Tuesdays With Microsoft

Thankfully, it’s a relatively wee one.

Microsoft Unleashes Critical Update for Windows Server

Today is Patch Tuesday, and Microsoft is taking it easy on IT admins with a meager two security bulletins this month. But, don’t let the small number of updates lull you into a false sense of security. They may be few, but the patches this month are still crucial for network and computer security.

MS11-035 is rated as Critical and affects the WINS component of Windows Server 2003 and 2008, and MS11-036 is an Important security bulletins related to flaws in Microsoft PowerPoint.

See also:
Microsoft Security Bulletin Summary for May 2011
Microsoft plugs critical hole in Windows
Microsoft Releases Patch Tuesday Fixes for Windows Server and PowerPoint
Microsoft Releases Critical Patch for Windows Servers
Microsoft distributes Windows, PowerPoint patches
Patch Tuesday updates fix a trio of Windows 7 SP1 glitches
Microsoft Fixes Critical Windows Internet Name Service Flaw In Two-Patch Release
Microsoft fixes critical worm hole in Windows Server
Microsoft downplays Server bug threat, say researchers
Windows Update

Now get off your ass and do the Microsoft patch dance!

/so, until next time, stay updated, same patch day, same patch channel

Advertisements

We’re Number One, We’re Number One!

This is why it’s important to keep your computer security up to date.

US Ranks First for Bot-Infected Computers and Spam Output

According to data gathered by Microsoft’s Malicious Software Removal Tool (MSRT), the United States had the highest number of computers infected with botnet malware, during the first half of 2010.

Botnet are armies of infected computers, which connect to remote command and control (C&C) servers and listen to instructions from attackers.

Botnets can serve a variety of criminal activities, but the largest ones are primarily used to send spam.

According to a recent report from Symantec, during the first half of the year, 90% of the daily spam traffic was generated by five to six million compromised computers.

In the latest edition of its Security Intelligence Report (SIR), Microsoft reveals that during Q2, MSRT has cleaned 2,148,169 bot infections from US computers.

That’s four times more than in the second country on the list, Brazil, with 511,002. Spain (485,603), Korea (422,663) and Mexico (364,554) complete the top five.

“Unsurprisingly, the list is dominated by populous locations with large numbers of computer users, led by the United States and Brazil,” says Microsoft.

However, there are at least two regions with large numbers of computers that do not dominate the list – China, which finished 8th, and Russia, 9th.

See also:
Featured Intelligence – Battling Botnets
USA Is Still #1 In Botnets
United States Ranked Number One for Relaying Spam, Sophos Reports
Report: United States is world’s top spammer
US Has Most Botnet-infected PC’s
Microsoft Report: 2 Million US PCs Part of Botnets
Microsoft: Over 2 million U.S. PCs caught in botnets
Millions Of US Computers Completely Pwned By Botnets
Microsoft: Your Computer Could be One of 2.2 Million Infected Botnet PCs
Microsoft: Botnets are the ‘launch pad of cybercrime’

If you’re not sure whether you have an infected computer, run Microsoft’s Malicious Software Removal Tool (MRT). Go to Start/Run and then type in “mrt”.

/if you’re not part of the solution, you’re part of the problem

It’s Another New Record And For All The Wrong Reasons

It’s Tuesday, and we all know what fun event happens on Tuesdays.

Patch Tuesday brings record harvest of security fixes

Run Windows? Notice a little icon toward the bottom right of the screen that wasn’t there last night? Please don’t ignore it. That icon is your cue to take part in the monthly Microsoft ritual called Patch Tuesday.

For this month, Microsoft shipped a set of 16 patches that close a record 49 vulnerabilities in such software as Internet Explorer, Word and Windows Media Player.

Many of these holes allow a remote takeover of your computer, in some cases after you do nothing wrong beside visit the wrong Web page. One such opening has frequently been exploited by the Stuxnet worm that’s been running around the world.

Your computer should at least download, if not download and install, these updates for you. But if not, don’t reject Windows’ attempt to help you out. Click that icon, look over the resulting list of security updates, and install them.

See also:
Microsoft security updates for October 2010
Microsoft Plugs a Record 49 Security Holes
It’s Microsoft Patch Tuesday: October 2010
Microsoft Unleashes Massive Security Patch
Microsoft fixes record 49 holes, including Stuxnet flaw
Microsoft Releases Biggest-ever Security Update
Patch Tuesday: Critical flaws haunt Microsoft Office, IE browser
Microsoft Patches Stuxnet Vulnerability in Massive Security Update
Microsoft releases fixes for record number of vulns
Microsoft aims barrage of fixes at Stuxnet and more

So, you know what to do, clean up after Microsoft’s crappy software before someone remotely takes over your computer with a worm and you become part of the problem.

