DP's Security Bits

REDMOND, Wash. — May 28, 2009 — Microsoft Corp. today unveiled Bing, a new Decision Engine and consumer brand, providing customers with a first step in moving beyond search to help make faster, more informed decisions. Bing is specifically designed to build on the benefits of today’s search engines but begins to move beyond this experience with a new approach to user experience and intuitive tools to help customers make better decisions, focusing initially on four key vertical areas: making a purchase decision, planning a trip, researching a health condition or finding a local business.

The result of this new approach is an important beginning for a new and more powerful kind of search service, which Microsoft is calling a Decision Engine, designed to empower people to gain insight and knowledge from the Web, moving more quickly to important decisions. The new service, located at http://www.Bing.com, will begin to roll out over the coming days and will be fully deployed worldwide on Wednesday, June 3.

The explosive growth of online content has continued unabated, and Bing was developed as a tool to help people more easily navigate through the information overload that has come to characterize many of today’s search experiences. Results from a custom comScore Inc. study across core search engines show that as many as 30 percent of searches are abandoned without a satisfactory result. The data also showed that approximately two-thirds of the remaining searches required a refinement or requery on the search results page.

“Today, search engines do a decent job of helping people navigate the Web and find information, but they don’t do a very good job of enabling people to use the information they find,” said Steve Ballmer, Microsoft CEO. “When we set out to build Bing, we grounded ourselves in a deep understanding of how people really want to use the Web. Bing is an important first step forward in our long-term effort to deliver innovations in search that enable people to find information quickly and use the information they’ve found to accomplish tasks and make smart decisions.”

Press Release

VMware has released a security advisory to address multiple vulnerabilities in VMware Workstation, Player, ACE, Server, Fusion, ESX, and ESXi. The first of these vulnerabilities is due to a error in the VMware Descheduled Time Accounting driver. Exploitation of this vulnerability may result in denial of service in Windows-based virtual machines. The second vulnerability is due to a known error in the libpng package used by some VMware products. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the VMware security advisory and apply any necessary updates to help mitigate the risks

http://www.us-cert.gov/current/index.html#vmware_releases_security_advisory2

Issued: May 28, 2009

Security Advisories Released Today

* Microsoft Security Advisory (971778)
- Title: Vulnerability in Microsoft DirectShow Could
Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/971778.mspx
- Revision Note: Advisory published.

Issued: May 26, 2009

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-003 - Critical

Bulletin Information:

* MS09-003 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx
- Reason for Revision: V3.0 (May 26, 2009): Added an entry in the
section, Frequently Asked Questions (FAQ) Related to This
Security Update, to announce a detection change to the update
for Microsoft Exchange Server 2003 Service Pack 2 (KB959897).
This is a detection change only. There were no changes to the
security update files in this bulletin. Customers who have
already installed the KB959897 update successfully do not
need to reinstall.
- Originally posted: February 10, 2009
- Updated: May 26, 2009
- Bulletin Severity Rating: Critical
- Version: 3.0

Issued: May 26, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS07-026

Bulletin Information:

* MS07-026

- http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx
- Reason for Revision: V1.1 (May 26, 2009): Added an entry in the
section, Frequently Asked Questions (FAQ) Related to This
Security Update, to announce a detection change. The
detection no longer offers the MS06-019 and MS06-029 updates,
but instead will only offer MS07-026. There were no changes
to the binaries. Customers who have already successfully
installed the MS07-026 update do not need to reinstall.
- Originally posted: May 8, 2007
- Updated: May 26, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

Websense Security Labs™ ThreatSeeker™ Network has monitored Koobface since it started spreading back in 2008.

Since its inception, Koobface has been spreading via Facebook, Friendster, MySpace, hi5, Bebo, and other social networking sites.

This past week, Koobface attempted another running campaign on Facebook.

If infected, Facebook users start to spam their friends with a link to a malicious Web site. When users visit the link, they are redirected various malicious and phishing pages. We detected these on numerous .be domains and TinyURL links. One such malicious page is a fake YouTube page that appears to be a funny video. The page tells visitors to to upgrade their Flash player in order to play the video, and the Flash setup program is actually Koobface malware.

Alert Details

Issued: May 18, 2009

Security Advisories Updated or Released Today

* Microsoft Security Advisory (971492)
- Title: Vulnerability in Internet Information
Services Could Allow Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/971492.mspx
- Revision Note: Security Advisory published.

Issued: May 13, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-017 - Critical

Bulletin Information:

* MS09-017 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-017.mspx
- Reason for Revision: V1.1 (May 13, 2009): Corrected the entry in
the Affected Software table for "Bulletins Replaced by this
Update" and the SMS detection and deployment information for
the PowerPoint Viewer 2003 (KB969615) update. Also removed an
erroneous footnote from the Affected Software table
pertaining to security updates KB969618 and KB957789 for
supported versions of Microsoft Office PowerPoint 2007. This
is an informational change only. There were no changes to
detection or to the files included in this update.
- Originally posted: May 12, 2009
- Updated: May 13, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

Apple has released Security Update 2009-002 and Mac OS X v10.5.7 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, leverage additional attacks, or obtain elevated privileges.

Additionally, Apple has released Safari 3.2.3 to address vulnerabilities in libxml, Safari, and Webkit. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple articles HT3549 and HT3550 and apply any necessary updates to help mitigate the risks.

http://www.us-cert.gov/current/index.html#apple_releases_security_update_2009

Release date: May 12, 2009

Vulnerability identifier: APSB09-06

CVE number: CVE-2009-1492, CVE-2009-1493

Platform: All Platforms

Summary

A critical vulnerability has been identified in Adobe Reader 9.1 and Acrobat 9.1 and earlier versions. This vulnerability (CVE-2009-1492) would cause the application to crash and could potentially allow an attacker to take control of the affected system.  A second vulnerability has also been reported that appears to affect Adobe Reader for UNIX only (CVE-2009-1493).

