Archive for November, 2010

Some Windows applications may load external dynamic link libraries (DLLs).
When an application loads a DLL without specifying a fully qualified
path name, Windows will attempt to locate the DLL by searching a
defined set of directories. If an application does not securely load
DLL files, an attacker may be able to cause the affected application
to load an arbitrary library.

By convincing a user to open a file from a location that is under an
attacker’s control, such as a USB drive or network share, a remote
attacker may be able to exploit this vulnerability. Exploitation of
this vulnerability may result in the execution of arbitrary code.
Additional information regarding this vulnerability can be found in
US-CERT Vulnerability Note VU#707943. US-CERT encourages users and
administrators to review the vulnerability note and consider
implementing the following workarounds until fixes are released by
affected vendors:
* disable loading libraries from WebDAV and remote network shares
* disable the WebClient service
* block outgoing SMB traffic

Update 10/19/2010: The Mozilla Foundation has released Firefox 3.6.11
to address this issue. Users and administrators are encouraged to
review Mozilla Foundation Security Advisory MFSA 2010-71 and update to
Firefox 3.6.11 to help mitigate the risks. This issue is also
addressed in Firefox 3.5.14, Thunderbird 3.1.5 and 3.0.9, and
SeaMonkey 2.0.9.

Update 9/16/2010: Apple has released QuickTime 7.6.8 to address the
DLL issue in earlier versions of Quicktime for Windows. Users and
administrators are encouraged to review Apple article HT4339 and
update to QuickTime 7.6.8 to help mitigate the risks.

Update 09/10/10: Research In Motion has released security advisory
KB24242 to address the DLL issue in its BlackBerry Desktop Software
for Windows version 6.0.  This issue impacts all versions of the
BlackBerry Desktop Software and may allow an attacker to convince the
user to execute arbitrary code. Users and administrators are
encouraged to review BlackBerry security advisory KB24242 and update
to version to help mitigate the risks.
Update 09/01/10: Microsoft has released Fix it tool 50522 to assist
users in setting the registry key value introduced with Microsoft
support article 2264107 to help reduce the risks posed by the DLL
loading behavior described in VU#707943. Users and administrators are
encouraged to review Microsoft support article 2264107 and the
Microsoft Security Research & Defense TechNet blog entry, and to
consider using the Fix it tool to help reduce the risks. Users should
be aware that setting the registry key value as described in the
support article or via the Fix it tool may reduce the functionality of
some third-party applications.

Many of the warning phrases you probably heard from your parents and
teachers are also applicable to using computers and the internet.

Why are these warnings important?

Like the real world, technology and the internet present dangers as well as
benefits. Equipment fails, attackers may target you, and mistakes and poor
judgment happen. Just as you take precautions to protect yourself in the
real world, you need to take precautions to protect yourself online. For
many users, computers and the internet are unfamiliar and intimidating, so
it is appropriate to approach them the same way we urge children to approach
the real world.

What are some warnings to remember?

* Don’t trust candy from strangers – Finding something on the internet
does not guarantee that it is true. Anyone can publish information
online, so before accepting a statement as fact or taking action, verify
that the source is reliable. It is also easy for attackers to “spoof”
email addresses, so verify that an email is legitimate before opening an
unexpected email attachment or responding to a request for personal
information (see Using Caution with Email Attachments and Avoiding
Social Engineering and Phishing Attacks for more information).
* If it sounds too good to be true, it probably is – You have probably
seen many emails promising fantastic rewards or monetary gifts. However,
regardless of what the email claims, there are not any wealthy strangers
desperate to send you money. Beware of grand promises—they are most
likely spam, hoaxes, or phishing schemes (see Reducing Spam, Identifying
Hoaxes and Urban Legends, and Avoiding Social Engineering and Phishing
Attacks  for more information). Also be wary of pop-up windows and
advertisements for free downloadable software—they may be disguising
spyware (see Recognizing and Avoiding Spyware for more information).
* Don’t advertise that you are away from home – Some email accounts,
especially  within  an  organization,  offer  a feature (called an
autoresponder) that allows you to create an “away” message if you are
going to be away from your email for an extended period of time. The
message  is  automatically sent to anyone who emails you while the
autoresponder is enabled. While this is a helpful feature for letting
your contacts know that you will not be able to respond right away, be
careful how you phrase your message. You do not want to let potential
attackers know that you are not home, or, worse, give specific details
about your location and itinerary. Safer options include phrases such as
“I  will  not  have access to email between [date] and [date].” If
possible, also restrict the recipients of the message to people within
your organization or in your address book. If your away message replies
to spam, it only confirms that your email account is active. This may
increase the amount of spam you receive (see Reducing Spam for more
* Lock up your valuables – If an attacker is able to access your personal
data, he or she may be able to compromise or steal the information. Take
steps to protect this information by following good security practices
(see  the  Cyber  Security  Tips index page for a list of relevant
documents). Some of the most basic precautions include locking your
computer when you step away; using firewalls, anti-virus software, and
strong passwords; installing appropriate software updates; and taking
precautions when browsing or using email.
* Have a backup plan – Since your information could be lost or compromised
(due to an equipment malfunction, an error, or an attack), make regular
backups of your information so that you still have clean, complete
copies (see Good Security Habits for more information). Backups also
help you identify what has been changed or lost. If your computer has
been infected, it is important to remove the infection before resuming
your work (see Recovering from Viruses, Worms, and Trojan Horses for
more information). Keep in mind that if you did not realize that your
computer was infected, your backups may also be compromised.

Authors: Mindi McDowell, Matt Lytle