vulnerabilities in these programs.

A majority of the bugs quashed in Microsoft’s patch batch are critical security holes, meaning that malware or miscreants could exploit them to seize control over vulnerable systems with little or no help from users. Among the critical patches is an update for Internet Explorer versions 9 and 10 (Redmond says these flaws are not present in earlier versions of IE).

Other critical patches address issues with the Windows kernel, Microsoft Word, and Microsoft Exchange Server. The final critical bug is a file handling vulnerability in Windows XP, Vista and 7 that Microsoft said could allow remote code execution if a user browses to a folder that contains a file or subfolder with a specially crafted name. Yikes. Updates are available through Windows Update or via Automatic Updates.

Continue reading →

A Little Sunshine / The Coming Storm16 Comments
12
Nov 12

Malware Spy Network Targeted Israelis, Palestinians

Researchers in Norway have uncovered evidence of a vast Middle Eastern espionage network that for the past year has deployed malicious software to spy on Israeli and Palestinian targets.

The discovery, by Oslo-based antivirus and security firm Norman ASA, is the latest in a series of revelations involving digital surveillance activity of unknown origin that appears designed to gather intelligence from specific targets in the Middle East.

Norman’s experts say the true extent of the spy network came into focus after news of a cyber attack in late October 2012 that caused Israeli authorities to shut down Internet access for its police force. According to press reports, that incursion was spearheaded by a booby-trapped email that was made to look as if it was sent by Benny Gantz, the chief of general staff of the Israel Defense Forces.

Security vendor Trend Micro suggested that the initial target of that attack were systems within the Israeli Customs agency, and said the malware deployed was a version of Xtreme RAT, a Remote Access Trojan that can be used to steal information and receive commands from a remote attacker. According to Trend, the latest iterations of Xtreme Rat have Windows 8 compatibility, improved Chrome and Firefox password grabbing, and improved audio and desktop capture capabilities features.

All of the malware files Fagerland discovered as part of this campaign were signed with this phony Microsoft certificate.

Snorre Fagerland, a senior virus researcher at Norman, said he examined a sample of the Trojan used to deploy the malware in that attack, and found that it included a rather telltale trait: It was signed with a digital certificate that was spoofed to appear as though it had been digitally signed by Microsoft.

The faked digital certificate would not stand up to validation by Windows– or anyone who cared to verify it with the trusted root certificates shipped with Windows PCs. But it proved to be a convenient marker for Fagerland, who’s been scouring malware databases for other samples that used the same phony certificate ever since. So far, he’s mapped out an expanding network of malware and control servers that have been used in dozens of targeted email attacks (see graphic below).

“These malwares are set up to use the same framework, talk to same control servers, and have same spoofed digital certificate,” Fagerland said in an interview with KrebsOnSecurity. “In my view, they are same attackers.”

Fagerland discovered a vast network of command and control servers (yellow) that all bore the same forged Microsoft certificate and powered malware that targeted Israeli and Palestinian users.

Fagerland found that the oldest of the malicious files bearing the forged Microsoft certificate were created back in October 2011, and that the Arabic language email lures used in tandem with those samples highlighted Palestinian news issues. He observed that the attackers used dynamic DNS providers to periodically shift the Internet addresses of their control networks, but that those addresses nearly always traced back to networks in Gaza assigned to a hosting provider in Ramallah in the West Bank.

After about eight months of this activity, the focus of the malware operation pivoted to attacking Israeli targets, Fagerland discovered. When that happened, the attackers shifted the location of their control servers to networks in the United States.

Continue reading →

Time to Patch9 Comments
11
Sep 12

Microsoft Pushes Two Security Patches

Microsoft today issued security updates to fix at least two vulnerabilities in its software. The fixes are for enterprise components that are not widely installed, meaning that Windows home users will likely get away with not having to patch their operating system this month.

The first patch, MS12-061, applies to Microsoft Visual Studio Team Foundation Server. The other update, MS12-062, fixes a flaw in Microsoft Systems Management Server 2003 and Microsoft System Center Configuration Manager 2007.

Windows users who run Windows Update or Automatic Update may still find a few updates available, such as KB2736233, which disables certain potentially unsafe ActiveX components in Internet Explorer; or KB2735855, which is a stability hotfix for Windows 7 and Windows Server 2008 systems.

Microsoft is urging system administrators at organizations to test a soon-to-be mandatory patch (KB2661254) that will change the way Windows handles encryption keys. That patch is in apparent response to the weaknesses exploited by the Flame malware, which used it to successfully spoof the encryption algorithm used by Microsoft’s Remote Desktop and to install itself on Windows PCs. The update has been available since August but won’t be pushed out through Windows Update until October.

Latest Warnings / Security Tools / Time to Patch50 Comments
30
Aug 12

Security Fix for Critical Java Flaw Released

Oracle has issued an urgent update to close a dangerous security hole in its Java software that attackers have been using to deploy malicious software. The patch comes amid revelations that Oracle was notified in April about this vulnerability and a number other other potentially unpatched Java flaws.

