Tuesday, November 9, 2010

Microsoft Patch Tuesday - November 2010

November is a fairly light month for Microsoft patches which include 3 security bulletins addressing a total of 11 vulnerabilities. A critical vulnerability affects Microsoft Office when handling RTF (rich text format) files in Word. Outlook fixes are addressed with the issue of the preview pane automatically displaying the contents of file attachments. The other bulletins cover issues with PowerPoint and Forefront Unified Access Gateway (UAG). 

However, the 0day vulnerability in IE6 & IE7 is not addressed. This vulnerability involves an issue with the browser’s token parsing of user-defined CSS (Cascade Styling Sheet). It is recommended to upgrade to IE 8 where DEP (Data Execution Prevention) is on by default. The vulnerability exists in IE8 but DEP prevents the vulnerability to actually be exploited. Users should also be able to manually turn on DEP in IE6 & IE7 and there are other work-arounds available from Microsoft here: http://support.microsoft.com/kb/2458511

Microsoft’s official summary of November releases:

Breakdown of this month’s Microsoft Patches:

·       1.  MS10-087 – Microsoft Office | Remote Code Execution - KB 2423930 | Critical
(Replaces MS10-003 MS10-036)

A total of 5 vulnerabilities exist in both Windows and Mac OS X versions of Microsoft Office. These vulnerabilities include the ability for a buffer overflow attack utilizing the processing of RTF documents.

·       2.   MS10-088 – Microsoft PowerPoint | Remote Code Execution - KB 2293386 | Important
(Replaces MS10-004, MS10-036, MS09-017)

2 vulnerabilities in Microsoft PowerPoint exist in Windows Office XP, Office 2003, and Office 2004 for Mac. A user’s system is compromised when they open a malicious PowerPoint file.

·        3. MS10-089 – Forefront Unified Access Gateway (UAG) | Privilege Escalation - KB 2316074 | Important  
4 Vulnerabilities in Forefront Unified Access Gateway (UAG) are addressed which include a URL redirection flaw that allows attackers to redirect users to malicious websites.

Tuesday, October 12, 2010

Microsoft Patch Tuesday - October 2010

Microsoft has broken their own record for vulnerabilities fixed previously set from October 2009. They have released security patches fixing a whopping 81 vulnerabilities (including an out-of-band patch) beating their record last year. Several of these vulnerabilities were 0day. 1 of 2 struxnet 0day vulnerabilities have been fixed. IE 6-8 (10 vulnerabilities fixed) even under the newer IE7 and IE8 versions. MRT (Malicious Software removal tool) tool was updated to detect Zeus Trojan that deals with capturing user’s credentials for online banking. 

To access MRT: (start - run - type: "mrt" )

Breakdown of this month’s Microsoft Patches:

1.      1.  MS10-071 – Internet Explorer | Remote Code Execution - KB 2360131 | Critical
(Replaces MS10-053)
(XP, Vista, 7)/Important (2003, 2008, 2008 R2)

A total of 10 vulnerabilities in IE6, IE7, & IE8 on almost all Windows platforms are addressed in this bulletin.

2.    2.   MS10-072 –SharePoint / IE - HTML Sanitization | Information Disclosure - KB 2412048 | Important
(Replaces MS10-039 )
Important (SharePoint Services 3, SharePoint Foundation 2010, Office Web Apps, Office SharePoint Server 2007, Groove Server 2010)
o   CVE-2010-3324

2 vulnerabilities of which allow for cross-site scripting (XSS) attacks in Microsoft SharePoint with an issue with HTML sanitization. 

3.      3. MS10-073 – Kernel Mode Drivers | Privilege  Elevation - KB 981957 | Important  
(Replaces MS10-048 )
(XP, Vista, 7, 2003, 2008, 2008 R2)

3 privilege escalation vulnerabilities, including CVE-2010-2743 – involving with Stuxnet malware.

