Posts tagged Computer

Security Bulletin – Windows Help system Hack

Jul 2nd

As some of you may have read in the press (http://news.bbc.co.uk/1/hi/technology/10473495.stm) there is currently a major security vulnerability in the Windows Help system that is currently being exploited by hackers to take control of PCs worldwide. Once they have control obviously they use the PCs for all kinds of nastiness. This vulnerability exists whether or not you use any of the Microsoft help functions which use the HPC protocol.

Over the course of this week Krayatec have been deploying to all of our clients a fix for this issue via automatic log in scripts. This means that if you have restarted your computer every night and are on a managed domain you will already be protected. If you do not have domain control on your site, we will be calling you shortly to manually apply the fix.

I have written a custom automated script to do this which can be found here : http://www.kraya.co.uk/downloads/xpfix.zip Simply download, save and run the enclosed xpfix.bat file. It takes less than a second and once completed you see a black screen saying “Krayatec XP HCP Protocol fix applied”.

There is also a fully bloated Microsoft Windows XP MSI which can be downloaded from the Microsoft KB2219475 article page here http://support.microsoft.com/kb/2219475

We would recommend that all users also apply the “Microsoft Fix it update 50459”, either via the Microsoft site or our automated script to all Windows XP computers at home and work as soon as possible.

It should be noted that whilst Anti-virus and Ant-Spyware software may detect some of the “nasties” hackers might try to install on your computer, they will not prevent this problem. To do secure your computer and prevent this vulnerability being exploited, you must run the above script.

As always if you have any questions or concerns please do not hesitate to call.

More detailed Technical Info:

On the 10th of June 2010, Microsoft announced that it was investigating new public reports of a vulnerability in the Windows Help and Support Center function of Windows XP and Windows Server 2003. The vulnerability could allow a remote attacker to use the HCP protocol to remotely execute code on any Windows XP or Windows Server 2003 computer if a user views a specially crafted web page. At this time Microsoft stated that it was aware of a proof-of-concept exploit code and limited, targeted active attacks that use this exploit code.

Subsequently Microsoft and a number of security vendors have reported wide spread attacks in the wild using this exploit to deliver a number of different malicious payloads as reported on the BBC link above.

The custom script linked above closed this vulnerability be de-registering the HCP Protocol on the computer, hence a remote attacker is not able to use the Microsoft Windows Help and Support Center function to attack the computer. This is done by deleting the HKEY_CLASSES_ROOT\HCP registry key. The old registry key is backed up to HCP_Protocol_Backup.reg incase (of reasons unknown) you decide you want to re-enable this feature.

.bat, 2219475, 50459, Ant-Spyware, anti-virus, applied, article, automated, automated script, automatic, bloated, Computer, control, custom, deploying, detect, domain, download, exploit, exploited, file, fix, Fix it, hackers, help, help functions, HKEY_CLASSES_ROOT\HCP, home, HPC, HPC protocol, issue, KB2219475, key, KrayaTec, log in scripts, Major, Microsoft, Microsoft Fix it, Microsoft windows, MSI, PC, press, prevent, problem, protected, Registry, registry key, restarted, run, save, Script, Security, software, Stephen ramsay, system, update, Vulnerability, windows XP, work, XP, XP HPC Protocol

Service Alert – Volcanic Ash & Computers

Apr 16th

Posted by stephen in Kraya

3 comments

As I am sure everyone is aware volcanic ash from the volcano in Iceland is causing major air travel disruption at this time as volcanic ash and planes do not mix. Similarly, volcanic ash and computers do not mix. We are seeing fine particulates falling to ground level just now and these combined with the larger particles we expect to see in the near future will cause issues for computers, servers, other electronic equipment and their cooling systems.

The cooling fans in computers work very much like a vacuum and vacuum up dust and everything else in the air around them including the volcanic ash particles. Whilst it is not something to panic over, all computer users should think about takeing the following action particularly if it gets worse:

Please do what you can to keep rooms in which you are using computers as free from ash as you can.
Please do not leave the windows open as the room will just fill with these tiny particulates
Listen to the computers fans. If you notice a change in the tone or noise they make, please call us.
Look at the air intake grills on the back of the computer, if they begin to clog up, please call us.

