Chachazz

Members
 View Profile  See their activity

  • Content Count

    1522

  • Joined

  • Last visited

 Content Type 

Posts posted by Chachazz

  2. Microsoft 'wmf' Patch Today - 1/5/06

    in Security Alerts

    Posted

    Please also see:

    Microsoft Security Bulletin «MS06-001»

    Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

    Published: January 5, 2006

    Version: 1.0

    Manual Download available:

    •Microsoft Windows 2000 Service Pack 4

    •Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

    •Microsoft Windows XP Professional x64 Edition

    •Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

    •Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

    •Microsoft Windows Server 2003 x64 Edition

  3. Microsoft 'wmf' Patch Today - 1/5/06

    in Security Alerts

    Posted

    Re: MS Patch for WMF Vulnerability Exploit

    Published: 2006-01-05,

    Last Updated: 2006-01-05 21:47:54 UTC by Marcus Sachs

    If you have installed any of the earlier patches or workarounds, here is our recommendation for updating:

    1. Reboot your system to clear any vulnerable files from memory

    2. Download and apply the new patch

    3. Reboot

    4. Uninstall the unofficial patch, by using Add/Remove Programs on single systems. If you used msi to install the patch on multiple machines you can uninstall it with this:

    msiexec.exe /X{E1CDC5B0-7AFB-11DA-8CD6-0800200C9A66} /qn

    5. Re-register the .dll if you previously unregistered it (use the same command but without the "-u"):

    regsvr32 %windir%\system32\shimgvw.dll

    6. Reboot one more time just for good measure

    Source:SANS Internet Storm Center«

  4. Microsoft 'wmf' Patch Today - 1/5/06

    in Security Alerts

    Posted

    Title: Microsoft Security Response Center Bulletin Notification

    Issued: January 05, 2006

    ********************************************************************

    Summary

    =======

    Important Information for Thursday 5 January 2006

    Microsoft announced that it would release a security update to help

    protect customers from exploitations of a vulnerability in the

    Windows Meta File (WMF) area of code in the Windows operating system

    on Tuesday, January 2, 2006, in response to malicious and criminal

    attacks on computer users that were discovered last week.

    Microsoft will release the update today on Thursday, January 5, 2006,

    earlier than planned.

    Microsoft originally planned to release the update on Tuesday,

    January 10, 2006 as part of its regular monthly release of security

    bulletins, once testing for quality and application compatibility

    was complete. However, testing has been completed earlier than

    anticipated and the update is ready for release.

    In addition, Microsoft is releasing the update early in response to

    strong customer sentiment that the release should be made available

    as soon as possible.

    Microsoft's monitoring of attack data continues to indicate that the

    attacks are limited and are being mitigated both by Microsoft's

    efforts to shut down malicious Web sites and with up-to-date

    signatures form anti-virus companies.

    The security update will be available at 2:00 pm PT as MS06-001.

    Enterprise customers who are using Windows Server Update Services

    will receive the update automatically. In additional the update is

    supported Microsoft Baseline Security Analyzer 2.0, Systems

    Management Server, and Software Update Services. Enterprise

    customers can also manually download the update from the Download

    Center.

    Microsoft will hold a special Web cast on Friday, January 6, 2006,

    to provide technical details on the MS06-001 and to answer questions.

    Registration details will be available at

    http://www.microsoft.com/technet/security/default.mspx.

    Microsoft will also be releasing additional security updates on

    Tuesday, January 10, 2006 as part of its regularly scheduled release

    of security updates.

    More Info: MS Security Alert»

  5. Kav 5.0 -and- Nod32 - WMF Vulnerabilty

    in Security Alerts

    Posted

    KAV 5.0 Windows products patched for .wmf vulnerability

    Patches have been issued for Kaspersky AV Personal 5.0, Kaspersky Personal Security Suite, Kaspersky AV Personal Pro 5.0, Kaspersky AV for Windows Workstations 5.0, Kaspersky AV for Windows File Servers 5.0. This ensures that the product will provide protection against the Microsoft Windows .wmf vulnerability.

