What is the purpose of this alert?
This alert is to notify you that Microsoft has released Security Advisory 979682 – Vulnerability in Windows Kernel Could Allow Elevation of Privilege – on January 20, 2009.
Summary
Microsoft is investigating new public reports of a vulnerability in the Windows kernel. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-band security update, depending on customer needs.
Affected Software
The security advisory discusses the following software.
|
Affected Software
|
|
Microsoft Windows 2000 Service Pack 4
|
|
Windows XP Service Pack 2 and Windows XP Service Pack 3
|
|
Windows Server 2003 Service Pack 2
|
|
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
|
|
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
|
|
Windows 7 for 32-bit Systems
|
|
Non-Affected Software
|
|
Windows XP Professional x64 Edition Service Pack 2
|
|
Windows Server 2003 x64 Edition Service Pack 2
|
|
Windows Server 2003 with SP2 for Itanium-based Systems
|
|
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
|
|
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
|
|
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
|
|
Windows 7 for x64-based Systems
|
|
Windows Server 2008 R2 for x64-based Systems
|
|
Windows Server 2008 R2 for Itanium-based Systems
|
Mitigating Factors
-
An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
-
Windows operating systems for x64-based and Itanium-based computers are not affected.
Recommendations
Review Microsoft Security Advisory 979682 for an overview of the issue, details on affected components, mitigating factors, workarounds, suggested actions, frequently asked questions (FAQs), and links to additional resources.
Customers who believe they are affected can contact Customer Service and Support (CSS) in North America for help with security update issues or viruses at no charge using the PC Safety line (866) PCSAFETY. International customers can contact Customer Service and Support by using any method found at http://www.microsoft.com/protect/worldwide/default.mspx.
On September 08, 2009, Microsoft is planning to release five new security bulletins. While the issues affect different versions of Windows differently, Microsoft said none of the issues apply to the final version of Windows 7. Below is a summary.
|
Bulletin ID
|
Maximum Severity Rating
|
Vulnerability Impact
|
Restart Requirement
|
Affected Software
|
|
Bulletin 1
|
Critical
|
Remote Code Execution
|
May require restart
|
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
|
|
Bulletin 2
|
Critical
|
Remote Code Execution
|
Requires restart
|
Windows Vista and Windows Server 2008
|
|
Bulletin 3
|
Critical
|
Remote Code Execution
|
May require restart
|
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
|
|
Bulletin 4
|
Critical
|
Remote Code Execution
|
Requires restart
|
Microsoft Windows 2000, Windows Server 2003, Windows Vista, and Windows Server 2008
|
|
Bulletin 5
|
Critical
|
Remote Code Execution
|
May require restart
|
Microsoft Windows 2000, Windows XP, and Windows Server 2003
|
|
* The list of affected software in the summary table is an abstract. To see the full list of affected components please click on the "Advance Notification Web Page" link below and review the "Affected Software" section.
|
-
-
Microsoft Windows Malicious Software Removal Tool: Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
-
Symantec has acquired Web security firm Mi5 Networks and also announced Symantec Protection Suite Small Business Edition and Symantec Protection Suite Enterprise Edition are comprehensive solutions designed to secure firms against security risks and business interruptions, ensuring systems and critical information are readily available. The Symantec Protection Suites are scheduled to be available in summer 2009.
Read more…
Conficker is a computer software program that tries to exploit loopholes in various versions of Windows operating system. pirated copies of windows are prone to Conficker as compare to genuine copies of windows. Linux and Mac computers are safe from Conficker attack. Conficker can comes to your computer via internet or infected memory sticks.
What Conficker Do?
Conficker first tries to stop all your security programs running on your computer. Then it will stop the communication of web services that are being by security software’s for updating their database. Conficker also stop the working of Windows updates. As of now Conficker generating 50,000 domain names daily and these domain names communicating with each other in a systematically. whoever created the Conficker warn just has to activate one of the domain name and the creator will be able to take control of millions of zombie computers that have been created.
How to Remove Detect and Conficker ?
If you are running a genuine copy of windows then you might not hit by Conficker. Check whether your security software’s including Firewall, antivirus, anti spyware are running or not. Also windows update in working or not. If all these services are running fine then their is no risk on your computer.
The US department of Homeland Security released a tool to detect whether a computer is infected by Conficker warm.
Security is becoming a big concern for IT professionals and administrators. As Microsoft is coming with a new operating called Windows7, IT professionals and administrators are looking for a better security in Windows7 as compare to previous version of Windows operating. Recently Paul Cooke, Director, Windows Client Enterprise Security, Microsoft Corporation, written an article on Microsoft TechNet website describing fundamental security features and enhancements that will ship with Windows7.
Read more…
Security software vendors are finding their life extremely tough against computer attacker because they are able to find new ways to inject harmful code into computers, stealing data, running scripts from remote computers. installing Trojan and doing a number of malicious activities. Because of the fact that Malicious software writer developing a good number of virus programs making very hard for antivirus programs to detect them and remove from the computers.
Read more…
To protect our data generally computer users use data encryption technology for their files and passwords but all these methods does not prevent data copying and data printing. To solve these issues i found a solution called “Fortressware”. Fortress organize all your files in a Workspace called Fortress. To access Fortress workspace users must have a proper user name and password. Once the user has logged into the Fortress, the user will be able to access and manipulate the files as usual, but he will not be able to bring the files or any part of their contents out of the Fortress. The actions that are prevented by Personal Fortress include but are not limited to the following:
- Copy files out via copy-and-paste, or drag-and-drop action.
- Save file to a location outside of the Fortress workspace.
- Select and copy file contents to clipboard and paste them to another application then use that application to transfer the content out through network (such as email) or save to another location.
Read more…
Recently i got a E-Mail asking me to verify my PayPal account details otherwise PayPal will be going to suspend my PayPal account by the end of February 20, 2009. For a casual user this E-Mail looks like a real PayPal E-Mail asking its users to verify their accounts. Scam E-Mail includes a url that looks like a Paypal login url but when users clicks on this url, users will be redirected to a webpage saying that this webpage has been moved from PayPal and users are redirected to fake website asking them to enter their PayPal username and password.
Read more…
Panda Labs has discovered a website that is spreading malware and other malicious programs in completely different manner. The website is saying that they are providing antivirus solutions as software as a service model. The name of this fake software as a service antivirus website is ScanVirus.
ScanVirus website uses a number of security software logos and badges in order to get the visitors confidence. Basically the website is trying show that they are offering antivirus solution as software as a service by the those security software companies. Immediately upon loading the site a fake scan will begin and shortly after that the site will prompt the user to download a file called AntiVir.exe, which we detect as Adware/Antivirus2009. The site attempts to scare users by displaying images such as, "Your PC is infected! Sorry, standard programs cannot disinfect your PC now", and "DOWNLOAD PATCH to fix this problem"
Mozilla Firefox and Google Chrome use Google safe browsing feature to warn users about phishing sites and other malwares. But now cyber criminals found a new way redirect users to phishing or other malware site. There is a number of url redirection and url shortening services are available over the internet and cyber criminals using these services to redirect users to phishing or other malware websites.
Read more…
