Posts tagged Microsoft

Security Bulletin – Windows Help system Hack

Jul 2nd

As some of you may have read in the press (http://news.bbc.co.uk/1/hi/technology/10473495.stm) there is currently a major security vulnerability in the Windows Help system that is currently being exploited by hackers to take control of PCs worldwide. Once they have control obviously they use the PCs for all kinds of nastiness. This vulnerability exists whether or not you use any of the Microsoft help functions which use the HPC protocol.

Over the course of this week Krayatec have been deploying to all of our clients a fix for this issue via automatic log in scripts. This means that if you have restarted your computer every night and are on a managed domain you will already be protected. If you do not have domain control on your site, we will be calling you shortly to manually apply the fix.

I have written a custom automated script to do this which can be found here : http://www.kraya.co.uk/downloads/xpfix.zip Simply download, save and run the enclosed xpfix.bat file. It takes less than a second and once completed you see a black screen saying “Krayatec XP HCP Protocol fix applied”.

There is also a fully bloated Microsoft Windows XP MSI which can be downloaded from the Microsoft KB2219475 article page here http://support.microsoft.com/kb/2219475

We would recommend that all users also apply the “Microsoft Fix it update 50459”, either via the Microsoft site or our automated script to all Windows XP computers at home and work as soon as possible.

It should be noted that whilst Anti-virus and Ant-Spyware software may detect some of the “nasties” hackers might try to install on your computer, they will not prevent this problem. To do secure your computer and prevent this vulnerability being exploited, you must run the above script.

As always if you have any questions or concerns please do not hesitate to call.

More detailed Technical Info:

On the 10th of June 2010, Microsoft announced that it was investigating new public reports of a vulnerability in the Windows Help and Support Center function of Windows XP and Windows Server 2003. The vulnerability could allow a remote attacker to use the HCP protocol to remotely execute code on any Windows XP or Windows Server 2003 computer if a user views a specially crafted web page. At this time Microsoft stated that it was aware of a proof-of-concept exploit code and limited, targeted active attacks that use this exploit code.

Subsequently Microsoft and a number of security vendors have reported wide spread attacks in the wild using this exploit to deliver a number of different malicious payloads as reported on the BBC link above.

The custom script linked above closed this vulnerability be de-registering the HCP Protocol on the computer, hence a remote attacker is not able to use the Microsoft Windows Help and Support Center function to attack the computer. This is done by deleting the HKEY_CLASSES_ROOT\HCP registry key. The old registry key is backed up to HCP_Protocol_Backup.reg incase (of reasons unknown) you decide you want to re-enable this feature.

.bat, 2219475, 50459, Ant-Spyware, anti-virus, applied, article, automated, automated script, automatic, bloated, Computer, control, custom, deploying, detect, domain, download, exploit, exploited, file, fix, Fix it, hackers, help, help functions, HKEY_CLASSES_ROOT\HCP, home, HPC, HPC protocol, issue, KB2219475, key, KrayaTec, log in scripts, Major, Microsoft, Microsoft Fix it, Microsoft windows, MSI, PC, press, prevent, problem, protected, Registry, registry key, restarted, run, save, Script, Security, software, Stephen ramsay, system, update, Vulnerability, windows XP, work, XP, XP HPC Protocol

Microsoft Internet Explorer Popularity vote

Mar 1st

Posted by stephen in Random Rambelings

No comments

Those of you who follow the news may be aware of minor but major changes to Microsoft Internet Explorer.

All Windows 7, Vista and XP users who currently use internet explorer will be offered a choice as part of the deal Microsoft reached with European Commission.

Microsoft IE sits awaiting the worlds judgment, like the American high school cheerleader who’s inexplicable popularity is for the first time being put to the test, as the not so popular kids elect a new leader.

A pop-up window will prompt people to choose and install one of 12 different browsers or let them stick with Microsoft’s Internet Explorer.

Kraya recommends users choose anything but Internet explorer. Users are able to select any browser of their own choosing however we would strongly recommend users pick from our top picks:

Mozilla Firefox http://www.mozilla.com/firefox/

Opera http://www.opera.com/

Google Chrome http://www.google.com/chrome

Apple Safari http://www.apple.com/safari/

The big question is will the Anti-trust agreement and the fines totaling 1.68bn euros ($2.44bn, £1.5bn) that have been imposed by the EU on Microsoft make any difference? Take a look at the BBC graphic below, IE has a massive dominance in the browser market in the main due to the sheer ambivalence and ignorance of its users, no one (or very few) choose to use IE it was the default, what they had to use and by the point they had learned that there might be a choose out there with had learned IE, so stuck with it not because it was superior but because its what they know.

Browser market share

Firefox has for some time been catching on IE but it still has a long way to go. Its progress has been at lest in part due to its superiority as a browser over IE. However recent updates have left Firefox slower and buggier than ever before. For a browser that has never been advertised in main stream media, unlike Google Chrome, its rise to control a quarter of the browser market has been purely viral.

Google on the other hand has in anticipation of today’s changes embarked on a massive advertising campaign to push Chrome and gain even more control over the Internet, only time will tell just how successful Google ad spending has made it. The question now is will it be money well spent, or will Google find itself the next target of the EU competition and anti-trust regulators?

