Tag Archives: Security Updates

Patch Tuesday: Microsoft and Adobe Releases Critical Patches

It’s that day of the month when you have to fire up Windows Update and install all of those very precious security updates. Both Microsoft and Adobe has released a number of updates which are available for download right now.

The new updates consists of nine bulletins, out of which five updates are rated critical, the highest severity rating. Rest of the updates are rated important by Microsoft. These updates fix 26 vulnerabilities in Microsoft Windows, Internet Explorer, Exchange Server, SQL Server, Server Software, Developer Tools, and Office. You can either use Windows Update or download the updates from Download Center. If you have automatic updates enabled (as you should), you will probably have these installed already.

Adobe on the other hand has released three security bulletins for Reader, Acrobat, Shockwave and Flash. The updates for Adobe and Acrobat fix about 20 vulnerabilities for both Windows and Mac OS X versions of their software. The Flash Player update, which is touted as the most important among the updates, fixes vulnerability (CVE-2012-1535) which according to Adobe has been used in the wild in a limited manner. The update for Shockwave Player addresses five memory corruption vulnerabilities that could lead to code execution.

For more information on the updates from Microsoft, visit MSRC . To download updates for Adobe products, visit their security bulletins and advisories section.

Make sure to have these updates installed on your PC as soon as possible, for better protection from online threats.

Microsoft Releases Fix it Solution for Duqu and Advanced Notification for November Bulletin

Microsoft has released  advanced notification for its November bulletin which will be released on 8th of this month.

This month will see the release of four security updates, of which one is rated critical, two are important and one is moderate. As noted in the table  below  , Bulletin 1 and 2 patches vulnerabilities that enable Remote Code Execution, while Bulletin 3 is for an Elevation of Privileges bug and Bulletin 4 is for a Denial of Service bug.

clip_image001

Of the four security updates, only Bulletin 3 applies to Windows XP and Server 2003. Bulletins 1, 2 and 3 apply to Windows Vista and Windows Server 2008. Interestingly, newer Operating Systems, Windows 7 and Windows Server 2008 R2 requires all four updates.

While Microsoft acknowledged zero-day vulnerability in a Windows component the Win32k TrueType font parsing engine – they did not include an update for this in this month’s Security Bulletin. Instead, they have released a Fix It solution which can be used until an update is released.

The vulnerability, which was utilized by the Duqu worm, will allow a hacker to run arbitrary code in kernel mode, thus giving him the ability to install or run software or to view/edit data. The temporary workaround for this vulnerability is to disable access to T2EMBED.DLL. The Fix it solution released by Microsoft just automates this process.

You can download the Fix it solution from here and the related security advisory can be found here.

In order to protect yourself from the zero-day attacks, make sure that you install the above mentioned updates as soon as they are released.

Stay up to date, stay safe.  

Windows 7 Update – Microsoft Will Seek and Destroy Pirated Copies

Today on the Genuine Windows Blog, it was announced that Windows 7 will get an update to it’s “Windows Activation Technologies” (WAT). So what is WAT? This feature set was developed to detect if a copy of Windows 7 is “genuine“,  properly activated and has a valid license. In plain English, they want to find out if you have a pirated or cracked copy of Windows 7.

Windows 7 TipsThe new WAT update will detect over 70 “known and potentially dangerous activation exploits“. It may be true that many PCs that have been activated using a crack or hack are infected or at risk of infection. However, Microsoft is plainly stating that this update is mainly for the protection of the users. I have a feeling that there are lots of users who don’t want this protection.

According to the post, this Windows 7 update is “voluntary” and it doesn’t have to be installed. I have to take this statement as the truth, however, I’ve seen plenty of times when I had no choice but to accept updates. Have you ever shut down your PC and then discovered that it’s gone into an automatic update before it shuts down? Who has a choice when this happens?

I’m keeping my hopes up, but I would guess that we are going to see lots of problems stemming from this new update. In the past, any time a change has been made to Windows activations, even legitimate copies of Windows suddenly stop working, or start displaying warnings.

Be sure to post a comment below if you see the new update or experience a problem because of it.

Kernel Vulnerabilities Detected In Recent Ubuntu Distributions

Canonical has released a security notice announcing the presence of kernel vulnerabilities in recent Ubuntu distributions. The vulnerability affects Ubuntu 6.06, 8.04, 8.10, 9.04 and 9.10 versions, but not Ubuntu 7.04 or Ubuntu 7.10 versions. The security notice mentions that corresponding versions of other desktop environment based distributions of the Ubuntu family, Kubuntu, Edubuntu and Xubuntu are also affected. As part of the advisory, Canonical has recommended an immediate update of the kernel to versions mentioned below:

  • Ubuntu 6.06 update to linux-image-2.6.15-55.82
  • Ubuntu 8.04 update to linux-image-2.6.24-27.65
  • Ubuntu 8.10 update to linux-image-2.6.28-17.45
  • Ubuntu 9.04 update to linux-image-2.6.28-18.59
  • Ubuntu 9.10 update to linux-image-2.6.31-19.56

The vulnerabilities which affects various modules would cause amongst others, remote user being about to crash the system, gain root privileges and local attacker being able to consume all network traffic leading to denial of service.

The Common Vulnerabilities and Exposures(CVEs) which are referenced for the above security bulletin are:

  • CVE-2009-4020
  • CVE-2009-4021
  • CVE-2009-4031
  • CVE-2009-4138
  • CVE-2009-4141
  • CVE-2009-4308
  • CVE-2009-4536
  • CVE-2009-4538
  • CVE-2010-0003
  • CVE-2010-0006
  • CVE-2010-0007
  • CVE-2010-0291

The details of each of these CVEs can be obtained at Secunia Advisories.

Users of the above mentioned distributions are recommended to update their kernel images to to above mentioned versions. Please note that a reboot will be required following the update. Canonical also mentions that all third-party kernel modules will most likely require recompilation and reinstall following the update to the kernel.