Security programs and Windows Updates

Wiz Feinberg · Post by **Wiz Feinberg** » 12 Aug 2005 12:47 pm

This is a reminder that on Tuesday August 9 Microsoft released a series of critical patches on the Windows Update site. The number of patches you receive will depend on which OS you have, and when you last updated it. If you have automatic Updates turned on, and automatically applied when downloaded, and are on a broadband connection, you have probably been patched already, but do a manual check anyway.

Other updates include:

Microsoft AntiSpyware Beta 1.0.615; definitions #5745 (8/12/2005)
Spybot Search and Destroy v1.4 definitions - Aug 13/2005
Spywareblaster v3.4 definitions: Aug 4/2005
Ad-Aware v1.06r1 definitions: Aug 10/2005

<hr>
<center>WINDOWS 2000 ALERT</center>
One of the critical patches posted on August 9 protects you against invasion from the Zotob Worm, or it's variants. If you are unable to run Windows Update, at least download and install the Hotfix, which is listed according to your Windows 2000 service pack level, here: http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx

Wiz<font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 19 August 2005 at 01:28 PM.]</p></FONT>

Wiz Feinberg · Post by **Wiz Feinberg** » 19 Aug 2005 12:15 pm

<big>The following Critical patches and updates were released on or around August 19, 2005:</big>
<hr>
<center>Mac OS X 10.4.2 Security Update 2005-007 v1.1</center>

Apple's most recent Mac OS X Security Update, released on Monday, August 15, 2005,
causes 64-bit applications to malfunction, it has emerged.

However, the Mac maker today issued a fix for the problem, posting
Security Update 2005-007 version 1.1 via its Software Update tool.

Users who have installed the initial 2005-007 on Tiger systems should
install v1.1.

Download: http://www.apple.com/support/downloads/
<hr>

<center>Microsoft offers Zotob removal tool</center>

Microsoft on Wednesday made available a free software tool to help
victims of the worms that hit Windows computers in the past days clean
their systems.

The Zotob worm started spreading on Sunday. Since then it along with
many of its variants and other worms that take advantage of the same
Windows security flaw have hit Windows 2000 users in particular.
Systems at CNN, ABC and The New York Times were among those infected.

The cleaning program is an updated version of Microsoft's Windows
Malicious Software Removal Tool, Debby Fry Wilson, a director in
Microsoft's Security Response Center, said in an interview.

"You click on it and it will tell you if you are infected," she said.
"And if you are, it will clean the worm off your PC."

The Windows Malicious Software Removal Tool detects and removes
malicious code placed on computers. Microsoft typically releases a new
version of the tool every month with its security patches. The tool
can be run online through Microsoft's Web site or downloaded from the
Microsoft Download Center, at:
http://www.microsoft.com/security/malwareremove/default.mspx

The updated cleaning program checks for and removes infections from
Zotob.A through Zotob.E as well as Bobax.O, Esbot.A, Rbot.MA, Rbot.MB
and Rbot.MC, according to Microsoft. The list represents all known
variants based on Microsoft's investigation, the company said.

"We will continue to investigate reports of future variants and update
the tool as necessary based on customer needs," a Microsoft
representative said.
<hr>

<center>Adobe Plugs Code Execution Holes</center>

A buffer overflow vulnerability in the widely used Adobe Acrobat and
Adobe Reader programs could put millions of computer users at risk of
code execution attacks.

According to an advisory from Adobe Systems Inc., a malicious hacker
could exploit the flaw to crash the application or launch executable
code on a vulnerable system.

Download: http://www.adobe.com/support/techdocs/321644.html
<hr>

Microsoft AntiSpyware Beta definitions update: #5747

Update via application's updater
<hr>

Anybody using any of these OS's or programs should update ASAP.

Wiz
<font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 19 August 2005 at 01:20 PM.]</p></FONT>

Mel Culbreath · Post by **Mel Culbreath** » 20 Aug 2005 3:18 pm

Wiz,

I am running Adobe Reader 5.1.0 dated 9/17/2002. It works fine for what I do so I hate to download a later version and risk messing something else up.

I went to the link you posted above and ended going around in circles but could not find the right patch to download.

Could you give me the exact url I need?

Thanks,

Mel

Wiz Feinberg · Post by **Wiz Feinberg** » 20 Aug 2005 10:08 pm

Mel;
Here is the URL for the Free Adobe Reader, current version (7.03), for Windows:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

You cannot patch such an old version as you have...you must upgrade it to 7.03. The new readers have a place to check for updates in the Help menu, and can be set to automatically check for updates and notify you when they are available. I recommend accepting that option when you install it.

Be sure to uninstall your current readers first.

