Microsoft warns of critical unpatched Windows Shell vulnerability
Microsoft issued a security bulletin on Friday to warn customers of a 0-day exploit involving the Windows Shell.
The vulnerability is caused due to an error in Windows Shell when parsing shortcuts (.lnk). The flaw can be exploited automatically by executing a program via a specially crafted shortcut. Certain parameters of the .lnk are not properly validated on load, resulting in the vulnerability. Microsoft says it has "seen only limited, targeted attacks on this vulnerability."
For the exploit to be successful it requires that users insert removable media (when AutoPlay is enabled) or browse to the removable media (when AutoPlay is disabled). According to Microsoft's advisory, exploitation may also be possible via network shares and WebDAV shares. Microsoft states that the exploit affects all Windows versions since Windows XP, including Windows 7. However, Security Researcher Chester Wisniewski of Sophos, reports that Windows 2000 and Windows XP SP2 (both unsupported by Microsoft) are affected by the flaw.
Sophos explain that the flaw bypasses all Windows 7 security mechanisms, including UAC, and doesn't require administrative privilege to run. In a blog posting, Sophos researchers demonstrate the flaw (see below) on Windows 7, which becomes infected with a rootkit as a result.
Microsoft says users could halt attacks by disabling icons for shortcuts and switching off the WebClient service. Unfortunately the suggestion is far from ideal for most corporate customers, disabling icon shortcuts will likely result in mass confusion for users and turning off the WebClient service will render Microsoft SharePoint useless. Microsoft has not confirmed when a patch will be made available for the issue. The company's next patch Tuesday is scheduled on August 10.
Source
The vulnerability is caused due to an error in Windows Shell when parsing shortcuts (.lnk). The flaw can be exploited automatically by executing a program via a specially crafted shortcut. Certain parameters of the .lnk are not properly validated on load, resulting in the vulnerability. Microsoft says it has "seen only limited, targeted attacks on this vulnerability."
For the exploit to be successful it requires that users insert removable media (when AutoPlay is enabled) or browse to the removable media (when AutoPlay is disabled). According to Microsoft's advisory, exploitation may also be possible via network shares and WebDAV shares. Microsoft states that the exploit affects all Windows versions since Windows XP, including Windows 7. However, Security Researcher Chester Wisniewski of Sophos, reports that Windows 2000 and Windows XP SP2 (both unsupported by Microsoft) are affected by the flaw.
Sophos explain that the flaw bypasses all Windows 7 security mechanisms, including UAC, and doesn't require administrative privilege to run. In a blog posting, Sophos researchers demonstrate the flaw (see below) on Windows 7, which becomes infected with a rootkit as a result.
Microsoft says users could halt attacks by disabling icons for shortcuts and switching off the WebClient service. Unfortunately the suggestion is far from ideal for most corporate customers, disabling icon shortcuts will likely result in mass confusion for users and turning off the WebClient service will render Microsoft SharePoint useless. Microsoft has not confirmed when a patch will be made available for the issue. The company's next patch Tuesday is scheduled on August 10.
Source
How To: Change Chrome's channel
People love Google Chrome, it's as simple as that. But did you know that Google puts out three versions of Chrome? In this How To video, we recap the differences and show you how to jump between builds, also known as channels, in Chrome.
Try jumping between the stable, beta, and developer's channels yourself using the installers for Windows (stable| beta | dev), Mac (stable | beta | dev), and Linux (all versions). Note that at the time of publication, the stable and the beta channels are synchronized, but that's not always the case.
Apple defensive over Consumer Reports findings, deletes forum threads
Can you hear me now?
(Credit: Apple)The seemingly unending saga of the iPhone 4 antenna issues has grown yet again. After a negative report from Consumer Reports, Apple has apparently deleted all threads about the findings from its popular Support Discussions forums. As Kent German reported earlier today, Consumer Reports has issued its official stance on iPhone 4 and it can't recommend the phone.
Moderators for Apple's Support Discussions forums quickly deleted growing threads discussing the Consumer Reports articles. Though these threads are no longer viewable, you can read through cached versions via Bing.
Despite the generally positive reputation that Consumer Reports enjoys, many Apple fans vehemently defend iPhone 4 throughout the thread. It will be interesting to see what sort of fallout this finding will produce in terms of sales for iPhone 4 moving forward. Despite the early reports of these very issues, iPhone 4 still outsold iPhone 3GS by nearly double over its first few days. Not to mention, Consumer Reports has already stated that the issues related to iPhone 4's antenna are not unique to iPhone 4.
