Over 1 million tech questions and answers.

Unpatched XP 'Help & Support' flaw

Q: Unpatched XP 'Help & Support' flaw

MS have reported an increase in attacks using this exploit and have reminded users about the 'Fix It' which is available to disable the protocol involved; http://www.networkworld.com/news/20...rs-work-around-to-windows.html?source=nww_rss

It is possible that there will be a patch for this on 13th July (for those with SP3!) but I've applied the Fix It today, rather than attempt the manual Registry amendment.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Unpatched XP 'Help & Support' flaw

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 78.4

Exploits of unpatched IE6, IE7 flaw on the rise.

An unpatched flaw in Internet Explorer versions 6 and 7 is increasingly being exploited. The flaw, first reported two weeks ago, was initially used in limited, targeted attacks. It is now evolving into something more widespread and indiscriminate.

-- Tom
 

A:Exploits of unpatched IE6, IE7 flaw on the rise

I use Internet Explorer 8.
 

Read other 2 answers
RELEVANCY SCORE 76

Researchers at computer giant HP have published exploit code that can be used to attack a weakness in Internet Explorer, after Microsoft refused to issue a patch.In a blog post, Dustin Childs, HP senior security content developer, said the move to publish the flaw was not out of "spite or malice," but was in accordance with its own disclosure policy.
 
The bug allows an attacker to bypass Address Space Layout Randomization (ASLR), which acts as one of the many lines of defense in the popular browser. But the flaw only affects 32-bit systems, which the HP researchers said still affects millions of systems, even if many systems nowadays are 64-bit.
 

Article

A:Exploit code released for unpatched Internet Explorer flaw

John...I always err on the side of providing folks with more info rather than less. So good for HP and their policy.

Read other 1 answers
RELEVANCY SCORE 58

Hiya

Help and Support Center provides a centralized facility through which
users can obtain assistance on a variety of topics. For instance, it
provides product documentation, assistance in determining hardware
compatibility, access to Windows Update, online help from Microsoft,
and other assistance.

A security vulnerability is present in the Windows XP version of Help
and Support Center, and results because a file intended only for use
by the system is instead available for use by any web page. The
purpose of the file is to enable anonymous upload of hardware
information, with the user's permission, so that Microsoft can
evaluate which devices users are not currently finding device drivers
for. This information is then used to work with hardware vendors and
device teams to improve the quality and quantity of drivers available
in Windows. By design, after attempting to upload an XML file
containing the hardware information, the system deletes it.

An attacker could exploit the vulnerability by constructing a web
page that, when opened, would call the errant function and supply the
name of an existing file or folder as the argument. The attempt to
upload the file or folder would fail, but the file nevertheless would
be deleted. The page could be hosted on a web site in order to attack
users visiting the site, or could be sent as an HTML mail in order to
attack the recipient when it was opened.
Maximum Severity Rating: Moderate

Affected Software:

Microsoft Window... Read more

Read other answers
RELEVANCY SCORE 56.4

Hiya

Help and Support Center provides a centralized facility through
which users can obtain assistance on a variety of topics. For
instance, it provides product documentation, assistance in
determining hardware compatibility, access to Windows Update,
online help from Microsoft, and other assistance. Users and
programs can execute URL links to Help and Support Center by
using the "hcp://" prefix in a URL link instead of "http://".

A security vulnerability is present in the Windows Me version of
Help and Support Center, and results because the URL Handler for
the "hcp://" prefix contains an unchecked buffer.

An attacker could exploit the vulnerability by constructing a URL
that,when clicked on by the user, would execute code of the
attacker's choice in the Local Computer security context. The URL
could be hosted on a web page, or sent directly to the user in
email. In the web based scenario, where a user then clicked on
the URL hosted on a website, an attacker could have the ability
to read or launch files already present on the local machine. In
the case of an e-mail borne attack, if the user was using Outlook
Express 6.0 or Outlook 2002 in their default configurations, or
Outlook 98 or 2000 in conjunction with the Outlook Email Security
Update, then an attack could not be automated and the user would
still need to click on a URL sent in e-mail. However if the user
was not using Outlook Express 6.0 or Outlook 2002 in t... Read more

A:Flaw in Windows Me Help and Support Center Could Enable Code Execution: Feb 26

Im sorry but doesn't that go against the Forum Rules of explaining how to HACK, crack, or pirate programs? Because I just learned something new...
 

Read other 3 answers
RELEVANCY SCORE 44

Hi folks. Strictly from a malware perspective, how safe would you consider an unsupported version of Windows (i.e no security patches released by MS)running an up to date AV software?

Thanks!

A:Unpatched OS with up to date AV

What version of Windows? What AV? Based on what kind of browsing habits? Any antimalware apps like MalwareBytes or SpywareBlaster et. al.? A lot of variables left unanswered. But in general I would say quite low on a safe scale. With the general description you have provided.

