Tag Archive | Microsoft

Microsoft Humbled: Hit by Cyberattack as well

We reported on all the recent cyberattacks lately, but didn’t catch this, so here’s an addendum to yesterday’s story:

As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.

Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.

Posted on MSRC’s Technet Blog

Advertisements

Patch Tuesday: A Fat One After All! Windows, Adobe Updates Galore!

Microsoft and Adobe have issued their round of updates today, as of 1 PM EST. The below details what was fixed.

First, Microsoft…Five of the 12 patches Microsoft released today earned “critical” acclaim. This means that attackers could exploit such vulnerabilities at any time.

Some of the vulnerabilities include: Windows implementation of Vector Markup Language (VML), Microsoft Exchange, and flaws in the way Windows handles certain media files. The remaining (critical) patch fixes a flaw only on Windows XP systems.

In today’s update, a patch for .NET may be included. This should be installed separately for best results. Install all other updates, and then do the .NET patch. This seems to be the  best plan.

Adobe fixes Flash and Shockwave Players:

APSB13-05 tells about the fixes for CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-0649, CVE-2013-1365, CVE-2013-1374, CVE-2013-1368, CVE-2013-0642, CVE-2013-0644, CVE-2013-0647, CVE-2013-1367, CVE-2013-0639, CVE-2013-0638 and CVE-2013-0637. The fixes are for Flash Player, AIR and AIR SDK.

APSB13-06 tells about the fixes for CVE-2012-0613 and CVE-2012-0636 in the Shockwave Player.

Here are the new versions:

Flash Player

Windows, 11.6.602.168

Mac, 11.6.602.167

Linux, 11.2.202.270

Android 4.x, 11.1.115.47

Android 2.x-3.x, 11.1.111.43
Adobe AIR

Windows, Mac, & Android, 3.6.0.597
Adobe AIR SDK

Windows, Mac, & Android, 3.6.0.599

Adobe AIR Update Link

Google pushed out today it’s channel update for Chrome for Flash Player.

Kelihos Botnet Appears Again with New Variant

Kelihos appears again with a new variant as many researchers have discovered. The variant enables it to remain dormant on the machine with sinkholing techniques, and other rootkit-style operations. It hides domains, and does many other things to conceal itself, as researchers have discovered.

This is the third attempt for the Kelihos botnet. When it got shutdown back in 2011 by a collaborative effort between Kaspersky Lab and Microsoft, it was figured that it was a P2P botnet, which made it more difficult to shutdown completely all operations for the botnet. At least its main servers were cut off, but it didn’t stop the malware from spreading since tons of blackhats still had the malcode on their own server/computer.

Researchers at Deep End Research and FireEye have new samples that have been analyzing, and after some impressive research, it was found that the Kelihos network is back on the rise.

“Since automated analysis systems are configured to execute a sample within a specified time frame, by executing a sleep call with a long timeout, Nap can prevent an automated analysis system from capturing its malicious behavior. Besides making a call to the function SleepEx(), the code also makes a call to the undocumented API NtDelayExecution() for performing sleep,” Abhishek Singh and Ali Islam of FireEye wrote in an analysis.

Experts are trying to discover the new roots, and another takedown may be in order. This is insanity.

57 Security Fixes Being Prepped by Microsoft for Tuesday!

Patch Tuesday is approaching in a few days with 57 security fixes by Microsoft. The company detailed the fixes in its latest security bulletin.

According to Microsoft, every version, 6-10, of Internet Explorer needs to be patched! They are all vulnerable to drive-by exploit attacks. A simple boobytrapped webpage can lay out many victims in its path with this vulnerability.

Five of the twelve updates are given the title of “critical”. Some of the updates are for Windows, Server, Office, and .NET Framework. These patches are set to be released on February 12th at 1:00 PM EST.

Symantec Teams With Microsoft to Destroy Bamital Botnet

The Bamital Botnet, known for grossing about $1 million a year using fraudulent means has been destroyed by the investigative teams of Microsoft and Symantec. With help from the feds, the two teams collaborated in the investigation of a number of data centers for the botnet servers. This operation is the sixth operation in the past three years to take down botnets, titled Operation b58. This operation began around a year ago, when Symantec approached Microsoft with intent to collaborate and take down this botnet.

