DP's Security Bits

Facebook was awarded $711m in a judgement on Thursday against self-described 'spam king' Sanford Wallace.

Judge Jeremy Fogel of the US District Court of the Northern District of California granted Facebook's application for a default judgement against Wallace for violating the Can-Spam Act, which bans "false and misleading" marketing emails. Fogel also found that Wallace "wilfully violated" a temporary restraining order and preliminary injunction issued in the case and referred the matter to the US Attorney's Office for prosecution of criminal contempt.

"The record demonstrates that Wallace wilfully violated the statutes in question with blatant disregard for the rights of Facebook and the thousands of Facebook users whose accounts were compromised by his conduct," Fogel wrote in his judgement order, which also permanently prohibits Wallace from accessing the Facebook website or creating a Facebook account, among other restrictions.

For more, read "Facebook awarded $711 million in spam lawsuit on CNET News.

Issued: November 13, 2009

Security Advisories Updated or Released Today

* Microsoft Security Advisory (977544)
- Title: Vulnerabilities in SMB Could Allow Denial of Service
- http://www.microsoft.com/technet/security/advisory/977544.mspx
- Revision Note: V1.0 (November 13, 2009): Advisory published.

Apple has released Safari 4.0.4 to address multiple vulnerabilities in a number of components. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct cross-site request forgery, or obtain sensitive information. These vulnerabilities affect Safari running on both the Mac OS X and Windows platforms.

US-CERT encourages users and administrators to review Apple article HT3949 and upgrade to Safari 4.0.4 to help mitigate the risks.

http://www.us-cert.gov/current/index.html#apple_releases_safari_4_03

Issued: November 12, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-065 - Critical

Bulletin Information:

* MS09-065 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-065.mspx
- Reason for Revision: V1.1 (November 12, 2009): Added a link to
Microsoft Knowledge Base Article 969947 under Known Issues in
the Executive Summary.
- Originally posted: November 10, 2009
- Updated: November 12, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

Apple has released Mac OS X v10.6.2 and Security Update 2009-006 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct a man-in-the-middle attack, operate with escalated privileges, or obtain sensitive information.

US-CERT encourages users and administrators to review Apple article HT3937 and apply any necessary updates to help mitigate the risks.

http://www.us-cert.gov/current/index.html#apple_releases_mac_os_x2

Issued: November 10, 2009

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-051 - Critical
* MS09-045 - Critical

Bulletin Information:

* MS09-051 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-051.mspx
- Reason for Revision: V2.0 (November 10, 2009): Bulletin revised
to communicate the rerelease of the update for Audio
Compression Manager on Microsoft Windows 2000 Service Pack 4
to fix a detection issue. This is a detection change only;
there were no changes to the binaries. Customers who have
successfully updated their systems do not need to reinstall
this update. Also corrected the registry key verification for
DirectShow WMA Voice Codec on Windows Server 2003.
- Originally posted: October 13, 2009
- Updated: November 10, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS09-045 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-045.mspx
- Reason for Revision: V2.0 (November 10, 2009): Added JScript 5.7
on Microsoft Windows 2000 Service Pack 4 (KB975542) to the
Affected Software table and the Security Update Deployment section.
- Originally posted: September 8, 2009
- Updated: November 10, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

Register Online

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···nov.mspx

Critical (3)

Microsoft Security Bulletin MS09-063
Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
»www.microsoft.com/technet/securi···063.mspx

Microsoft Security Bulletin MS09-064
Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
»www.microsoft.com/technet/securi···064.mspx

Microsoft Security Bulletin MS09-065
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
»www.microsoft.com/technet/securi···065.mspx

Important (3)

Microsoft Security Bulletin MS09-066
Vulnerability in Active Directory Could Allow Denial of Service (973309)
»www.microsoft.com/technet/securi···066.mspx

Microsoft Security Bulletin MS09-067
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
»www.microsoft.com/technet/securi···067.mspx

Microsoft Security Bulletin MS09-068
Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
»www.microsoft.com/technet/securi···068.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

.

v.3.5.5, released November 5th, 2009

Fixes in this version

Microsoft Security Bulletin Advance Notification issued: November 5, 2009

Microsoft Security Bulletins to be issued: November 10, 2009

This is an advance notification of security bulletins that Microsoft is intending to release on November 10, 2009

3 rated Critical and 3 rated Important.

http://www.microsoft.com/technet/security/bulletin/ms09-nov.mspx

Issued: November 4, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-062 - Critical
* MS09-061 - Critical
* MS09-060 - Critical
* MS09-055 - Critical
* MS09-044 - Critical

Bulletin Information:

* MS09-062 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
- Reason for Revision: V2.1 (November 4, 2009): Removed erroneous
references to Microsoft Office Visio Viewer 2007 as affected
software; corrected the setup switches for Microsoft .NET
Framework 1.1 and Microsoft .NET Framework 2.0; clarified the
entry, "If I have an installation of SQL Server, how am I
affected?" in the FAQ section; and corrected the removal
information for Microsoft Windows 2000.
- Originally posted: October 13, 2009
- Updated: November 4, 2009
- Bulletin Severity Rating: Critical
- Version: 2.1