If you have any questions please call us. If you what to check what level of ash is falling in your area, place a clean white piece of paper outside and leave it for a few hours, then have a look at what has accumulated on it. There will be some very very fine dust. I don’t know what will happen over the next few days but this may increase.

Please do not try and clean your computers yourself as you may just push the finer particulates deeper into the fan bearings. We have specialist equipment for this kind of job and if necessary can send someone to your office to clean the computers and servers.

accumulated, Air, around, Ash, bearings, cause, change, Cleaning, clog, closed, Computer, computers, cooling, Disruption, dust, electronic, equipment, falling, fan, Fans, fine, future, grills, ground level, hover, Iceland, intake, issues, larger, Major, Notice, open, outside, paper, particles, Particulates, Planes, rooms, seeing, Server, servers, service, specialist, systems, tiny, tone or noise, Travel, up, Volcanic, Volcanic ash, Volcanic ash Partials, volcano, Warning, Windows

Adobe update – excessive traffic to ardownload.adobe.com

Dec 16th

Posted by stephen in Rants

No comments

Adobe has not been without its problems of late, and whilst there have been security issues that could have lead to losses, so far none of our clients have suffered financially from Adobe’s failings. Until now that is.

One of our Clients had their ADSL cut off this week as they had exceeded the usage policy. Why? Adobe Update Manager on one Windows XP PC had decided to download over 70GB of data over the course of a 7 day period. It would appear that it was getting itself in a loop and just kept trying to update continuously, 70GB worth of continuously.

The Adobe website serves the update MSI binary files as content type Text/Plain, the Adobe Update client has a very short timeout and immediately opens another connection to re-start the download. Hence if there is a slow connection or the caching server does not return the whole file in a timely manner the Adobe Update client enters the infinite loop of retries, causing the excessive bandwidth consumption witnessed here.

There are several forum threads including on Adobe’s own site http://forums.adobe.com/thread/392129 all linking this issue to a conflict between and old version of WebMarshall and Adobe updater; however our machines do not use WebMarshall and we do not have it installed anywhere on our networks.

We do however use Squid caching on our CentOS 5 servers. The server in this instance seems to be fulfilling the requests on each occasion in a timely manner – the issue is that each time Adobe updater passes a URL it is different in key areas, which Squid interprets as a separate request. This is not abnormal and we have seen this before when we have tried to configure squid to cache Windows updates. However rather than enter a loop of requests, Windows updates simply fail. Other automatic updaters work well with caching systems and indeed most ISPs are now implementing different forms of web caching on their own networks. Dose this mean the Adobe issue is affecting them in the same way?

The issue seems to only affect PCs (or at least we have seen no affected Mac users as yet), and it also seems to affect most Adobe products.

For now Adobe and the ISPs have remained quiet on the issue, however we have 3 other clients (and my own home ADSL ) who cannot update Adobe at all, access to ardownload.adobe.com appears to have been blocked by the ISP. Quite when the Adobe update issue will be resolved is unknown; however we have also taken the decision to block access to ardownload.adobe.com from all of our networks, for the moment.

Richard, one of our Systems Admin Team has published a more detailed account of the technicalities involved here: http://richard.blog.kraya.co.uk/2009/12/16/a-big-adobe-problem/

abnormal, Adobe, Adobe products, Adobe update, Adobe Update client, Adobe Update manager, adobe updater, Adobe website, Adobe’s, ADSL, Apple, ardownload.adobe.com, automatic, bandwidth, bandwidth consumption, block, blocked, cache, caching, caching system, CentOS, CentOS 5, CentOS 5 servers, Clients, Computer, configure squid, conflict, connection, continuously, Cut off, data, download, exceeded, excessive, excessive bandwidth consumption, fail, failings, financially, fix resolve, GB, immediately, infinite loop, ISP, IT, Kraya, KrayaTec, loop, loop of requests, Mac, MSI binary files, PC, problems, resolved, retries, security issues, Server, serves, slow, Squid, Squid caching, Stephen, Stephen ramsay, suffered, support, timeout, to ardownload.adobe.com, traffic, update, update Adobe, update continuously, update MSI binary files, updater, updaters, Updates, URL, usage, users, web caching, Web Marshall, WebMarshall, Windows, Windows updates, XP

Apple Security Update

May 14th

Posted by stephen in Apple

No comments

Apple have today issued a massive set of security updates for Mac OS X update to correct total of 67 security vulnerabilities. The unexpected and abrupt Apple Patch issue also includes patch to fix a number of security flaws in Safari Web browser on both Mac OS X and Microsoft Windows.