Wiz

Bill Holly · Post by **Bill Holly** » 22 Aug 2005 12:36 pm

I might know just enough to be dangerous. Ver 7.03 is only if you are running XP or 2000. If you're still with ME or earlier, the latest update is 6.0.1. Right? Bill<font size="1" color="#8e236b"><p align="center">[This message was edited by Bill Holly on 22 August 2005 at 01:37 PM.]</p></FONT>

Wiz Feinberg · Post by **Wiz Feinberg** » 22 Aug 2005 1:23 pm

Bill, and all others still running Windows versions prior to Windows 2000/XP:

Adobe Acrobat Reader advances stopped with version 6.01 for older versions of Windows, such as Windows 98 S.E. The best you can do is upgrade to v6.02 (Windows 95 and 98-1st Edition) or v6.04, the newest security patch release for Windows 98 S.E and ME, and hope for the best (regarding future attack vectors).

The details and download links are here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

or, choose your OS here to get the latest version for that OS: http://www.adobe.com/products/acrobat/readstep2_allversions.html

Because many popular programs have dropped support for older versions of Windows I highly recommend that any home users using a version of Windows prior to Windows XP-SP2 seriously consider buying the upgrade package to XP Home (or professional) Edition with Service Pack 2. People running Windows NT or 2000 must upgrade to XP Professional.

Wiz

Bill Holly · Post by **Bill Holly** » 22 Aug 2005 2:02 pm

Thanks, Wiz! I do need to move up to XP. My understanding, from Kim Komando at komando.com, ain't she "purty", is that since I have an older unit it is better to buy a new machine with XP installed than to go the upgrade route, which can be problematic sometimes. Right now I'm trying to figure out how to buy all of Jeff Newman's instructional material for my wife, and get one of those zero turn mowers and one of those DR Field and Brush mowers, and a tractor and bush hog............well, most important things first, right, so the steel instruction takes priority for me, since this one works and I'm real careful about what I open/download.

Bill

Wiz Feinberg · Post by **Wiz Feinberg** » 25 Aug 2005 1:36 pm

The following updates were released yesterday and today, August 24, 2005:

Subject: SpywareBlaster 3.4 database

Latest :08/23/05
*Last :08/15/05
Items : 4076
*Last : 3926
Change:168 entries
0-IE ActiveX CLSIDs
150-IE Resticted Sites
Download: Online Updater
http://www.javacoolsoftware.com/spywareblaster.html
<hr>

Subject: Ad-Aware SE1R63 24.08.2005

New Definitions
============================================
123Search
Adware.NaviPromo.c
EverClear
SP2Update
SpyOutside

Updated Definitions
============================================
AdPartner
AdRoar
BestPhrases
ClickSpring
ClientMan +2
Dialer +2
DownloadWare
Elitum.ElitebarBHO
Ezsearchbar
FastSeeker
FirstCash Websearch
IBIS Toolbar
IEHijacker.ZestyFind
PeopleOnPage +4
RelatedLinks
SafeSearch
TX4.BrowserAd +2
Win32.IEStartpage
Win32.TrojanDownloader.Qoologic +2
Win32.TrojanDownloader.Small
VX2
http://www.lavasoftusa.com/
<hr>

Subject: Zotob worm hole also affects Windows XP

The plug-and-play vulnerability that caused havoc for Windows 2000
users last week also holds a serious risk for some Windows XP users,
Microsoft said Tuesday.

Computers running Windows XP with Service Pack 1 in a specific
configuration are vulnerable to worm attacks similar to the ones that
hit Windows 2000 systems, Microsoft said in a security advisory
published Tuesday.

It was previously thought that only Windows 2000 machines were
vulnerable to remote attack using the plug-and-play flaw. However,
Microsoft in its security advisory on Tuesday specified one scenario
that also exposes select Windows XP users.

Also vulnerable are systems that run Windows XP with SP1 with file and
printer sharing and the Windows guest user account enabled, according
to Microsoft. This would likely be home users, because PCs are not
vulnerable if connected to a network domain, which is common in
business environments, Microsoft said.
http://www.microsoft.com/technet/security/advisory/906574.mspx
<hr>

Microsoft AntiSpyware definitions 5749 were released on August 26, 2005. Update now.
<hr>

Spybot Search and Destroy definitions were updated on August 26, 2005.
Download page: http://www.safer-networking.org/en/home/index.html
<hr>

Wiz<font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 26 August 2005 at 09:41 AM.]</p></FONT><font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 27 August 2005 at 11:43 AM.]</p></FONT>

Wiz Feinberg · Post by **Wiz Feinberg** » 3 Sep 2005 9:16 am

The following Security Advisories and program updates have been released this weekend (September 3, 2005):
<h1>Microsoft</h1>
Subject: Microsoft Security Advisory (897663)
http://www.microsoft.com/technet/security/advisory/897663.mspx

Windows Firewall Exception May Not Display in the User Interface

Microsoft has received a report of an unexpected behavior in the way
that the Windows Firewall User Interface handles malformed entries in
the Windows Registry. By creating malformed Windows Firewall exception
entries in the Windows Registry, an exception could be created in the
firewall that would not be displayed in the Windows Firewall User
Interface. However, this exception is displayed by the command line
firewall administration tools.