Read other 12 answers
RELEVANCY SCORE 44

So this afternoon I tried to patch up my system files to allow custom themes, using a combination of Vistaglazz and manual file replacement. I was more or less successful-- I could apply and use themes without any problem, although during the installation the unpatched versions of themeui.dll, uxtheme.dll, and shsvcs.dll did not take nicely to being renamed. (I'm not sure what quite went wrong, but at the time I figured that I would never unpatch them, or would be able to recover them otherwise.)
However, now when I boot up my computer in Vista, it won't load. I can go through the login screen just fine, but after logging in the screen goes black and returns to the login screen. I'm almost positive this is a result of thethemeui.dll, uxtheme.dll, and shsvcs.dll being replaced, as prior to this everything was running smoothly.
Now, my computer dual-boots Ubuntu and Vista, so I'm also quite sure that I can just boot up in Ubuntu, access the system files from there, and avoid a system restore. The only problem with this plan is that I can't get a hold of any compatible files-- the only copies of these files I can find are 32-bit versions, while I run 64-bit Vista. Google isn't turning up much aside from a year-old forum thread between programmers and this forum. I figured there would be someone here able to help me.

In short, I am looking for unpatched themeui.dll, uxtheme.dll, and shsvcs.dll files for 64-bit Vista. Can anyone help me out?

A:Unpatched themeui.dll for x64?

Hey Foiled,

Its illegal to distribute System Files, however I will send you them anyway as I know how hard it is to recover from a failed manual attampt at uxtheme patching...Its happened to me enough times that I created a UXTheme patcher for these reasons

I used 8 different file verification and system metric integrity checks before patching and I designed it to use the new Kernel Transaction Manager included with Vista and its currently the only UXTheme patcher using this functionality for 100% patching reliability, If even the slightst call fails then it doesnt touch anything, if you would like to try it out, I can send you a download link?

(My system hasnt been patched since Ive mainly been using Windows 7 )

Read other 5 answers
RELEVANCY SCORE 43.6

According to Google Project Zero hacker Tavis Ormandy, the software contains a "bunch of critical problems" which could put user accounts at risk.
Read here.

Read other answers
RELEVANCY SCORE 43.6

Hey there,
I study infosec. I do need an unpatched Windows XP version, to study some very simple exploits. 
Can anyone please tell me if/where can I find it (I've tried e.b.a.y. and a.m.a.z.o.n, but I cannot determine if the few versions they offer are unpatched).
Otherwise, can anyone please tell me where can I find good instructions on how to u.n.p.a.t.c.h a Windows XP SP3.
To be more explicit, I Do Need to train on MS08_067 vulnerability.
I do thank you in advance for helping me.
bye

Read other answers
RELEVANCY SCORE 43.6

1) An error in the handling of redirections can be exploited to access documents served from another web site via the "object.documentElement.outerHTML" property. 2) An error in the handling of file shares can be exploited to trick a user into executing a malicious HTA application via directory traversal attacks in the filename. Successful exploitation requires some user interaction.The vulnerabilities have been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.Solution: 1) Disable Active Scripting support. 2) Filter Windows file sharing traffic.ISC Testing Note: Regarding the second vulnerability, what's interesting is that we were able to reproduce this even when using Mozilla FireFox.These are rated as a "moderate risk" and proof-of-concept exploits have been developed.New IE unpatched OuterHTML and HTA vulnerabilitieshttp://secunia.com/advisories/20825/http://www.incidents.org/diary.php?storyid=1448http://www.frsirt.com/english/advisories/2006/2553

Read other answers
RELEVANCY SCORE 43.6

Don't connect that new PC to the Internet before taking security precautions, researchers at the Internet Storm Center warned Tuesday.

According to the researchers, an unpatched Windows PC connected to the Internet will last for only about 20 minutes before it's compromised by malware, on average. That figure is down from around 40 minutes, the group's estimate in 2003.

The Internet Storm Center, which is part of the SANS Institute, calculated the 20-minute "survival time" by listening on vacant Internet Protocol addresses and timing the frequency of reports received there.

"If you are assuming that most of these reports are generated by worms that attempt to propagate, an unpatched system would be infected by such a probe," the center, which provides research and education on security issues, said in a statement.

The drop from 40 minutes to 20 minutes is worrisome because it means the average "survival time" is not long enough for a user to download the very patches that would protect a PC from Internet threats.

Scott Conti, network operations manager for the University of Massachusetts at Amherst, said he finds the center's data believeable.

"It's a tough problem, and it's getting tougher," Conti said.

One of Conti's administrators tested the center's data recently by placing two unpatched computers on the network. Both were compromised within 20 minutes, he said.

