Consumer Security on the web, information to assist you in practicing safe computing
Posts tagged as:
Subject: Happy New Year!
Message body: blank
Attachment: postcard.exe
This worm has been mass mailed so you might expect one to fall into your mailbox.
Luder is an e-mail worm, a dropper for a trojan downloader and a file infector. The worm sends itself as attachment named ‘postcard.exe’ in e-mail messages with the ‘Happy New Year!’ subject. The trojan downloader downloads and runs files from a website.
On 14 November 2006 Microsoft is planning to release:
Security Updates
Microsoft Windows Malicious Software Removal Tool
Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.
© 2006 Microsoft Corporation. All rights reserved.
CIAC BULLETIN
R-024: Symantec Device Driver Elevation of Privilege
[SYM06-022]
PROBLEM: There is a vulnerability in a device driver which, if successfully exploited, could allow a local attacker to execute arbitrary code with elevated privileges or to crash the system.
PLATFORM: Symantec AntiVirus Corporate Edition 9.0.3 and earlier
Symantec Client Security 2.0.3 and earlier
DAMAGE: A successful exploit could potentially allow a local attacker to execute code of their choice with elevated privileges, or to crash the system.
SOLUTION: Apply current patches.
LINKS:
CIAC: BULLETIN
Symantec: SYM06-022
CVE:CVE-2006-3455
Microsoft TechNet
Updated: October 5, 2006
On 10 October 2006 Microsoft is planning to release:
Security Updates
Microsoft Windows Malicious Software Removal Tool
Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.
© 2006 Microsoft Corporation. All rights reserved.
Microsoft TechNet
Updated: September 7, 2006
On 12 September 2006 Microsoft is planning to release:
Security Updates
Microsoft Windows Malicious Software Removal Tool
Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.
© 2006 Microsoft Corporation. All rights reserved.
Microsoft TechNet
August 3, 2006
On 8 August 2006 Microsoft is planning to release:
Security Updates
Microsoft Windows Malicious Software Removal Tool
Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.
Common Management Agent Update 3.5.5.438 or higher fixes vulnerability allowing arbitrary file placement
Summary
Who should read this document: Technical and Security Personnel
Impact of Vulnerability: Arbitrary file placement
Severity Rating: Important
Recommendations: Update Common Management Agent
Security Bulletin Replacement: None
Caveats: None
Affected Software:
McAfee® Common Management Agent versions below version 3.5.5.438
Location of updated software:
https://secure.nai.com/apps/downloads/my_products/login.asp?region=us&segment=enterprise
eEye Digital Security
Release Date:
July 13, 2006
McAfee ePolicy Orchestrator Remote Compromise
From the Article:
Severity:
High (Remote Code Execution)Vendor:
McAfeeSystems Affected:
McAfee Common Management (EPO) Agent versions below version 3.5.5.438Overview:
McAfee ePolicy Orchestrator is the remote security management software for the McAfee enterprise product suite. EPO allows you to configure and enforce protection policies, deploy and configure agents, and monitor security status from a centralized console.eEye Digital Security has discovered a serious flaw within the Framework Service component of the McAfee EPO management console. The Framework service is enabled and running by default on all servers and agents. The framework service listens by default on port 8081 and accepts requests over the HTTP protocol. The framework service allows for remotely submitting configuration and update changes. Each request is encrypted, SHA-1 hashed and DSA signed, and written to a file on disk. Due to a directory traversal attack, it is possible to write any file with any contents to anywhere on the remote system.
This flaw allows a remote attacker to anonymously compromise an affected system and execute code within the SYSTEM context.
Additional Commentary:
This vulnerability was discovered by McAfee and eEye Digital Security, individually of each other. McAfee had silently fixed this vulnerability, prior to the discovery by eEye. It is good for any software company to be proactive in trying to secure their software. However, it is equally important for software vendors to create a separation of security and features when providing updates. In this case, fixing an extremely critical vulnerability without the proper notification is a disservice to customers. The mindset of most customers, especially when dealing with agent software, is to use what works.This creates a scenario where organizations would potentially choose to stick with their current deployments, rather than re-deploying hundreds, if not thousands, of new agents for what would appear to solely contain innocuous feature updates.
Copyright © 1998-2006 eEye Digital Security
Microsoft TechNet
Updated: July 6, 2006
On 11 July 2006 Microsoft is planning to release:
Security Updates
• Four Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.
• Three Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.Microsoft Windows Malicious Software Removal Tool
• Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
• Microsoft will not release any NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
• Microsoft will release one NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).© 2006 Microsoft Corporation
The Register
MS fixes phone-home nagware
By Andrew Orlowski
Published Wednesday 28th June 2006
Microsoft has patched a controversial nagware update that “phoned home” every time Windows started. Redmond has also issued an advisory with instructions on how to remove the software.
Microsoft Help and Support
How to disable or uninstall the pilot version of Microsoft Windows Genuine Advantage Notifications
Article ID : 921914
Last Review : June 27, 2006
Revision : 1.2
SUMMARY
This article applies to the version of Microsoft Windows Genuine Advantage (WGA) Notifications that is distributed during the pilot program. For example, this version is included in the pre-release version that accompanies the Microsoft Software License Terms. To safely and easily uninstall the pilot version, you must install the general release version of WGA Notifications. If you do not install this version, you can follow the steps in this article to disable or uninstall the pilot version.
Important These instructions have not been tested on the general release version of the WGA Notifications. Therefore, these instructions are not supported. Microsoft will offer the general release version of WGA Notifications to users who uninstall the pilot version at a later date. These users will obtain the general release version through the Microsoft Automatic Update service. WGA Notifications is part of the Windows Genuine Advantage program.
When you use a non-genuine version of Windows, you receive a message when you log on that states that the copy of Windows appears to be non-genuine. Then, you are directed to the WGA Web site to learn more. If you do not want to obtain a genuine copy of Windows, you receive periodic messages that notify you that the copy of Windows appears to be non-genuine.
Note If you are running a genuine copy of Windows and want to use WGA Notifications, you may receive messages to update Windows XP.
Regardless of genuine status, users are not denied access to critical updates. However, users who have not validated their computers as genuine are not able to install other updates such as those for Microsoft Internet Explorer 7.0 and Microsoft Windows Defender.
More here
This work by http://certifiedbug.com/blog/ is licensed under Creative Commons
Quoted material is © of original author
