Adobe Flash Zero Day Bug Emergency Patch

Adobe patches new Flash zero-day bug with emergency update – Computerworld

Adobe today warned that hackers are exploiting a critical vulnerability in its popular Flash Player program, and issued an emergency update to patch the bug.

“There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message,” the Friday advisory said.

All editions of the Flash player are affected, but those abusing this vulnerability are targeting Internet Explorer with this current exploit and Adobe is giving it their Priority 1 status:

The update was pegged with Adobe’s priority rating of “1,” used to label patches for actively-exploited vulnerabilities or bugs that will likely be exploited. For such updates, Adobe recommends that customers install the new version within 72 hours.

In this case of course it’s already actively being exploited. So don’t wait! Don’t be a target, get your Adobe Flash Player update today!

Advertisements

Oracle Java SE Update – Critical Update

Oracle Java SE Update – Security Garden

Oracle Java released an update to Java SE 6 and Java SE 7.

Edited to clarify:  Included in the Oracle updates are eighty-eight (88) new critical security fixes across numerous Oracle products, listed in the Oracle Critical Patch Update Advisory.  It is strongly advised that the update be installed for those products as soon as possible due to the thread posed by a successful attack.

More in the article.

Time to start checking Java.com for updates from Oracle that fix the latest Bugfixes for Java for your Windows, Solaris, and Linux operating systems. Linux users can also check their distros for these updates, and Mac users should start checking rigorously for updates to Java SE 6 from Apple.

NOTE: As of 10:37 AM EDT today, April 28, 2012, the Java website still shows Java SE 6, Update 31.

You will want to check the download links on Security Garden’s posting for the most recent updates. Or here on Oracle’s download page for Java SE Runtime Environment 6 Update 32 for Linux, Solaris, Windows (mainstream version that works with most applications). Mac OS X users still need to get their Java SE 6, Update 32 from Apple, so please keep checking!

Thanks for keeping us updated on Oracle’s Java status, Security Garden!

New Flash Player Zero Day

[tweetmeme source=”franscomputerservices” only_single=false]ZDNet reports, Adobe warns of new Flash Player zero-day attack:

Hackers are embedding malicious Flash Player files in Microsoft Word documents to launch targeted attacks against select businesses, according to a warning from Adobe.

These are being used to steal secrets from corporations, likely through downloaded and emailed MS Word documents such as Excel.

Adobe is working on patches for Flash 10.2.x and for earlier versions as well, for just about every OS out there.

Adobe Reader X protected mode will “prevent an exploit of this kind from executing.” The actual fix won’t come till their normal patch cycle in June for Adobe Reader. So be sure to get the latest version (Adobe Reader X)!

Much more in the article including information and links to Adobe’s security release.

Scot’s Newsletter Forums Celebrating their 8th Year!

[tweetmeme source=”franscomputerservices” only_single=false]Hard to believe that it has been 8 years since Scot Finnie — who is now the Editor in Chief of Computerworld — started a little experimental forum, Scot’s Newsletter Forums! Eight years later, it is still going strong.

I remember when the forums first started. Many of us were there from the beginning, or very nearly so. We were subscribers of Scot’s Newsletter when Scot announced to his subscribers.

I had been reading Scot Finnie’s articles since the old, now defunct WinMag days, and was saddened when they no longer published it. I lost track of Scot Finnie and a host of other writers for a time. I was very excited to hear about Scot Finnie and others who used to write for WinMag going on to have their own online/email newsletters and websites and finding them all over the place on the Internet.

The Scot’s Newsletter Forums has turned out to be a great place to gather, and help each other with various computer related issues, problems.

It’s a place where we SNF (Scot’s Newsletter Forums) “Highlanders” share our joys of success, and get help and understanding for our computer woes, and we have gained a level of friendship and community that is quite special, even among forums. I know that the SNF community literally reached out after the devastation of Hurricane Isabel, and physically and monetarily, as well as just emotional encouragement, helped us fix our roof — And I do mean physically. Some of the members who lived ‘near by’ actually traveled to our house with tools, materials and a willing spirit to help us put our roof back together. For those that wanted to help, but couldn’t come, they helped with providing funds to buy materials. It was a great blessing to us! And showed that even an Internet based community can be as real as any other community of neighbors, friends and family.

