Category Archives: Microsoft Patch Tuesday

Microsoft’s Malicious Software Removal Tool Focuses On Families – Malware Families, That Is

imageLike it or not, (what’s not to like), you get scanned once a month – provided that is, you update your Windows OS on the second Tuesday of each month (fondly known as Patch Tuesday).

Malware comes, and malware goes. Not all malware of course, but the majority of malware doesn’t stick around very long – just a few days in many cases. Still, with upwards of 300,000 new malware samples every day (according to some estimates), AV solutions could soon be overrun in the race to keep pace with this onslaught. Luckily, malware can often be be grouped by families (malware with inherited characteristics), and that’s where Microsoft’s Malicious Software Removal Tool specifically, comes into play.

The Malicious Software Removal Tool, which is updated monthly, is included with Patch Tuesday’s Windows Update and once activated – runs in the background targeting specific, prevalent malware families. If an infection is found, the tool will remove the malware (hopefully), and provide a report on any actions taken.

A list of malicious software detected and cleaned by the Malicious Software Removal Tool is available here.

If you wish, you can download and then run this tool manually, as required. The latest edition of the tool is always available at the Microsoft Download Center.

System requirements: Windows 7, Windows Server 2003, Windows Vista, Windows XP

You might wonder as to why Microsoft would make a point of including this AV scanner as part of Windows update. Here’s why (in my view) – an astonishingly large number of users don’t have any security applications installed or, an installed AV solution’s databases is rarely (if ever) updated.

If you take issue with this statement (and that’s fair), then test it by asking a typical user friend/s to name their AV application; tell you the last time they updated the database and, if they recall the last time they ran a malware scan. I think you’ll be disappointed with the response.

A website worth taking note of: Microsoft Consumer Security Support Center.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Freeware, Malware Removal, Microsoft, Microsoft Patch Tuesday, Software, Windows Tips and Tools, Windows Update

Windows Patch Tuesday – April 2009

Microsoft released 8 security bulletins on Tuesday (April 14, 2009) to fix remote code execution and denial of service vulnerabilities.

windows_generic_v_web We have always recommended, on this site, that users ensure that Windows Automatic Update is enabled as a major step in maximizing operating system security.

It is not an overstatement to say; an unpatched Windows system is an invitation to disaster.

If you have updates enabled, patches will be downloaded routinely. Careful users will verify that patches, have, in fact, been applied.

If Windows Automatic Update is not enabled on your system, then you should logon to the MS update site and download and apply these patches immediately.

Vulnerability issues and the corresponding patches:

MS09-010/KB923561 – Important (XP, 2000, 2003): There are four bugs (two previously disclosed publically, two previously undisclosed) that affect a variety of word processing documents, that can allow remote code execution exploits to occur.

MS09-011/KB961373 – Critical (XP, 2000, 2003): This patch closes a hole that let attackers execute a remote code execution attack through MJPEG files; the bug is in DirectX 8.1 and 9.0x.

MS09-012/KB952004/KB956572 – Important (XP, Vista, 2000, 2003, 2008): This patch resolves four holes in Windows that have already been publically disclosed. The hole allows an attacker who is already logged onto the system to escalate their privileges and take full control of the system.

MS09-013/KB960803 – Critical (XP, Vista, 2000, 2003, 2008): This patch addresses three bugs in the Windows HTTP Services system; one of them allows remote code execution which allows an attacker to completely own a system. This is a “must patch” item for all Windows systems.

MS09-014/KB963027 – Critical (XP, Vista, 2000)/Important (2000, 2003): This is a cumulative security update for Internet Explorer 5, 6, and 7. Some of the fixes address already public bugs, some deal with privately disclosed exploits. You should install this patch immediately. Users with IE8 do not need this patch.

MS09-015/KB959426 – Moderate (XP, Vista, 2003, 2008)/Low (2000): This patch takes care of a problem with the Windows Search Path function that could enable an escalation of privileges.