The OS X update fixes security vulnerabilities and flaws in a total of 31 different Apple components, including issues in open-source packages used by Apple. The updates also fix code execution vulnerabilities in several pieces of apple software. These are very similar to the vulnerabilities seen in Adobe and Microsoft products.

The detailed list of affected software, components is shown below and more information can be found on Apple’s support site. For ease of understanding I have combined a few of these into one.

An Important phrase you will get to know is ” may lead to execution of malicious code” this essentially means attackers could run a program on your computer that allows them to, well do anything they like, from taking note of your bank details to reeking havoc with your system configuration.

APPLE-SA-2009-05-12 Security Update 2009-002 / Mac OS X v10.5.7

Apache CVE-2008-2939
Affected: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Details: An input validation issue exists in Apache’s handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in an attack.

Apache CVE-2008-2939
Affected: Mac OS X v10.5, v10.5.6 & Mac OS X Server v10.5, v10.5.6
Details: Visiting a malicious website may allow an attack to run a malicious program.

Apache CVE-2008-0456
Affected: Mac OS X v10.5, v10.5.6 & Mac OS X Server v10.5, v10.5.6
Details: Web sites that allow users to control the name of a file may be vulnerable to redirection the user to a different file without the users knowledge by forging the malicious file name. Thus tricking users into opening malicious content.

ATS CVE-2009-0154
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Viewing or downloading a document containing a maliciously
crafted font may lead to execution of malicious code.

BIND CVE-2009-0025
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: BIND is susceptible to a spoofing attack, were one website pretends to be another, if configured in a certain way using OpenSSL. A maliciously crafted security certificate could bypass the validation, which may lead to a spoofing attack.

CFNetwork / Safari CVE-2009-0144
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Safari and other Applications that use CFNetwork may send secure cookies unexpectedly over a unencrypted connection. Systems prior to Mac OS X v10.5 are unaffected.

CFNetwork / Safari CVE-2009-0157
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Visiting a malicious website may lead to an application terminating unexpectedly or malicious code execution. Systems prior to Mac OS X v10.5 are not affected.

CoreGraphics CVE-2009-0145, CVE-2009-0155
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Opening a maliciously crafted PDF file may lead to an application terminating unexpectedly or malicious code execution.

CoreGraphics CVE-2009-0146, CVE-2009-0147, CVE-2009-0165
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an application terminating unexpectedly or malicious code execution.

Cscope CVE-2009-0148
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Processing a maliciously crafted source file with Cscope may lead to an application terminating unexpectedly or malicious code execution.

CUPS CVE-2009-0164
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Visiting a maliciously crafted web site may lead to unauthorized access of the Web Interface of the printing service. This may allow a maliciously crafted website to start and stop printers, and access information about printers and jobs and even print documents.

Disk Images CVE-2009-0150, CVE-2009-0149
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Mounting a maliciously crafted disk image may lead to an application terminating unexpectedly or malicious code execution.

Enscript CVE-2004-1184, CVE-2004-1185, CVE-2004-1186, CVE-2008-3863
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Multiple vulnerabilities in enscript which may lead to malicious code execution.

Flash Player plug-in CVE-2009-0519, CVE-2009-0520, CVE-2009-0114
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Multiple issues exist in the Adobe Flash Player plug-in, when viewing a maliciously crafted web site these may lead to malicious code execution.

Help Viewer CVE-2009-0942, CVE-2009-0943
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: A maliciously crafted Apple “help:” page may be used to invoke AppleScript files, which may lead to malicious code execution.

Ichat CVE-2009-0152
Affected: Mac OS X v10.5 – v10.5.6,Mac OS X Server v10.5 – v10.5.6
Details: iChat can use Secure Sockets Layer (SSL) for AOL Instant Messenger and Jabber accounts. If iChat is unable to connect it will authenticate via plain text (non secure) methods until SSL is manually re-enabled. A remote attacker with the ability to observe network traffic may observe the contents of AOL Instant Messenger conversations.

International Components for Unicode CVE-2009-0153
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Maliciously crafted content may bypass website filters and result in malicious code execution.

