Microsoft: September 2004 Archives

More Jpg Exploit in the Wild News

Got to love the old school viruses. The jpg exploit has gone back to the future by making its first notable appearance in porno newsgroups. There is a good writeup of this over at http://www.easynews.com/virus.txt

The virus is using the JpegOfDeath sample exploit code made available on the net to install remote admin software and downloading assorted hacker tools to make life easier.

By Roger on September 28, 2004 12:49 AM |

GDI Scan Tool

If you haven't already seen it, SANS has posted a tool to scan the local system for vulnerable GDI files. There is a GUI and a command line version. It can be downloaded from SANS.

By Roger on September 27, 2004 2:20 PM |

Sept Patch Day

Tuesday was Microsoft patching day and this one left me scratching my head more than most. Maybe its my own fault for reading ntbugtraq and the babble of the tech writers. This jpeg patch seems tougher to decipher than the riddle of the sphinx. First you've got windows update that just gives you a tool to see if you have the file. Then you've got different Microsoft versions of the patch. At least that's what it sounds like. You dont need a patch if you have Microsoft Office 2003 SP1, but if you haven't applied that service patch then you need a patch. And there is an IE patch. Or is that the same thing. Then the file in question is used in other MS apps that MBSA doesn't detect. Then you've got other applications that introduce their own vulnerable version of the file. And of course you've got a denial of service exploit already on the market. What a patching nightmare

By Roger on September 15, 2004 7:05 PM |

Feeding Media Egos

Tim Mullen has a totally awesome article over at Security Focus on the tech writers reaction to XP service pack 2.

http://www.securityfocus.com/columnists/265

It is a great article on the frenzy of reporting/bashing surrounding SP2 as every minor blemish or thing not fixed that was wrong in xp becomes a major blemish. It causes typical users to flee in terror from a service pack that will do them a lot of good.

"In the Feeding of Media Egos, everyone leaves vulnerable."

By Roger on September 7, 2004 5:52 PM |

CERT Recommends SP2

The U.S Computer Security Response Team has recommended that all users install Service Pack 2 for Windows XP.

http://www.us-cert.gov/cas/alerts/SA04-243A.html

Reasons:
Windows Firewall
Windows Firewall is enabled in almost all configurations, blocking network traffic coming into your computer. Blocking this traffic helps to protect you from worms and other malicious code that spread via the Internet.

Internet Explorer Local Machine Zone Lockdown
New settings for Internet Explorer disable the execution of ActiveX controls and Active scripting in the Local Machine Zone. This protects you from attacks and vulnerabilties such as Download.Ject.

Additional Internet Explorer Security Changes
Internet Explorer now includes a pop-up blocker, additional window restrictions, and changes in MIME type handling that better defend against social engineering and "phishing" attacks. A browser add-on management interface provides a way to identify and disable programs that run as part of Internet Explorer. Enhanced protection against security zone elevation and object caching vulnerabilities helps defend against malicious web scripts.

Email Handling Technologies
Outlook Express now supports the ability to read and compose messages in plain text and to block external HTML content such as "web bugs." Security checks are now performed in a more consistent way to help prevent the execution of malicious attachments.

Security Center
The Security Center "...provides a central location for changing security settings, learning more about security, and ensuring that [your] computer is up to date, with the essential security settings that are recommended by Microsoft."

Automatic Updates
The update services and automatic update feature of Windows XP have been improved. US-CERT highly recommends that you enable Automatic Updates.

Data Execution Prevention
Memory protection helps prevent attackers from executing code on your computer.

By Roger on September 4, 2004 6:35 PM |

IE still vulnerable to Phishing

One of my users got an email supposedly from Suntrust which advised the user to go to https://internetbanking.suntrust.com/verify/default.asp otherwise their creditcard or account would be suspended. The url of actually went to http://219.117.228.247/verify. This is a computer in Japan running Redhat Linux.

Of course this is garden variety phishing. What I found interesting is that even on a fully patched version of Internet Explorer the real location is hidden from the user.

At this website, right clicking is prevented in IE. The addressbar displays a https:// suntrust url. The lock is missing down in the status bar.

By Roger on September 2, 2004 12:28 PM |
« Microsoft: August 2004 | Main Index | Archives | Microsoft: October 2004 »

Search