Sunday, May 23, 2010

“Bugs and Fixes: Security Woes for Windows, McAfee, Firefox” plus 1 more

“Bugs and Fixes: Security Woes for Windows, McAfee, Firefox” plus 1 more

Bugs and Fixes: Security Woes for Windows, McAfee, Firefox

Posted: 22 May 2010 06:55 PM PDT

The bugs keep marching in, with Microsoft, McAfee, and Mozilla all having to deal with serious security-related software problems in the past month.

Another Windows Fix

According to Microsoft, "two privately reported vulnerabilities in Windows Authenticode Verification...could allow remote code execution." In other words, an attacker could take control of your PC by exploiting either of those flaws. The intruder could gain administrator rights, with the ability to add, change, or delete practically any file.

Microsoft has issued an update that addresses the vulnerabilities by performing additional verification operations. This update is critical to all supported versions of Windows, including 98, XP, Vista, and 7, as well as Server 2003, 2008, 2008 R2, 2003, 2000, and 2000 Professional.

If you have automatic updates enabled (recommended), you'll get this update and others instantly. If you do not have automatic updating turned on, Microsoft suggests downloading critical updates manually; go to the Control Panel, click the Windows Update icon, and then select Check for Updates. You can learn more about this patch, and download it manually, at Microsoft TechNet.

McAfee Update Makes Windows PCs Crash

McAfee released an update in mid-April that unfortunately caused Windows PCs to fail spectacularly. The update improperly identified a Windows component known as svchost.exe as a virus, which caused McAfee's software to delete it.

The error was so severe that 8000 of the 25,000 computers at the University of Michigan Health System and Medical School crashed, along with thousands of computers around the world.

Put simply, svchost.exe is a process that hosts other services used by various programs on your PC (read Microsoft's explanation for more-technical details). If you look in Windows Task Manager, you may see quite a few svchost.exe processes running (under "Image Name"), and as you can imagine, attacking all of them could be catastrophic for any system.

The problematic update mostly affected users running Windows XP Service Pack 3. If it affected you, pick up McAfee's SuperDAT Remediation Tool to restore svchost.exe.

Firefox Flaw Corrected

A hole in the Mozilla Firefox Web browser has blossomed into a major flaw. A week after releasing Firefox 3.6.2, Mozilla released version 3.6.3 to address a critical security issue that could allow remote attackers to run commands of their choice.

To fix the bug, download Firefox 3.6.3, or click Help, Check for Updates, Get the New Version in the Firefox toolbar. Mozilla says the bug does not affect versions 3.5 or earlier.

If you still want to obtain and use add-ons that are not compatible with version 3.6, don't worry: Mozilla says that it will issue a patch for Firefox 3.5 in an upcoming release in case another method of exploiting this security hole exists.

Five Filters featured article: The Art of Looking Prime Ministerial - The 2010 UK General Election. Available tools: PDF Newspaper, Full Text RSS, Term Extraction.

Rogue Facebook apps launch 'beach babes' attack

Posted: 23 May 2010 01:50 AM PDT

Another attack using rogue Facebook applications hit users' PCs Saturday in a virtual repeat of last weekend's massive assault, security researchers said.

Like the earlier attack, today's scam uses a sex-oriented video as bait, said Patrik Runald, a Australian researcher who works for Websense Security.

The scam is spread through Facebook messages touting "Distracting Beach Babes" videos that include a link to the malicious applications, Runald wrote on his company's blog early Saturday. Users who click on the link are asked to allow the application to access their profiles, and let it send messages to friends and post it on their walls. Once approved, the application instructs users to download an updated version of FLV Player, a popular free Windows media player, to view the video.

This new attack is almost identical to the one that generated several hundred thousand malicious software reports to antivirus vendor AVG Technologies a week ago.

On Saturday, Graham Cluley, a senior technology consultant at U.K.-based security firm Sophos, put the number of attacked Facebook users in "the thousands."

Neither Runald or Cluley could confirm the nature of the malware that masquerades as FLV Player, but both suspected that because of the similarity to last week's attack, it was most likely the result of the notorious Hotbar adware , a toolbar that inserts itself into Internet Explorer and displays pop-up ads and links.

"I'm beginning to wonder if the cybercriminals deliberately launch these campaigns on the weekends, imagining that anti-virus researchers and Facebook's own security team might be snoozing," said Cluley on the Sophos blog Saturday .

Facebook did not reply to a request for comment Saturday, and its security page had no mention of the latest attacks.

According to Runald, Websense has identified at least 100 different malicious applications used in the two weekend attacks.

Facebook users have used the service to warn others of the ongoing attacks. "Hey guys whatever you do DO NOT click on the post that appears on your wall -- doing so will result in all of your Facebook friends being sent the virus," one such message said.

Runald and Cluley spelled out in their blog posts how users who installed the rogue Facebook software, but who did not take the final step and fall for the fake FLV Player download, can remove the bogus program from their application settings page.

Searches conducted on Facebook at 4:30 p.m. ET for the malicious application that Ronald identified came up empty, implying that Facebook had removed it from the site.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about security in Computerworld's Security Knowledge Center.

Five Filters featured article: The Art of Looking Prime Ministerial - The 2010 UK General Election. Available tools: PDF Newspaper, Full Text RSS, Term Extraction.
Posted by at

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)