The school is n... Read more

A:Unpatched PCs compromised in 20 minutes

My first installs after the OS are always Antivirus, Firewall, and then malware detectors, BEFORE I go to any sites other than the auto-updates.
 

Read other 1 answers
RELEVANCY SCORE 43.2

Almost any cash machine in the world could be illegally accessed and jackpotted with or without the help of malware.
Security researchers at Kaspersky Lab reached this conclusion after investigating real attacks on ATMs and assessments of the machines carried out for several international banks.
The susceptibility of ATMs in particular is due to the widespread use of outdated and insecure software, mistakes in network configuration, and a lack of physical security for critical components of ATMs.
For many years, the biggest threat to the customers and owners of ATMs were skimmers – special devices attached to an ATM in order to steal PINs and data on bank card magstripes. However, as malicious techniques have evolved, ATMs have been exposed to a greater range of dangers.
In 2014, Kaspersky Lab researchers discovered Tyupkin – one of the first widely known examples of malware for ATMs – and in 2015, they uncovered the Carbanak gang, which among other things was capable of jackpotting ATMs through compromised banking infrastructures.
Both examples of attack were possible due to the exploitation of several common weaknesses in ATM technology and in the infrastructure that supports them.
 

Article

A:What do you call an old, unpatched and easily hacked PC? An ATM

Hi John
Just another reason I do not use an ATM or Debit card either.
 
Thanks
Roger

Read other 2 answers
RELEVANCY SCORE 43.2

Quote:
Some of the latest security updates for Windows XP will not be installed on machines infected with a rootkit virus.
A rootkit is sneaky malware that buries itself deep inside the Windows operating system to avoid detection.
Microsoft said it had taken the action because similar updates issued in February made machines infected with the Alureon rootkit crash endlessly.
The latest updates can spot if a system is compromised by the Alureon rootkit and halt installation.


Complete story at BBC News - Infected XP owners left unpatched

A:Infected XP owners left unpatched

In a way, I'm kind of glad ... this is a call for a "wipe and clean" install.

Save pictures and important Documents, then do a clean installation.
If these XP users were able to download and install the patch, they wouldn't be able to get back into their machines in order to save anything.

Read other 3 answers
RELEVANCY SCORE 43.2

Advisory ID : FrSIRT/ADV-2006-3037Rated as : Moderate Risk Remotely Exploitable : YesLocally Exploitable : YesRelease Date : 2006-07-28Technical Description: A vulnerability has been identified in Microsoft Windows, which could be exploited by remote attackers to cause a denial of service. This flaw is due to NULL pointer dereference error in the server driver (srv.sys) when handling specially crafted SMB (Server Message Block) packets, which could be exploited by a remote unauthenticated attackers to cause a vulnerable system to crash or display a blue screen, creating a denial of service condition. Note : A fully functional exploit has been published.Solution: Restrict access to ports 135, 139 and 445.A new SMB based vulnerability and exploit have been just developed which could create blue screen crashes for 2000, 2003, and XP. We should monitor this new risk for further developments. AV protection plus PC Firewall controls blocking the 3 key ports below will also help protect users. MSRC Blog entryhttp://blogs.technet.com/msrc/archive/2006/07/28/443837.aspxWindows Unpatched SMB DoS Vulnerability and Exploithttp://www.frsirt.com/english/advisories/2006/3037

Read other answers
RELEVANCY SCORE 43.2

Advisory ID : FrSIRT/ADV-2006-3180Rated as : Low Risk Remotely Exploitable : YesLocally Exploitable : YesRelease Date : 2006-08-07Technical Description: A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to cause a denial of service. This flaw is due to a signedness error in the GDI library (gdi32.dll) when processing malformed WMF images, which could be exploited by attackers to crash an application linked against the vulnerable library (e.g. Internet Explorer) by tricking a user into visiting a malicious web page or opening a specially crafted image.A new unpatched vulnerability has been published, that can result in a Denial-of-Service (DoS) attack. Links from Secunia and FrSIRT are noted below. Microsoft Windows GDI Library WMF Image Handling Remote Denial of Service Vulnerabilityhttp://secunia.com/advisories/21377/http://www.frsirt.com/english/advisories/2006/3180

Read other answers
RELEVANCY SCORE 43.2

Please be careful if you use WinAmp as a media player on your system. A new exploit has surfaced for an unpatched vulnerability that is rated as a critical risk by security firms. The vendor will most likely patch this soon and the patch should be applied expediently.Winamp Computer Name Handling Buffer Overflow Vulnerabilityhttp://secunia.com/advisories/18649/DESCRIPTION: The vulnerability is caused due to a boundary error during the handling of filenames including a computer name. This can be exploited to cause a buffer overflow via a specially crafted playlist containing a filename starting with an overly long computer name (about 1040 bytes). Successful exploitation allows execution of arbitrary code on a user's system when e.g. a malicious website is visited. The vulnerability has been confirmed in version 5.12. Other versions may also be affected.Nullsoft Winamp Player PLS Handling Remote Buffer Overflow Vulnerabilityhttp://www.frsirt.com/english/advisories/2006/0361Advisory ID : FrSIRT/ADV-2006-0361CVE ID : GENERIC-MAP-NOMATCHRated as : Critical Remotely Exploitable : YesLocally Exploitable : YesRelease Date : 2006-01-29Technical Description: A vulnerability has been identified in Winamp, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer overflow error when processing a specially crafted playlist (".pls" file) containing a malformed "File1" tag, which could be exploited by remote attacker... Read more

