Advisory

Microsoft Security Advisory (2491888)

by certifiedbug on February 23, 2011

in Microsoft

TechNet
Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
Published: February 23, 2011

Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users.

Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the update to the Microsoft Malware Protection Engine is installed along with the updated malware definitions for the affected products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly.

Typically, no action is required of enterprise administrators or end users to install this update, because the built-in mechanism for the automatic detection and deployment of this update will apply the update within the next 48 hours. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.

http://www.microsoft.com/technet/security/advisory/2491888.mspx

{ 0 comments }

Sunbelt warning of faked sites

by certifiedbug on May 23, 2008

in Internet Security

Alex Eckelberry writes about a Rash of fake sites copying PC World, CastleCops, others at the Sunbelt blog.

As a follow-up to my post earlier today about a fake CastleCops page, there’s more to the story.

There are other domains sharing the same IP (207.226.177.250):

pepato org
slim-cash com
spyware-wiper com
Cpaypal com
Crazycounter net

All are copying legitimate sites.

These domains belong to the “Vladzone” malware gang.

Check out the screenshots if you don’t think you could be fooled. The fake sites look very similar to the real thing, so be careful.

Edit
Sunbelt: More Vladzone fake pages

{ 0 comments }

Foxit Reader Critical Vulnerability

by certifiedbug on May 20, 2008

in Internet Security

Secunia Research 20/05/2008

Foxit Reader “util.printf()” Buffer Overflow.

1) Affected Software
* Foxit Reader 2.3 build 2825
NOTE: Other versions may also be affected.

2) Severity
Rating: Highly critical
Impact: From remote
Where: System access

3) Vendor’s Description of Software
“Foxit Reader is a free PDF document viewer and printer, with
incredible small size (only 2.55 M download size), breezing-fast
launch speed and rich feature set. Foxit Reader supports Windows Me/
2000/XP/2003/Vista. Its core function is compatible with PDF Standard
1.7.”.
Product Link:

http://www.foxitsoftware.com/pdf/rd_intro.php

4) Description of Vulnerability
Secunia Research has discovered a vulnerability in Foxit Reader, which
can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a boundary error when parsing
format strings containing a floating point specifier in the
“util.printf()” JavaScript function. This can be exploited to cause a
stack-based buffer overflow via a specially crafted PDF file.
Successful exploitation allows execution of arbitrary code.

5) Solution
The vulnerability is fixed in upcoming version 2.3 build 2912.

6) Time Table
23/04/2008 – Vendor notified.
08/05/2008 – Vendor notified again.
08/05/2008 – Vendor response.
20/05/2008 – Public disclosure.

{ 0 comments }

Apple Safari 3.1 for Windows, new vulnerabilities

by certifiedbug on March 25, 2008

in Browser

Apple

Engineers designed Safari to be secure from day one.

Secunia Advisory: SA29483
Release Date: 2008-03-24
Safari Address Bar Spoofing and Memory Corruption Vulnerabilities

Highly critical
Impact: Spoofing
System access
Where: From remote
Solution Status: Unpatched

Description:
Juan Pablo Lopez Yacubian has discovered two vulnerabilities in Safari, which can be exploited by malicious people to conduct spoofing attacks or potentially compromise a user’s system.

1) An error when downloading e.g. a .ZIP file with an overly long filename can be exploited to cause a memory corruption.

Successful exploitation may allow execution of arbitrary code.

2) An error in the handling of windows can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.

The vulnerabilities are confirmed in version 3.1 for Windows. Other versions may also be affected.

{ 2 comments }

Dangerous 3D Screensaver spam

March 10, 2008

Be mindful of malicious spam pushing screensavers with backdoor trojan payloads. According to Sunbelt’s blog, the trail of this new wave of spam leads back to malware loading group “Loads.cc”; who are using a new domain for their botnets after being taken off-line in January 2008 by a DDoS attack from a rival malware gang. [...]

Read the full article →

Storm Worm botnet

December 31, 2007

Storm is evolving into a very complex beast. From rbnexploit.blogspot Obviously the Russian Business Network (RBN) is working overtime during the Christmas and New Year holiday, no doubt planning for many in the ISP security and anti-spam arena to be on skeleton staff. There are some interesting elements concerning which make this attack innovative: # [...]

Read the full article →

Warning about Symantec detections

November 18, 2007

If you have Norton installed on your computers you should pay attention to this. Chris Quirke’s Blog: Norton Security Scan – False Positives Unfortunately, it detects protective settings applied by Spyware Blaster and similar tools, as being the malware these tools are protecting against. Hosts News: Symantec detects suspicious entries in the MVPS HOSTS file [...]

Read the full article →

Holiday Shopping On-Line

November 16, 2007

It is that time of year again and several blogs are giving you great tips for shopping on-line wisely and safely. The Security Garden: Holiday Online Shopping Safety Tips Bits from Bill: Top Ten Online Shopping Mistakes Nonetheless, no matter how security savvy one may be, there are still ways to be ripped off and [...]

Read the full article →

Mac OS X Leopard Application-Based Firewall Alert

November 5, 2007

Possible Faults: US-CERT is aware of reports of possible flaws in the Application-Based Firewall in Mac OS X Leopard. According to these reports, users may be misinformed of the status of their firewall rule set, thus placing users with listening network services at an increased risk. Users are urged to exercise caution when relying on [...]

Read the full article →

Mac Trojan

October 31, 2007

Mac users who practice unsafe hex will find more than they bargained for. From Intego: Exploit: OSX.RSPlug.A Trojan Horse Discovered: October 30, 2007 Risk: Critical OSX.RSPlug.A Trojan Horse Changes Local DNS Settings to Redirect to Malicious DNS Servers Description: A malicious Trojan Horse has been found on several pornography web sites, claiming to install a [...]

Read the full article →

← Previous Entries