Adobe recommends users of Adobe Reader 9.1 and Acrobat 9.1 and earlier versions update to Adobe Reader 9.1.1 and Acrobat 9.1.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.5, and users of Acrobat 7 update to Acrobat 7.1.2. For Adobe Reader users who can’t update to Adobe Reader 9.1.1, Adobe has provided the Adobe Reader 8.1.5 and Adobe Reader 7.1.2 updates.

Affected software versions

Adobe Reader 9.1 and earlier versions.
Adobe Acrobat Standard, Pro, and Pro Extended 9.1 and earlier versions.

Solution

Adobe Reader

Adobe Reader users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.

Adobe Reader users on Macintosh can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.

Adobe Reader users on UNIX can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix.

Acrobat

Acrobat Standard, Pro and Pro Extended users on Windows can find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Window.

Acrobat 3D users on Windows can find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows.

Acrobat Pro users on Macintosh can find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.

Severity rating

Adobe categorizes this as a critical update and recommends that users apply the update for their product installations.

Details

A critical vulnerability has been identified in Adobe Reader 9.1 and Acrobat 9.1 and earlier versions. This vulnerability (CVE-2009-1492) would cause the application to crash and could potentially allow an attacker to take control of the affected system.  A second vulnerability has also been reported that appears to affect Adobe Reader for UNIX only (CVE-2009-1493).  These issues are remotely exploitable.

Adobe recommends users of Acrobat and Adobe Reader update their product installations to versions 9.1.1, 8.1.5, or 7.1.2 using the instructions above to protect themselves from potential vulnerabilities.  Adobe expects to make available Adobe Reader 7 and Acrobat 7 updates for Macintosh before the end of June.  This document will be updated to specify the expected date of these updates once available.

Security Bulletin Link

Issued: May 12, 2009

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-008 - Important

Bulletin Information:

* MS09-008 - Important

- http://www.microsoft.com/technet/security/bulletin/ms09-008.mspx
- Reason for Revision: V2.0 (May 12, 2009): Added an entry in the
section, Frequently Asked Questions (FAQ) Related to This
Security Update, explaining a detection change. As a result
of this change, the MS08-066 update may be offered to
affected systems running supported editions of Windows Server
2003 in a non-DNS server role. Microsoft recommends that
customers offered the MS08-066 update apply the update at the
earliest opportunity.
- Originally posted: March 10, 2009
- Updated: May 12, 2009
- Bulletin Severity Rating: Important
- Version: 2.0

Issued: May 12, 2009

Security Advisories Updated or Released Today

* Microsoft Security Advisory (969136)
- Title: Vulnerability in Microsoft Office PowerPoint
Could Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/969136.mspx
- Revision Note: V2.0 (May 12, 2009): Advisory updated to
reflect publication of security bulletin.

Event Overview

On May, 13, 2009, Microsoft releases its monthly security bulletins. Join us for a brief overview of the technical details of the May bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

Presenters: Adrian Stone, Senior Security Program Manager Lead, Microsoft Corporation and Jerry Bryant, Senior Security Program Manager, Microsoft Corporation

TechNet Webcast

Published: January 11, 2005 | Updated: May 12, 2009

New Additions

We have added detection and cleaning capabilities for the following malicious software:

See the complete list of malicious software cleaned by this tool.

Note: There may be latency issues due to replication, if the page does not display keep refreshing
May 12

Today Microsoft released the following Security Bulletin(s). 

Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

May Bulletin Summary

Critical (1)

MS09-017 -  Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)

This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.

As swine flu spreads throughout the world, Websense Security Labs™ ThreatSeeker™ Network has noticed that thousands of Web sites relating to swine flu have been registered. The results of our monitoring indicate that most of the sites are used for advertisement or email/web spam to sell their products, but of course, the topic also offers plenty of opportunity for malware.

Alert Details

Core system software maker Phoenix Technologies announced on Wednesday an add-on program for Windows XP and Vista that links users' phones with their computers — walk away and the system will lock automatically.

The software, dubbed Phoenix Freeze, uses a mobile device's Bluetooth feature to pair a phone with a laptop or desktop system. When a user moves a certain distance from the computer, the program will lock the desktop; when the user returns, the program will automatically unlock the system.

http://www.securityfocus.com/brief/958

Microsoft has issued a Security Bulletin Advance Notification for May. Microsoft will issue One security bulletin rated as 'Critical'. This bulletin will address vulnerabilities in Microsoft Office (PowerPoint).

Microsoft is also planning to release at least one high priority, non-security update and additional detections to the Microsoft Windows Malicious Software Removal Tool.

http://www.microsoft.com/technet/security/bulletin/ms09-may.mspx

Adobe has promised to patch the newest zero-day vulnerability in its popular Adobe Reader software no later than next Tuesday, potentially adding another update to the month's busiest patch day for the second time in three months.

Continues at computerworld.com

Adobe has released Security Bulletin APSB09-05 to address a potential vulnerability in versions of Flash Media Server up to and including version 3.5.1. This vulnerability may allow an attacker to "execute remote procedures within a server side ActionScript file running on a Flash Media Server." According to Adobe, this issue affects versions of Flash Media Interactive Server and Flash Media Streaming Server.

US-CERT encourages users to review Adobe Security Bulletin APSB09-05 and upgrade to the most current version of Flash Media Server.

http://www.us-cert.gov/current/index.html#adobe_releases_security_bulletin_for3