IPSec CVE-2008-3651, CVE-2008-3652
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Multiple vulnerabilities and memory leaks exist in the racoon daemon in ipsec-tools which may lead to a denial of service.

Kerberos CVE-2009-0845, CVE-2009-0846, CVE-2009-0847, CVE-2009-0844
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: An attacked could send maliciously crafted authentication information or an encoded message which may lead to a denial of service of a Kerberos-enabled program

Kernel CVE-2008-1517
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: An issue exists which may lead to a local user obtaining system privileges or to an unexpected system shutdown. This vulnerability may also allow malicious code execution with Kernel privileges.

Launch Services CVE-2009-0156
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Downloading a maliciously crafted Mach-O executable (application) may cause Finder to repeatedly terminate and relaunch.

Libxml CVE-2008-3529
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Visiting a maliciously crafted website may lead to an application terminating unexpectedly or malicious code execution.

Net-SNMP CVE-2008-4309
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: A remote attacker may terminate the operation of the SNMP service by sending specificity crafted messages.

Network Time CVE-2009-0021, CVE-2009-0159
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Network Time is susceptible to a spoofing attack if NTP authentication is enabled. Once spoofing has take place a remote NTP server could maliciously execute code.

Networking CVE-2008-3530
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: When IPv6 support is enabled, A remote user may be able to cause an unexpected system shutdown.

OpenSSL CVE-2008-5077
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: An attacked could use a man-in-the-middle attack and be able to impersonate a secure trusted server or user in applications using OpenSSL for SSL certificate verification. Permiting an attacker to capture information the user thought was secure.

PHP CVE-2008-3659, CVE-2008-2829, CVE-2008-3660, CVE-2008-2666,CVE-2008-2371, CVE-2008-2665, CVE-2008-3658, CVE-2008-5557
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Multiple vulnerabilities in PHP which may lead to malicious execute code.

QuickDraw Manager CVE-2009-0160, CVE-2009-0010
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Opening a maliciously crafted PICT image may lead to an application terminating unexpectedly or malicious code execution.

Ruby CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2009-0161
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Multiple vulnerabilities exist in Ruby 1.8.6 including the fact that Ruby programs may accept revoked or invalid security certificates as genuine.

Safari CVE-2009-0162
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Multiple input validation vulnerabilities exist in Safari’s handling of “feed:” URLs. Accessing a maliciously crafted “feed:” URL may lead to malicious code execution.

Spotlight CVE-2009-0944
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Downloading a maliciously crafted Microsoft Office file may lead to an application terminating unexpectedly or malicious code execution.

system_cmds
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: The “login” command starts an interactive shell after a local user is authenticated. The priority level for the interactive shell is reset to the system default, which can cause the shell to run with an unexpectedly high priority and authorization level.

telnet CVE-2009-0158
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an application terminating unexpectedly or malicious code execution.

WebKit CVE-2009-0945
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Visiting a maliciously crafted website may lead to an application terminating unexpectedly or malicious code execution.

X11 CVE-2006-0747, CVE-2007-2754, CVE-2008-2383, CVE-2008-1382, CVE-2009-0040
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Multiple vulnerabilities exist in FreeType v2.1.4 & v2.3.8, the most serious of which may lead to an application terminating unexpectedly or malicious code execution when processing a maliciously crafted font. Displaying maliciously crafted data within an xterm terminal may also lead to malicious code execution. Further vulnerabilities exist in libpng version 1.2.26, the most serious of which may also lead to arbitrary code execution.

Security Update 2009-002 / Mac OS X v10.5.7 may be obtained from the Software Update pane in System Preferences, or Apple’s Software Downloads web site: http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2009-002 or Mac OS X v10.5.7.