Only time will tell as is the case of Microsoft, I for one will be eagerly waiting updated browser market share statistics, as I’m sure Mr Gates will be. However I cant help but feel that we have in no way seen the beginning of the end of IE, undoubtedly its share will slip, I just don’t think the EUs Settlement can break what are now years of ingrained habit and apathy.
Further information:

http://news.bbc.co.uk/1/hi/technology/8537763.stm

7, anti, Apple, browers, browser, choice, Chrome, competition, deal, different, dominance, E, EU, European Commission, fines, Firefox, Google, I, IE, install, Internet Explorer, Kraya, micro, Microsoft, Microsoft Internet Explorer, Mozilla, offered, Opera, pop-up, recommend, regulators, Safari, settlement, trust, update, Updates, Vista, window, Windows, XP

Changing your password in Kerio Mailserver

Jun 16th

Posted by stephen in Security

No comments

Changing your passwords is very easy.

Under your Windows computer press Crtl + Alt + Del and select change password.

To Change your email password, simply log into your Web Mail (call us if you don’t know the address)

Then Select change password from the Settings drop down menu as below

settings menu in kerio webmail

And then enter your old and new passwords in the box below.

kerio password change dialog box

Remember to make it something secure that no one will guess, no kids, partners or team names and no dictionary words. Random Numbers and letters, remember capitals and lower case combinations are best, or try a sentence like “Why can 1 never remember 555″ you can use spaces. Remember the best passwords are not necessarily easy to remember but they can be if your clever about it. Hackers offten use a dictionary or password list attack to crack passwords, this is where a system tires every word in the dictionary or in a common password list, things like Rangers, Rang3rs or Celtic, C3lt1c will be near the top of that list.

+, +, Alt, attack, best, best passwords, broken, capitals, change password, Changing your passwords, combinations, common password list, Crtl, Del, dictionary, dictionary words, drop down, easy to remember, email password, guesed, Kerio, Kerio MailServer, kerio webmail, kids, Kraya, KrayaTec, letters, lower case, MailServer, Microsoft, Microsoft Widows, no one will guess, Numbers, partners, password list, ramsay, Random, Remember, secure, sentence, settings, spaces, Stephen, Stephen ramsay, system, team names, tires, try, Web Mail change password, webmail, Widows

Security Bulletin – Adobe Reader and Acrobat

May 14th

Posted by stephen in Apple

No comments

Below is an update to Security Bulletin – Adobe – April 09

Adobe have published a new Security Bulletin and provided updates for Adobe Reader and Acrobat patches. These updates resolve the previously reported vulnerabilities in Adobe Reader 9.1 and Acrobat 9.1 and earlier versions. This vulnerability (CVE-2009-1492) would cause the application to crash and could potentially allow an attacker to take control of the affected system remotely and install Malicious code.

We have already recommended that user consider using alternatives to Adobe reader, this continues to be our current advice. However users still using Adobe should now update and install these patches as soon as practical.

Adobe recommends users of Adobe Reader 9.1 and Acrobat 9.1 and earlier versions update to Adobe Reader 9.1.1 and Acrobat 9.1.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.5, and users of Acrobat 7 update to Acrobat 7.1.2. For Adobe Reader users who can’t update to Adobe Reader 9.1.1, Adobe has provided the Adobe Reader 8.1.5 and Adobe Reader 7.1.2 updates.

7.1, 7.1.2, 8, 8.15, 9.1, 9.1.1, Acrobat, Acrobat 7, Acrobat 7.1.2, Acrobat 8, Acrobat 8.1.5, Acrobat 9.1, Acrobat 9.1.1, Adobe, Adobe Acrobat, Adobe Reader, Adobe Reader 7.1.2, Adobe Reader 8.1.5, Adobe Reader 9.1, Adobe Reader 9.1.1, alternatives, Apple, Apple Mac, APSB09-06, attacker, Bulletin, current advice, CVE-2009-1492, CVE-2009-1493, earlier, install, Mac, Malicious code, Microsoft, patch, ramsay, Reader, remotely, resolve, Security, Security Bulletin, stephe, Stephen ramsay, system, take control, update, versions, Vulnerabilities, Vulnerability, Windows

Apple Security Update

May 14th

Posted by stephen in Apple

No comments

Apple have today issued a massive set of security updates for Mac OS X update to correct total of 67 security vulnerabilities. The unexpected and abrupt Apple Patch issue also includes patch to fix a number of security flaws in Safari Web browser on both Mac OS X and Microsoft Windows.

The OS X update fixes security vulnerabilities and flaws in a total of 31 different Apple components, including issues in open-source packages used by Apple. The updates also fix code execution vulnerabilities in several pieces of apple software. These are very similar to the vulnerabilities seen in Adobe and Microsoft products.

The detailed list of affected software, components is shown below and more information can be found on Apple’s support site. For ease of understanding I have combined a few of these into one.

An Important phrase you will get to know is ” may lead to execution of malicious code” this essentially means attackers could run a program on your computer that allows them to, well do anything they like, from taking note of your bank details to reeking havoc with your system configuration.

APPLE-SA-2009-05-12 Security Update 2009-002 / Mac OS X v10.5.7

Apache CVE-2008-2939
Affected: Mac OS X v10.4.11, Mac OS X Server v10.4.11
Details: An input validation issue exists in Apache’s handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in an attack.