4.      4.  MS10-074 - Foundation Classes | Remote Code Execution - KB 2387149 | Moderate
o   (Replaces MS07-012 )
(XP, Vista, 7, 2003, 2008, 2008 R2)
     A buffer overflow in the MFC libraries.

·         MS10-075 - Media Player Network Sharing Service | Remote Code Execution - KB 2281679
Critical (7)/Important (Vista)
o   CVE-2010-3225

The vulnerability could allow remote code execution if an attacker sent a specially crafted RTSP packet to an affected system. However, Internet access to home media is disabled by default. In this default configuration, the vulnerability can be exploited only by an attacker within the same subnet.

2.    6.   MS10-076 - OpenType Font Engine | Remote Code Execution - KB 982132 | Critical
(XP, Vista, 7, 2003, 2008, 2008 R2)
o   CVE-2010-1883

A vulnerability in the embedded TruType font that was originally disclosed to TippingPoint via the Zero Day Initiative (ZDI) program on June 23, 2010.

3.     7.  MS10-077 - .NET Framework | Remote Code Execution - KB 2160841 | Critical
(XP, Vista, 7, 2003, 2008, 2008 R2)
o   CVE-2010-3228

This security update resolves a privately reported vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs).

The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario.

4.   8.    MS10-078 - OpenType Font (OTF) | Privilege  Elevation - KB 2279986 | Important
(XP, 2003)
o   CVE-2010-2741

This security update resolves two privately reported vulnerabilities in the Windows OpenType Font (OTF) format driver. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted OpenType font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

5.     9.  MS10-079 -  Word | Remote Code Execution - KB 2293194 | Important
(Replaces MS09-068 MS10-056 )
(Office XP, Office 2003, Office 2007, Office 2010, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Office Compatibility Pack for Office 2007, Microsoft Word Viewer, Office Web Apps)
o   CVE-2010-3216

Fixes 11 vulnerabilities in Microsoft Word. The vulnerabilities could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.

6.   10.   MS10-080 – Excel | Remote Code Execution - KB 2293211 | Important
(Replaces MS10-038 MS10-057 )
(Office XP, Office 2003, Office 2007, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Excel Viewer, Office Compatibility Pack for Office 2007)
o   CVE-2010-3239

Fixes 13 vulnerabilities in Microsoft Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file or a specially crafted Lotus 1-2-3 file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user.

7.    11.   MS10-081 - Comctl32 | Remote Code Execution - KB 2296011 | Important
(XP, Vista, 7, 2003, 2008, 2008 R2)
o   CVE-2010-2746

The vulnerability could allow remote code execution if a user visited a specially crafted Web page. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.

8.     12.  MS10-082 - Windows Media Player | Remote Code Execution - KB 2378111 | Important
(Replaces MS10-027 )
Critical (XP, Vista, 7, 2003) & Moderate - (2008, 2008 R2)
o   CVE-2010-2745

A vulnerability in Windows Media Player affecting Windows XP/Vista, Windows 7, and Windows Server 2003/2008 allows for remote code execution if Windows Media Player opened specially crafted media content hosted on a malicious Web site.

9.    13.   MS10-083 - Internet Explorer | Remote Code Execution                - KB 2405882 | Important
(XP, Vista, 7, 2003, 2008, 2008 R2)
o   CVE-2010-1263

Fixes a vulnerability in Wordpad and the Windows shell that allows remote code execution. The vulnerability could allow remote code execution if a user opens a specially crafted file using WordPad or selects or opens a shortcut file that is on a network or WebDAV share.

    14.   MS10-084 - Windows Local Procedure Call | Privilege Escalation- KB 2360937 | Important
(Replaces MS10-066 )
(XP, 2003)
o   CVE-2010-3222

A stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) allowing for local privilege escalation. This security update is rated Important for all supported editions of Windows XP and Windows Server 2003. All supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.