/unless you’re Iranian, in which case there’s a special set of patches coming out for your computers and they download and install themselves so you don’t even need to worry about this latest bulletin

Just Another Jumbo Sized, Incomplete Microsoft Patch Tuesday

Microsoft should just hire some of these hackers to code their software in the first place so they wouldn’t have to try and fix it every few weeks. It’d be cheaper and less of a hassle for everyone involved. Here’s the latest futile attempt at patching Windows.

Microsoft Patch Tuesday Bulletins Fix 11 Vulnerabilities

Microsoft has released nine security bulletins as part of its Patch Tuesday software update scheme.

The nine bulletins fix 11 security vulnerabilities found on Microsoft software.

According to the advisory, four security bulletins were marked as critical, out which, MS10-061 and MS10-062 ran the greatest risk of being exploited in the wild.

MS10-061 addressed a vulnerability in the Printer Spooler service, which could allow remote code execution from a malicious print request, tech news site eWeek reports.

The other critical vulnerability most likely to be exploited in the wild, MS10-062, could allow remote code execution by exploiting a vulnerability found in the way in which MPEG-4 codec dealt with media files.

See also:
Microsoft Security Bulletin Summary for September 2010
Microsoft Patch Tuesday for September 2010: nine bulletins
It’s Microsoft Patch Tuesday: September 2010
Large Patch Tuesday from Microsoft this month
Microsoft Patch Tuesday includes protection against Stuxnet worm
Patch Tuesday Fixes Another Stuxnet Vulnerability
Microsoft overlooks four Stuxnet zero-day bugs in Patch Tuesday
Microsoft Patch Tuesday halts two live attacks but offers no help for others
Microsoft Windows Update

Well, what are you waiting for? Get on with it, those updates aren’t going to install themselves!

/so, until the next Patch Tuesday . . .

Patchapalooza Tuesday

It’s a triple witching day for computer patches.

Microsoft, Adobe, and Oracle Patch Nearly 100 Vulnerabilities

It’s a busy day for IT administrators and information security professionals. Not only is today Microsoft’s Patch Tuesday for the month of April, it is also the day of Adobe’s quarterly security updates. In total, there are 40 vulnerabilities being addressed today–many of them rated as critical and exposing systems to potential remote exploits.

Microsoft Patch Tuesday

A Microsoft spokesperson e-mailed the following “Today, as part of its routine monthly security update cycle, Microsoft is releasing 11 security bulletins to address 25 vulnerabilities: five rated Critical, five rated Important and one rated Moderate. This month’s release affects Windows, Microsoft Office, and Microsoft Exchange. Additionally, the Malicious Software Removal Tool (MSRT) was updated to include Win32/Magania.”

Qualys CTO Wolfgang Kandek noted in his blog post “Microsoft’s patch release for April contains 11 bulletins covering 25 vulnerabilities. The bulletins address a wide array of operating systems and software packages, IT administrators with a good inventory of their installed base will have an easier time to evaluating which machines need patches.”

“The critical Microsoft WinVerifyTrust signature validation vulnerability can be used to really enhance social engineering efforts,” said Joshua Talbot, security intelligence manager, Symantec Security Response in an e-mailed statement. “Targeted attacks are popular and since social engineering plays such a large role in them, plan on seeing exploits developed for this vulnerability.”

Talbot continued “It allows an attacker to fool Windows into thinking that a malicious program was created by a legitimate vendor. If a user begins to download an application and they see the Windows’ notification telling them who created it, they might think twice before proceeding if it’s from an unfamiliar source. This vulnerability allows an attacker to force Windows to report to the user that the application was created by any vendor the attacker chooses to impersonate.”

Andrew Storms, director of security operations for nCircle offered this analysis “More movies and more malware: that’s what we’ve got to look forward to on the Internet. Microsoft is patching critical bugs in Windows Media Player and Direct Show this month–both of these bugs lend themselves to online video malware. If you put these fixes together with Apple’s recent patch of Quicktime, it’s pretty obvious that attackers are finding a lot of victims through video.”

nCircle’s Tyler Reguly points out that there is also a greater message to be learned from the patches. “As an avid Windows XP user, I’m leaning more and more towards making the jump to Windows 7; with the added security it just makes sense. Looking at the top two vulnerabilities (MS10-027 and MS10-026), my Windows XP systems are vulnerable to both, yet my Windows 7 laptop isn’t affected by either of them. The newer operating system just makes sense.”

