Archive for the ‘Computer repair, laptop repair’ Category

Apple has released Safari 4.0.5 to address multiple vulnerabilities in
ColorSync, ImageIO, PubSub, Safari, and WebKit. These vulnerabilities
may allow a remote attacker to execute arbitrary code, cause a
denial-of-service condition, obtain sensitive information, or bypass
security restrictions.

US-CERT encourages users and administrators to review Apple article
HT4070 and upgrade to Safari 4.0.5 to help mitigate the risks.

Relevant Url(s):
<http://support.apple.com/kb/HT4070>

Wireless networks are becoming increasingly popular, but they introduce
additional security risks. If you have a wireless network, make sure to take
appropriate precautions to protect your information.

How do wireless networks work?

As the name suggests, wireless networks, sometimes called WiFi, allow you to
connect to the internet without relying on wires. If your home, office,
airport, or even local coffee shop has a wireless connection, you can access
the network from anywhere that is within that wireless area.

Wireless networks rely on radio waves rather than wires to connect computers
to the internet. A transmitter, known as a wireless access point or gateway,
is  wired  into an internet connection. This provides a “hotspot” that
transmits the connectivity over radio waves. Hotspots have identifying
information, including an item called an SSID (service set identifier), that
allow computers to locate them. Computers that have a wireless card and have
permission  to access the wireless frequency can take advantage of the
network connection. Some computers may automatically identify open wireless
networks in a given area, while others may require that you locate and
manually enter information such as the SSID.

What security threats are associated with wireless networks?

Because wireless networks do not require a wire between a computer and the
internet connection, it is possible for attackers who are within range to
hijack  or  intercept  an  unprotected connection. A practice known as
wardriving involves individuals equipped with a computer, a wireless card,
and a GPS device driving through areas in search of wireless networks and
identifying the specific coordinates of a network location. This information
is then usually posted online. Some individuals who participate in or take
advantage of wardriving have malicious intent and could use this information
to hijack your home wireless network or intercept the connection between
your computer and a particular hotspot.

What can you do to minimize the risks to your wireless network?

* Change default passwords – Most network devices, including wireless
access points, are pre-configured with default administrator passwords
to simplify setup. These default passwords are easily found online, so
they don’t provide any protection. Changing default passwords makes it
harder for attackers to take control of the device (see Choosing and
Protecting Passwords for more information).
* Restrict access – Only allow authorized users to access your network.
Each piece of hardware connected to a network has a MAC (media access
control) address. You can restrict or allow access to your network by
filtering MAC addresses. Consult your user documentation to get specific
information  about enabling these features. There are also several
technologies available that require wireless users to authenticate
before accessing the network.
* Encrypt the data on your network – WEP (Wired Equivalent Privacy) and
WPA  (Wi-Fi Protected Access) both encrypt information on wireless
devices. However, WEP has a number of security issues that make it less
effective  than WPA, so you should specifically look for gear that
supports encryption via WPA. Encrypting the data would prevent anyone
who might be able to access your network from viewing your data (see
Understanding Encryption for more information).
* Protect your SSID – To avoid outsiders easily accessing your network,
avoid publicizing your SSID. Consult your user documentation to see if
you can change the default SSID to make it more difficult to guess.
* Install a firewall – While it is a good security practice to install a
firewall on your network, you should also install a firewall directly on
your  wireless  devices (a host-based firewall). Attackers who can
directly tap into your wireless network may be able to circumvent your
network firewall—a host-based firewall will add a layer of protection to
the  data  on  your computer (see Understanding Firewalls for more
information).
* Maintain anti-virus software – You can reduce the damage attackers may
be able to inflict on your network and wireless computer by installing
anti-virus software and keeping your virus definitions up to date (see
Understanding Anti-Virus Software for more information). Many of these
programs also have additional features that may protect against or
detect spyware and Trojan horses (see Recognizing and Avoiding Spyware
and Why is Cyber Security a Problem? for more information).
_________________________________________________________________

Authors: Mindi McDowell, Allen Householder, Matt Lytle

Microsoft Updates for Multiple Vulnerabilities

Source: US-CERT

Systems Affected

* Microsoft Windows
* Microsoft Office

Overview

Microsoft has released updates to address vulnerabilities in
Microsoft Windows and Microsoft Office.