It is important to note that this is not a vulnerability.
Administrative privileges are required to access the associated
section of the Windows Registry that contains this configuration
information. By using documented methods to manage and create Windows
Firewall exceptions, it is unlikely that a malformed registry entry
will be produced which would exhibit this behavior. It is more likely
that an attacker who has already compromised the system would create
such malformed registry entries with intent to confuse a user.

Microsoft plans to include an update to address this concern as part
of a future service pack on the affected supported platforms.

Workarounds

Microsoft has tested the following workaround. While this workaround
will not correct the underlying issue, it will allow administrators to
view a complete list of defined exceptions.

View Windows Firewall Exceptions by using Netsh Firewall

1. Click Start, click Run, type cmd, and then click OK.
2. Type netsh firewall show state verbose = ENABLE, and then click OK.
3. Search the output text for the following text:

Ports currently open on all network interfaces

The ports and programs that are listed in the Ports currently open on
all network interfaces section are unblocked. Additionally, these
unblocked ports and programs represent enabled program or port exceptions.
<hr>
<h2>Microsoft AntiSpyware Beta definitions update</h2>
Microsoft® Windows AntiSpyware (Beta)
Definitions update to version 5751
Updated 9/1/2005
update via the program updater
<hr>
<h1>SpywareBlaster</h1>
Latest: 09/02/05
Items : 4349
Change: +273 entries

Download:
Use SpywareBlaster's update function
<hr>
<h1>Spybot S&D update</h1>
2005-09-02
Hijacker
+ AdultStore + Wild Media + TNS-Search + ShoptAtHome + 180Search.Solutions
Malware
+ Spy Sheriff + AbetterInternet.Aurora + Smitfraud-C. + SurfSideKick
Spyware
+ WhenU.Search.Desktoptoolbar + Exact Advertising.BargainsBuddy
Trojan
+ CnsMin.ZsMod + CnsMin + Yahoo.YiSouBar + RouterLayer.TDL ++ QDiagHUpdate
Total: 262490 fingerprints in 28746 rules for 1672 products.

Download:
Use Spybot's update function

If you get a bad checksum message while trying to download updates select a different download location from the flyout list. The Spybot home location (Safer Networking) is usually the best source. This is a known issue
<hr>
<h3>Beware of online and phone scams revolving around the Hurricane Katrina Disaster</h3>

«In the wake of hurricane Katrina, several online scams have begun to
circulate the Internet, according to several security firms. Sophos
warned users on Thursday not to open a malware-Infected e-mail posing
as news on the disaster.

Possible subject lines of the e-mail could be "Re: g8 Tropical storm
flooded New Orleans", "Re: g7 80 percent of our city underwater", and
"Re: q1 Katrina killed as many as 80 people". The group said there
could be additional variants.

BetaNews on Thursday morning had received a variant of the above
e-mails, however it appeared that the variance is the letter and
number combination following the "Re:" prefix.

In the body of the message, clicking on the "Read More.." link will
take the user to a malicious Web site that poses as a news story. In
reality, the site uses code to exploit vulnerabilities within Internet
Explorer to install malware including the Troj/Cgab-A Trojan horse.

From there, the attacker could remotely access the user's computer.

"Receiving or reading the emails themselves does not mean you are
infected," Graham Cluley, senior technology consultant for Sophos said.

The SANS Institute is reporting that there are several e-mails
soliciting donations through a Paypal link. According to SANS, it may
be difficult to tell whether the e-mail is from a legitimate organization.

"The hurricane is a dreadful natural disaster, and it's sickening to
think that hackers are prepared to exploit the horrendous situation in
an attempt to break into computers for the purposes of spamming,
extortion and theft," added Cluley.

After discovery of the sites yesterday, several have been removed.
"There are now about 230 .com domains that contain the strings
'katrina' and 'hurricane'. We will make a list of more domains like
this public soon to ask for your help to review them," SANS said on
its Web site.»

Source: http://www.betanews.com/article/Online_Scams_Exploit_Katrina_Disaster/1125604622
<hr>

Symantec LiveUpdate 2.7.38

This version fixes a security issue.
More Info: http://securityresponse.symantec.com/avcenter/security/Content/2005.09.02.html
Download: http://www.symantec.com/techsupp/files/lu/lu.html
<hr>

Posted by Wiz<font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 04 September 2005 at 07:58 AM.]</p></FONT><font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 04 September 2005 at 08:00 AM.]</p></FONT><font size="1" color="#8e236b"><p align="center">[This message was edited by Wiz Feinberg on 04 September 2005 at 01:06 PM.]</p></FONT>