DP's Security Bits

Virtual-machine software maker VMWare announced on Wednesday a way for security programs to access the company's software and protect virtual systems in a way not possible today.

The company unveiled the technology, called VMSafe, two days after security researchers disclosed an issue in VMWare for Windows that could allow an attacker to run malicious code in a virtual machine and affect the underlying host operating system. By using VMSafe, security software could detect and block such attacks, the company said.

Twenty security companies have announced support for the technology and are expected to build applications to take advantage of the features, VMWare stated.

http://www.securityfocus.com/brief/690 

Issued: February 27, 2008

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

  * MS08-013 - Critical
  * MS08-010 - Critical
  * MS07-012

Bulletin Information:

* MS08-013 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms08-013.mspx
  - Reason for Revision: V1.2 (February 27, 2008): Bulletin updated
    to reflect the reason why this update cannot be uninstalled
    for Office XP and Office 2003. 
  - Originally posted: February 12, 2008
  - Updated: February 27, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.2
   
* MS08-010 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
  - Reason for Revision: V1.2 (February 27, 2008): Corrected the
    registry key verification path for Internet Explorer 6 for
    all supported x64-based editions of Windows Server 2003. 
  - Originally posted: February 12, 2008
  - Updated: February 27, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.2
   
* MS07-012

  - http://www.microsoft.com/technet/security/bulletin/ms07-012.mspx
  - Reason for Revision: V2.1 (February 27, 2008) Bulletin updated:
    Corrected the registry key verification path and the
    uninstall folder for Windows Server 2003. 
  - Originally posted: February 13, 2007
  - Updated: February 27, 2008
  - Bulletin Severity Rating: Important
  - Version: 2.1

AVG Technologies, a leading provider of Internet Security software, announced the release of AVG Internet Security 8.0 for the 28th Feb, the latest version of its flagship suite for consumers and SMBs. AVG 8.0 delivers a significant number of new benefits to users designed to deliver enhanced protection against the latest web-borne threats without sacrificing the product’s signature efficiency and unobtrusiveness.

Full Press Release 

The most recent version of Apple's Mac OS X (10.5.2) appears contain a security vulnerability that could allow an attacker to crash computers on a local or remote network.

Security researcher Neil Kettle of Digit-labs.org on Tuesday posted a proof-of-concept exploit that takes advantage of a flaw in the way the Apple implements IPv6 support.

Most networks use the IPv4 networking protocol; IPv6 is slowly being deployed to provide a larger number of available network addresses, improved security, and other features.

In an e-mail, Kettle explained that the bug isn't likely to put home users at risk because few of them will be using IPv6 networks.

Full story at informationweek.com 

Recipients of e-mail messages threatening death at the hands of a hit man unless a $20,000 payment is made can sleep more easily. The threat is a hoax, the FBI said on Tuesday, reiterating warnings issued in January 2007 and December 2006 because threatening messages continue to circulate.

"A new scam cropping up in e-mail boxes across the country is preying not on recipients' greed or good intentions, but on their fears," the FBI said last year. "The scam e-mail, which first appeared in December, threatens to kill recipients if they do not pay thousands of dollars to the sender, who purports to be a hired assassin."

Full story at informationweek.com 

A critical vulnerability in VMware Inc.'s virtualization software for Windows lets attackers escape the "guest" operating system and modify or add files to the underlying "host" operating system, the company has acknowledged.

As of Sunday, there was no patch available for the flaw, which affects VMware's Windows client virtualization programs, including Workstation, Player and ACE. The company's virtual machine software for Windows servers and for Mac- and Linux-based hosts are not at risk.

The bug was reported by Core Security Technologies, makers of the penetration-testing framework CORE IMPACT, said VMware in a security alert issued last Friday. "Exploitation of this vulnerability allows attackers to break out of an isolated guest system to compromise the underlying host system that controls it," claimed Core Security.

Full Story at computerworld.com 

AVG has been nominated as a finalist for the 2008 European Business Awards in the innovation category and has received the coveted Ruban D’Honneur Award designating them as one of Europe’s leading organizations.

Full Press Release 

Several weeks after AOL LLC gave Netscape Navigator a one-month reprieve, the company yesterday released the last update for the browser and prodded users to switch to Flock or Firefox.

"Users will see the following major upgrade notice, released as Netscape 9.0.0.6," said Tom Drapeau, the director of AOL's Netscape brand, in a post to a company blog Wednesday. "When the Netscape 9.0.0.6 upgrade is accepted and run, the following notice will appear, denoting the end of support date and the recommendations of Flock and Firefox."