A:Winamp 5.12 - Zero Day Exploit For Unpatched Vulnerability

Nullsoft has expediently released version 5.13 to address this ZERO DAY attack ISC Informationhttp://www.incidents.org/diary.php?storyid=1080Download v5.13 herehttp://www.winamp.com/player/WinAmp Change Historyhttp://www.winamp.com/player/version_history.php

Read other 1 answers
RELEVANCY SCORE 43.2

Although the scope of this new zero day is limited, users should always avoid unexpected attachments and scan them thoroughly with AV productsMicrosoft Security Advisory (929433)Vulnerability in Microsoft Word Could Allow Remote Code Executionhttp://www.microsoft.com/technet/security/...ory/929433.mspxMicrosoft is investigating a new report of limited ?zero-day? attacks using a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006. In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker. As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.More links are noted below:http://secunia.com/advisories/23232/http://www.frsirt.com/english/advisories/2006/4866 http://www.f-secure.com/weblog/archives/ar...6.html#00001042http://www.incidents.org/diary.php?storyid=1913

Read other answers
RELEVANCY SCORE 43.2

 
Microsoft plans to fix a vulnerability in version 8 of its Internet Explorer browser that allows attackers to remotely hijack computers that do nothing more than visit a booby-trapped website.

http://arstechnica.com/security/2014/05/microsoft-to-fix-critical-ie-bug-that-has-gone-upatched-for-6-months/
 
I think M$ needs to learn the words to that Brittany Spears song.... " Oop's we did it again" ha ha.

A:Microsoft to fix critical IE bug that has gone unpatched for 6 months

 

 
Microsoft plans to fix a vulnerability in version 8 of its Internet Explorer browser that allows attackers to remotely hijack computers that do nothing more than visit a booby-trapped website.

http://arstechnica.com/security/2014/05/microsoft-to-fix-critical-ie-bug-that-has-gone-upatched-for-6-months/
 
I think M$ needs to learn the words to that Brittany Spears song.... " Oop's we did it again" ha ha.
 
 
This is what M$ said according to the article:
'In a statement issued to media outlets, Microsoft said some patches take longer to develop than others and that "we must test every one against a huge number of programs, applications and different configurations," '
 
Well, one way to reduce the number of scenarios would be to not re-brand the product every 5 years and make people pay for it again.
 
I'm generalising a little here but how hard would it have been to let Windows Vista be developed further instead of creating Windows 7.

Read other 5 answers
RELEVANCY SCORE 42.8

Exploits allowing hackers to break into Gmail accounts are likely to occur, if they're not already circulating, after security researchers released details of a hole that Google has reportedly declined to patch.Click to expand...

http://windowssecrets.com/comp/090423/
 

A:Gmail accounts hacked via unpatched hole

Is web mail safe, or is your mail safer when retrieved to your PC ? What is your opinion?
 

Read other 2 answers
RELEVANCY SCORE 42.8

A new flaw in IE 6.0 could allow attackers to shut down a computer just by getting users to visit a malicious Web site.

The risk that this vulnerability will be exploited grew dramatically a few weeks ago when the source code for one possible logoff attack was posted on the security mailing list Vuln-Dev. That posting turned this threat into a trivial, script kiddie-level attack. The fact that the shutdown executables are now shipping with all versions of XP means that not only will this attack almost certainly be exploited, but it will now begin to cause real damage.

Here is the full article.
 

A:IE Codebase Localpath threat remains unpatched

Lisa
Good info! Read through all articles presented and referred then also did a seach of my system for the two offending .exe's.
Neither of the two existed. At first I thought Well I have WinME 5.5 SP2 and maybe I do not have those files. Upon further research I found that MS has plugged the hole with the new March 28th security update which I have downloaded. Here is the two articles that explain the patch.

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q319182
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q319235

Dave
 

Read other 1 answers
RELEVANCY SCORE 42.8

Unpatched Microsoft bugs raise red flags.

Microsoft has released its security updates for the month of September, but a couple of unpatched flaws have some security experts wondering if the software company will be forced to release an emergency patch sometime in the month ahead.

Security researchers believe that an unpatched flaw in the SMB (Server Message Block) 2 software that ships with Windows Vista and Windows Server 2008 could turn into a major headache.