10.5, 10.5.6, 2.0.63, abrupt, accept revoked certificate, Adobe, Adobe Flash, Adobe Flash Player plug-in, AIM, AOL Instant Messenger, Apache, Apache 2.0, Apache 2.2, Apache 2.2.11, Apache 2.2.9, Apache patch, Apple, Apple components, Apple Kernel, apple macintosh, Apple Patch issue, Apple Product Security, Apple Safari, apple software, Apple Type Services, APPLE-SA-2009-05-12, AppleScript files, application termination, arbitrary, arbitrary code execution, ASN.1 encoded message, ATS, attackers, authentication packet, bank details, BIND, boot, bypass, Cascading Style Sheets, CFF, CFNetwork, Code, code execution, code execution vulnerabilities, command, Compact Font Format, components, Computer, containing, contents, conversations, CoreGraphics, crafted, cross-site scripting, Cscope, CUPS, CUPS 1.3.9, CUPS Web Interface, CVE-2004-1184, CVE-2004-1185, CVE-2004-1186, CVE-2006-0747, CVE-2007-2754, CVE-2008-0456, CVE-2008-1382, CVE-2008-1517, CVE-2008-2371, CVE-2008-2383, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3443, CVE-2008-3529, CVE-2008-3530, CVE-2008-3651, CVE-2008-3652, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-3790, CVE-2008-3863, CVE-2008-4309, CVE-2008-5077, CVE-2008-5557, CVE-2009-0010, CVE-2009-0021, CVE-2009-0025, CVE-2009-0040, CVE-2009-0114, CVE-2009-0144, CVE-2009-0145, CVE-2009-0146, CVE-2009-0147, CVE-2009-0148, CVE-2009-0149, CVE-2009-0150, CVE-2009-0152, CVE-2009-0153, CVE-2009-0154, CVE-2009-0155, CVE-2009-0156, CVE-2009-0157, CVE-2009-0158, CVE-2009-0159, CVE-2009-0160, CVE-2009-0161, CVE-2009-0162, CVE-2009-0164, CVE-2009-0165, CVE-2009-0519, CVE-2009-0520, CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847, CVE-2009-0942, CVE-2009-0943, CVE-2009-0944, CVE-2009-0945, CVE-2009-0946, CVE-ID, DECRQSS, denial of service, disk image, Disk Images, DNS rebinding attack, DNS Security Extensions, DNSSEC, document, downloading, DSA certificate, embedded, enscript, execution, exists, feed:, Finder, flash, Flash Player, Flash Player plug-in, font, fonts, forgery, FreeType v2.1.4, FTP proxy requests, havoc, Help Viewer, HTTP requests, HTTP response injection, iChat, iChat AIM, ICMPv, Instant Messenger, Intel, IPSec, IPv4, IPv6, issue, issues, Jabber, JavaScript, JBIG2 stream, Kerberos, Kernel, Kernel privileges, Launch Services, libxml, Mac, Mac OS, Mac OS X, Mac OS X Server, Mac OS X Server v10.4, Mac OS X Server v10.4.11, Mac OS X Server v10.5, Mac OS X Server v10.5.6, Mac OS X v10.4.11, Mac OS X v10.5, Mac OS X v10.5.5, Mac OS X v10.5.6, Mac OS X v10.5.7, Mach-O executable, Macintosh, malicious, malicious website, maliciously, maliciously crafted, maliciously crafted PDF, may lead to, may lead to execution of malicious code, memory corruption, Microsoft, Microsoft Office, Microsoft Office Spotlight Importer, Microsoft windows, Multiple vulnerabilities, Net-SNMP, network, Network Time, NTP authentication, ntpq, observe, obtain system privileges, open-source packages, OpenSSL, Packet Too Big, patch, Patch issue, PDF, PDF file, PHP, PICT image, plaintext, Player, plug-in, PowerPC, preference, Product Security, program, proxy, QuickDraw, QuickDraw Manager, racoon daemon, ramsay, reboot, reeking havoc, relaunch, remote attacker, repeatedly, Require SSL, revoked certificate, ruby, Ruby 1.8.6, SA-2009-05-12, Safari, Safari Web browser, secure cookies, Secure Sockets Layer, Security, security flaws, security update, security updates, security vulnerabilities, shutdown, Smug, source file, spoofing, spoofing attack, Spotlight, SSL, SSL certificate verification, Stephen, Stephen ramsay, susceptible, system configuration, telnet, TELNET server, terminate, traffic, unauthorized access, unencrypted, unencrypted HTTP requests, unexpected, unexpected application termination, v10.4.11, v10.5, v10.5.5, v10.5.5Mac OS X Server v10.5.5, v10.5.6, v10.5.7, validation, Viewing, Visiting a maliciously crafted web site, Vulnerabilities, Vulnerability, vulnerable, Web Interface, WebKit, website, Windows, X, X11, xterm, xterm terminal

Update on Vulnerabilities in PowerPoint

May 13th

Posted by stephen in Security

No comments

At the begining of April Microsoft released a security Bulletin advising of vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution (967340)

Today they issued a new update which resolves this vulnerability in Microsoft Office PowerPoint. If a user opened a specially crafted PowerPoint file, the attacker could potentially take complete control of the users system. Once in the attacker could do just about anything they pleased, install programs; Logging activity including passwords etc.