6 Comments

Filed under Application Vulnerabilities, Don't Get Hacked, Malware Advisories, Microsoft Patch Tuesday, Spyware - Adware Protection, Windows Tips and Tools

The 411 on Conficker B++

conficker There’s a lot of tech jargon when reporting the new variant of the Conficker worm, Conficker B++. We’ll skip it.

We previously reported on the miseries of the Conficker worm, AKA W32.Downadup.B: think locking you out of system directories, blocking access to security software and updates, and deleting any system restore points in your computer.

Ouch.

Conficker spread fast earlier this year; at one point Conficker infected over 6 million PCs within four days. Conficker generated random domain names to download more malware from, which created delays in stopping Conficker. Lucky for us, techies cracked the Conficker code, discovering how the worm generated those domains, and blocking access to them for most computer users.

Hold that “phew”: now Conficker B++ uses fresh, stealthier techniques. The SRI Report says that Conficker B++ bypasses the use of Internet Rendezvous Points, using a DLL patch and pipe backdoor to execute its code.

So how do you prevent Conficker B++? The Microsoft patch is critical in fighting Conficker B++. Microsoft’s corporate-friendly language hardly expresses the pain Conficker B++ could mean to you—don’t let understated sentences like “Vulnerability in Server Service Could Allow Remote Code Execution” have you delay these updates. Windows XP and earlier systems are especially vulnerable—if you haven’t already, set your computer to automatically update.

Conficker also exploits commonly used passwords. If you use any of the weak passwords that Conficker exploits, even only for low-value sites, make sure you change them.

Yeah, we’re referring to “sdrowssap”.

Guest Writer: This is a guest post by Kristopher Dukes of FasterPCCleanClean.com – an invaluable asset in the battle against malware. Pay a visit to FasterPCCleanClean.com, and I’m convinced you’ll become a regular visitor.

The content of this article is copyright 2009 © by Dukes Media, LLC All rights reserved.

8 Comments

Filed under Anti-Malware Tools, Don't Get Hacked, Interconnectivity, Internet Safety, internet scams, Malware Advisories, Manual Malware Removal, Microsoft Patch Tuesday, Online Safety, Spyware - Adware Protection, System Security, trojans, Viruses, Windows Tips and Tools, worms

IE7 Vulnerability Now Being Exploited

explorer-advisory A number of Internet security providers, including McAfee, Trend Micro, and F-Secure are reporting that exploit code for the Internet Explorer 7 vulnerability, patched by Microsoft last week, is now circulating in the wild.

If you have not downloaded and applied this patch you should do so immediately. If you have Automatic Updates enabled on your computer, then this patch has already been applied. Careful users will verify that this patch, has in fact, been applied.

Security vendors have noted that emails which take advantage of this vulnerability, are now circulating on the net that have an attached MS Word document, which if opened, will allow a cybercriminal remote control over the now infected machine.

Consequences:

  • Loss of personal data.
  • Malicious application installation.
  • Possible botnet connection.

Given the abysmal state of Internet security, there is no doubt that unpatched systems will be attacked! Take the time to ensure your system has been updated correctly.

Minimum email security precautions:

  • Don’t open emails that come from untrusted sources.
  • Don’t run files that you receive via email without making sure of their origin.
  • Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web site designed to download malware onto your computer.

3 Comments

Filed under Browsers, Don't Get Hacked, Email, Interconnectivity, Internet Explorer, Internet Safety, Malware Advisories, Microsoft Patch Tuesday, Online Safety, Safe Surfing, Spyware - Adware Protection, System Security, trojans, Viruses, Windows Tips and Tools, worms

Internet Explorer 7 – Crucial Patch from Microsoft

windows_generic_v_web If you are still using IE 7 (start thinking FireFox), as your Internet browser in Windows XP or Vista, then you need to download and apply the MS09-002 patch from Microsoft, immediately.

This patch, released on February 11, 2009, protects against 2 critical vulnerabilities which according to Microsoft “could allow remote code execution if a user views a specially crafted web page using Internet Explorer”.