Related article: Fuzzing Snags a Serious Flaw in Windows.

Vulnerability hunters increasingly rely on "fuzzing", a technique that tries to break programs with pseudo-random inputs.

-- Tom
 

Read other answers
RELEVANCY SCORE 42.8

Here are just the original and unpatched DLL's extracted from the Windows 8 install.wim.
Enjoy
https://mega.co.nz/#!QVYgFK5L!ABFUMC...uSndg_uZI2B_Fk

Read other answers
RELEVANCY SCORE 42.8

 
Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft’s Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought.
 
Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix.
DISCLOSURE OF UNPATCHED BUGS, GOOD OR BAD?
Google’s tight 90-days disclosure policy seems to be a good move for all software vendors to patch their products before they get exploited by the hackers and cybercriminals. But at the same time, disclosing all critical bugs along with its technical details in the widely used operating system like Windows 7 and 8 doesn’t appears to be a right decision either. In both cases, the only one to suffer is the innocent users.
 
 
The revelation of the security flaw was also a part Google's Project Zero, an initiative that identifies security holes in different software and calls on companies to publicly disclose and patch bugs within 90 days of discovering them.
 
 
Google vs. Microsoft — Google reveals Third unpatched Zero-Day Vulnerability in Windows
 
More here.
 

Google drops more W... Read more

A:Google reveals Third unpatched Zero-Day Vulnerability In Windows

Another? So soon? This is just about the worst time google could release the details, just after one patch tuesday so that chance for ms to fix this is about a month away.
There is wisdom in google using the threat of "we're going to reveal it in 90 days" to make other companies hurry up but they could atleast have only revealed the overall description of the vulnerability rather than full technical details that will end up acting as a "how to" guide for criminals.

Read other 2 answers
RELEVANCY SCORE 42.8

Exploits allowing hackers to break into Gmail accounts are likely to occur, if they're not already circulating, after security researchers released details of a hole that Google has reportedly declined to patch....Make sure you have a strong password Many PC users select weak passwords that consist of common names or dictionary words, leaving them susceptible to brute-force discovery and configure Gmail to use SSL by default:To benefit from encryption when accessing Gmail, you should configure the service to use SSL by default. To do so, click Settings in the top-right corner of the main Gmail window, select Always use https in the "Browser connection" section at the bottom of the General tab, and click Save Changes.http://windowssecrets.com/comp/090423/

A:Gmail accounts hacked via unpatched hole

Or you can stop using a browser for accessing Gmail and start using Thunderbird for having all your emails delivered to your desktop.

Read other 1 answers
RELEVANCY SCORE 42.8

This new security could be exploited for DoS or other attacks. This new exposure should be followed for further developments. Researchers warn of new Microsoft Windows security flawhttp://searchsecurity.techtarget.com/origi...1272760,00.htmlMicrosoft Windows CFileFind Class "FindFile()" Buffer Overflowhttp://www.frsirt.com/english/advisories/2007/3182http://secunia.com/advisories/26800/QUOTE: The following products are currently known to have vectors allowing exploitation:* HP All-in-One Series Web Release software/driver installer version 2.1.0 * HP Photo & Imaging Gallery version 1.1

Read other answers
RELEVANCY SCORE 42

More evidence that the initial buggy and trojan horse based attacks are being refined by the bad guys into a true Internet based worm. If you haven't performed a Windows Update since October 23rd, it's important to do so immediately. MS08-067 - First Worm Exploiting unpatched systems in the Wildhttp://isc.sans.org/diary.html?storyid=5275http://www.f-secure.com/weblog/archives/00001526.htmlhttp://www.threatexpert.com/report.aspx?ui...02-731ebaaffa5dQUOTE: Code building on the proof of concept binaries that were mentioned last week has moved into the wild. We've received the first reports of a worm capable of exploiting the MS08-067 vulnerability. The exploit payload downloads a dropper that we detect as Trojan-Dropper.Win32.Agent.yhi. The dropped components include a kernel mode DDOS-bot that currently has a selection of Chinese targets in its configuration. he worm component is detected as Exploit.Win32.MS08-067.g and the kernel component as Rootkit.Win32.KernelBot.dg.

Read other answers
RELEVANCY SCORE 42

A update for flash player was released today (5/12/16)






Adobe Systems is working on a patch for a critical vulnerability in Flash Player that hackers are already exploiting in attacks. The Flash Player vulnerability is being tracked as CVE-2016-4117 and affects Flash Player versions 21.0.0.226 and earlier for Windows, OS X, Linux, and Chrome OS. Successful exploitation can allow attackers to take control of affected systems.



