Link: http://www.theinquirer.net/inquirer/news/1729566/adobe-patches-shockwave-bigtime

It's that time of the week again where one of your adobe products requires updating, this time it's Shockwave....

Adobe's Shockwave media player that is getting a whopping big patch to cover 20 security holes.

The patches cover Adobe's Shockwave Player 11.5.7.609 for both the Windows and Mac platforms and the company is rating the update as critical.

"The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system," Adobe said in a security advisory.

Of the 20 holes, 18 fixes cover problems that would allow remote code execution on affected systems. One could allow a denial of service attack and the final flaw would allow a denial attack and could theoretically be exploited to allow remote code execution.

You can download the latest Shockwave here

Link: http://tech.slashdot.org/story/10/08/24/0520245/Windows-DLL-Vulnerability-Exploit-In-the-Wild

This is troubling, I can expect a wave of dead systems coming. There's a vulnerability in the way Windows handles looking for a DLL file - and many apps are affected.

Many Windows programs can be exploited simply by tricking users into visiting malicious Web sites or opening malformed documents because of the way the software loads code libraries -- dubbed "dynamic-link library," or ".dll" in Windows -- as well as executable ".exe" and ".com" files. If hackers can plant disguised malware in one of the directories an application searches when it looks for those files, they can hijack the PC.

This one won't go away quickly - so prepare for trouble. Microsoft has released a tool to mitigate the issue but it's mostly for corporate and not very end user friendly.

There are other workarounds customers could take, including blocking outbound SMB (Server Message Block) traffic at the firewall and disabling Windows' built-in Web client.

But you know that 99% of people won't have a clue how to do this.

So if you're a system repairer or tech get ready for some extra work.

Link: http://www.adobe.com/support/security/bulletins/apsb10-17.html

Ok, so I hope all of you updated your flash players this week - and if you use Acrobat or Reader then tomorrow will be another patch day for you.

Updates for Adobe Reader 9.3.3 for Windows, Macintosh and Unix will accompany Adobe Acrobat 9.3.3 for Windows and Macintosh as well as cross-platform patches for Adobe Reader 8.2.3 and Acrobat 8.2.3

Don't put it off - Flash and the other Adobe products are on the top of the "how your pc gets infected" pile of apps.

Link: http://www.zdnet.com/blog/security/adobe-warns-of-critical-flash-player-flaws/7111

This week brings news of at least six critical security vulnerabilities that could allow hackers to launch remote code execution attacks, the company warned in an advisory.

The flaws affect Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux and Solaris.

Adobe AIR 2.0.2.12610 and earlier versions for Windows, Macintosh and Linux are also affected by these vulnerabilities.

You can check your Flash version HERE if you need to , however it's almost a sure bet that you'll need the patch.

Link: http://www.theregister.co.uk/2010/08/05/microsoft_august_2010_patch_tuesday/

The next Patch Tuesday, scheduled for August 10, will include 14 bulletins, eight of which are rated critical, Microsoft's highest severity classification, generally reserved for bugs that can be exploited to remotely execute malware on vulnerable systems with little or no interaction on the part of the end user. Six of those bulletins apply to Windows, another one applies jointly to Windows and Silverlight and the last to the Office suite.

So don't put off the patches - you know these flaws will be exploited shortly.

Link: http://www.ghacks.net/2010/07/31/except-out-of-band-windows-security-release-on-august-2/

Microsoft plans to release on Monday an emergency fix for a Windows vulnerability that is being exploited by attackers using a "highly virulent strain" of malware. Affected versions of Windows include Windows 7, XP, Server 2003, Vista and Server 2008.

You know it's gotta be bad when this happens. I don't have any details on the exact form of malware that is being used, but here is the MS Tech article.

Link: http://blog.bkis.com/en/adobe-fix-still-allows-escape-from-pdf/

Crap - it took them 3 months and now we need a new fix .....

The patch seems to be working. Now, what would happen if I modify the exploit code a bit?

Specifically, I add the quotes to the parameters passed to /F.

Eg: /F(cmd.exe) becomes /F(“cmd.exe”)

With the quotes added, Adobe Reader will not block the execution and the warning becomes as follow:

Link: http://www.theregister.co.uk/2010/06/30/windows_exploit_spike/

If you've got either of these operating systems you'd be well advised to follow the mitigation HERE as the patch is not coming for a while....