Adobe Quarterly Update

As if eleven security bulletins fixing 25 different vulnerabilities wasn’t enough, IT administrators must also address the critical updates released today from Adobe. nCircle’s Storms points out that “Every one of the 15 bugs can be used for remote code execution. Given the increase in the number of attacks that use Adobe PDF files, all users are strongly urged to upgrade immediately.”

Storms added “In stark contrast to Microsoft’s patch process, Adobe’s security bulletin information lacks details, especially critical information about potential workarounds. For enterprises that have a long test cycle, it can take weeks or even months to roll out updates. With no workaround information, Adobe leaves their enterprise customers vulnerable and security teams everywhere frustrated and annoyed.”

Andrew Brandt, lead threat research analyst with Webroot, warns “What’s more, they should be aware that Foxit Reader–which also reads PDFs–is actually more vulnerable.”

It is also worth noting that Adobe has rolled out its new update system which it has been beta testing over the past couple of months. Users can now configure Adobe software to automatically install updates, enabling security patches to be applied without requiring any user intervention.

Don’t Forget Oracle

Wait, there’s more! Not wanting to be left out of the patch day festivities, Oracle has also unleashed its own deluge of updates–more than Microsoft and Adobe combined.

There is a little bit of good news, though. Very few organizations will actually be impacted by every single one of the disclosed vulnerabilities. Qualys’ Kandek points out “This is a big release for Microsoft, addressing a wide selection of software. IT administrators probably will not have all of the included software packages and configurations installed in their environment and therefore will need to install only a subset of the 11 bulletins.”

The same logic holds true for Oracle and, to a lesser extent Adobe–although Adobe Reader is fairly ubiquitous. Have fun!

See also:
Microsoft, Adobe, Oracle offer fixes in big Patch Tuesday
Patch Tuesday: Microsoft safeguards video, Adobe secures PDFs
Microsoft Patch Tuesday Fixes 5 Critical Flaws
Microsoft Targets Media Flaws In April Patches
Microsoft blocks ‘movies-to-malware’ attacks
Microsoft Releases Multiple Updates; Vista SP0 Support Ends
Microsoft Security Bulletin Summary for April 2010
New Adobe Auto-Updater Debuts On Super (Patch) Tuesday
Adobe Patches Acrobat/Reader Vulnerabilities, Updates on Updating
Security update available for Adobe Reader and Acrobat

/so, you know the drill people, get busy downloading those patches, hope you’re not on dial up!

The Cyberwar Rages 24/7

Corporations’ cyber security under widespread attack, survey finds

Around the world, corporations’ computer networks and control systems are under “repeated cyberattack, often from high-level adversaries like foreign nation-states,” according to a new global survey of information technology executives.

The attacks include run-of-the-mill viruses and other “malware” that routinely strike corporate defenses, but also actions by “high-level” adversaries such as “organized crime, terrorists, or nation states,” a first-time global survey by the Center for Strategic and International Studies (CSIS) in Washington has found. More than half of the 600 IT managers surveyed, who operate critical infrastructure in 14 countries, reported that their systems have been hit by such “high-level” attacks, the survey concludes.

A large majority, 59 percent, said they believed that foreign governments or their affiliates had already been involved in such attacks or in efforts to infiltrate important infrastructure – such as refineries, electric utilities, and banks – in their countries.

Such attacks, the survey said, include sophisticated denial-of-service attacks, in which an attacker tries to so overwhelm a corporate network with requests that the network grinds to a halt.

But they also include efforts to infiltrate a company. Fifty-four percent of the IT executives said their companies’ networks had been targets of stealth attacks in which infiltration was the intent. In two-thirds of those cases, the IT managers surveyed said company operations had been harmed.

The IT managers also believed that these “stealthy” attacks were conducted by “nation states” targeting their proprietary data, says the survey’s main author, CSIS fellow Stewart Baker, in a phone interview. Mr. Baker is a cybersecurity expert formerly with the Department of Homeland Security and National Security Agency.

“It’s all the same kind of stuff – spear-phishing, malware, taking over the network and downloading-whatever-you-want kind of attack,” he says. “Over half of these executives believe they’ve been attacked with the kind of sophistication you’d expect from a nation state.”