    The patches mean that Kaspersky Anti-Virus will be able to to scan wmf-files in real-time protection mode. Previously, such files were considered not to be vulnerabile to infection, and were therefore not scanned in real-time protection mode.

    The kav_pers_patch.exe patch applies to Kaspersky Anti-Virus Personal from version 5.0.121 and upwards and Kaspersky Personal Security Suite version 1.1.53 and upwards. For KAV Personal it is recommended to install it on version 5.0.388, 5.0.390.

    The patch kav_ppro_patch.exe is applicable to Kaspersky Anti-Virus Personal Pro starting from version 5.0.121. It should be installed on versions 5.0.388, 5.0.390.

    The patch_all_wks_to_5.0.xxx.exe patch applies to Kaspersky Anti-Virus for Windows Workstations versions 5.0.145 and upwards. It should be installed on version 5.0.225.

    The patch_all_fs_to_5.0.xx.exe patch applies to Kaspersky Anti-Virus for Windows File Servers, versions 5.0.33 and higher. It should be installed on version 5.0.72.

    The patches replace avlib.ppl, and do not change the product version. You must have Administrator privileges in order to install the patch. Once the product has been installed, you should reboot (a prompt will be displayed).

    More Info & Download»

    NOD 32 - WMF Patch

    by Paolo Monti

    Paolo Monti has released a temporary patch for the WMF vulnerability ( see Microsoft Security Bulletin 912840 ). This patch intercepts the Escape GDI32 API in order to filter the SETABORTPROC (function number 9). It uses dynamic API hooks avoiding patching/modifying of the GDI32 code. Advantages of this approach: fully dynamic - no reboot is required.

    This patch also works on Windows 9x/ME. Administrator rights are required to install it on WinNT,2000,XP, 2003 systems.

    Installation: unzip the file WMFPATCH11.ZIP and run the provided INSTALL.EXE file. Follow the instructions of the installer.

    Uninstallation: go into Windows Control Panel, Add/Remove Programs, select "GDI32 - WMF Patch" and remove it.

    More Info & Download»

  11. Microsoft Employee Blasts 'fake' Service Pack

    in Security Alerts

    Posted

    By Elizabeth Montalbano, IDG News Service

    October 13, 2005

    Unauthorized Windows XP Service Pack 3 surfaces on Web site

    "A Microsoft Corp. employee has warned against downloading an unauthorized version of Windows XP Service Pack 3 (SP3) that has surfaced on a popular Web site that provides software patches.

    On a Microsoft user newsgroup posting last week, Mike Brannigan, an enterprise strategy and senior consultant at Microsoft, told users that downloading an unofficial version of Windows XP SP3 provided on The Hotfix.net would likely harm their computer and put them "out of support from Microsoft or an OEM (original equipment manufacturer)" because it is not an official Microsoft package" .

    "You would be well advised to stay clear of this fake SP3 package," Brannigan wrote in the post, which appeared on Google Groups.."

    "It is not suitable for testing as it is NOT SP3. ...Anyone who installs this thinking they are getting SP3 (even as a preview) is being grossly mislead and is posing a significant potentially non-recoverable risk to their PC and data."

    InfoWorld»

  13. Dutch Smash 100,000-strong Zombie Army

    in Security Alerts

    Posted

    Published Friday 7th October 2005 20:30 GMT

    "Dutch police have arrested three people for building a worldwide zombie network of more than 100,000 PCs used to launch internet attacks on companies and to hack into bank and Paypal accounts.

    The main suspect, a 19 year-old man, and his alleged accomplices, a 22 year-old and a 27 year-old, were collared in raids on their homes. Police seized "several computers, documents, a bank account, bare cash and a sports car". More arrests are expected.

    The compromised PCs were hacked using a trojan horse, called W 32.Toxbot, according to the police, who say that "some thousands" of the victims were based in the Netherlands.