And all this while we work together with our various operating system situations whether it be Windows (ATW), Mac (ATM), and Linux (BATL) and other areas.

To help us celebrate the 8th year of Scot’s Newsletter Forums, ESET and WinPatrol have teamed up to help make the celebration all the more special by offering licenses to their great products in two different contests!

We really appreciate their generosity!!

Check out Corrine’s Security Garden posting about SNF 8th Anniversary as well; with even more information.

Happy 8th Anniversary Scot’s Newsletter Forums! It has been a wonderful thing to be a part of such a great ‘experiment’. 🙂

Race Conditions aka TOCTOU and now KHOBE

[tweetmeme source=”franscomputerservices” only_single=false]There is a ‘supposedly new’ threat on the horizon for Windows XP users, and more so on multi-core systems called KHOBE (Kernel HOok Bypassing Engine).

Although this is a threat, it is not a new threat — in fact, this type of thing has been a threat to computing since 1998 when it was written about in PDF format: RaceConditions.pdf, and in 1996 in this PDF: racecond.pdf and many times since then in articles online about TOCTOU (noted below in this posting).

It definitely sounds pretty bad when it is reported that this ‘new’ KHOBE can bypass EVERY Windows security product in an article by the respected Adrian Kingsley-Hughes at ZDNet Blogs and as reported and tested by MATOUSEC here. And it certainly isn’t a non-issue…

However, let’s look at this objectively. First this is not the first, last or only situation that has or will arise. Race Conditions as noted above have been created by TOCTOU (Time of check to time of use) situations since the dawn of computing and yes, they are not easy to test for in all situations/hardware prior to release of software/Operating Systems, but these types of conditions have been a potential threat for a very long time in all kinds of software.

A time-of-check-to-time-of-use bug (TOCTTOU − pronounced “TOCK too”) is a software bug caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check. It is a kind of race condition.

Before Windows was capable of true multi-tasking/multi-threading, it was possible to create these conditions on UNIX machines as noted in this 2001 article at InformationWorld.

So, why the fuss now? Windows 7 is basically claimed to be immune — by its omission in the ‘affected Windows Operating Systems’ list. Apparently only Windows XP (ONLY about 60% of Windows users –eeek! — per Adrian Kingsley-Hughes article above), or earlier Windows OSes are affected and in this particular case, and then only by security software that use the KHOBE (Kernel HOok Bypassing Engine).

Graham Cluely at his Sophos Blog notes,

Because KHOBE is not really a way that hackers can avoid detection and get their malware installed on your computer. What Matousec describes is a way of “doing something extra” if the bad guys’ malicious code manages to get past your anti-virus software in the first place.

In other words, KHOBE is only an issue if anti-virus products such as Sophos (and many others) miss the malware. And that’s one of the reasons, of course, why we – and to their credit other vendors – offer a layered approach using a variety of protection technologies.

In addition, Paul Ducklin’s Sophos blog notes,

The security panic of the week is the widely-reported story of a “vulnerability” called KHOBE. One news headline goes so far as to announce that this “new attack bypasses virtually all AV protection”.

I disagree.

The sample “attack”, which claims to be an 8.0 earthquake for desktop security software, describes a way in which the tamper protection implemented by some anti-malware products might potentially be bypassed. Assuming you can get your malicious code past the anti-malware product in the first place, of course.

Much more in his blog entry. All of these links are must read if you wish to understand as much as is possible what the real threat is.

So, given all this, is the game over on security software because this is now disclosed to be possible (READ: it was always possible) — at least till they figure out how to prevent Race Conditions in security software?