Hackers are exploiting an unpatched Flash Player vulnerability, Adobe warns | PCWorld

Read other answers
RELEVANCY SCORE 42

OVERVIEW: A generic IRCbot called MocBot by some AV vendors has been adpated to use a recently developed MS06-040 exploit. The Windows MS06-040 patch fixes critical security issues for a recently discovered "Server" service vulnerability. This protective patch was issued on August 8th by Microsoft. Now five days later, this new IRC-MocBot attack is now in the wild. It will automatically affect unpatched W/2000 systems (unless firewall controls to block ports 139 and 445 are in place). This IRCbot can also potentially spread through AOL Instant messaging traffic.On infected systems, it hides as a Windows Genuine Advantage (WGA) Registration service and instability will result with improper removal. Finally, Trend is reporting a 2nd variant so this new malware model may be adaptable to creating new variants to bypass AV detection as it emerges. Please install all available Microsoft security updates (esp. MS06-040) for the best level of protection.SECURITY INFORMATION AND WARNINGSMSRC Blog Informationhttp://blogs.technet.com/msrc/archive/2006/08/13/446268.aspxInternet Storm Center bulletinhttp://www.incidents.org/diary.php?storyid=1592FrSIRT - Current Threat Analysishttp://www.frsirt.com/english/threats/Department of Homeland Security Warninghttp://www.dhs.gov/dhspublic/display?content=5789ANTI-VIRUS PROTECTION FOR NEW MS06-040 BASED IRC-BOTMS06-040 - McAfee IRC-MocBot http://vil.nai.com/vil/content/v_140394.htmMS06-040 - McAfee generic information on IRC bot ... Read more

A:Ms06-040 -- New Ircbot Attacks Unpatched W/2000 Systems

Just some added info at F-Secures sightF-Secure.com

Read other 1 answers
RELEVANCY SCORE 41.6

Advisory ID : FrSIRT/ADV-2006-0417CVE ID : GENERIC-MAP-NOMATCHRated as : Moderate Risk Remotely Exploitable : NoLocally Exploitable : YesRelease Date : 2006-02-02EXPLOIT: POC exploit code can be found at FrSIRTTechnical Description: A vulnerability has been identified in Microsoft Windows, which could be exploited by malicious users to obtain elevated privileges. This flaw is due to an access validation in the Simple Service Discovery Protocol (SSDP) Discovery and the Universal Plug and Play Device Host (UPnP) services that fail to properly validate user permissions, which could be exploited by local unprivileged attackers to bypass security restrictions and execute malicious programs with elevated privileges.Thankfully, this new vulnerability is not remotely exploitable as it requires local access to the PC. Still, someone with a crafted version of the exploit on a memory stick or other media might be able to compromise security controls on the local PC.Microsoft Windows SSDP and UPnP Services Privilege Escalation Issuehttp://www.frsirt.com/english/advisories/2006/0417

Read other answers
RELEVANCY SCORE 40.8

Hackers Exploit Unpatched Firefox 0day Using Nobel Peace Prize Website.

It’s been a while since Firefox has been in the news, but this is a fairly high profile case involving the Nobel Peace Prize website. It seems there is a race condition vulnerability in the latest versions of Firefox (including 3.6.11) that allows remote exploitation.

In this case it was used via an iFrame on nobelpeaceprize.org which then downloaded malware to the visitors machine using a multi-exploit back-end which amongst others also leveraged this 0day Firefox exploit.
...
Mozilla claims they will address this issue soon and past history dictates that a patch will come out within a few days, so look forwards to Firefox 3.6.12 by the end of the week. It seems to be a fairly advanced and targeted attack.Click to expand...

Note: Use of NoScript w/Firefox allows one to select and check Forbid IFrames in NoScript Options>Embeddings, or disabling JavaScript will block this exploit (but may affect viewing some web pages).

-- Tom
 

Read other answers
RELEVANCY SCORE 36.4

A German mathematician called Martin von Gagern found a bug in GnuTLS , an open-source library that implements TLS...http://www.malwarecity.com/blog/devil-in-t...etails-287.html

Read other answers
RELEVANCY SCORE 36.4

Zero day IE7 security flaw:

http://threatpost.com/en_us/blogs/new-zero-day-flaw-discovered-ie7-112209
 

Read other answers
RELEVANCY SCORE 36.4

Microsoft Corp., a worldwide leader in operating systems and Internet technologies, announced that it has found a major flaw in Windows XP operating system that is related to the JPEG image format.

An attacker could infiltrate the user's computer by tricking the user into opening a specially coded JPEG file. Microsoft has released a patch and a specialized tool that will scan for the aforementioned vulnerability. The software giant stated that this flaw does not affect users with Windows XP Service Pack 2.

The flaw affects Windows XP, Windows 2003 Server Edition, and later versions of Microsoft Office. Some users with older Microsoft operating systems may also be affected only if they are running specialized image editing software such as Digital Image Pro and Visio 2002.