1   15.   MS10-085 – Schannel, IIS | Denial of Service - KB 2183461 | Important
(Replaces MS10-049 )
(Vista, 7, 2008, 2008 R2)
o   CVE-2010-3229

Denial of service vulnerability in ISS web servers running SSL. The vulnerability could allow denial of service if an affected system received a specially crafted packet message via Secure Sockets Layer (SSL). By default, all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are not configured to receive SSL network traffic.

     16.  MS10-086 - Windows Shared Cluster Disks | Tampering - KB 2294255 | Moderate
(2008 R2)

A vulnerability in the disk clustering services creates backup volumes that allow everyone to read, edit or delete files. This could leave the door wide open to attackers or insiders looking for information that has been protected by file system permissions.

Out-of-Band Security Update since September's Patch Tuesday
·         MS10-070 - ASP.Net | Information Disclosure - KB2418042 | Critical
o   2416447 
o   2416473 
o   2416474 
o   2416754 
o   2418240 
o   2418241
o   2416451 
o   2416468
o   2416469
o   2416470
o   2416471
o   2416472
o   2431728

This security update resolves a publicly disclosed vulnerability in ASP.NET. The vulnerability could allow information disclosure. An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server. Microsoft .NET Framework versions prior to Microsoft .NET Framework 3.5 Service Pack 1 are not affected by the file content disclosure portion of this vulnerability.

 Other Updates & News

Oracle Java update
v.6 update 22
fixed 29 security vulnerabilities
fixed TLS/SSL renegotiation hole - their own implementation of the protocol was not fixed yet
fixed root CA and various other issues

Foxit Reader 4.2
Many switch from Adobe Reader to Foxit Reader which is less weight
Buffer-overflow issue - file containing over 512 characters, will crash the reader, which potentially opens the door to buffer-overflow

Facebook has added one-time password support
Purpose to login using a one-time password on a system you do not control and question the system’s security environment (such as the possibility of having keyloggers, etc)

txt string otp to number 3265 will receive a one-time password that expires after 20 minutes.

Must register cellphone number to facebook account.

Agreement has been made and the UAE and RIM pertaining to banning Blackberry cell phone technology in the UAE

Saudi Arabia and India has backed down as well.

RIM’s technology is strongly encrypted to the point where no ease-dropping or man-in-the-middle session can not be taken place.

What changed though for both the UAE and RIM to come into an agreement? RIM will not disclose stating that it is proprietary information.

Amazon Kindle
Jailbroken Kindles can run Zork from Infocon.

Thursday, September 23, 2010

PC Repair: Slow PC & Testing Memory with Memtest86+ v4.00

For those having computer issues call (616) 828-1353 or email: support@GoDigitalDesigns.com for a free quote or to schedule a free computer / IT assessment in the greater Grand Rapids, MI area today. There is no obligation with our quotes and we guarantee our service along with standard 10 or extended 30 day warranty! Same and next day service available!

I recently performed a free computer assessment for a new home customer. They were struggling for the past year with their desktop performing extremely slow. They told me that they have taken it to several places about the slowness issue including BestBuy's GeekSquad and a local computer guy in their area. Every time they got their PC back from servicing it would be slow again.

But what was slow? I wanted to dig deeper into their issue. They told me it was everything - Internet browsing, general computer functionality, the whole bit. 

Their PC was an old Compaq Presario from 2004 with a 2.8GHz Intel Celeron processor and only 512MB of memory. Right then I knew that 512MB RAM was too little to do anything with a resource hungry operating system such as Windows and all of their newer applications they were running that are mostly meant for newer computers. A bloated McAfee Antivirus was utilizing 14-16% of the CPU every time you want to touch a single file (making that loud hard drive "thinking noise" most people describe. There were a few other bloated applications that probably were also not playing well with the small amount of resources the system could provide it. Going further their ISP was giving them 1.19MB/s download and 0.59MB/s upload bandwidth - but that was because of their remote area. However, all of these factors contributed to the PC's slowness.