I. Description

Microsoft has released security bulletins for multiple
vulnerabilities in Microsoft Movie Maker, Microsoft Office Producer
2003, and Microsoft Office Excel. These bulletins are described in
the Microsoft Security Bulletin Summary for March 2010. Microsoft
notes that affected versions of Microsoft Movie Maker were either
included with Microsoft Windows or available as an optional
download.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code or
cause a vulnerable application to crash.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for March 2010. The security
bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any
potentially adverse effects. Administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS).

Microsoft notes that there is no security update available for
Microsoft Producer 2003 at this time of this writing. Users can
mitigate the impact to systems with Microsoft Producer 2003 by
applying the automated solution to remove the Microsoft Producer
file associations using the Fix it found in Microsoft Knowledge
Base Article 975561, and by applying the workarounds in Microsoft
Security Bulletin MS10-016.

IV. References

* Microsoft Security Bulletin Summary for March 2010 -
<http://www.microsoft.com/technet/security/bulletin/MS10-mar.mspx>

* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>

* Microsoft Knowledge Base Article 975561 -
<http://support.microsoft.com/kb/975561>

* Microsoft Security Bulletin MS10-016 -
<http://www.microsoft.com/technet/security/bulletin/ms10-016.mspx>

Microsoft has released an update to address vulnerabilities in
Microsoft Windows and Office as part of the Microsoft Security
Bulletin Summary for March 2010. These vulnerabilities may allow an
attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the bulletins
and follow best-practice security policies to determine which updates
should be applied.

Relevant Url(s):
<http://www.microsoft.com/technet/security/Bulletin/MS10-mar.mspx>

Microsoft has re-released the security update described in Microsoft
Security Bulletin MS10-015.  This release contains an updated
installation package that does not allow the security update to be
installed on computers infected with malicious code. Microsoft has
also released a Fix-It Tool to determine if systems are compatible
with the update.

US-CERT encourages users and administrators to review Microsoft
Knowledge Base Article 977165, Microsoft Knowledge Base Article
980966, and the MSRC Blog Post. Users who have already successfully
installed the update for MS10-015 do not need to take any action.

Relevant Url(s):
<http://blogs.technet.com/msrc/archive/2010/03/02/update-ms10-015-security-update-re-released-with-new-detection-logic.aspx>

<http://support.microsoft.com/kb/980966>

<http://www.microsoft.com/technet/security/bulletin/MS10-015.mspx>

<http://support.microsoft.com/kb/977165>

Microsoft has released a security advisory to address a vulnerability
in VBScript. The advisory indicates that this vulnerability exists in
the way that VBScript interacts with Windows Help files when using
Internet Explorer. By convincing a user to view a specially crafted
HTML document (web page, HTML email, or email attachment) with
Internet Explorer and to press the F1 key, an attacker could run
arbitrary code with the privileges of the user running the
application.

US-CERT encourages users and administrators to do the following to
help mitigate the risks:
* Review Microsoft Security Advisory 981169.
* Review the Microsoft Security Research & Defense blog entry
regarding this issue.
* Review US-CERT Vulnerability Note VU#612021.
* Refrain from pressing the F1 key when prompted by a website.
* Restrict access to the Windows Help System.

US-CERT will provide additional information as it becomes available.

Relevant Url(s):
<http://blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx>

<http://www.microsoft.com/technet/security/advisory/981169.mspx>

<http://www.kb.cert.org/vuls/id/612021>

Source: US-CERT

Systems Affected

* Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
* Microsoft Internet Explorer 6, 7, and 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows 2008, Windows 7, and Windows Server 2008 R2

Overview

Malicious activity detected in mid-December targeted at least 20
organizations representing multiple industries including chemical,
finance, information technology, and media.  Investigation into
this activity revealed that third parties routinely accessed the
personal email accounts of dozens of users based in the United
States, China, and Europe. Further analysis revealed these users
were victims of previous phishing scams through which threat actors
successfully gained access to their email accounts.

I. Description

Through analysis of the malware used in this incident, McAfee
discovered one of the malware samples exploited a vulnerability in
Microsoft Internet Explorer (IE). The vulnerability exists as an
invalid pointer reference within IE and, if successfully exploited,
allows for remote code execution.

Microsoft has released Security Bulletin MS10-002, which provides
updates for Internet Explorer that address this and other
vulnerabilities.

US-CERT is providing technical indicators that can be incorporated
into an organizations security posture to detect and mitigate any
malicious activity.

Please see <https://www.us-cert.gov/cas/techalerts/TA10-055A.html>
for further detail.