Here is a link to a plethora of information on this flaw.
 

A:Another Flaw With MS?

Deke said:

The software giant stated that this flaw does not affect users with Windows XP Service Pack 2. Click to expand...

So the moral is - get SP2 !
 

Read other 1 answers
RELEVANCY SCORE 36.4

I found it in my startup through msconfig. I have no idea what it is.
Loads from the c:\docume~1\admini~1\applic~1\find01~1\dvd flaw.exe

A:Dvd Flaw.exe What Is It?

to BC easye35Googling on this name came up empty. The single flaw.exe was reckognized as malware. If you do CTRL ALT DEL do you see it running under processes?Please downloadProcessExplorer and see where it is refering to by selecting the process and post it here

Read other 4 answers
RELEVANCY SCORE 36

Lately ...
Many things I try to do, I get a popup notice that this contains a security flaw .. Do I want to continue ???

Is this because I've installed XP SP3 ??
 

A:Security Flaw

Read other 8 answers
RELEVANCY SCORE 36

Microsoft is investigating a new flaw in the Windows operating system but didn't provide details on their Security Response Center Blog....we?re looking into new public proof of concept code around a possible vulnerability in Microsoft Windows. So far we?re not aware of any attacks attempting to use vulnerability or any customer impact, but we wanted to let everyone know we?re investigating.What we know at the moment is that the vulnerability can be attacked through Internet Explorer and requires user interaction on the page before the attack can occur...blogs.technet.com

A:Another Windows Flaw

Astronaut: Houston we have a problem...

Houston: What is it?

Astronaut: We can't tell you.

Houston: Why not?

Astronaut: Because it hasn't occured yet...

Houston: Then how do you know it will happen?

Astronaut: We saw some code laying around...

Houston: So.. we always have sloppy work

Astronaut: Correct, however, this is leading to an "unknown" problem...

laymans terms of what Microsoft is doing.

Read other 1 answers
RELEVANCY SCORE 36

Found this today.

"New Windows zero-day flaw bypasses UAC"
http://www.informationweek.com/shar...ZW0ACXQE1GHPCKHWATMY32JVN?articleID=228400132
 

A:New Zero-Day Flaw Bypasses UAC

good read
 

Read other 1 answers
RELEVANCY SCORE 36

See: http://www.eweek.com/article2/0,1895,1850357,00.asp
'Killbit' Workaround for Zero-Day IE Flaw Available <-- DO NOT USE!!!!!!!!!

Note: Use Microsoft pre-patch workaround instead!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

The utility sets the "killbit" for Msddds.dll (Microsoft DDS Library Shape Control), the COM object that can cause browser crashes—and remote code execution—via specially crafted Web pages.

Once the "killbit" is set to prevent the use of Msdds.dll as an ActiveX, all applications that use the COM object utility will break.

Microsoft has already issued an advisory confirming the severity of the flaw and providing pre-patch workaround to help block known attack vectors. See advisory here:
http://www.microsoft.com/technet/security/advisory/906267.mspx

-- Tom
 

Read other answers
RELEVANCY SCORE 36

Alright, let the rant begin:
 
A month back, Comcast backstabbed us and gave us <1 Mbps, when we were paying for 40+ Mbps. After three different routers and three different tech support guys came over, we "solved" the problem. Only not really.
It seems everywhere else the internet is fine. On this computer though (HP Pavilion p7-1534 PC, running Windows 8) it's anything but fine. The problem is that the connection randomly drops and says "Limited" in the Networks panel. I can reconnect immediately, but I play Wizard101 and once you lose connection for the slightest second, you have to restart the entire program (Which takes close to a minute). It has also been bothering other users of this computer.
 
Another odd thing is that, when I try to check the "Connect Automatically" box, and we lose connection again, the box NEVER stays checked. Even weirder, ALL of the other networks in my area have the "Connect Automatically" box checked. I think this may be part of the problem.
 
I am an avid hater of Windows 8 because nothing seems to work, including this. The internet was working fine until Comcast backstabbed us, but now I think it is just the computer.
 
Any ideas how to solve this? I am getting REALLY tired of it.
Thanks in advance for any help.
 
One more thing: We have no bandwidth problems, it just randomly dorps. My parents are considering buying a booster, would that solve the problem?

A:Internet Flaw

 
 
It seems everywhere else the internet is fine. On this computer though (HP Pavilion p7-1534 PC, running Windows 8) it's anything but fine. The problem is that the connection randomly drops and says "Limited" in the Networks panel. I can reconnect immediately, but I play Wizard101 and once you lose connection for the slightest second, you have to restart the entire program (Which takes close to a minute). It has also been bothering other users of this computer.
 
Any ideas how to solve this? I am getting REALLY tired of it.
Thanks in advance for any help.
 