Microsoft said on Wednesday that its security team has detected more than 10,000 distinct computers that have experienced the attack against the bug in the Windows Help and Support Center. The vulnerability, which was disclosed on June 10 by researcher Tavis Ormandy, makes it possible for attackers to remotely install malware on computers running Windows XP and Server 2003 by luring end users to booby-trapped websites.

Link: http://www.ghacks.net/2010/06/29/adobe-reader-9-3-3-released-fixes-critical-security-issues/

Almost everyone has Acrobat - and almost everyone (those who didn't update) is vulnerable to system crushing malware.

there are total of 17 documented vulnerabilities that expose Windows, Mac, and Unix users to malicious hacker attacks. The update affects Adobe Reader/Acrobat 9.3.2 and earlier versions.

Do yourself a favor - go to start / programs / adobe reader and chose help / updates. You'll thank me later. Yeah, you can do it now, we'll wait.

Link: http://blogs.adobe.com/psirt/2010/06/pre-notification_-_quarterly_s_3.html

It took Adobe quite a while to lay this one down, Make yourself a note and update next Tuesday - the vulnerability is actively being exploited and this applies to all operating systems.

Link: http://www.ghacks.net/2010/06/21/centralized-internet-fraud-alert-system-launches/

The idea is a good one, a central location to securely submit and collaborate on vulnerabilities, stolen account credentials, etc.

The Internet Fraud Alert System has been designed to provide security researchers and the security community in general with a centralized alert system to report stolen data, such as credit card numbers or account login details. The service furthermore allows the researches to contact the institutions directly, allowing them to take the appropriate action to protect their customers.

Microsoft has a big hand in this. At any rate it might facilitate quicker communication between the researcher and the company. I guess that's not a bad thing.

Link: http://www.v3.co.uk/v3/news/2264850/zero-day-microsoft-flaw

I'm all for submitting a flaw and threatening public disclosure if the company does not patch in time - but 5 days? This is Microsoft we're talking about. Now the flaw is actively being exploited and windows XP users are being infected.

Sophos senior technology consultant Graham Cluley launched a scathing attack on Ormandy, arguing that he should have worked with Microsoft to fix the problem and disclosed the vulnerability only when a patch was available.

"Do you feel proud of your behaviour? Do you think that you have helped raise security on the internet? Or did you put your vanity ahead of others' safety?" he wrote in a blog post.

Yeah, not cool.

Link: http://www.zdnet.com/blog/security/googler-releases-windows-zero-day-exploit-microsoft-unimpressed/6659

This one's about hcp:// links... Don't know what they are? They're windows help protocol links. There is a registry edit you can do to disable hcp.

Why anyone would want hcp anyway is beyond me.

The vulnerability, which is due to improper sanitization of hcp:// URIs may allow a remote, unauthenticated attacker to execute arbitrary commands.

Link: http://get.adobe.com/flashplayer/

The exploit is in the wild and being used to take over computers and install malware - if you do nothing else today - go and get the new flash player and install it. Trust me, you'll be glad you did. (though don't forget to uncheck whatever crapware Adobe is trying to bundle with it eh?)

An added bonus is that this player supposedly comes with Hardware Acceleration - so it's got that going for it too.

Adobe has shipped a “critical” Flash Player update to fix a total of 32 documented vulnerabilities in the ubiquitous software product.
The Adobe Flash Player 10.1.53.64 update comes on the heels of last week’s in-the-wild attacks against a zero-day hole in Adobe’s Reader and Flash Player product. This patch fixes that vulnerability along with 31 other serious security problems.

The vulnerabilities in this patch batch affects all major operating systems: Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris; Adobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux.

Link: http://www.ghacks.net/2010/06/09/website-virus-checker-urlvoid/

Now this is a really good idea. Sometimes you want to check out a site that seems sketchy - now you can scan the bad boy before visiting. It's good for webmasters too - now you can check your own site for trouble.

The developers of No Virus Thanks have created URLVoid which uses the same concept for website urls. Individual security applications like Kaspersky Internet Security or Norton Internet Security and browser add-ons like Web of Trust can scan websites for malicious code to protect the user from visiting the site.

The website virus checker URLVoid is a service for users who want to double-check specific urls before they visit the sites. It is also a handy service for webmasters who want to make sure that their websites are not in that list. Helpful for instance after a successful hacking attack against a website.

Link: http://news.cnet.com/8301-27080_3-20007119-245.html

Ranked so highly because it's an open zero day hole and it's currently being exploited.

Adobe Systems said it will issue a patch for a critical hole being exploited in the wild by delivering an update for Flash Player by Thursday, and for Adobe Reader and Acrobat by June 29.

