PlanAHeist.com » Viruses

New Microsoft Update Patches Big Hole

riscphree — Wed, 11 Nov 2009 21:50:11 +0000

Microsoft launched an update Tuesday to patch about fifteen holes in Windows 2000, Windows XP, Windows Server and Office. While most of the patches are related to various Word and Excel, or Windows Server issues, a critical vulnerability was found within the Windows OS kernel - a fairly rare occurrence.

The Big Hole

The Windows kernel is the core of the operating system and the flaw is related to how embedded font files are processed. We're not going to get into the technical mumbo-jumbo here, so we'll just tell you that the problem - if exploited - would allow malicious code to be passed directly to the system, bypassing any browser defenses that have been created to stop this sort of attack. The code could be downloaded just by visiting a web page prepared by hackers. With the increase of URL shorteners being used as well as advertising attacks, it's easier than ever to be accidently exposed to some nasty code.

Microsoft rated the kernel flaw as critical and gave it an exploitability ranking of 1. This means that Microsoft expects there to be a working exploit within 30 days and is similar to "SEVERE - Severe risk of terrorist attacks" on the Homeland Security advisory system (if anyone is actually paying any attention to that any more).

Researchers agree that the bad guys are going to move quickly:

"An exploit will appear sooner rather than later," said Jason Miller, the security and data team manager for patch management vendor Shavlik Technologies. "The target is Internet Explorer, and browsing is the number one attack vector in the world right now. Users can be infected simply by browsing on a [malicious] site.

So this is a big hole that can do some nasty things on unpatched computers.

The Solution

Take the following steps to protect your computer:

Set your computer to automatically download Microsoft updates.
Run updates immediately or just set the system to install them automatically.
Reconsider using Internet Explorer as your browser of choice. The same problem will not occur using Firefox or other non-IE browsers.

How to Update Windows Automatically

Windows XP

To set your PC to update automatically in Windows XP, simply access the Control Panel in the start menu, click "Automatic Updates," and choose "Automatic."

Windows Vista

For Vista, open Windows Update in the start menu, select "Change Settings," and then select "Install updates automatically."

More information can be found at Computer World and The Washington Post's Security Fix blog.

Why Twitter Links Should Scare You

riscphree — Thu, 29 Oct 2009 22:08:36 +0000

26% of Twitter messages contain links, half of which are from spammers and lead to malicious websites.

For Scareware, Every Day is Halloween

riscphree — Tue, 27 Oct 2009 18:03:29 +0000

Halloween is all about tricks, treats and pretending to be something your not. Scareware must think every day is Halloween.

New Trojan Virus Attacks the World of Online Banking

riscphree — Thu, 22 Oct 2009 19:45:55 +0000

July 2009 not only brought the hopes of fun summer activities, but it also brought the new vicious Trojan virus called Clampi. Clampi is a newly sophisticated virus designed to attack online banking systems. It favors small to medium-sized businesses with computers running the Microsoft Windows operating system. Currently, Clampi is tracking over 4500 banks, credit card companies, e-mails, retail sites, utilities, online casinos, wire transfer services, share brokerages, government sites and mortgage lenders.

Celebrity Web Sites a Source of Photos, Ringtones and . . . Malware

Dave — Fri, 04 Sep 2009 23:56:00 +0000

McAfee released its yearly update of most dangerous celebrity web sites and Jessica Biel was ranked #1. Find out why...

Hackers Are Getting Older and Smarter

Dave — Thu, 13 Aug 2009 18:38:16 +0000

Today, the best hackers have the skill and discipline of the best legitimate programmers and security gurus. Learn how to protect yourself.