One more thing: We have no bandwidth problems, it just randomly dorps. My parents are considering buying a booster, would that solve the problem?
 

Try replacing the network cable for that computer if that doesn't resolve the issue. Then next thing you can do is to try to do a system restore/ or update your Ethernet adapter drivers.

Read other 4 answers
RELEVANCY SCORE 36

Here's another beauty - JavaVM is at it again
Flaw in Microsoft VM JDBC Classes Could Allow Code Execution (Q329077)
http://www.microsoft.com/technet/security/bulletin/MS02-052.asp

------
Just noticed it's been rolled into the security post at the top - mod should delete this one.
 

A:JavaVM flaw

That's ok, the additional heads-up can't hurt. They really should provide another download link for the patch other than the update site, as not everyone can get there; it's not on any of their other download sites yet that I can see.
 

Read other 1 answers
RELEVANCY SCORE 36

MyNetscape

Sunday, Sept. 1, 2002
Security Flaw Found in Microsoft Web Browser
SAN FRANCISCO (Reuters) - Security researchers on Monday
said they have found serious flaws in Microsoft Corp.'s
Internet Explorer browser and in PGP, a widely used data
scrambling program, that could expose credit card and other
sensitive information of Internet users.
The Internet Explorer (IE) problem has been around for at
least five years and could allow an attacker to intercept
personal data when a user is making a purchase or providing
information for e-commerce purposes, said Mike Benham, an
independent security researcher based in San Francisco.
"If you ever typed in credit card information to an SSL
site there's a chance that somebody intercepted it," he added.
Internet Explorer fails to check the validity of digital
certificates used to prove the identity of Web sites, allowing
for an "undetected, man in the middle attack," he said.
Digital certificates are typically issued by trusted
certificate authorities, such as VeriSign Inc., and used by Web
sites in conjunction with the Secure Sockets Layer (SSL)
protocol for encryption and authentication.
Anyone with a valid digital certificate for any Web site
can generate a valid certificate for any other Web site,
according to Benham.
"I would consider this to be incredibly severe," he added.
Cryptography expert Bruce Schneier agreed.
"This is one of the worst cryptographic vulnerabilities
... Read more

Read other answers
RELEVANCY SCORE 36

I think I've found a major flaw in the audio systems for Windows 7. I'm not sure if it could just be my computer, but it's quite annoying, since I change audio ports a lot for recording.

What happens is if I change my Sound out -> Headphones/Speakers port to the other one like lets say from Headphone port (front) to the Speakers port (back) all my sounds will completely cut out, and Windows will begin to lag until I restart my computer. In iTunes, if I try to play a song at this point, iTunes will either lock up or refuse to play the song.

I am running Windows 7 Home Premium 64-bit.
My sound card is a Realtek HD Integrated Audio Chipset.

A:Major Flaw? (Win 7)

Do you have the latest drivers for your sound card?

Read other 5 answers
RELEVANCY SCORE 35.6

Latest update on Adobe Reader Flaw

Users are being advised to update their systems after the emergence of a new rash of attacks targeting a previously-patched flaw in Adobe Acrobat.
The attacks use specially-crafted PDF files to exploit a vulnerability in the Java component of Adobe Acrobat Reader to perform malware installations on targeted systems.
Users can protect against the attacks by updating Adobe Acrobat and Reader to the latest versions. Users running version 9 of either product are not vulnerable to the attack.
Full info Here ...
Attackers gun for Adobe flaw - vnunet.com

Read other answers
RELEVANCY SCORE 35.6

Intel chip flaw--but what of it?.

...
"This is the scariest, stealthiest, and most dangerous exploit I've seen come around since the legendary Blue Pill!," writes Jamey Heary in a Network World blog. He is a consulting systems engineer for Cisco Systems.
Click to expand...

-- Tom
 

Read other answers
RELEVANCY SCORE 35.6

This might be worth keeping an eye open
http://news.bbc.co.uk/2/hi/technology/7784908.stm
 

A:Serious security flaw found in IE

The same article has already been noted in another section: "Web & Email"

But thanks anyway.
 

Read other 3 answers
RELEVANCY SCORE 35.6

About this flaw mentioned in the following articles:

New Web Attack Exploits Unpatched IE Flaw
Robert McMillan, IDG News Service
Dec 9, 2008 8:20 am
http://www.pcworld.com/article/155190/new_web_attack_exploits_unpatched_ie_flaw.html

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: December 10, 2008 | Updated: December 13, 2008
http://www.microsoft.com/technet/security/advisory/961051.mspx

Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.Click to expand...

Question:
I am using IE7 and Windows Vista, does the security update KB958215 fix the above IE7 zero day flaw on Windows Vista?

Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB958215)
http://go.microsoft.com/fwlink/?LinkId=133437

Thanks.
 

A:Internet Explorer 7 zero-day flaw

Read other 13 answers