Apache CVE-2008-2939
Affected: Mac OS X v10.5, v10.5.6 & Mac OS X Server v10.5, v10.5.6
Details: Visiting a malicious website may allow an attack to run a malicious program.

Apache CVE-2008-0456
Affected: Mac OS X v10.5, v10.5.6 & Mac OS X Server v10.5, v10.5.6
Details: Web sites that allow users to control the name of a file may be vulnerable to redirection the user to a different file without the users knowledge by forging the malicious file name. Thus tricking users into opening malicious content.

ATS CVE-2009-0154
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Viewing or downloading a document containing a maliciously
crafted font may lead to execution of malicious code.

BIND CVE-2009-0025
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: BIND is susceptible to a spoofing attack, were one website pretends to be another, if configured in a certain way using OpenSSL. A maliciously crafted security certificate could bypass the validation, which may lead to a spoofing attack.

CFNetwork / Safari CVE-2009-0144
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Safari and other Applications that use CFNetwork may send secure cookies unexpectedly over a unencrypted connection. Systems prior to Mac OS X v10.5 are unaffected.

CFNetwork / Safari CVE-2009-0157
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Visiting a malicious website may lead to an application terminating unexpectedly or malicious code execution. Systems prior to Mac OS X v10.5 are not affected.

CoreGraphics CVE-2009-0145, CVE-2009-0155
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Opening a maliciously crafted PDF file may lead to an application terminating unexpectedly or malicious code execution.

CoreGraphics CVE-2009-0146, CVE-2009-0147, CVE-2009-0165
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an application terminating unexpectedly or malicious code execution.

Cscope CVE-2009-0148
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Processing a maliciously crafted source file with Cscope may lead to an application terminating unexpectedly or malicious code execution.

CUPS CVE-2009-0164
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Visiting a maliciously crafted web site may lead to unauthorized access of the Web Interface of the printing service. This may allow a maliciously crafted website to start and stop printers, and access information about printers and jobs and even print documents.

Disk Images CVE-2009-0150, CVE-2009-0149
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Mounting a maliciously crafted disk image may lead to an application terminating unexpectedly or malicious code execution.

Enscript CVE-2004-1184, CVE-2004-1185, CVE-2004-1186, CVE-2008-3863
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Multiple vulnerabilities in enscript which may lead to malicious code execution.

Flash Player plug-in CVE-2009-0519, CVE-2009-0520, CVE-2009-0114
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Multiple issues exist in the Adobe Flash Player plug-in, when viewing a maliciously crafted web site these may lead to malicious code execution.

Help Viewer CVE-2009-0942, CVE-2009-0943
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: A maliciously crafted Apple “help:” page may be used to invoke AppleScript files, which may lead to malicious code execution.

Ichat CVE-2009-0152
Affected: Mac OS X v10.5 – v10.5.6,Mac OS X Server v10.5 – v10.5.6
Details: iChat can use Secure Sockets Layer (SSL) for AOL Instant Messenger and Jabber accounts. If iChat is unable to connect it will authenticate via plain text (non secure) methods until SSL is manually re-enabled. A remote attacker with the ability to observe network traffic may observe the contents of AOL Instant Messenger conversations.

International Components for Unicode CVE-2009-0153
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Maliciously crafted content may bypass website filters and result in malicious code execution.

IPSec CVE-2008-3651, CVE-2008-3652
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Multiple vulnerabilities and memory leaks exist in the racoon daemon in ipsec-tools which may lead to a denial of service.

Kerberos CVE-2009-0845, CVE-2009-0846, CVE-2009-0847, CVE-2009-0844
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: An attacked could send maliciously crafted authentication information or an encoded message which may lead to a denial of service of a Kerberos-enabled program

Kernel CVE-2008-1517
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: An issue exists which may lead to a local user obtaining system privileges or to an unexpected system shutdown. This vulnerability may also allow malicious code execution with Kernel privileges.

Launch Services CVE-2009-0156
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Downloading a maliciously crafted Mach-O executable (application) may cause Finder to repeatedly terminate and relaunch.

Libxml CVE-2008-3529
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Visiting a maliciously crafted website may lead to an application terminating unexpectedly or malicious code execution.

Net-SNMP CVE-2008-4309
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: A remote attacker may terminate the operation of the SNMP service by sending specificity crafted messages.

Network Time CVE-2009-0021, CVE-2009-0159
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Network Time is susceptible to a spoofing attack if NTP authentication is enabled. Once spoofing has take place a remote NTP server could maliciously execute code.

Networking CVE-2008-3530
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: When IPv6 support is enabled, A remote user may be able to cause an unexpected system shutdown.

OpenSSL CVE-2008-5077
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: An attacked could use a man-in-the-middle attack and be able to impersonate a secure trusted server or user in applications using OpenSSL for SSL certificate verification. Permiting an attacker to capture information the user thought was secure.

PHP CVE-2008-3659, CVE-2008-2829, CVE-2008-3660, CVE-2008-2666,CVE-2008-2371, CVE-2008-2665, CVE-2008-3658, CVE-2008-5557
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Multiple vulnerabilities in PHP which may lead to malicious execute code.

QuickDraw Manager CVE-2009-0160, CVE-2009-0010
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Opening a maliciously crafted PICT image may lead to an application terminating unexpectedly or malicious code execution.

