Microsoft have published a Security Bulletin Summary for November 2011. A number of updates have been released including one "critical" and two "important" severity updates.
The patches address remote code execution, elevation of privilege and denial of service vulnerabilities. Importantly, an update has been released to patch the critical vulnerability in the TCP/IP stack (MS11-083). Microsoft report that "the vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system."
An apparently modified version of the well-publicised Stuxnet worm has been discovered on a number of corporate computer systems in Europe. Analysis suggests that the malware, named Duqu (pronounced dyü-kyü), appears to be based on the Stuxnet source code, giving rise to the possibility that Duqu may have been developed either by the Stuxnet authors or by developers who have had access to the source code.
As the malware landscape evolves, it's helpful to understand how malware gets onto your machine. Knowing the bad guys' strategies gives you the edge while on-line and puts you in a stronger position to defend your data and PC against compromising threats.
We all know that we should install anti-malware software, keep it up to date and run regular scans, apply Windows and application security patches when they become available, use a firewall... well, I won't bore you - you know what to do. But what kind of attacks can we expect and where are they coming from?
Developing malware from scratch is a highly complex task that requires considerable skill and effort. In recent years, crimeware toolkits have taken the heavy lifting out of creating malware. Toolkits, such as MPack, Neospoit and Zeus, can be found for sale on underground hacking forums, lowering the skills barrier for would-be criminals. For a fee and with little effort, hackers can generate their own malware that can be used for stealing credit card details, passwords and other sensitive information.
Microsoft have published a Security Bulletin Summary for October 2011. Eight updates have been released including two "critical" and six "important" severity updates.
The patches address remote code execution, elevation of privilege and denial of service vulnerabilities within Windows, Internet Explorer, Microsoft .NET Framework, Microsoft Silverlight, Microsoft Forefront United Access Gateway and Microsoft Host Integration Server.
Lavasoft attended the 21st Virus Bulletin conference in Barcelona from 5-7 October.
Virus Bulletin is a leading security industry publication who's annual conference presents the latest research, defensive procedures and the chance to discuss future developments and countermeasures. It also provides an opportunity for experts in the anti-malware arena to share their research interests, discuss technologies, as well as meet with - and learn from - those who put their technologies into practice in the real world.
Firefox 3.6.13 and Thunderbird 3.1.7 have been released. The latest versions include fixes to improve performance, stability and security.
11 Firefox updates, 9 of which are rated critical are included in this fix. More information here.
All 3 of the Thunderbird updates fix critical vulnerabilities. More info here.
Microsoft have published a Security Bulletin Advance Notification for December 2010. 17 updates are planned for 14th December including two "critical" and 14 "important" severity updates.
The patches address remote code execution, elevation of privilege and denial of service vulnerabilities within Windows, Internet Explorer, Microsoft Office, Microsoft Sharepoint and Microsoft Exchange.
Full details here.
In response to the volume of malware exploiting Adobe products, Adobe Reader X was released last week with its much anticipated new security feature, Protected Mode.
Protected Mode is based on Microsoft’s "Practical Windows Sandboxing" technique which you can read about here.
What does Protected Mode do? It displays PDF files in a highly restricted and confined environment. The restricted environment will help prevent a booby trapped PDF file from doing anything to your system.