This update is now being pushed out as part of the automatic updates program and should be installed on all users computers overnight tonight. Any users who experience any issues with Power Point should contact us in the usual way.

However we do ask all users to please remember and be careful with attachments and emails, often funny or cute emails sent to you by friends and family may contain viruses or the requisites to exploit vulnerabilities like this in normally safe software. Just because Microsoft have fixed this issue doesn’t mean they have fixed them all and several vulnerabilities still exist in other software such as adobe.

Software affected by this update:

Microsoft Office 2000 Service Pack 3
Microsoft Office PowerPoint 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office PowerPoint 2002 Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office PowerPoint 2003 Service Pack 3
2007 Microsoft Office System Service Pack 1
Microsoft Office PowerPoint 2007 Service Pack 1
2007 Microsoft Office System Service Pack 2
Microsoft Office PowerPoint 2007 Service Pack 2
Microsoft Office for Mac
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
PowerPoint Viewer 2003
PowerPoint Viewer 2007 Service Pack 1 and PowerPoint Viewer 2007 Service Pack 2
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
Microsoft Works 8.5
Microsoft Works 9.0

So what does my computer do over night?

Apr 22nd

Posted by stephen in Kraya

1 comment

Since my last blog post, Save the Planet, DON’T Turn your Computer off at night, I have been getting a lot of enquiries from people asking, exactly what happens over night, what about laptops and asking about energy usage and Carbon foot prints.

For laptops the power management setting needs to be set correctly and they should be left turned on and plugged into the internet at least one night a week. For all other computers it is vital that the following procedure is followed at the end of each working day.

Select Start and Shutdown, from the drop down menu select Restart
Please do not shut down.
Please turn off the monitor and leave your computer to restart.
The machine will restart back to the log in screen and will after 10 to 15 minutes go into a power save mode.
Given that your monitor is turned off and the hard drives will also go to sleep, the computer will not use much power.
At the weekend, (unless you are pre-notified of a large update in advance) Shut-down should be used but please also remember to turn off the monitor.

So what exactly does my computer do over night? Well below is a typical example.

20:30 Receiving Updates from Server

Microsoft and other updates are pushed out nightly there will not be an update every night. However given the number of different software packages in use there is something most nights

21:00 Installing those Updates

22:00 Cleaning temporary and system files, Deleting all of those
temporary files you downloaded over the course of the day.

22:15 De-fragmenting the hard drive, De-fragmenting your Operating
System, in English, tidying up the filing cabinets, so that it can find things faster the next day.

23:00 De-fragmenting any secondary drives.

00:15 Receive Anti-Virus Updates

00:30 Full Anti-Virus Running a full in depth scan on your operating
system

03:30 Full Anti-Virus on secondary drives

06:00 System re-starts, clearing memory ready for you coming into work.

One of the main concerns people have is regarding energy, the cost of that energy and their carbon foot print. Yes leaving the computer on, even in power save mode, uses power and increases your carbon foot print, but this must be balanced with the cost of buying a new PC and the carbon generated by the manufacturing process, flying the parts around the world and shipping the new PC to your office. The Mathematics for this are very complex and depending on the life of the PC replacing more frequently will ultimately be much more expensive, than running it over night.

The greatest advantage to the overnight maintenance procedures is improved day time efficiency, not only in terms of general performance, but energy efficiency. Because of this improved day time computer efficiency the processor doesn’t have to work as hard during the day. It might seem simple but this means it can perform most tasks at less than full speed, this saves power and results in less heat being generated, thus in turn also results in less energy being used to dissipate this heat. Hence greater daytime energy efficiency and lower carbon foot print, from day time usage. The mathematics of balancing these daytime savings versus increased night time usage, are personal to each computer and its use.

Overall I believe the benefits are clear, and all of the users who have had the overnight maintenance schedule fully implemented seem to agree, at least in terms of performance.