Ruby CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2009-0161
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Multiple vulnerabilities exist in Ruby 1.8.6 including the fact that Ruby programs may accept revoked or invalid security certificates as genuine.

Safari CVE-2009-0162
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Multiple input validation vulnerabilities exist in Safari’s handling of “feed:” URLs. Accessing a maliciously crafted “feed:” URL may lead to malicious code execution.

Spotlight CVE-2009-0944
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Downloading a maliciously crafted Microsoft Office file may lead to an application terminating unexpectedly or malicious code execution.

system_cmds
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: The “login” command starts an interactive shell after a local user is authenticated. The priority level for the interactive shell is reset to the system default, which can cause the shell to run with an unexpectedly high priority and authorization level.

telnet CVE-2009-0158
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an application terminating unexpectedly or malicious code execution.

WebKit CVE-2009-0945
Affected: Mac OS X v10.5 – v10.5.6, Mac OS X Server v10.5 – v10.5.6
Details: Visiting a maliciously crafted website may lead to an application terminating unexpectedly or malicious code execution.

X11 CVE-2006-0747, CVE-2007-2754, CVE-2008-2383, CVE-2008-1382, CVE-2009-0040
Affected: Mac OS X v10.4.11 – v10.5.6, Mac OS X Server v10.4.11 – v10.5.6
Details: Multiple vulnerabilities exist in FreeType v2.1.4 & v2.3.8, the most serious of which may lead to an application terminating unexpectedly or malicious code execution when processing a maliciously crafted font. Displaying maliciously crafted data within an xterm terminal may also lead to malicious code execution. Further vulnerabilities exist in libpng version 1.2.26, the most serious of which may also lead to arbitrary code execution.

Security Update 2009-002 / Mac OS X v10.5.7 may be obtained from the Software Update pane in System Preferences, or Apple’s Software Downloads web site: http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2009-002 or Mac OS X v10.5.7.

10.5, 10.5.6, 2.0.63, abrupt, accept revoked certificate, Adobe, Adobe Flash, Adobe Flash Player plug-in, AIM, AOL Instant Messenger, Apache, Apache 2.0, Apache 2.2, Apache 2.2.11, Apache 2.2.9, Apache patch, Apple, Apple components, Apple Kernel, apple macintosh, Apple Patch issue, Apple Product Security, Apple Safari, apple software, Apple Type Services, APPLE-SA-2009-05-12, AppleScript files, application termination, arbitrary, arbitrary code execution, ASN.1 encoded message, ATS, attackers, authentication packet, bank details, BIND, boot, bypass, Cascading Style Sheets, CFF, CFNetwork, Code, code execution, code execution vulnerabilities, command, Compact Font Format, components, Computer, containing, contents, conversations, CoreGraphics, crafted, cross-site scripting, Cscope, CUPS, CUPS 1.3.9, CUPS Web Interface, CVE-2004-1184, CVE-2004-1185, CVE-2004-1186, CVE-2006-0747, CVE-2007-2754, CVE-2008-0456, CVE-2008-1382, CVE-2008-1517, CVE-2008-2371, CVE-2008-2383, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3443, CVE-2008-3529, CVE-2008-3530, CVE-2008-3651, CVE-2008-3652, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-3790, CVE-2008-3863, CVE-2008-4309, CVE-2008-5077, CVE-2008-5557, CVE-2009-0010, CVE-2009-0021, CVE-2009-0025, CVE-2009-0040, CVE-2009-0114, CVE-2009-0144, CVE-2009-0145, CVE-2009-0146, CVE-2009-0147, CVE-2009-0148, CVE-2009-0149, CVE-2009-0150, CVE-2009-0152, CVE-2009-0153, CVE-2009-0154, CVE-2009-0155, CVE-2009-0156, CVE-2009-0157, CVE-2009-0158, CVE-2009-0159, CVE-2009-0160, CVE-2009-0161, CVE-2009-0162, CVE-2009-0164, CVE-2009-0165, CVE-2009-0519, CVE-2009-0520, CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847, CVE-2009-0942, CVE-2009-0943, CVE-2009-0944, CVE-2009-0945, CVE-2009-0946, CVE-ID, DECRQSS, denial of service, disk image, Disk Images, DNS rebinding attack, DNS Security Extensions, DNSSEC, document, downloading, DSA certificate, embedded, enscript, execution, exists, feed:, Finder, flash, Flash Player, Flash Player plug-in, font, fonts, forgery, FreeType v2.1.4, FTP proxy requests, havoc, Help Viewer, HTTP requests, HTTP response injection, iChat, iChat AIM, ICMPv, Instant Messenger, Intel, IPSec, IPv4, IPv6, issue, issues, Jabber, JavaScript, JBIG2 stream, Kerberos, Kernel, Kernel privileges, Launch Services, libxml, Mac, Mac OS, Mac OS X, Mac OS X Server, Mac OS X Server v10.4, Mac OS X Server v10.4.11, Mac OS X Server v10.5, Mac OS X Server v10.5.6, Mac OS X v10.4.11, Mac OS X v10.5, Mac OS X v10.5.5, Mac OS X v10.5.6, Mac OS X v10.5.7, Mach-O executable, Macintosh, malicious, malicious website, maliciously, maliciously crafted, maliciously crafted PDF, may lead to, may lead to execution of malicious code, memory corruption, Microsoft, Microsoft Office, Microsoft Office Spotlight Importer, Microsoft windows, Multiple vulnerabilities, Net-SNMP, network, Network Time, NTP authentication, ntpq, observe, obtain system privileges, open-source packages, OpenSSL, Packet Too Big, patch, Patch issue, PDF, PDF file, PHP, PICT image, plaintext, Player, plug-in, PowerPC, preference, Product Security, program, proxy, QuickDraw, QuickDraw Manager, racoon daemon, ramsay, reboot, reeking havoc, relaunch, remote attacker, repeatedly, Require SSL, revoked certificate, ruby, Ruby 1.8.6, SA-2009-05-12, Safari, Safari Web browser, secure cookies, Secure Sockets Layer, Security, security flaws, security update, security updates, security vulnerabilities, shutdown, Smug, source file, spoofing, spoofing attack, Spotlight, SSL, SSL certificate verification, Stephen, Stephen ramsay, susceptible, system configuration, telnet, TELNET server, terminate, traffic, unauthorized access, unencrypted, unencrypted HTTP requests, unexpected, unexpected application termination, v10.4.11, v10.5, v10.5.5, v10.5.5Mac OS X Server v10.5.5, v10.5.6, v10.5.7, validation, Viewing, Visiting a maliciously crafted web site, Vulnerabilities, Vulnerability, vulnerable, Web Interface, WebKit, website, Windows, X, X11, xterm, xterm terminal