We have always recommended, on this site, that users ensure that Windows Automatic Update is enabled as a major step in maximizing operating system security. If you have updates enabled, this patch will be downloaded routinely.

If Windows Automatic Update is not enabled on your system, then you should logon to the update site and download and apply this patch immediately.

This critical patch was only one of four, released by Microsoft, on what has become known as “Patch Tuesday”. Microsoft’s Exchange Server, SQL Server, and Visio have also had patches released to shore up vulnerabilities.

FolderPermissions Regular readers of this site know that we have always recommended that users run with restricted privileges while surfing the internet.

This latest vulnerability in IE confirms, once again, the value in doing so.

According to Microsoft “users whose accounts are configured to have fewer user rights on the system, could be less impacted than users who operate with administrative user rights”.

If you are looking for hard data on the benefit of running as a standard user, then checkout these stats from a recent study conducted by BeyondTrust, an enterprise level software developer, which showed:

  • 69% of all published vulnerabilities of any severity could be mitigated by running as a standard user.
  • 92% of Microsoft critical vulnerabilities were mitigated
  • 94% of Microsoft Office vulnerabilities were mitigated
  • 89% of Internet Explorer vulnerabilities were mitigated
  • 53% of Microsoft Windows vulnerabilities were mitigated

So, if you have not made it a practice to run as a standard user while surfing the Internet, I have only one question for you – what are you waiting for?

2 Comments

Filed under Application Vulnerabilities, Browsers, Don't Get Hacked, Firefox, Interconnectivity, Internet Explorer, Internet Safety, Malware Advisories, Microsoft Patch Tuesday, Online Safety, Safe Surfing, Software, Spyware - Adware Protection, System File Protection, System Security, Windows Tips and Tools

Massive Patch Tuesday – 28 Vulnerabilities Patched

There are currently 28 vulnerabilities in unpatched Microsoft Windows, Internet Explorer and Microsoft Office, that could allow cyber-criminals to launch malicious attacks on your computer.

On Patch Tuesday, December 9, 2008, Microsoft released security patches to address these issues.

Vulnerability issues and the corresponding patches:

MS08-070 (critical; 6 vulnerabilities fixed): This update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls), which could allow remote code execution if a user browsed a Web site that contains specially crafted content.

MS08-071 (critical; 2 vulnerabilities fixed): This update resolves two privately reported vulnerability in Windows, which could allow remote code execution if a user opens a specially crafted WMF image file.

MS08-072 (critical; 8 vulnerabilities): This update resolves eight privately reported vulnerabilities in Microsoft Office, which could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file.

MS08-073 (critical; 4 vulnerabilities fixed): This update resolves four privately reported vulnerabilities in Internet Explorer, which could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

MS08-074 (critical; 3 vulnerabilities): This update resolves three privately reported vulnerabilities in Microsoft Office, which could allow remote code execution if a user opens a specially crafted Excel file.

MS08-075 (critical; 2 vulnerabilities): This update resolves two privately reported vulnerabilities in Windows, which could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL.

MS08-076 (important; 2 vulnerabilities): This update resolves two privately reported vulnerabilities in Windows, which could allow remote code execution.

MS08-077 (important; 1 vulnerability): This update resolves one privately reported vulnerability in Microsoft Office SharePoint, which could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack could result in denial of service or information disclosure.

It is not an overstatement to say; an unpatched Windows system is an invitation to disaster. If you have Windows Update turned on you’re covered, if not, I highly recommend that you download manually immediately.

Updated December 12, 2008:

The details being published about this weeks IE 0-day is incorrect and
insufficient to protect users, read more:
http://secunia.com/blog/38/

The updated Secunia Advisory is available here:
http://secunia.com/advisories/33089/

1 Comment

Filed under Application Vulnerabilities, Don't Get Hacked, Interconnectivity, Internet Safety, Malware Advisories, Microsoft Patch Tuesday, Spyware - Adware Protection, Windows Tips and Tools