    Investigators have identified at least one distributed denial of service (DDoS) attack, targeting an unnamed American company, emanating from the zombie botnet. DDoS attacks are often used by extortionists to unleash a barrage of computer-generated request to victim websites to cripple their operations. Online gambling firms and web retailers are typical victims.

    The suspects are also thought to have hacked into a "large number of PayPal and eBay accounts, enabling them to........"

    Story: The Register»

  14. Network Feud Leads To Net Blackout

    in Security Alerts

    Posted

    Published: October 5, 2005, 5:00 PM PDT

    (If you are experiencing any slowdowns or unable to reach sites) »

    "Two major Internet backbone companies are feuding, potentially cutting off significant swaths of the Internet for some of each other's customers.

    On Wednesday, network company Level 3 Communications cut off its direct "peering" connections to another big network company called Cogent Communications. That technical action means that some customers on each company's network now will find it impossible, or slower, to get to Web sites on the other company's network.

    William Steele, a senior network engineer for Syncro Services, said his company noticed the problem Wednesday morning.

    "There are some people I can't send an e-mail to," Steele said. "At home, I have Road Runner as an ISP, and wasn't even able to remotely connect in order to manage our servers."

    "Peering" arrangements are maintained by network companies that agree to connect their networks directly together to exchange traffic more efficiently. When the companies are of roughly equal size, money rarely exchanges hands.

    Level 3 contends that its arrangement with Cogent is no longer financially viable, since it is larger than the other company. It has asked Cogent to seek other arrangements, possibly including paying for the traffic exchange, a Level 3 representative said."

    c/net News»

  21. Security Updates Os X10.3.9/10.4.2

    in Mac, iPhone, iPad, iPod

    Posted

    Security Update 2005-008 (Mac OS X 10.3.9)

    09/22/05

    This update includes the following components:

    LibSystem

    LoginWindow

    Mail

    QuickDraw

    QuickTimeJava

    Safari

    SecurityAgent

    SecurityServer

    Security Update 2005-008 (Mac OS X 10.4.2)

    09/22/05

    This update includes the following components:

    ImageIO

    LibSystem

    Mail

    QuickDraw

    Ruby

    SecurityAgent

    securityd

    For detailed information on this Update, please visit this website: http://docs.info.apple.com/article.html?artnum=61798

    SHA1 SecUpd2005-008Pan.dmg = 65f4dde09ee46fb9e1d58259f4085d90f420fae0

    For detailed information on SHA 1 Digest, please visit this website: http://www.info.apple.com/kbnum/n75510

    Downloads

  22. Linux Standard Base 3.0

    in Linux & Unix

    Posted

    Free Standards Group Releases LSB 3.0

    By Steven J. Vaughan-Nichols

    September 19, 2005

    "On Monday, the Free Standards Group released the latest version of the Linux Standard Base, Version 3.0, and announced that Red Hat Inc., Novell Inc., the Debian Common Core Alliance and Asianux are all certifying their latest operating systems versions to it.

    The LSB 3.0 is a set of standards designed to ensure compatibility among Linux distributions and the applications that run on them. It is expressly designed to prevent the kind of application incompatibilities that have bedeviled the different distributions of the Unix operating system.

    With the widespread adoption of LSB 3.0, ISVs and end users should benefit as it becomes easier and less costly for software vendors to target Linux. Adopters include the nine members of the Debian Common Core Alliance, Novell, Red Hat, and Asianux, which is an alliance of China's Red Flag Linux, Japan's Miracle Linux and Korea's Haansoft distribution vendors."

    eWEEK - Linux & Open source

  24. Kde 3.5 Beta 1 ("kanzler")

    in Linux & Unix

    Posted

    KDE 3.5 Beta 1 ("Kanzler")

    September 21, 2005

    KDE 3.5 Beta 1 can be downloaded over the Internet by visiting download.kde.org. Source code and vendor supplied binary packages are available. For additional information on package availability and to read further release notes, please visit the

    «KDE 3.5 Beta 1 Information Page»

    Please note: Qt 3.3.5 is unsupported by this release.

    :Beta2a:

    http://www.kde.org/announcements/announce-3.5beta1.php