The CSIS report describes such attacks as “stealthy infiltration” of a company’s networks by “a high-level adversary” akin to a “GhostNet,” or large spy ring featuring “individualized malware attacks that enabled hackers to infiltrate, control and download large amounts of data from computer networks.” The GhostNet attacks, which Canadian researchers attributed to Chinese state-run agencies, bear similarities to recent attacks on Google and other high-tech companies, Baker says. Google attributed attacks on it to entities in China.

Read the report:
In the Crossfire: Critical Infrastructure in the Age of Cyber War

See also:
In the Crossfire: Critical Infrastructure in the Age of Cyber War
Report: Critical Infrastructures Under Constant Cyberattack Globally
Utilities, Refineries and Banks Are Victims of Cyber Attacks, Report Says
Critical Infrastructure under Siege from Cyber Attacks
Critical Infrastructure Vulnerable To Attack
Critical Infrastructure Security a Mixed Bag, Report Finds
Report shows cyberattacks rampant; execs concerned
Key infrastructure often cyberattack target: survey
Critical infrastructure execs fear China
SCADA system, critical infrastructure security lacking, survey finds

Ironically, the more dependent we become on interconnected network technology, the more vulnerable we become too.

/so keep your fingers crossed and your computers patched against hacking and intrusion, at least you can do your part to avoid being part of the problem

Microsoft Cleans Up After Chinese Hack Of Google, Obama Turns The Other Cheek

Microsoft to release patch for IE hole on Thursday

Microsoft said on Wednesday that it will release on Thursday a patch to fix the latest hole in Internet Explorer that was used in the China-based attack on Google and for which an exploit has been released on the Internet since last week.

The company plans to release the patch as close to 10 a.m. PST on Thursday as possible and host a public Webcast at 1 p.m. PST, according to the security advisory.

Microsoft continues to see limited attacks and has only seen evidence of successful attacks against Internet Explorer 6, according to Jerry Bryant, senior security program manager at Microsoft.

“This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical,” he said in a statement.

“It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized,” Bryant said. “We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released.”

Vulnerable software is IE 6 on Microsoft Windows 2000 and IE 6, 7, and 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, Microsoft said.

So, while China continues its relentless, covert cyberwar against U.S. and other Western commercial, government, and military targets, stealing information and secrets and causing economic and national security damage to our computer networks, guess what the Obama administration has decided to do, against the advice of U.S. intelligence officials and experts?

China removed as top priority for spies

The White House National Security Council recently directed U.S. spy agencies to lower the priority placed on intelligence collection for China, amid opposition to the policy change from senior intelligence leaders who feared it would hamper efforts to obtain secrets about Beijing’s military and its cyber-attacks.

The downgrading of intelligence gathering on China was challenged by Director of National Intelligence Dennis C. Blair and CIA Director Leon E. Panetta after it was first proposed in interagency memorandums in October, current and former intelligence officials said.

The decision downgrades China from “Priority 1” status, alongside Iran and North Korea, to “Priority 2,” which covers specific events such as the humanitarian crisis after the Haitian earthquake or tensions between India and Pakistan.

The National Security Council staff, in response, pressed ahead with the change and sought to assure Mr. Blair and other intelligence chiefs that the change would not affect the allocation of resources for spying on China or the urgency of focusing on Chinese spying targets, the officials told The Washington Times.

White House National Security Council officials declined to comment on the intelligence issue. Mike Birmingham, a spokesman for Mr. Blair, declined to comment. A CIA spokesman also declined to comment.

But administration officials, speaking on the condition of anonymity, said the new policy is part of the Obama administration’s larger effort to develop a more cooperative relationship with Beijing.

See also:
Microsoft Security Bulletin Advance Notification for January 2010
New IE hole exploited in attacks on U.S. firms
Microsoft Scrambles to Patch Browser
Microsoft patching “Google hack” flaw in IE tomorrow
Microsoft Security Bulletin MS10-002 Coming Thursday for IE Zero-Day
Microsoft to issue “Google attack” browser patch
Microsoft to issue emergency IE patch Thursday
Microsoft will issue emergency IE patch on Thursday
China removed as top priority for spies
China no longer top priority for intelligence gathering: White House
‘China no longer top priority for intelligence gathering’
China: Still an Intelligence Priority

Relax, don’t worry, the country is in the very best of hands.

/Obama’s NSC, more than a dozen morons stuffed in a four passenger clown car