The update of Flash Player 10.x will support Windows, Macintosh, and Linux, while the date for the release of a Solaris version is still to be determined, Adobe said late Monday. Meanwhile, the Adobe Reader and Acrobat update to come in three weeks will support Windows, Mac, and Unix.

Adobe released the advisory late last week and said there had been reports of the hole being exploited to take remote control of computers.

Just when you thought it was safe to go on the net again ....

A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to an unspecified error. No more information is currently available.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in version 10.0.45.2 and prior 10.0.x and 9.0.x versions for Windows, Macintosh, Linux, and Solaris.

So it's not just Windows being exploited - there is a mitigation method... you can download the Release Candidate of flash HERE

and for Acrobat reader you can delete a dll - (which will prevent embedded flash in pdf's - why anyone would need that anyway is beyond me)

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains SWF content.
The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

Link: http://www.zdnet.com/blog/security/patch-tuesday-heads-up-10-bulletins-34-flaws-ie-windows-affected/6593

This Tuesday Ms is set to release a rather large batch of security related goodness.

Three of the 10 bulletins will be rated “critical,” Microsoft’s highest severity rating. The flaws addressed in those bulletins typically expose users to remote code execution attacks.

Here are the basic details on what’s coming next Tuesday (June 8, 2010):

* Six of the bulletins affect Windows; of those, two carry a Critical severity rating and four are rated Important.
* Two bulletins, both with a severity rating of Important, affect Microsoft Office.
* One bulletin, again with a severity rating of Important, affects both Windows and Office.
* One bulletin, with a severity rating of Critical, affects Internet Explorer.

Link: http://www.pcworld.com/article/196898/poisoned_pdfs_heres_your_antidote.html

Adobe reader is undoubtedly close to the top in malware infections, and there's a new exploit going around. This one opens an embedded file and runs it.

This embedded-file threat makes creative use of functionality built into the PDF standard. As such, it works not only on Adobe Reader but on other PDF readers, too, even if they're up-to-date. The makers of the Zeus Trojan horse are already using this new technique to spread their evil software.

Changing a program setting in the current version of Adobe Reader can help. Head to Preferences, Trust Manager, and deselect Allow opening of non-PDF file attachments with external applications.

Link: http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/

Ah super, now we all have something big to worry about - and with the way this works it's not likely to be fixed anytime soon (Windows)

Researchers say they've devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender.

The method, developed by software security researchers at matousec.com, works by exploiting the driver hooks the anti-virus programs bury deep inside the Windows operating system. In essence, it works by sending them a sample of benign code that passes their security checks and then, before it's executed, swaps it out with a malicious payload.

Link: http://tips.vlaurie.com/2010/04/symantec-internet-security-threat-report/

Taking a look at the top offenders - one program really stands out. Internet Explorer. I see examples of this in the wild all the time. Yeah, Adobe is up there too - so keep your Acrobat and Flash updated and use Chrome or Firefox or Opera. Just doing those three simple things can keep you from having to go to Geek Squad - or at worst getting your machine rebuilt from scratch.

Oh by the way - there's a new IE8 Flaw that puts users at risk... go figure.

Right, second time in one week - you'll need an update as there's a zero day flaw being exploited....

Don't wait for the automatic updater - go to control panel, click on Java - click on update now - or
go download the newest

Link: http://news.cnet.com/8301-27080_3-20002045-245.html

Finally, it's coming out and the extra work we techs have to do just to keep people safe gets easier.

Adobe will release its latest security updates for Reader and Acrobat on Tuesday via a new update system it has been testing the past six months, the company said on Thursday.

The Adobe updates will coincide with April's Patch Tuesday during which Microsoft will fix 25 vulnerabilities, including two for which exploit code has been released in the wild.

On Tuesday, Adobe will activate its updater technology for all users of Adobe Reader and Acrobat and use it to deliver the updates to resolve critical security issues, details of which were not disclosed in its security advisory.

Link: http://www.ghacks.net/2010/03/31/java-jre-6-update-19-security-update/

The Java Runtime Environment has received an update to JRE 6 Update 19 which fixes several security vulnerabilities. Users who have Java installed on their computer systems are encouraged to update to the latest version immediately to fix the security issues.

If you've got Java installed (and trust me, you do) it's time to go and update it - be safe.

Link: http://www.ghacks.net/2010/03/29/out-of-band-internet-explorer-security-update/

Right on the heels of the last big security problem for IE6 - MS is covering their butt again serving the demon browser they themselves helped to create.
Ironic isn't it?