The most notorious means of the botnet are very typical, inflicting a fraudulent payload via search redirects. The victims were lured in to a scam (social engineering), in which malware was then installed to infect the machine. Once done, the victim will do their normal activities including searching, which the malware will redirect to scam sites, selling fake (or legitimate but modified) software or services, attempting to steal credit card data.

For the last two years of its continual attack on internet users, the botnet totaled 8 million computers, approximately, and stole/racked in around $1 million USD. Right now, it’s estimated that anywhere from 300,000 to 1 million computers are still infected with the botnet.

During the takedown operation, Microsoft’s crew constructed a lawsuit against the botnet operators to pull the plug on the zombie network. Yesterday, February 6, after the request was granted by the court, Microsoft was escorted by the US Marshals Service to go to every facility in Virginia and New Jersey to seize servers.

According to Richard Boscovich, assistant general counsel with Microsoft’s Digital Crimes Unit, the operators of the Virginia data center were persuaded to take down the server at the parent facility in the Netherlands.

Many of the cybercriminals involved include about 18 of them, scattered all around the world from the US, to the UK, to Australia, and even Romania.

Cleaning Up

Microsoft and Symantec seek to help users who’re infected. The search redirect and querying system by the rogue servers will be broken, therefore the search function on victim computers will be broken, too. There will be removal tools to help this, as well as the ability to repair the broken functions.

It is sure this will make it a lot harder for the cybercriminals behind Bamital to restart their servers, as Microsoft and possibly others like the feds and Symantec, have the servers in their custody.

 

December Patches are in: Microsoft and Adobe have updates ready for Black Tuesday

Well it’s Patch Tuesday, or what some people call “Black” Tuesday.

Seven security bulletins were released for Microsoft products, which were about 11-12 vulnerabilities at least being patched. Could be more on some systems.

Current bulletins for this round:

  1. MS12-077 Cumulative Security Update for Internet Explorer
  2. MS12-078 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
  3. MS12-079 Vulnerability in Microsoft Word Could Allow Remote Code Execution
  4. MS12-080 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution
  5. MS12-081 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution
  6. MS12-082 Vulnerability in DirectPlay Could Allow Remote Code Execution
  7. MS12-083 Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass

(Key: ImportantCritical)

For the December Adobe Updates…The updates are for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.251 and earlier versions for Linux, Adobe Flash Player 11.1.115.27 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and 2.x, Adobe said.

The three updates fix a buffer overflow vulnerability, integer overflow vulnerability and a memory corruption vulnerability, all three of which could lead to code execution, Adobe also said.

There is also a security hotfix available to fix misc. vulnerabilities in ColdFusion. Get updates for Adobe products at Adobe.com.

Stay protected from vulnerabilities entirely and get $30 off this month for Kaspersky products: Kaspersky E-Store

Is Microsoft Overconfident? Ballmer Calls Android “Wild” and iOS “Highly Controlled”

Steve Ballmer may be the most audacious techie, well at least at Microsoft. He sure has his ways of expressing the opinions he has, which also reflect on the company. But, at least he did it professionally. Anyway, during his interview the other night with Reid Hoffman from LinkedIn, he stated some significant views on the mobile market.

Some of the views of Steve Ballmer included that the Android OS is “wild” and “uncontrolled”; further prone to malware infestations. But, answer this Ballmer…what was Microsoft’s excuse for years in its game of malware infestations? He has no room to talk, as his involvement with Microsoft has existed since 1980, being the 30th employee of the company (according to biographical reports). Microsoft had plenty of time to heal their security problems, but just ignored them for years.

Secondly, he called the iOS, Apple’s forefront mobile product, “highly controlled” and “quite high priced”. Of course, now he’s picked Microsoft as being the middle party operating system maker. As Microsoft’s products are not very well controlled or evenly controlled, and okay pricing. Our perspectives see Ballmer’s point. The question remains, however, was Ballmer just picking on the competition?

It can be sure that Ballmer just wants the middle-ground, as many people seem very comfortable there. Just to hope that mediocre tactics don’t set in, and Microsoft’s mobile line doesn’t go down the tube.

%d bloggers like this: