In the wake of highly publicized security alerts from software giant Microsoft, online criminals have used the wave of public interest to push malicious software on an unsuspecting public.
The malicious emails take the usual form: A message from an authoritative source – in this case, Microsoft director of security assurance Steve Lipner – warns that security updates must be installed to ensure the security of the targeted PCs. The “updates” turn out to be malware.
However, while there are frequently a few tell-tale signs that an email is malicious, this campaign gives the game away several times, misspelling the names of Windows products and presenting erroneous technical details. Sophos labs also notes that the malware included in the email was detected immediately and failed to run on a test system.
The technique of using current events in general, and even Microsoft updates in particular, is not a new one for online malware purveyors, as a similar attack was launched last year. Experts say that it is almost always a bad idea to click on links in unsolicited email.
Source: MX Logic
Research In Motion has released a security advisory to address multiple vulnerabilities in the PDF distiller of some released versions of the BlackBerry Attachment Service. The advisory lists the affected versions as BlackBerry Enterprise Server 5.0.0 running on Microsoft Windows version 2003 or 2008, BlackBerry Enterprise Server 5.0.0 running on Microsoft Windows 2000, BlackBerry Enterprise Server software versions 4.1.3 through 4.1.7, and BlackBerry Professional Software 4.1.4. By convincing a user to view a specially crafted PDF file, an attacker may be able to execute arbitrary code or cause a denial-of-service condition on the system that hosts the BlackBerry Attachment Service.
Source: US-CERT
Microsoft has released a patch to cover a publicly reported denial-of-service (DoS) vulnerability that affects the server messaging block protocol.
Writing in a blog post, group manager at Microsoft Research Centre Mike Reavey, claimed that the vulnerability in SMBv1 and SMBv2 affects Windows 7 and Windows Server 2008 R2.
Reavey said: “I want to be clear that this is a DoS vulnerability that is unrelated to Microsoft Security Bulletin MS09-050 which addressed a remote code execution vulnerability in the SMBv2 protocol. This vulnerability would not allow an attacker to take control or install malware on a user’s system, but could cause the affected system to stop responding until manually restarted.”
The bulletin MS09-050 was released on October’s Patch Tuesday when it impacted the Vista and Windows 2008 platforms. Reavey claimed that the situation was being monitored and Microsoft was not aware of active attacks.
Source: SC Magazine UK
Microsoft has released Security Advisory 977544 related to this issue.
Previously covered on Tech Paranoia: Windows 7 / Server 2008R2 Remote Kernel Crash
Microsoft Security Bulletin MS09-065 – Critical
This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow remote code execution if a user viewed content rendered in a specially crafted Embedded OpenType (EOT) font. In a Web-based attack scenario, an attacker would have to host a Web site that contains specially crafted embedded fonts that are used to attempt to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability.
Read more at: Microsoft Technet
Microsoft has released their security bulletin summary for November 2009.
Found here: http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx
This update addresses vulnerabilities in Microsoft Windows operating systems and the Microsoft Office application suite.