Your comments are welcome.

all night, Anti virus Scaned, Anti Virus scans, anti-virus, automated cleaning, Carbon foot print, Cleaned, Cleaning, cold at night, Computer, computers, computers at night, consuming components, day spa, De-fragmenting, defraged, Defragmented, Defragmenting, Deleting, dissipate, dissipate heat, DON’T Turn your Computer off at night, downloaded, earth hour, energy, energy saving settings, energy usage, enquiries, exactly, fail, failed, failour, faster, Forth One, Hard drive, hard drives, hardware, hardware components, heat, hot, internet, Kraya, Kraya Day Spa, Laptops, large energy saving, large update, leave the computer on, leaving the monitor turned on, less electricity, log in screen, longevity, Microsoft, monitor, monitor off, morning, night, night before, nightly, office, Operating System, over night, overnight, PC to do the rest, performance, performance improvement, plugged, power, power down, power management, power save mode, power useage, procedure, processor, producing less heat, prolong, ramsay, Receiving, restart, save energy, save money, Save the Planet, scan, Server, settings, shut-down, shutdown, sleep, slowly, Social Networks, software packages, Spa, stand by, Standby, Start, start menu, Stephen, stepram, system files, system updates, temporary, temporary files, turn monitor off, turn off, turn off lights, turn the monitor off, Turn your Computer off at night, turned on, turning off, updated, Updates, useful life, varying speeds, whole computer, WWF, WWF earth hour

Busy Busy times

Apr 22nd

Posted by stephen in Journeys

No comments

Goodness me, its been over a week again since I last posted, so much to do and talk about and so much to do. Firstly the reason for the gap, over the last 2 weeks we have been doing a lot to move towards the new improved Kraya service. This includes upgrading 4 companies networks and replaced their servers with new more powerful and more capable setups, 45 computers have also received the KrayaTec Day Spa treatment.

These exciting new changes that we have been making to clients setups are all part of the new look Kraya IT support, we have been working hard on a number of changes from our setup and processes to our new website, logos and corporate identity, the details of which Shri is announcing on Thursday night, if you have not received your invite and would like to come, please let me know.

I still have a lot to do over the next few days, not least of which includings planning a wedding and a lot to post here, so watch this space…

companies, Computer, corporate identity, Day, day spa, exciting, Kraya IT support, KrayaTec, logos, networks, new changes, new look, new website, ramsay, replaced, servers, Shri, Social Networks, Spa, Stephen, stepram, treatment, upgraded, Wedding

SECURITY ALERT – Microsoft Security Advisory 969136

Apr 6th

Posted by stephen in Security

1 comment

Vulnerability in Microsoft Office PowerPoint

An Update to this post has been PUBLISHED on 13th May 2009

Microsoft has published a security alert advising that it is investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow a computer to be compromised if a user opens an infected PowerPoint Presentation.

Microsoft is actively working towards a solution and we will update you as soon as they update us. The following software is affected;
Microsoft Office PowerPoint 2000 Service Pack 3
Microsoft Office PowerPoint 2002 Service Pack 3
Microsoft Office PowerPoint 2003 Service Pack 3
Microsoft Office 2004 for Mac

This can not be run automatically through an e-mail, a user must open the attachment that is sent in the e-mail message. However if a user were to visit a Web site that contains an Office file this would compromise the computer.

Therefore please do not open or save Office files that you receive from un-trusted sources or that are received unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a file.

You should be aware that Kaspersky and Other Antivirus tools may not pick up on this, therefore do not assume that if a file has been scanned by anti virus that it is safe.

969136, Advisory, affected, ALERT, Antivirus, Apple, Apple Mac, attachment, compromise, compromised, Computer, e-mail, e-mail message, exploited, infected, infected PowerPoint Presentation, investigating, Mac, Microsoft, Microsoft Office, Microsoft Office 2004 for Mac, Microsoft Office PowerPoint, Microsoft Office PowerPoint 2000, Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, Microsoft Office PowerPoint 2003 Service Pack 3, Microsoft Security, Microsoft Security Advisory, MS Office, office, Office 2000, Office 2002, Office 2003, Office 2004, Office file, PowerPoint, PowerPoint 2000, PowerPoint 2002, PowerPoint 2003, PowerPoint Presentation, ramsay, Security, SECURITY ALERT, Social Networks, software, solution, Stephen, stepram, un-trusted sources, update, Vulnerability

Computer Day Spa

Mar 13th

Posted by stephen in Kraya

3 comments

Kraya Computer Day Spa

The day before your computer comes in for its treatment we will arrange an Initial well being consultation, by calling and asking you to visit us on-line at http://helpdesk.kraya.co.uk this will allow us to connect to your computer and discuss the exact itinerary of treatments your computer will require when he or she visits the Kraya Spa. Dependant on your computers needs we will make recommendations from the following treatment list.

