Tag Archives: Patch Tuesday

Microsoft’s Malicious Software Removal Tool Focuses On Families – Malware Families, That Is

imageLike it or not, (what’s not to like), you get scanned once a month – provided that is, you update your Windows OS on the second Tuesday of each month (fondly known as Patch Tuesday).

Malware comes, and malware goes. Not all malware of course, but the majority of malware doesn’t stick around very long – just a few days in many cases. Still, with upwards of 300,000 new malware samples every day (according to some estimates), AV solutions could soon be overrun in the race to keep pace with this onslaught. Luckily, malware can often be be grouped by families (malware with inherited characteristics), and that’s where Microsoft’s Malicious Software Removal Tool specifically, comes into play.

The Malicious Software Removal Tool, which is updated monthly, is included with Patch Tuesday’s Windows Update and once activated – runs in the background targeting specific, prevalent malware families. If an infection is found, the tool will remove the malware (hopefully), and provide a report on any actions taken.

A list of malicious software detected and cleaned by the Malicious Software Removal Tool is available here.

If you wish, you can download and then run this tool manually, as required. The latest edition of the tool is always available at the Microsoft Download Center.

System requirements: Windows 7, Windows Server 2003, Windows Vista, Windows XP

You might wonder as to why Microsoft would make a point of including this AV scanner as part of Windows update. Here’s why (in my view) – an astonishingly large number of users don’t have any security applications installed or, an installed AV solution’s databases is rarely (if ever) updated.

If you take issue with this statement (and that’s fair), then test it by asking a typical user friend/s to name their AV application; tell you the last time they updated the database and, if they recall the last time they ran a malware scan. I think you’ll be disappointed with the response.

A website worth taking note of: Microsoft Consumer Security Support Center.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Freeware, Malware Removal, Microsoft, Microsoft Patch Tuesday, Software, Windows Tips and Tools, Windows Update

Windows Patch Tuesday – April 2009

Microsoft released 8 security bulletins on Tuesday (April 14, 2009) to fix remote code execution and denial of service vulnerabilities.

windows_generic_v_web We have always recommended, on this site, that users ensure that Windows Automatic Update is enabled as a major step in maximizing operating system security.

It is not an overstatement to say; an unpatched Windows system is an invitation to disaster.

If you have updates enabled, patches will be downloaded routinely. Careful users will verify that patches, have, in fact, been applied.

If Windows Automatic Update is not enabled on your system, then you should logon to the MS update site and download and apply these patches immediately.

Vulnerability issues and the corresponding patches:

MS09-010/KB923561 – Important (XP, 2000, 2003): There are four bugs (two previously disclosed publically, two previously undisclosed) that affect a variety of word processing documents, that can allow remote code execution exploits to occur.

MS09-011/KB961373 – Critical (XP, 2000, 2003): This patch closes a hole that let attackers execute a remote code execution attack through MJPEG files; the bug is in DirectX 8.1 and 9.0x.

MS09-012/KB952004/KB956572 – Important (XP, Vista, 2000, 2003, 2008): This patch resolves four holes in Windows that have already been publically disclosed. The hole allows an attacker who is already logged onto the system to escalate their privileges and take full control of the system.

MS09-013/KB960803 – Critical (XP, Vista, 2000, 2003, 2008): This patch addresses three bugs in the Windows HTTP Services system; one of them allows remote code execution which allows an attacker to completely own a system. This is a “must patch” item for all Windows systems.

MS09-014/KB963027 – Critical (XP, Vista, 2000)/Important (2000, 2003): This is a cumulative security update for Internet Explorer 5, 6, and 7. Some of the fixes address already public bugs, some deal with privately disclosed exploits. You should install this patch immediately. Users with IE8 do not need this patch.

MS09-015/KB959426 – Moderate (XP, Vista, 2003, 2008)/Low (2000): This patch takes care of a problem with the Windows Search Path function that could enable an escalation of privileges.

6 Comments

Filed under Application Vulnerabilities, Don't Get Hacked, Malware Advisories, Microsoft Patch Tuesday, Spyware - Adware Protection, Windows Tips and Tools

Massive Patch Tuesday – 28 Vulnerabilities Patched

There are currently 28 vulnerabilities in unpatched Microsoft Windows, Internet Explorer and Microsoft Office, that could allow cyber-criminals to launch malicious attacks on your computer.

On Patch Tuesday, December 9, 2008, Microsoft released security patches to address these issues.

Vulnerability issues and the corresponding patches:

MS08-070 (critical; 6 vulnerabilities fixed): This update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls), which could allow remote code execution if a user browsed a Web site that contains specially crafted content.

MS08-071 (critical; 2 vulnerabilities fixed): This update resolves two privately reported vulnerability in Windows, which could allow remote code execution if a user opens a specially crafted WMF image file.

MS08-072 (critical; 8 vulnerabilities): This update resolves eight privately reported vulnerabilities in Microsoft Office, which could allow remote code execution if a user opens a specially crafted Word or Rich Text Format (RTF) file.

MS08-073 (critical; 4 vulnerabilities fixed): This update resolves four privately reported vulnerabilities in Internet Explorer, which could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

MS08-074 (critical; 3 vulnerabilities): This update resolves three privately reported vulnerabilities in Microsoft Office, which could allow remote code execution if a user opens a specially crafted Excel file.

MS08-075 (critical; 2 vulnerabilities): This update resolves two privately reported vulnerabilities in Windows, which could allow remote code execution if a user opens and saves a specially crafted saved-search file within Windows Explorer or if a user clicks a specially crafted search URL.

MS08-076 (important; 2 vulnerabilities): This update resolves two privately reported vulnerabilities in Windows, which could allow remote code execution.

MS08-077 (important; 1 vulnerability): This update resolves one privately reported vulnerability in Microsoft Office SharePoint, which could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack could result in denial of service or information disclosure.

It is not an overstatement to say; an unpatched Windows system is an invitation to disaster. If you have Windows Update turned on you’re covered, if not, I highly recommend that you download manually immediately.

Updated December 12, 2008:

The details being published about this weeks IE 0-day is incorrect and
insufficient to protect users, read more:
http://secunia.com/blog/38/

The updated Secunia Advisory is available here:
http://secunia.com/advisories/33089/

1 Comment

Filed under Application Vulnerabilities, Don't Get Hacked, Interconnectivity, Internet Safety, Malware Advisories, Microsoft Patch Tuesday, Spyware - Adware Protection, Windows Tips and Tools