Full story at computerworld.com 

Opera Software ASA patched a trio of bugs in its flagship browser yesterday, including one that a company manager used last week to slam rival Mozilla Corp.

The update, dubbed Opera 9.26, plugs three security vulnerabilities. The most serious is rated "highly severe" by the Oslo-based developer and could be used by attackers to dupe the browser into treating image-file comments as script. "This can cause the script to be run in the wrong security context," Opera's advisory read.

Story at computerworld.com 

Issued: February 20, 2008

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

  * MS08-008 - Critical
  * MS08-006 - Important

Bulletin Information:

* MS08-008 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx
  - Reason for Revision: V1.2 (February 20, 2008): Bulletin updated:
    Corrected the file timestamps for the security update for all
    supported 32-bit editions of Windows XP. 
  - Originally posted: February 12, 2008
  - Updated: February 20, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.2
   
* MS08-006 - Important

  - http://www.microsoft.com/technet/security/bulletin/ms08-006.mspx
  - Reason for Revision: V1.1 (February 20, 2008) Bulletin updated:
    update filenames changed in the file information table for
    all supported 32-bit editions of Windows XP. 
  - Originally posted: February 12, 2008
  - Updated: February 20, 2008
  - Bulletin Severity Rating: Important
  - Version: 1.1

Websense(R) Security Labs(TM) has received reports of a Trojan keylogger aimed at the users of Habbo, a popular social networking site for teenagers. As of last month, Habbo's entry on Wikipedia said that over 8 million unique visitors access Habbo's Web sites around the world every month.

The party involved in spreading this malicious code poses as a third-party software tool developer for Habbo. Among the "tools" available for download, which will supposedly give the Habbo user an edge in the game is a file named ProRig.V9.exe (MD5: b80305ace7d4a01541467511df256287).

Unsuspecting victims who seek the touted benefits of this fake tool would instead have their own desktops compromised with spyware. Websense Security Labs recommends caution when trying out new third-party applicationss developed for Web 2.0 and social networking Web sites: especially ones with APIs open for third-party developers.

Alert Details 

Sunbelt Software is reporting a virulent and convincing fake greeting card site and associated malware.

Like most malware these days, it is delivered through a rogue web site. The link to the site is in an e-mail spammed out to victims as a greeting card. When you click the link you are told you need to update your Flash player to view the card.

This attack is better than most. The fake American Greetings page is well done, and the ActiveX installer program is digitally signed. (It wasn't signed by a commercial certificate authority but by Comodo's UserTrust network, which gives the certificates and tools away.

Sunbelt says the actual trojan is a variant of the Monster Trojan and "a very nasty data-stealing trojan" which uses a rootkit to hide. Things may be better now, but when they reported it detection by security software was poor, with only 4 of 32 scanners detecting an attack in the file.

http://blogs.pcmag.com/securitywatch/2008/02/american_greetings_phony_site.php 

Computer users are becoming increasingly pessimistic about the Mac's ability to sustain its mostly malware-free existence.

Sophos, a computer security company, surveyed 355 computer users, asking them whether they believed Apple's Macintosh computers will be targeted more frequently by malware in the future. It found that 93% expected an increase in malware threats, up from 79% two years ago.

Story continues at informationweek.com 

Issued: February 13, 2008

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

  * MS08-013 - Critical
  * MS08-012 - Critical
  * MS08-010 - Critical
  * MS08-008 - Critical
  * MS08-007 - Critical
  * MS08-005 - Important
  * MS08-003 - Important

Bulletin Information:

* MS08-013 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms08-013.mspx
  - Reason for Revision: V1.1 (February 13, 2008): Bulletin updated
    to reflect that there are no known issues with installing
    this security update. 
  - Originally posted: February 12, 2008
  - Updated: February 13, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.1
   
* MS08-012 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms08-012.mspx
  - Reason for Revision: V1.1 (February 13, 2008): Bulletin updated
    to reflect that there are no known issues with installing
    this security update, and to list Microsoft Publisher 2003
    Service Pack 2 (instead of Service Pack 3) in the MBSA and
    SMS tables under Detection and Deployment. 
  - Originally posted: February 12, 2008
  - Updated: February 13, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.1
   
* MS08-010 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
  - Reason for Revision: Revised to include Vista Service Pack 1 and
    Windows Server 2008 to the Non-Affected Software section.
    Known issues corrected. 
  - Originally posted: February 12, 2008
  - Updated: February 13, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.1
   