Update on Vulnerabilities in PowerPoint

May 13th

Posted by stephen in Security

No comments

At the begining of April Microsoft released a security Bulletin advising of vulnerabilities in Microsoft Office PowerPoint that could allow remote code execution (967340)

Today they issued a new update which resolves this vulnerability in Microsoft Office PowerPoint. If a user opened a specially crafted PowerPoint file, the attacker could potentially take complete control of the users system. Once in the attacker could do just about anything they pleased, install programs; Logging activity including passwords etc.

This update is now being pushed out as part of the automatic updates program and should be installed on all users computers overnight tonight. Any users who experience any issues with Power Point should contact us in the usual way.

However we do ask all users to please remember and be careful with attachments and emails, often funny or cute emails sent to you by friends and family may contain viruses or the requisites to exploit vulnerabilities like this in normally safe software. Just because Microsoft have fixed this issue doesn’t mean they have fixed them all and several vulnerabilities still exist in other software such as adobe.

Software affected by this update:

Microsoft Office 2000 Service Pack 3
Microsoft Office PowerPoint 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office PowerPoint 2002 Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office PowerPoint 2003 Service Pack 3
2007 Microsoft Office System Service Pack 1
Microsoft Office PowerPoint 2007 Service Pack 1
2007 Microsoft Office System Service Pack 2
Microsoft Office PowerPoint 2007 Service Pack 2
Microsoft Office for Mac
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
PowerPoint Viewer 2003
PowerPoint Viewer 2007 Service Pack 1 and PowerPoint Viewer 2007 Service Pack 2
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
Microsoft Works 8.5
Microsoft Works 9.0

Further Security issues affecting Microsoft Internet Explorer

Apr 30th

Posted by stephen in Security

No comments

Microsoft have today issued a revision to Critical Security alert MS08-069 extending the scope of systems affected to include most versions Windows Vista and Windows Server 2008.

Numerous vulnerabilities exist in Microsoft XML Core Services. These would allow a malicious program to be executed with out the user’s knowledge if the user viewed a specially crafted Web page using Internet Explorer. Such a malicious program could do anything, including downloading and installing other malicious code.

The security update modifies how Microsoft XML Core Services parses XML content, handles external document type definitions (DTD), and sets HTTP request fields.

There are no changes to the actual update. If you have already successfully installed update KB954430 do not need to reinstall. However you should be aware that there are a number of issues with this update as detailed below. Most of these issues require multiple re-starts to complete the installation. All customers are advised to install this update and call us if you have any of the issues described below:

KB951535 MS08-069: Description of the security update for Office 2003: November 11, 2008
KB951550 MS08-069: Description of the security update for the 2007 Office suite: November 11, 2008
KB951597 MS08-069: Description of the security update for the 2007 Office servers: November 11, 2008
KB954430 MS08-069: Description of the security update for XML Core Services 4.0: November 11, 2008
KB954459 MS08-069: Description of the security update for XML Core Services 6.0: November 11, 2008
KB955069 MS08-069: Description of the security update for XML Core Services 3.0: November 11, 2008

Reason for Revision: V2.0 (April 29, 2009):
Added as affected: Microsoft XML Core Services 4.0 (KB954430) on 32-bit and x64-based editions of Windows Vista Service Pack 2 and on 32-bit, x64-based, and Itanium-based editions of Windows Server 2008 Service Pack 2 as affected software.

Added as non-affected: Microsoft XML Core Services 3.0 and Microsoft XML Core Services 6.0 on 32-bit and x64-based editions of Windows Vista Service Pack 2 and on 32-bit, x64-based, and Itanium-based editions of Windows Server 2008 Service Pack 2.