The patch fixes a critical flaw in the latest version of Java 7 that is now being widely exploited. Users with vulnerable versions of Java installed can have malware silently planted on their systems just by browsing to a hacked or malicious Web site.

The update brings Java 7 to Update 7, and appears to fix the flaw being exploited and several other security holes. Oracle also released a security update for systems running Java 6, which brings that version to Java 6 Update 35.

Today’s patches are emergency, out-of-schedule updates for Oracle, which previously was not planning to release security updates for Java until October. Although it may appear that Oracle responded swiftly to the discovery of extremely dangerous flaws in its software, Security Explorations — a research firm from Poland — says it alerted Oracle about this vulnerability and 30 others back in April. It’s not yet clear how many of those vulnerabilities were patched in this release.

“We … expected that the most serious of them would be fixed by June 2012 Java CPU,” said Security Explorations CEO and founder Adam Gowdiak told The Register’s Neil McAllister. “But it didn’t happen and Oracle left many issues unpatched with plans to address them in the next Java [updates].”

Continue reading →

A Little Sunshine / Latest Warnings45 Comments
31
Jul 12

Email-Based Malware Attacks, July 2012

Last month’s post examining the top email-based malware attacks received so much attention and provocative feedback that I thought it was worth revisiting. I assembled it because victims of cyberheists rarely discover or disclose how they got infected with the Trojan that helped thieves siphon their money, and I wanted to test conventional wisdom about the source of these attacks.

Top malware attacks and their antivirus detection rates, past 30 days. Source: UAB

While the data from the past month again shows why that wisdom remains conventional, I believe the subject is worth periodically revisiting because it serves as a reminder that these attacks can be stealthier than they appear at first glance.

The threat data draws from daily reports compiled by the computer forensics and security management students at the University of Alabama at Birmingham. The UAB reports track the top email-based threats from each day, and include information about the spoofed brand or lure, the method of delivering the malware, and links to Virustotal.com, which show the number of antivirus products that detected the malware as hostile (virustotal.com scans any submitted file or link using about 40 different antivirus and security tools, and then provides a report showing each tool’s opinion).

As the chart I compiled above indicates, attackers are switching the lure or spoofed brand quite often, but popular choices include such household names as American Airlines, Ameritrade, Craigslist, Facebook, FedEx, Hewlett-Packard (HP), Kraft, UPS and Xerox. In most of the emails, the senders spoofed the brand name in the “from:” field, and used embedded images stolen from the brands being spoofed.

The one detail most readers will probably focus on most this report is the atrociously low detection rate for these spammed malware samples. On average, antivirus software detected these threats about 22 percent of the time on the first day they were sent and scanned at virustotal.com. If we take the median score, the detection rate falls to just 17 percent. That’s actually down from last month’s average and median detection rates, 24.47 percent and 19 percent, respectively.

Continue reading →

Latest Warnings / Time to Patch30 Comments
12
Jun 12

Microsoft Patches 26 Flaws, Warns of Zero-Day Attack

Microsoft today released updates to plug at least 26 separate security holes in its Windows operating systems and related software. At the same time, Microsoft has issued a stopgap fix for a newly-discovered flaw that attackers are actively exploiting.

The security fixes are included in seven security patch bundles, three of which earned Microsoft’s most dire “critical” label, signifying that attackers can exploit them without any help on the part of the user.  Redmond patched vulnerabilities in Windows, Internet Explorer, Dynamics AX, Microsoft Lync (Microsoft’s enterprise instant message software), and the Microsoft .NET Framework.

Microsoft called out two patches as particularly important: the Internet Explorer bundle (MS12-037), which addresses 13 issues; and a critical flaw in the Windows remote desktop protocol (RDP). Updates are available for all supported versions of Windows, via Windows Update or Automatic Update. Continue reading →

Latest Warnings / Security Tools / Time to Patch58 Comments
4
Apr 12

Urgent Fix for Zero-Day Mac Java Flaw

Apple on Monday released a critical update to its version of Java for Mac OS X that plugs at least a dozen security holes in the program. More importantly, the patch mends a flaw that attackers have recently pounced on to broadly deploy malicious software, both on Windows and Mac systems.

Distribution of 550,000 Flashback-infected Macs. Source: Dr.Web.com

The update, Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7, sews up an extremely serious security vulnerability (CVE-2012-0507) that miscreants recently rolled into automated exploit kits designed to deploy malware to Windows users. But in the past few days, information has surfaced to suggest that the same flaw has been used with great success by the Flashback Trojan to infect large numbers of Mac computers with malware.

The revelations come from Russian security firm Dr.Web, which reports that the Flashback Trojan has successfully infected more than 550,000 Macs, most which it said were U.S. based systems (hat tip to Adrian Sanabria). Dr.Web’s post is available in its Google translated version here.

Continue reading →

← Older Entries