* MS09-061 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-061.mspx
- Reason for Revision: V1.2 (November 4, 2009): Added an entry to
the Frequently Asked Questions (FAQ) Related to This Security
Update section to explain this revision. Customers who have
successfully installed this update do not need to reinstall.
- Originally posted: October 13, 2009
- Updated: November 4, 2009
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS09-060 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-060.mspx
- Reason for Revision: V1.2 (November 4, 2009): Removed erroneous
references to Microsoft Office Visio Viewer 2007 as affected software.
- Originally posted: October 13, 2009
- Updated: November 4, 2009
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS09-055 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-055.mspx
- Reason for Revision: V1.2 (November 4, 2009): Added three entries
in Frequently Asked Questions (FAQ) Related to This Security
Update to explain user options for Visio Viewer 2007 and
MS09-060. Also corrected the dll name for Visio Viewer in the
FAQ for CVE-2009-2493.
- Originally posted: October 13, 2009
- Updated: November 4, 2009
- Bulletin Severity Rating: Critical
- Version: 1.2

* MS09-044 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-044.mspx
- Reason for Revision: V2.1 (November 4, 2009): Added a new known
issues entry to the Frequently Asked Questions (FAQ) Related
to This Security Update section.
- Originally posted: August 11, 2009
- Updated: November 4, 2009
- Bulletin Severity Rating: Critical
- Version: 2.1

Available at: »java.sun.com/javase/downloads/index.jsp

Release notes: »java.sun.com/javase/6/webnotes/R···tes.html

Issued: November 2, 2009

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-054 - Critical

Bulletin Information:

* MS09-054 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-054.mspx
- Reason for Revision: V2.0 (November 2, 2009): Revised to announce
the availability of a hotfix to address application
compatibility issues. Customers who have already applied this
update may install the hotfix from Microsoft Knowledge Base
Article 976749. Also corrected the log file names, spuninst
folder names, and registry key values for Microsoft Windows 2000.
- Originally posted: October 13, 2009
- Updated: November 2, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows computers, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications. The seventh volume of the report is now available:

http://www.microsoft.com/security/portal/Threat/SIR.aspx

On November 3, 2009, Sun will release the following security updates:

• JDK and JRE 6 Update 17
• JDK and JRE 5.0 Update 22
• SDK and JRE 1.4.2_24
• SDK and JRE 1.3.1_27

http://blogs.sun.com/security/entry/advance_notification_of_security_updates6

Issued: October 29, 2009

Summary

The following bulletins have undergone a minor revision increment.
Please see the appropriate bulletin for more details.

* MS09-052 - Critical

Bulletin Information:

* MS09-052 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-052.mspx
- Reason for Revision: V1.1 (October 29, 2009): Removed a
workaround. Also added an entry in the section, Frequently
Asked Questions (FAQ) Related to This Security Update, to
clarify why some customers without Windows Media Player 6.4
on their systems may be offered this update.
- Originally posted: October 13, 2009
- Updated: October 29, 2009
- Bulletin Severity Rating: Critical
- Version: 1.1

Issued: October 28, 2009

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-062 - Critical

Bulletin Information:

* MS09-062 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
- Reason for Revision: V2.0 (October 28, 2009): Added Microsoft
Office Visio Viewer 2007, Microsoft Office Visio Viewer 2007
Service Pack 1, and Microsoft Office Visio Viewer 2007
Service Pack 2 as affected software, and added SQL Server
2008 and SQL Server 2008 Service Pack 1 to the Non-Affected
Software table. Also added notes to the Affected Software
table for SQL Server 2005 customers with a Reporting Services
SharePoint dependency; corrected the MBSA detection entries
for Microsoft Report Viewer; and corrected the log file and
registry key verification information for Microsoft Internet
Explorer 6 Service Pack 1 when installed on Microsoft Windows
2000 Service Pack 4.
- Originally posted: October 13, 2009
- Updated: October 28, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0

The Federal Deposit Insurance Corporation (FDIC) has released information warning the public about fraudulent email messages purporting to come from the FDIC. These email messages provides a link to a fraudulent FDIC website. Users are then instructed to download their "personal FDIC Insurance File."

More information regarding these messages can be found in the Federal Deposit Insurance Corporation's Consumer Alerts website.

Users are encouraged to take the following measures to protect themselves from this type of phishing scam:

Source: US-CERT

Firefox 3.5.4 is available for download.

Fixed in Firefox 3.5.4:

MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-54 Crash with recursive web-worker calls
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing

Issued: October 27, 2009

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS09-043 - Critical

Bulletin Information:

* MS09-043 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx
- Reason for Revision: V2.0 (October 27, 2009): Bulletin revised to
communicate the rerelease of the update for Microsoft Office
2003 Service Pack 3 and Microsoft Office 2003 Web Components
Service Pack 3 to fix a detection issue. This is a detection
change only; there were no changes to the binaries. Customers
who have successfully updated their systems do not need to
reinstall this update.
- Originally posted: August 11, 2009
- Updated: October 27, 2009
- Bulletin Severity Rating: Critical
- Version: 2.0