2003, 2007, 2008, 32-bit, Code, Core Services, Critical Security alert, executed, IE, installed update, Internet Explorer, issues, Itanium, KB951535, KB951550, KB951597, KB954430, KB954459, KB955069, known, known issues, malicious, malicious program, Microsoft, Microsoft Internet Explorer, Microsoft XML Core Services, MS08-069, office, Office 2003, Office 2007, Office servers, program, ramsay, remote, remotely, Security, Server, Server 2008vulnerabilities, Social Networks, specially crafted Web page, Stephen, update, Vista, Web page, Windows, Windows Server 2008, Windows Server 2008 Service Pack 2, Windows vista, Windows Vista Service Pack 2, x64, XML, XML Core Services 3.0, XML Core Services 4.0, XML Core Services 6.0

Microsoft Windows 2000 is Obsolete!

Apr 24th

Posted by stephen in Security

1 comment

A lot of people are still using Windows 2000 and most worryingly Windows 2000 with Internet explorer 6, I can only describe this as obsolete.

Firstly support for both Internet Explorer 6 Service Pack 1 on Windows 2000 Service Pack 3 expired in June 2008. Users running Internet Explorer 5.01 or Internet Explorer 6 on Windows 2000 should upgrade to Windows 2000 Service Pack 4 urgently to remain vaguely secure and in order to continue to receive security updates.

Secondly and most importantly, Windows 2000 Service Pack 4 is no longer fully supported by Microsoft and has moved from mainstream support to the Microsoft extended support phase. There are two important differences between mainstream support and extended support;

Firstly a quote from Microsoft, “Microsoft will not accept requests for warranty support, design changes, or new features during the extended support phase.” Furthermore Microsoft states that they will ‘continue to keep Windows 2000 SP4 customers secure with security updates through the life of Windows 2000’.

However this is not something I would like to rely on give that each update issued for Windows 2000 seems to make it slower and slower and updates for legacy systems must take lower priority over current software, such as XP and Vista. It is also worth noting that IE 5.01 and IE 6 are no longer supported at all. Therefore users on Windows 2000 MUST only use Firefox.

All Windows Computers running windows 2000 should be considered Obsolete and replaced at the next opportunity. They have a use by date of March 2010 and even today should be treated with caution.

2000, computers, considered Obsolete, design changes, end, ended, expired, extended support, features, Firefox, IE 5.01, IE 6, Internet Explorer, Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, legacy, mainstream support, Microsoft, Microsoft Windows 2000, no longer, no longer supported, not, not supported, obsolete, phase, priority, ramsay, replaced, secure, security updates, Service Pack, slower, Social Networks, SP3, SP4, Stephen, stepram, support, support end, supported, systems, Vista, warranty, warranty support, Windows, Windows 2000, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, XP

Security Bulletin April 2009

Apr 23rd

Posted by stephen in Security

No comments

This (slightly late) bulletin is a summary of the various security bulletins released by Microsoft for April 2009, a second bulletin for non Microsoft issues will follow next week. This bulletin includes the action Kraya is taking regarding each of these updates and security warnings.

We have now completed Beta Testing of these updates and have commenced pushing these out to your computers in our phased roll out program.

For users that are on Automatic Updates direct from Microsoft these will probably already have been installed. We are in the process of changing that so that all updates will come from Kraya HQ, this allows us to ensure that only the updates we approve are pushed out to your computers and should help prevent any issues caused by configuration changes.

If any of your staff report seeing boxes pop up on their computer screens about updates please tell them to call us and we will advise as to whether the update should be installed.

So here is the list:

MS09-010 Vulnerabilities in WordPad and Office Converters (KB960477) affects Windows 2000, XP and Windows Server 2003

This security update fixed a know issue with Microsoft WordPad and Microsoft Office. Previously users had been advised to not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources. Whilst this update fixes this issue, the advice still stands.
This patch has been tested and determined to be safe, it has now been installed in all of our Windows machines.

MS09-013 Vulnerabilities in Windows Web Services affects Windows 2000, XP and Windows Server 2003

This update resolves an issue with Microsoft Windows HTTP Services (WinHTTP) which could allow malicious software to be installed on a computer remotely.
This patch has been tested and determined to be safe, it has now been installed in all of our Windows machines. However it has been associated with a slowing of the system however the security vulnerability
is to severe to neglect.

MS09-011 Vulnerability in Microsoft DirectX 8.1 & 9.0 affects Windows 2000, XP and Windows Server 2003 (KB961373)

This update resolves an issue with Microsoft DirectX on non older systems. The vulnerability could allow malicious software to be installed on a computer remotely if user opened a specially infected Movie file.
This patch has been tested and determined to be safe, it has now been installed in all of our Windows machines. However Windows 2000 users seem to experience some slowing of graphics drivers after this update. Unfortunately again the security vulnerability
is to severe to neglect.

MS09-014 Security Update for Internet Explorer 6 & 7 (KB963027)

Resolves Six different vulnerabilities in Internet Explorer 6 & 7. These vulnerabilities could again allow malicious software to be installed on a computer remotely if a user were to view a specially crafted Web page or advert. This is one of the many reasons we recommend that users use Firefox rather than Microsoft Internet Explorer.
This patch has been tested and determined to be safe, it has now been installed in all of our Windows machines.