The following signatures can be deployed to assist in detecting
malicious activity associated with this incident:

Primary Malware Beacon

alert tcp any any -> any any (msg:”Targeted Malware Communication
Beacon Detected”; flow:to_server,established; dsize:20;
content:”|ff ff ff ff ff ff 00 00 fe ff ff ff ff ff ff ff ff ff 88
ff|”; depth:20; sid:7777777; rev:1;)

Secondary Malware Beacon

alert tcp any any <> any any (msg:”ORC:DIS:BEACON_380DFF”;
content:”|38 0d ff 0a d7 ee 9d d7 ec 59 13 56|”; sid:99980060;
rev:1;)

Note: US-CERT has not verified or tested these signatures and
recommends proper testing prior to deployment.

II. Impact

By convincing a user to view a specially crafted HTML document or
Microsoft Office document, an attacker may be able to execute
arbitrary code with the privileges of the user.

III. Solution

The Internet Explorer vulnerability used in these attacks is
addressed with the updates provided in Microsoft Security Bulletin
MS10-002.

Other recommendations include:

* As a best practice, limit end-user permissions on systems by
granting minimal administrative rights.
* Enable Data Execution Prevention (DEP) for IE 6 Service Pack 2 or
IE 7. IE 8 automatically enables DEP.
* Inspect network traffic history for communication with external
systems associated with the attack.
* Examine computers for specific files or file attributes related
to the attack.

IV. References

* How Can I Tell if I Was Infected By Aurora? -
<http://www.mcafee.com/us/local_content/reports/how_can_u_tell.pdf>

* How do I know if my organization has been infected? -
<http://www.mcafee.com/us/threat_center/aurora_enterprise.html>

* McAfee Labs Tools Aurora Stinger 10.0.1.765 -
<http://download.nai.com/products/mcafee-avert/aurora_stinger.exe>

* Operation Aurora Hit Google, Others -
<http://siblog.mcafee.com/cto/operation-%25E2%2580%259Caurora%25E2%2580%259D-hit-google-others/>

* Vulnerability in Internet Explorer Could Allow Remote Code
Execution -
<http://www.microsoft.com/technet/security/advisory/979352.mspx>

* Microsoft Security Bulletin MS10-002 -
<http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx>

Adobe has released a security bulletin to address a vulnerability in
the Adobe Download Manager. This vulnerability could allow an attacker
to download and install unauthorized software.

US-CERT encourages users and administrators to review security
bulletin APSB10-08 and review the steps to mitigate the issue.

Relevant Url(s):
<http://www.adobe.com/support/security/bulletins/apsb10-08.html>

The Mozilla Foundation has released multiple security advisories to
address vulnerabilities in Mozilla Firefox, Thunderbird, and
SeaMonkey. Exploitation of these vulnerabilities may allow a remote,
unauthenticated attacker to execute arbitrary code or bypass security
restrictions.

US-CERT encourages users and administrators to review the Mozilla
Foundation security advisories. Firefox users may upgrade to version
3.0.18, 3.5.8, or 3.6 to help mitigate the risks. Thunderbird users
should upgrade to version 3.0.2, and SeaMonkey users should upgrade to
version 2.0.3 once those updates are released by the vendor.

Relevant Url(s):
<http://www.mozilla.org/security/announce/>

Cisco has released three security advisories to address
vulnerabilities.

Security advisory, cisco-sa-20100217-fwsm, addresses a vulnerability
in the Cisco Firewall Services Module (FWSM) for the Cisco Catalyst
6500 Series Switches and Cisco 7600 Series Routers. Successful and
repeated exploitation of this vulnerability could result in a
denial-of-service condition.

Security advisory, cisco-sa-20100217-asa, addresses multiple
vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances.
These vulnerabilities may allow an attacker to gain unauthorized
access to an affected system or cause a denial-of-service condition.

Security advisory, cisco-sa-20100217-csa, addresses multiple
vulnerabilities in the Cisco Security Agent. These vulnerabilities may
allow an attacker to execute arbitrary SQL commands, view and download
arbitrary files, or cause a denial-of-service condition.

US-CERT encourages users and systems administrators to review Cisco
security advisory cisco-sa-20100217-fwsm, cisco-sa-20100217-asa, and
cisco-sa-20100217-csa and apply any necessary updates to mitigate the
risks.

Relevant Url(s):
<http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910c.shtml>

<http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910d.shtml>

<http://www.cisco.com/en/US/products/products_security_advisory09186a0080b1910e.shtml>

Archives

You are currently browsing the archives for the Computer repair, laptop repair category.

Search