First thing I wanted to do was get the computer filled with more memory. When I'm talking about memory I'm talking about Random-Access Memory (RAM) which is the main memory in personal computers, workstations, and all the way up to servers.
First thoughts was this was obviously a 32-bit system and could only utilize a max of 3.3-ish GB of RAM. Looking inside the box I saw only the ability for two RAM modules with one slot already having a 512MB module. I researched the motherboard specs MS-6577 v4.1 which told me that the BIOS could support a maximum of 2GB with PC2700/2100 (333MHz/266MHz) compatible RAM. However, looking into the actual specs for the computer listed by Compaq (HP) said that the BIOS only supported up to 1GB. Getting mixed results I ended up ordering (2) 512MB and (2) 1GB memory sticks from my vendor.

While waiting a couple days for shipping I was thinking more outside the box. The customer told me that they use their computer only for Web surfing, email, and occasional world processing. I asked them if they use or see themselves using that specific PC for anything else (Microsoft only applications). So over the phone I began talking about the benefits of none other than the Linux distribution of Ubuntu!
In a brief summary I told the customer that Ubuntu uses system resources much more efficiently than Windows, it will be more secure and stable than Windows XP without much of any learning curve aside from getting use to use a different user-friendly operating system. They can browse the Internet and check their web mail with Mozilla Firefox along with using OpenOffice.org's word processor. I kept the conversation basic as I could imagine it would be hard to grasp something like that over the phone and not visually see it. Non the less I was not about to get to technical about Ubuntu such as that Ubuntu 10.04.1 (the version I would install) uses EXT4 file system and unlike Windows with NTFS file system, EXT4 doesn't need to be defragmented!

Today UPS arrived with the memory. First thing I did was take out the old 512MB stick and put in two of the 1GB sticks. I then went into the BIOS and changed the boot order of the machine to allow booting from CD-ROM first. I put in a copy of which turned out to be Ubuntu 10.04.1 Server. One of the options in the first menu of the disc was to "Test Memory" which uses Memtest86+ v4.00. This is a great way to test out the stability of the memory. Any errors at all even just one means you have faulty RAM. You could get by with installing an OS with the RAM and using the machine for a while but in time those couple or that single memory error could come back to haunt you. 

So I ran Memtest86+ on (2) 1GB sticks of PNY PC2700 (333MHz) RAM. Within only 4 minutes of running the test it showed back with errors. In order to better get an idea of which memory module was giving the errors I restarted to test with individual sticks to isolate the issue. The first stick showed errors again within 4 minutes time and the second one is still on the test with over 4hrs in its 5th pass. With this amount of time the module integrity is most likely completely fine. However, there are those out there who run the test overnight. In the past for me if I don't get any errors within the first 2-3 passes then I have always been fine.
So now I have to RMA the (1) 1GB PNY stick and exchange it for another. This has been disappointing but stuff like this does happen. I'm glad that I have a good vendor that allows me to have my own account manager to help me with any issue such as this.

Memtest86+ can be individually downloaded here. Otherwise I like to just use the "Test Memory" option in Ubuntu Live CDs.

For now I could start or wait for the other stick for installing Ubuntu with the good 1GB stick or I'm thinking about making it a dual boot system with Windows XP and Ubuntu 10.04.1 in case they ever would need windows in the future. All the customer really cares about is that they can get online. They realize that the computer is old but I promised them a good price to get their system up and running efficiently without have to spend more money in the near future to get a entirely new system. I hope to get a new working module of RAM through the weekend and have the system all setup by beginning of the week. I offered the customer a temportary replacement laptop to make up for the extra couple days with their PC while I'm wainting on my vendor for the replacement memory. I figured that was the best thing to do right now since many Auto dealerships will give you a loner while they give your vehicle. Just one of the ways Digital Designs LLC cares about our customers and if we take just longer than expected then we make the situation right.

What are your thoughts or experiences with slow computers (besides pure frustration)? What have you done personally to speed them up? Do you upgrade hardware or buy a new computer all together? If you buy a new computer what is your average upgrade cycle - 2, 4, or 5+years?