MS09-009 Fix for Issues with Microsoft Office Excel (KB968557, KB959964, KB959988, KB959995, KB959997, KB968694, KB959993, KB960000, KB960003) affects Microsoft office 2000, XP, 2003, 2007 on Mac and Windows, also affected are Microsoft Office Excel Viewer and Microsoft Office Converter / Compatibility Packs

This security update resolves a vulnerability that I have previously contacted you all about in Excel that could allow, allow malicious software to be installed on a computer if you opened a specially crafted Excel file.
However, this update does not replace the standing advice, do not to open files from un-trusted sources or if you receive and unexpected attachment to an email i.e. email from a trusted source, but the email content is out of character for that sender. You should also be very careful with Email forwards such as games embedded in excel and Power point presentations of pretty pictures or half naked girls on motor bikes, these are all classic ways to infect your computer with malicious software.
This patch has been tested and determined to be safe, it has now been installed in all of our Windows machines.

MS09-012 Security flaw in Microsoft Windows allowing Elevation of user Privileges (KB959454, KB952004, KB956572) affects Windows 2000, XP, Vista and Windows Server 2003 & 2008

This security update resolves a security flaw in Microsoft Windows which could allow a user who has gained access to your system, legitimately or otherwise to elevate their security privilege to an administrator. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.
This patch has been tested and determined to be safe, it has now been installed in all of our Windows machines.

MS09-016 Vulnerabilities in Microsoft ISA Server (KB961759, KB960995, KB968078)

This security update resolves an issue with Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). This could create a denial of service attack if specifically designed data is passed over a network to the affected system, or the disclosure of confidential information if a user visits a Web site that contains content controlled by the attacker.
This patch does not affects most of our clients but will be installed on those affected.

MS09-015 Blended Threat Vulnerability in Search Path Could Allow Elevation of Privilege (KB959426) affects Windows 2000, XP, Vista and Windows Server 2003 & 2008

This security update resolves a security flaw in Microsoft Windows which could allow a user who has gained access to your system, legitimately or otherwise to elevate their security privilege to an administrator. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.
This patch has been tested and determined to be safe, it has now been installed in all of our Windows machines.

There are a long list of other updates already deployed the only ones of note are Microsoft Internet Explorer 8 Release Candidate 1 (RC1) and its subsequent updates despite testing ok there have been wide spread reports of IE8 slowing computers down. Therefore no more computers will be upgraded at this time and I would reiterate my advice to use Firefox rather than IE. If IE 8 has already been installed on your computer, uninstalling it and reverting back to IE 7 does not seem to help speed it back up.

We will continue to monitor the situation and await further updates from Microsoft.

As ever any questions please let me know.

2000, 2003, 2008, 2009, 8.1, 9.0, administrator, advert, Apple Mac, April, April 2009, associated, attachment, attack, attacker, Automatic updates, Bulletin, changes, computers, configuration, Converters, denial of service, deployed, DirectX, DirectX 8.1, DirectX 9.0, disclosure of confidential information, elevate, Elevation, Elevation of Privilege, email, Email forwards, embedded, Excel, Excel file, Excel Viewer, file, File converter, files, Firefox, fixed, flaw, Gain access, gained access, games, half naked girls, HTTP Services, IE 6, IE 7, IE8, infect, infected, infected Movie, installed, Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, ISA Server, issue, Issues Microsoft Office Excel, KB952004, KB956572, KB959426, KB959454, KB959964, KB959988, KB959993, KB959995, KB959997, KB960000, KB960003, KB960477, KB960995, KB961373, KB961759, KB963027, KB968078 Microsoft Internet Security and Acceleration Server, KB968557, KB968694, know issue, Kraya, legitimately, Mac, malicious, malicious software, Microsoft, Microsoft DirectX, Microsoft Forefront Threat Management Gateway, Microsoft Internet Explorer, Microsoft Internet Explorer 8 Release Candidate 1, Microsoft ISA Server, Microsoft Office, Microsoft Office 2000, Microsoft Office 2003, Microsoft Office 2007, Microsoft Office Excel Viewer, Microsoft Office XP, Microsoft windows, Microsoft WordPad, Movie, movie File MPEG, MS Office for Mac, MS09-009, MS09-010, MS09-011, MS09-012, MS09-013, MS09-014, MS09-015, MS09-016, neglect performance, network, office, Office 2000, Office 2003, Office 2007, Office Compatibility, Office Converter, Office XP, opened, patch, phased roll out, Power point, Power point presentations, pretty pictures, prevent, Privileges, ramsay, RC1, recommend, remotely, RTF, safe, screens, Security, security bulletins, security privilege, security update, security warnings, severe, slow, slowing, slowing of graphics drivers, Social Networks, software, sources, specially, specially crafted, specially crafted Web page, standing advice, Stephen, stepram, summary, system, tested, TMG, un-trusted, unexpected, untrusted, update, update fixes, Updates, user, user visits, visits, Vulnerabilities, Vulnerability, Web page, Web site, Windows, Windows 2000, Windows machines, Windows server, Windows Server 2000, Windows Server 2003, Windows Server 2008, Windows Web Services, windows XP, WinHTTP, WordPad, WordPerfect, Write, XP, your system

So what does my computer do over night?

Apr 22nd

Posted by stephen in Kraya

1 comment

Since my last blog post, Save the Planet, DON’T Turn your Computer off at night, I have been getting a lot of enquiries from people asking, exactly what happens over night, what about laptops and asking about energy usage and Carbon foot prints.

For laptops the power management setting needs to be set correctly and they should be left turned on and plugged into the internet at least one night a week. For all other computers it is vital that the following procedure is followed at the end of each working day.

Select Start and Shutdown, from the drop down menu select Restart
Please do not shut down.
Please turn off the monitor and leave your computer to restart.
The machine will restart back to the log in screen and will after 10 to 15 minutes go into a power save mode.
Given that your monitor is turned off and the hard drives will also go to sleep, the computer will not use much power.
At the weekend, (unless you are pre-notified of a large update in advance) Shut-down should be used but please also remember to turn off the monitor.

So what exactly does my computer do over night? Well below is a typical example.

20:30 Receiving Updates from Server

Microsoft and other updates are pushed out nightly there will not be an update every night. However given the number of different software packages in use there is something most nights

21:00 Installing those Updates

22:00 Cleaning temporary and system files, Deleting all of those
temporary files you downloaded over the course of the day.

22:15 De-fragmenting the hard drive, De-fragmenting your Operating
System, in English, tidying up the filing cabinets, so that it can find things faster the next day.

23:00 De-fragmenting any secondary drives.

00:15 Receive Anti-Virus Updates

00:30 Full Anti-Virus Running a full in depth scan on your operating
system

03:30 Full Anti-Virus on secondary drives

06:00 System re-starts, clearing memory ready for you coming into work.

One of the main concerns people have is regarding energy, the cost of that energy and their carbon foot print. Yes leaving the computer on, even in power save mode, uses power and increases your carbon foot print, but this must be balanced with the cost of buying a new PC and the carbon generated by the manufacturing process, flying the parts around the world and shipping the new PC to your office. The Mathematics for this are very complex and depending on the life of the PC replacing more frequently will ultimately be much more expensive, than running it over night.

The greatest advantage to the overnight maintenance procedures is improved day time efficiency, not only in terms of general performance, but energy efficiency. Because of this improved day time computer efficiency the processor doesn’t have to work as hard during the day. It might seem simple but this means it can perform most tasks at less than full speed, this saves power and results in less heat being generated, thus in turn also results in less energy being used to dissipate this heat. Hence greater daytime energy efficiency and lower carbon foot print, from day time usage. The mathematics of balancing these daytime savings versus increased night time usage, are personal to each computer and its use.

Overall I believe the benefits are clear, and all of the users who have had the overnight maintenance schedule fully implemented seem to agree, at least in terms of performance.

Your comments are welcome.

all night, Anti virus Scaned, Anti Virus scans, anti-virus, automated cleaning, Carbon foot print, Cleaned, Cleaning, cold at night, Computer, computers, computers at night, consuming components, day spa, De-fragmenting, defraged, Defragmented, Defragmenting, Deleting, dissipate, dissipate heat, DON’T Turn your Computer off at night, downloaded, earth hour, energy, energy saving settings, energy usage, enquiries, exactly, fail, failed, failour, faster, Forth One, Hard drive, hard drives, hardware, hardware components, heat, hot, internet, Kraya, Kraya Day Spa, Laptops, large energy saving, large update, leave the computer on, leaving the monitor turned on, less electricity, log in screen, longevity, Microsoft, monitor, monitor off, morning, night, night before, nightly, office, Operating System, over night, overnight, PC to do the rest, performance, performance improvement, plugged, power, power down, power management, power save mode, power useage, procedure, processor, producing less heat, prolong, ramsay, Receiving, restart, save energy, save money, Save the Planet, scan, Server, settings, shut-down, shutdown, sleep, slowly, Social Networks, software packages, Spa, stand by, Standby, Start, start menu, Stephen, stepram, system files, system updates, temporary, temporary files, turn monitor off, turn off, turn off lights, turn the monitor off, Turn your Computer off at night, turned on, turning off, updated, Updates, useful life, varying speeds, whole computer, WWF, WWF earth hour

Technological Ramblings by Stephen

Stephen Ramsay is the Head of Krayatec Edinburgh’s leading Linux centric IT Support Company. We provide IT Support, telecoms and technology partnerships to businesses running Windows, Linux and Apple based systems. We also manage the complete and seamless integration of, all these operating systems into one coherent, network and technology strategy.
This blog is part work, part personal, so I hope you enjoy the mix and feel free to leave some comments, reply via Twitter, or drop me an Email for more information, on anything you read here, or to find out a bit more about what we do and how we do it.
Categories
- hardware
- how to
- Journeys
- Kraya
- Linux
- Privacy
- Random Rambelings
- Rants
- Security
  - Apple
  - Windows updates
- tweets
- Uncategorized
- Windows
Tag Cloud
anti-virus Apple Apple Mac Computer computers email IMAP issues junk Kerio Kerio MailServer Kerio Offline Outlook Connector Kraya KrayaTec Linux Mac Mail Server MailServer Microsoft Microsoft windows network office Outlook ramsay Random Security Server slow Social Networks software spam Stephen Stephen ramsay stepram Thunderbird tweets twitter Ubuntu update Vista Vulnerability webmail Windows windows XP XP
blogrol
Kraya
Open Source Software
Social Networks
usefull geekerie
- DNS / MX Propagation Checker
- Whats my dns
Calendar
September 2010

M T W T F S S

« Jul

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30
Blog Archives

Posts tagged Microsoft

Technological Ramblings by Stephen

Categories

Tag Cloud

blogrol

Kraya

Open Source Software

Social Networks

usefull geekerie

Calendar

Blog Archives