Also interesting to note, Consumer Reports does rate iPhone 4 as the best smartphone currently available, sans the antenna issue, which it has now concluded is a hardware flaw inherent to iPhone 4's design. Apple has insisted the issues are a software problem to be fixed in the next release of iOS 4.
The next move will be Apple's, and I have to believe every software engineer available is working on a solution via an iOS 4 update. Should the antenna issue prove to be hardware related, the recall could be devastating to Apple's iPhone future and a huge win for other smartphone developers fighting tooth and nail for market share with the iPhone brand.
Should Apple Support Discussions forum moderators have deleted threads regarding the latest article from Consumer Reports? Is the antenna issue affecting your decision to purchase iPhone 4? Let us know in the comments!
Malware With Real Support - Now I've Seen It All
Is your rogue antimalware product not meeting your expectations? Perhaps you should contact support. Nicolas Brulez of Kaspersky recently blogged about how some of these gangs are offering tech support with their products that has live chat, e-mail, phone, and even multiple languages.
We've truly stepped through the looking glass now, especially when you consider all the legitimate products that don't offer support this good. It says something about how much money is still being made by rogue products. It also says something about how affordable outsourced support using scripted response is.
(click image for larger version.)
(click image for larger version.)
And according to Kaspersky the support, including the live chat, really is with real people, not a bot. If you have trouble with English, the chat tells you (in English) to send your support request to a particular e-mail address, and then you receive support in your native language. Some of the rogues have native language support based on the language of your Windows version. No word on which languages are supported, but put your money on Russian.
COMODO vs Malware Research Group
Malware Research Group video :
MRG Financial Malware Simulator VS Comodo
My Response to MRG/Comodo video
Support For Windows XP SP2 Ends This Coming Tuesday
This coming Patch Tuesday, July 13, will be the last day that security updates for Windows XP Service Pack 2 will be released.
After July 13, the product goes from its "Extended Support Phase" to "Self-Help Online Support." Security updates and non-security hotfixes will no longer be available. What will be left? For at least a year "Microsoft online Knowledge Base articles, FAQs, troubleshooting tools, and other resources, are provided to help customers resolve common issues."
If you feel you must remain on Windows XP, your only practical option is to installService Pack 3. More information about this situation can be found in this entry on the Microsoft Support Lifecycle Blog.
How To Remove Malware from Windows Vista or Windows 7 64-Bit Edition
Removing malware from a Windows 64-bit PC is remarkably simple. Why? No rootkits.
In this post I’m going to show you how to remove viruses, rogues (fake anti-virus), trojans, spyware, adware and other nasties from a Windows Vista or Windows 7 64-bit PC.
First, the requirements:
Software:
Helpful Links:
- How to reset your Windows proxy settings . Malware usually turns on a proxy setting which can prevent you from accessing the internet once the malware has been removed.
- EF.REG. EF (short for .exe fix) can reset your registry’s .exe settings in case your .exe’s are not working when you double click them.
Things To Do Before You Start the Removal Process:
- Backup Critical Documents.
- Backup Your Registry.
- Create a System Restore Point (you’ll delete this restore point once you verify your PC is working).
Download Updates for MalwareBytes and SuperAntiSpyware in-case the malware prevents you from accessing the internet. You should only download these updates if you cannot access the internet (for an online update)
Create a CD with:
- Malwarebytes
- SuperAntiSpyware
- MalwareBytes Rules and SuperAntiSpyware Rules
- Dr. Web’s CureIT
Ok, let’s begin.
- We need to start your PC in SafeMode with Networking. Turn your PC on and begin tapping the F8 key until you see a black screen with white text in rows. Using your up/down arrows select Safe Mode with Networking. Click Enter.
- After a brief flicker of text you’ll see a login screen with words stating that you’re in Safe Mode. (this screen and/or entry may vary).
- Turn off any proxy servers. Refer to this article on how to turn off the IE proxy settings.
- Install MalwareBytes and then try to update it. If the update doesn’t work then install mbam-rules.exe (from the download above or via your CD). Run a quick scan and remove anything it finds (click show results to see infected items).
- Reboot and enter SafeMode with Networking (see step 1 again).