Hardly. But due to the release of the information, this situation may make life interesting security-wise for Windows XP users (earlier Windows OSes like Win2K, Win98, WinME, WinNT shouldn’t even be on the net at this point for many reasons, the least of which is this situation).

So, if you are a Windows user what can you do in the meantime?

  • Keep your systems up to date
  • Make sure you have a hardware NAT or SPI Firewall/Router on your local network, and a software firewall in place and working properly and updated (if it’s a third party firewall – Windows Firewall is updated with your Windows Updates)
  • Keep your browsers up to date
  • Keep your browser plugins (Adobe products, Apple products, Java, etc.) and extensions (like Firefox’s AdBlock Plus, etc.) up to date
  • Keep all Internet facing programs (Adobe, Microsoft, etc.) up to date
  • Run your CCleaner (or other Temporary Files/Temporary Internet Files cleaner program) frequently (I actually run mine several times a day) – Fully close any browsers before running your ‘cleaner’ and then re-open it as needed after you run the ‘cleaner’
  • Make sure your antivirus software is updating as it should and doing its scheduled scans
  • Update and Run any cleaner software and secondary anti-malware programs (like Malwarebytes Anti-malware) at least once a week or more often and immediately if something seems odd on your computer
  • Don’t open suspicious emails, even from known senders
  • Be careful where you go on the Internet. Even some legitimate sites have been hacked
  • Be careful about links and friends on Facebook (if you haven’t deactivated your account yet), Twitter, LinkedIn, and other Web 2.0/dynamic Social Networking sites.

In short, do what you should always be doing to keep yourself safe. Because this isn’t over. It was always a possibility whether we were aware or not, and it will likely be a possibility for a long time to come.

You might also consider installing a preventative program like BillP’s WinPatrol on your system to make you aware of potential changes to your system. *See EDIT below for a note from BillP about WinPatrol and kernel hooks.

And as I noted earlier, the focus of this issue, at this time, is apparently Windows XP, but any operating system is vulnerable to this type of attack and always has been — and that is not likely going to change any time soon.

EDIT: Added the following comment from BillP who developed WinPatrol:

* Thanks! I’m honored by the mention.
It’s a great topic and mentioning WinPatrol is appropriate since I don’t use any kernel hooking to detect changes. Thumbs Up!

Bill

Stay safer online or get files from corrupted Windows install

[tweetmeme source=”franscomputerservices” only_single=false]So, you need to get your files from your computer, but Windows won’t boot due to malware infection, or defective hardware or corrupted Windows install? Or maybe you just want to have a safe way to surf the Internet, or more safely do your online banking?

Clark76’s post entitled Saving files on a corrupt OS tells you how to use Ubuntu Linux LiveCD to get your files from a corrupted Windows install and backup/save them to a Flash drive for later restoration.

The only thing I would add to that posting is to make sure that if you reinstall Windows on the system, make sure that an antivirus software package is installed before trying to recover/copy the files back to your user account on Windows.

Using Ubuntu Linux LiveCD can also be an excellent way to keep your banking information safer if you use online banking as noted in my Technorati article entitled, How to be Safer While Banking Online from October 12, 2009.

There are just two ways that a Linux LiveCD can keep you safer online, or help you avert/recover from disaster. Linux LiveCDs are also a safer way to browse the Internet in these uncertain times since you can choose to disallow any changes to your system when booting your computer to a LiveCD.

Oracle Sun ships Java patch as attacks surface

[tweetmeme source=”franscomputerservices” only_single=false]As attacks surface, Sun ships Java sudden Java patch (ZDNet):

In a sudden about-face, Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks.

The release notes that accompanies the new Java 6 Update 20 makes no mention of the public flaw disclosure or subsequent attacks but I’ve been able to confirm that the patch does cover the vulnerability released by Google security researcher Tavis Ormandy.

Much more in the article by Ryan Naraine at ZDNet blogs linked above.

Glad to hear they have finally released a patch.

Might want to go get the latest Java 6 Update 20 asap at Manual Downloads at Java.com