Microsoft’s Security Response team just announced that they will be publishing an out of band cumulative update for Internet Explorer due to a publicly disclosed security
vulnerability that is affecting Internet Explorer 6 and Internet Explorer
7. The team notes that Internet Explorer 8 installations are not affected by the security vulnerability
and that the security update will be released on March 30 at approximately 10:00 a.m. PDT.

Not a good week for these two browsers - IE has a pretty big issue that is actively being exploited.

Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 are vulnerable.

Also there's this issue with Opera - that admittedly Opera itself is trying to downplay.

The vulnerability is confirmed in version 10.50 for Windows. Other versions may also be affected.

Right now the only thing you can do is to NOT use the affected browsers - go and get Firefox or Chrome until patches are available.

Link: http://www.h-online.com/security/news/item/Thunderbird-3-0-2-released-941372.html

If you use Thunderbird - you've got a small update .... go to help / check for updates if it hasn't arrived yet.

Link: http://www.fuzzywindows.com/index.php?option=com_content&view=article&id=93:internet-explorer-9-ie9-confirmed-for-march-2010&catid=58:internet-explorer&Itemid=112

You know - it was just getting a little better in Web Development... Now IE 9? You can bet they will NOT suppot HTML 5 ( even though all other browsers do) - and forget standards/Acid 3 Compliance. - some - sure... but IE has never tried to be compliant.

I can only sit back and wonder how many troubles the bastard child of Bill Gates will cause all us Web people.

mark out some time to fix everything IE9 breaks.

Yeah, I'm tagging this as "Flaw"

Link: http://www.norcalis.com/

I can't believe ANYONE would hire these people.... Yes, I've checked it out and there's no evil - well, in the form of viruses etc. The evil is the entire website.

Btw - Norcalis - if you read your webstats see me - you need help. - Not to mention I can upload a malicious file right off the bat ... I could Own that webserver in 3...2...1...

Link: http://blogs.zdnet.com/hardware/?p=7413

Not a lot of details on this one yet - but apparently somethings up...

A vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code.

The vulnerability is reported in version 3.6. Other versions may also be affected.

The solution is of course kinda stupid...

Solution
Do not visit untrusted websites or follow untrusted links.

Well, you know this at least - all GeeG links are tested ... you'll get no trouble here.

Link: http://blogs.zdnet.com/security/?p=5473

Taking the torch from Quicktime, Adobe is leading the way in infecting your systems. Don't get me wrong - there's still the users that are clicking on the damn things...

A newly released report shows that based on more than a trillion Web requests processed in 2009, the use of malicious PDF files exploiting flaws in Adobe Reader/Adobe Acrobat not only outpaced the use of Flash exploits, but also, grew to 80% of all exploits the company encountered throughout the year.

Another bright side ,  today is the first day I saw a pc boot into Win XP and immediately prompt the user to update Flash (and it worked) ... however this crap won't end until Adobe builds a silent updater and gets on top of it's patches.

You have at least 2 of these - and yes, again....? sorry, it's not my fault.

For the Flash Air Bulletin go HERE

For the Reader and Acrobat Bulletin go HERE

Update now or be pwned - you have been warned.

?

Link: http://www.ghacks.net/2010/02/05/mozilla-promises-better-virus-scanning-after-virus-faux-pas/#more-22831

Yeah, Mozilla caught it but if you've ever installed Sothink Web Video Downloader 4.0 and Master Filer - You have some system cleaning to do.

Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found to contain Trojan code aimed at Windows users. Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose Trojan. Both add-ons have been disabled on AMO.

?

?

?

Link: http://blogs.zdnet.com/security/?p=5390

Oh they knew about it for years... someone (from Google) just had to make some noise for them to move on it. Also in the general patch bucket - a whole bus load of other patches - (26 vulnerabilities)

So don't miss next Tuesdays updates eh?

Link: http://www.theregister.co.uk/2010/01/27/ie_file_disclosure_attack/

Seems like there's one a week this year - and if that aint enough to make you switch browsers well, I probably can't help you.

If you use any version of Internet Explorer to surf Twitter or other Web 2.0 sites, Jorge Luis Alvarez Medina can probably read the entire contents of your primary hard drive.

The security consultant at Core Security said his attack works by clicking on a single link that exploits a chain of weaknesses in IE and Windows. Once an IE user visits the booby-trapped site, the webmaster has complete access to the machine's C drive, including files, authentication cookies - even empty hashes of passwords.