- Install SuperAntiSpyware and the try to update. Once again, if the update fails load, then install the SAS manual update from the link above (or your CD). Run a quick scan and remove anything it finds.
- Reboot and enter SafeMode with Networking (see step 1 again).
- Step 8 is optional. If you feel that you may still be infected then run a full scan of your OS drive (c:\) with Dr Web’s CureIT. This usually isn’t needed but sometimes it’s nice to have a 3rd opinion.
- Reboot into normal mode.
- Consider replacing your current anti-malware solution (because it’s obviously not working for ya).
Closing Notes:
If you actually needed this article then your current Anti-Malware solution is not giving you enough protection. If you want a truly solid solution then grab a copy of either Kaspersky Internet Security or Norton Internet Security (2010 or later).
Also you can try whit a bootable CD:
Firefox 4 Preview
Firefox 4 will feature a significantly updated theme on Windows, Mac OS X, and Linux. In the last few days significant pieces of the new user interface have started dropping in:
- The Firefox button (called Minefield in the development builds) gathers the most frequently used menu options in a single point. The button is now on by default for Windows Vista and 7 users, but off for Windows XP users. For Windows Vista Basic users get the button is displayed in the tab bar. If you prefer the menu bar, just right click on the navigation toolbar and enable it to dismiss the Firefox button.
- Aero Glass interface.
- Customizable tab bar. Introduced some time ago, you can drag buttons to the tab bar at will.
- New bookmarks button, that opens the bookmarks menu and options to show the bookmarks menu and bookmarks sidebar.
- Tabs on top are now enabled by default as explained in yesterday’s video. To restore the classic layout with the navigation toolbar above the tab bar, right click on the navigation toolbar and uncheck Tabs on top.
This is not the end of changes: the status bar is about to be dismissed replaced by a temporary status bar, while extension icons would go to a dedicated movable toolbar.
App tabs, will be an option to make a tab sticky and with no navigation interface as the content in it is expected to be self contained like an email application, an online document editor, or some intranet application. First pieces have already landed but there is no UI to see yet.
Finally, Mac OS X and Linux will also get an important theme update.
Firefox 4 Beta 1 is targeted for sometime in the next couple of weeks with final released expected by years end.
AVG joins Opera on stage
The first beta of Opera 10.60 was released only two weeks ago, and on Thursday it graduates to a wide release and sheds its beta tag. Opera 10.60 for Windows, Mac, and Linux incorporates security enhancements provided by popular freeware antivirus vendor AVG, improves performance, adds further HTML5 compatibility, and makes a minor but noticeable tweak to the browser interface.
Opera users will now encounter this warning page when they try to load sites that have been identified by AVG's real-time detector as malicious.
(Credit: Screenshot by Seth Rosenblatt/CNET)The new security feature indicates that while Chrome and Firefox are looking to further isolate plug-ins and add-ons, Opera hopes to address the immediate threat from malware-infected Web sites. Opera now comes with AVG's real-time Web threat data feed built in. What this means is that when you encounter a page that's been detected by the AVG network to be malicious, you'll see the warning instead. The network is fed by data supplied anonymously by 51 million AVG users from around the world.
According to AVG's press release, the feature uses multiple techniques to protect users. It uses exploit signatures to detect sites serving drive-by downloads, the AVG Online Shield and contextual analysis to detect social engineering scam-driven viruses, and reputation lists for safeguarding against malicious domains and URLs.
Opera is also claiming the same dramatic performance improvements in version 10.60 as it did in the beta, saying that the browser is 50 percent faster than the previous version using the Peacekeeper test. CNET tests performed on the beta showed it closer to 33 percent faster on that test, which is still a massive improvement, but only 5.6 percent faster on the SunSpider JavaScript test.
Version 10.60 supports several nascent HTML5 features, including the next-generation video and audio codec WebM, geolocation compatibility, Web Workers, and App Cache. This update places Opera at or very close to parity with beta and development versions of Chrome and Firefox. Opera has also created an HTML5-geolocation-powered map showing real-time downloads and active users of Opera.
In other changes, Bing finally makes it onto Opera's default search options list, and Opera has tweaked the "O" logo menu that debuted in Opera 10.5 by adding the word "menu" to clarify what it's for. The Windows changelog,Mac changelog, and Linux changelog are available at the Opera Web site.
Subscribe to:
Posts (Atom)
Posts