Microdermabrasion

(Internal Cleaning)
With tender love and high pressure air jets we will clean your computer inside and out removing all layers of dead skin and other dust particles, that have accumulated over the years.

Appendectomy

(Un-install Unnecessary Software)
Based on our earlier discussion with you we will remove all of non-essential items form your computer freeing up processing power and hard drive space.

Colonic Hydrotherapy

(remove temporary files)
With the use off our C’ cleaning tools we will relieve your computer of its temporary files and other accumulated debris.

Botox

(Install Microsoft updates and patches)
We will inject your computer with the latest Microsoft updates from our list of approved Updates, ensuring that she is looking her best when you get her back.

Collagen Filler

(Install Software Provider specific updates and patches)
We will inject your computer with the latest approved bug fixes and updates from selected software suppliers, ensuring that she is fresh faced when you get her back.

Reiki Massage

(Registry Cleaning and Tweaking)
Adjusting your computers Chi and energy through detailed and careful adjustments to its internal Registry.

Feng shui

(Check and Tweak System Settings)
Adjusting your computers balance through careful adjustments to its internal system configuration.

Intensive detoxification

(Hard Drive De-Fragmentation)
After all that cleaning and tweaking we will Detox your hard drive , using the latest De-fragmentation techniques.

Life style evaluation

(Hardware assessment and Upgrade Recommendations)
Assesing the Hardware and Body of your computer and making recommendations that will help to extend its Life.

The Kraya Day Spa costs £200 Per Computer and is complementary once a year to all Computers Supported on a Kraya Support Contract.

Appendectomy, Botox, Collagen Filler, Computer, computer day Spa, computers Chi, Day, De-Fragmentation, DeFrag, Feng shui, Hardware assessment, high pressure air jets, Intensive detoxification, Kraya, Life style evaluation, Microdermabrasion, Microsoft, Microsoft updates, patches, Registry, Registry Cleaning, Reiki Massage, Social Networks, Spa, Stephen, stepram, temporary files, Tweaking, Unnecessary SoftwareColonic Hydrotherapy, Upgrade Recommendations

Technological Ramblings by Stephen

Stephen Ramsay is the Head of Krayatec Edinburgh’s leading Linux centric IT Support Company. We provide IT Support, telecoms and technology partnerships to businesses running Windows, Linux and Apple based systems. We also manage the complete and seamless integration of, all these operating systems into one coherent, network and technology strategy.
This blog is part work, part personal, so I hope you enjoy the mix and feel free to leave some comments, reply via Twitter, or drop me an Email for more information, on anything you read here, or to find out a bit more about what we do and how we do it.
Categories
- hardware
- how to
- Journeys
- Kraya
- Linux
- Privacy
- Random Rambelings
- Rants
- Security
  - Apple
  - Windows updates
- tweets
- Uncategorized
- Windows
Tag Cloud
anti-virus Apple Apple Mac Computer computers email IMAP issues junk Kerio Kerio MailServer Kerio Offline Outlook Connector Kraya KrayaTec Linux Mac Mail Server MailServer Microsoft Microsoft windows network office Outlook ramsay Random Security Server slow Social Networks software spam Stephen Stephen ramsay stepram Thunderbird tweets twitter Ubuntu update Vista Vulnerability webmail Windows windows XP XP
blogrol
Kraya
Open Source Software
Social Networks
usefull geekerie
- DNS / MX Propagation Checker
- Whats my dns
Calendar
September 2010

M T W T F S S

« Jul

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30
Blog Archives

Posts tagged Computer

Technological Ramblings by Stephen

Categories

Tag Cloud

blogrol

Kraya

Open Source Software

Social Networks

usefull geekerie

Calendar

Blog Archives