DP's Security Bits

Over 13% of all searches on Google looking for popular and trending topics will lead to malicious links and searching for the latest news on the earthquake in Chile and the tsunami hitting Hawaii are no exception. Both are now used to lure people into downloading fake antivirus products.

Usually the links in the search results look like ordinary links pointing to regular web pages. This time the bad guys have changed tactics to make their search results look even more convincing, by tricking Google into thinking it's a PDF file.

Alert Details

Adobe has released a security bulletin to address a vulnerability in the Adobe Download Manager. This vulnerability could allow an attacker to download and install unauthorized software.

US-CERT encourages users and administrators to review security bulletin APSB10-08 and review the steps to mitigate the issue.

Source: US-CERT

Websense Security Labs™ ThreatSeeker™ Network has detected that search terms related to the Bloom Energy and its Bloombox Fuel Cell have become the latest target for Blackhat SEO poisoning attacks.

Bloom Box is a breakthrough technology in the energy sector that could revolutionize the way electricity is generated today. As people become interested in finding more information on this technology, related search terms are currently gaining momentum, and as they do so Blackhat SEO attacks are starting to climb up the search result listings.

At the moment, according to the VirusTotal report only 10% of antivirus products are detecting the threat.

Alert Details

Issued: February 17, 2010

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-060 - Critical
* MS08-036 - Important

Bulletin Information:

* MS09-060 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx
- Reason for Revision: V1.5 (February 17, 2010): Corrected the MBSA
detection entries for Microsoft Office Outlook 2007 and
Microsoft Office Visio Viewer 2007. This is an information
change only. There were no changes to the security update
files or detection logic.
- Originally posted: October 13, 2009
- Updated: February 17, 2010
- Bulletin Severity Rating: Critical
- Version: 1.5

* MS08-036 - Important

- http://www.microsoft.com/technet/security/bulletin/ms08-036.mspx
- Reason for Revision: V1.1 (February 17, 2010): Added a link to
Microsoft Knowledge Base Article 950762 under Known Issues in
the Executive Summary.
- Originally posted: June 10, 2008
- Updated: February 17, 2010
- Bulletin Severity Rating: Important
- Version: 1.1

Issued: February 9, 2010

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS10-002 - Critical
* MS09-060 - Critical

Bulletin Information:

* MS10-002 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
- Reason for Revision: V1.2 (February 9, 2010): Added entry to the
Update FAQ to clarify how the URL Validation Vulnerability
(CVE-2010-0027) is addressed by both this update (MS10-002)
and the MS10-007 update. Also, corrected the severity rating
for Internet Explorer 6 Service Pack 1 when installed on
Microsoft Windows 2000 Service Pack 4 for CVE-2010-0027.
- Originally posted: January 21, 2010
- Updated: February 9, 2010
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS09-060 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx
- Reason for Revision: V1.4 (February 9, 2010): Revised this
bulletin to announce a detection logic change to fix the
issue where the July 8, 2008 update for Outlook 2003
(KB953432) was incorrectly being offered in addition to the
update package for Microsoft Office Outlook 2003 (KB973705).
This is a deployment change only that does not affect the
files contained in the initial update. Customers who have
successfully updated their systems do not need to reinstall
this update.
- Originally posted: October 13, 2009
- Updated: February 9, 2010
- Bulletin Severity Rating: Critical
- Version: 1.4

Issued: February 9, 2010

Security Advisories Updated or Released Today

* Microsoft Security Advisory (979682)
- Title: Vulnerability in Windows Kernel Could Allow
Elevation of Privilege
- http://www.microsoft.com/technet/security/advisory/979682.mspx
- Revision Note: V2.0 (February 9, 2010): Advisory updated to
reflect publication of security bulletin.
* Microsoft Security Advisory (977377)
- Title: Vulnerability in TLS/SSL Could Allow Spoofing
- http://www.microsoft.com/technet/security/advisory/977377.mspx
- Revision Note: V1.0 (February 9, 2010): Advisory published.

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···feb.mspx

Critical (5)

Microsoft Security Bulletin MS10-006
Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
»www.microsoft.com/technet/securi···006.mspx

Microsoft Security Bulletin MS10-007
Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
»www.microsoft.com/technet/securi···007.mspx

Microsoft Security Bulletin MS10-008
Cumulative Security Update of ActiveX Kill Bits (978262)
»www.microsoft.com/technet/securi···008.mspx

Microsoft Security Bulletin MS10-009
Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
»www.microsoft.com/technet/securi···009.mspx

Microsoft Security Bulletin MS10-013
Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
»www.microsoft.com/technet/securi···013.mspx

Important (7)

Microsoft Security Bulletin MS10-003
Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution
»www.microsoft.com/technet/securi···003.mspx

Microsoft Security Bulletin MS10-004
Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
»www.microsoft.com/technet/securi···004.mspx

Microsoft Security Bulletin MS10-010
Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
»www.microsoft.com/technet/securi···010.mspx

Microsoft Security Bulletin MS10-011
Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
»www.microsoft.com/technet/securi···011.mspx

Microsoft Security Bulletin MS10-012
Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
»www.microsoft.com/technet/securi···012.mspx

Microsoft Security Bulletin MS10-014
Vulnerability in Kerberos Could Allow Denial of Service (977290)
»www.microsoft.com/technet/securi···014.mspx

Microsoft Security Bulletin MS10-015
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
»www.microsoft.com/technet/securi···015.mspx

Moderate (1)

Microsoft Security Bulletin MS10-005
Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
»www.microsoft.com/technet/securi···005.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

Microsoft Security Bulletin Advance Notification issued: February 4, 2010
Microsoft Security Bulletins to be issued: February 9, 2010

This is an advance notification of security bulletins that Microsoft is intending to release on February 9, 2010.

5 rated Critical
7 rated Important
1 rated Moderate

http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx

Issued: February 3, 2010

Security Advisory Released Today

* Microsoft Security Advisory (980088)
- Title: Vulnerability in Internet Explorer Could
Allow Information Disclosure
- http://www.microsoft.com/technet/security/advisory/980088.mspx
- Revision Note: V1.0 (February 3, 2010): Advisory published.

Websense Security Labs™ ThreatSeeker™ Network has discovered a new malicious spam campaign that spoofs Google job application responses. The messages look very well written and are so believable that they are probably scrapes from actual Google job application responses. Typically, spam has grammatical errors or spelling mistakes that make the messages obviously unofficial and act as red flags. The text of these messages, however, has no such mistakes, making them much more believable--especially if the target really has applied for a job with Google.

Alert Details