* MS08-008 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx
  - Reason for Revision: V1.1 (February 13, 2008): Bulletin updated:
    The security update for Visual Basic 6.0 Service Pack 6
    (KB946235) now lists MS07-043 as a previous Bulletin that
    this update replaces. 
  - Originally posted: February 12, 2008
  - Updated: February 13, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.1
   
* MS08-007 - Critical

  - http://www.microsoft.com/technet/security/bulletin/ms08-007.mspx
  - Reason for Revision: V1.1 (February 13, 2008): Revised the FAQ to
    emphasize the role of user interaction in how an attacker
    could exploit the vulnerability. 
  - Originally posted: February 12, 2008
  - Updated: February 13, 2008
  - Bulletin Severity Rating: Critical
  - Version: 1.1
   
* MS08-005 - Important

  - http://www.microsoft.com/technet/security/bulletin/ms08-005.mspx
  - Reason for Revision: Bulletin Updated: Corrected the download
    link reference for Windows XP Professional x64 Edition and
    Windows XP Professional x64 Edition Service Pack 2 to
    reference Internet Information Services 6.0. The download
    link correctly directed customers to the IIS 6.0 update but
    the reference link incorrectly stated IIS 5.1 
  - Originally posted: February 12, 2008
  - Updated: February 13, 2008
  - Bulletin Severity Rating: Important
  - Version: 1.1
   
* MS08-003 - Important

  - http://www.microsoft.com/technet/security/bulletin/ms08-003.mspx
  - Reason for Revision: Bulletin updated to reflect the correct KB
    number in the Registry Key Verification section for all
    supported x64-based editions of Windows XP Professional with
    ADAM installed. 
  - Originally posted: February 12, 2008
  - Updated: February 13, 2008
  - Bulletin Severity Rating: Important
  - Version: 1.1

Mozilla Corp. released the third beta of Firefox 3 yesterday, eight weeks after it made the last major milestone for its open-source browser, and right on a schedule it set a dozen days ago.

Mike Beltzner, Mozilla's interface designer, touted additions and enhancements to Beta 3 in a post to the company's Web site Tuesday, touting several new or enhanced security features, an improved download manager, one-click bookmarking, offline application support, faster page rendering and new progress on plugging the browser's noted "memory leaks."

Full Story at computerworld.com 

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

February Bulletin Summary

Critical (6)

MS08-007 -  Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)
MS08-008 -  Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)
MS08-009 -  Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)
MS08-010 -  Cumulative Security Update for Internet Explorer (944533)
MS08-012 -  Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)
MS08-013 -  Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)

MS08-003 -  Vulnerability in Active Directory Could Allow Denial of Service (946538)
MS08-004 -  Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
MS08-005 -  Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
MS08-006 -  Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
MS08-011 -  Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)

This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.
 

Apple on Monday updated Mac OS X to version 10.5.2 and released Security Update 2008-001 for Mac OS X 10.4.11. Collectively, the two updates address ten security vulnerabilities, one of which includes multiple X11 X Font Server holes, and a bug not considered to be a security risk.

The fixes affect Directory Services, Foundation, Launch Services, Mail, NFS, Open Directory, Parental Controls, Samba, Terminal, and X11. The Directory Services, Mail, and Open Directory issues do not affect those using OS X 10.5 or above. Seven of the vulnerabilities, Apple said, could allow arbitrary code execution.

Story at informationweek.com 

If you spend an inordinate amount of time deleting the spam messages from your in-box, you are not alone.

According to the Web site trustedsource.org, there were a total of 154.3 billion mail messages sent around the world Sunday and 117.4 billion of them were spam. For those of you without a calculator, this means that 76 percent of those e-mail messages were spam. That's slightly below Symantec's recent monthly spam report, which claimed that on average 78.5 percent of e-mail messages are spam. Maybe Sunday was a slow day.

Full story at news.com 

Czech Republic, 6 February 2008 – GRISOFT, developer of the AVG family of security software products, today announced that it is changing its name to AVG Technologies. The renaming affects all subsidiaries around the globe:

The parent company is now AVG Technologies N.V.
The Czech Republic-based company is now AVG Technologies CZ, s.r.o.
The US-based company is now AVG Technologies USA, Inc.
The Cyprus-based company is now AVG Technologies CY, Ltd
The UK-based company, already operating under the AVG name, will now be known as AVG Technologies UK Ltd

All other contact and commercial data remains unchanged, including current GRISOFT trademarks.

"The change in name is primarily intended to enhance awareness of the AVG brand in the world", said J.R. Smith, Chief Executive Officer of AVG Technologies. "By aligning our corporate identity with our brand identity, we expect to significantly increase the effectiveness of our marketing activities and other communications.”

Press Release 

Fixed in Firefox 2.0.0.12