Now this is not the first time Windows UAC has hit the news for being flawed, back in February 2009 it was discovered that Windows 7 UAC Vulnerable – User Mode Program Can Disable User Access Control and after that in November 2009 it was demonstrated that Windows 7 UAC (User Access Control) Ineffective Against Malware. A zero-day for Windows 7 back in July of this year also bypassed Windows UAC. ...
Over the last few days, some news organizations have been saying that Stuxnet source code is available on the black market, and that clearly therefor there is an impending Internet Armageddon. This is patently silly, on a number of levels, but silly none-the-less. First thing is that I flat-out don’t believe Stuxnet source is available for sale on the black market or anywhere. Remember how often I say that if something sounds too good to be true, it’s not true? Well, the opposite applies too. If something sounds too bad to be true, it’s not true either. We really don’t know who built Stuxnet, or who the intended target was, be we may rest assured that whoever put that much work into it, isn’t selling it, at any price. It’s actually more probable that some no-honor-among-thieves bad guy is scamming fellow bad guys. “Sure, this is Stuxnet source code. Prove otherwise.” ...
Thomas Wegele, Virus Researcher from Avira wrote: In this month’s ITW malware set from the Wildlist organization two new variants of W32/Ramnit appeared. W32/Ramnit is a Worm spreading via infected executable files and infected HTML Files. It is a quite widespread malware – which is why we decided to dig deeper into it. Upon execution the malware creates a new file in the directory where it was started. This file is named “mgr.exe”. It then gets executed and creates a copy of itself in “C:%ProgramDir%\Microsoft\WaterMark.exe” which also gets executed after creation and in turn infects the EXE, DLL and HTML files found on the system and tries to connect to a server. ...
Apple has issued the latest update to its Mac OS X operating system, bringing Snow Leopard users up to Mac OS X 10.6.5. Enhancements include improved Microsoft Exchange reliability, and a variety of performance and stability improvements. But what’s probably most interesting to you is that the update also includes important security fixes. Well over 100 different vulnerabilities are reportedly patched by Mac OS X 10.6.5 – if you want to see the gory details (or at least, those details which Apple is prepared to make public) view their knowledgebase article. ...
Microsoft has released a security advisory concerning a vulnerability affecting Internet Explorer versions 6, 7 and 8. This vulnerability may allow an attacker to execute arbitrary code. Full details here. Visit Microsoft’s page here to get full instructions. You can find the workarounds under the “Suggested Actions” twisty. The workarounds include overriding the Web site CSS with a user-defined style sheet, deploying the Enhanced Mitigation Experience Toolkit, enabling Data Execution Prevention (DEP) for Internet Explorer 7 and setting Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones. ...
Avira TechBlog: Adobe warns of a new vulnerability in Flash Player and in Reader. The problem is within authplay.dll and the corresponding .lib in the Unix versions. It allows attackers to inject malicious code like Trojans with specially prepared documents or Flash objects. The company works on a patch which it plans to release on the 9th of November. Until then, deleting the authplay library helps to prevent a successful attack. Flash or Reader will crash then when a file requests the services from authplay, but this is clearly better than having an infected system. ...
Adobe have published details of a critical vulnerability the following applications. Adobe Flash Player 10.1.85.3 and earlier versions Adobe Reader 9.4 and earlier 9.x versions Adobe Acrobat 9.4 and earlier 9.x versions The vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Flash Player. ...
There has been an “unprecedented wave” of exploits against vulnerabilities in Oracle’s Java during the third quarter of this year, according to data from the Microsoft Malware Protection Center. The software giant provided the following data to back its claims, outlining three specific vulnerabilities (all of which have patches available) that are being exploited en masse: CVE Attacks Computers Description 2008-5353 3,560,669 1,196,480 A deserialization issue in vulnerable versions of JRE (Java Runtime Environment) allows remote code execution through Java-enabled browsers on multiple platforms, such as Microsoft Windows, Linux, and Apple Mac OS X. 2009-3867 2,638,311 1,119,191 Another remote code execution, multi-platform issue caused by improper parsing of long file:// URL arguments. 2010-0094 213,502 173,123 Another deserialization issue, very similar to CVE-2008-5353. As you can see, the first two are particularly worrying: they’ve gone from hundreds of thousands per quarter to millions. The third one is the newest, so it’s possible that it will also do the same. ...
RealNetworks, Inc. have published product upgrades addressing vulnerabilities in RealPlayer SP 1.1.4 and earlier. The vulnerabilities may allow an attacker to execute arbitrary code. Windows users of RealPlayer SP 1.1.4 and earlier are advised to upgrade to the latest version here For more information, visit RealNetworks’ security advisory here
Adobe just released Reader and Acrobat version 9.4. The new release fixes some critical vulnerabilities which allow attackers to infect PCs – for example, just by browsing the net. Overall the update lists 23(!) entries in the CVE database as being solved with version 9.4. The new version is available for Windows, Mac OS X and Unix systems. For those who still use the version 8, Reader and Acrobat 8.2.5 for Windows and Mac fix the security vulnerabilities. Windows and Mac users can download the updated version at Adobes download center, while Unix users need to download the new release from Adobe’s ftp server. ...