Updates 6/12/12 - "Microsoft Tuesday", iTunes, Java

Virus & Spyware

Virus & Spyware
Perspectives on PC security, including antivirus, anti-spyware and firewall solutions.

Updates 6/12/12 - "Microsoft Tuesday", iTunes, Java

  • Today is "Microsoft Tuesday" ("Patch Tuesday") --- the SECOND Tuesday of the month --- on which Microsoft is expected to release its monthly cycle of Windows critical/security updates.   Based on previous history, they should become available at 1 P.M. (USA - Eastern Daylight Saving Time).

    Please use Windows or Automatic Updates to determine which updates are applicable to your particular system.

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • iTunes is being mentioned here because it is a common target for infections, and so should always be kept up to date [if you have it on your system]...

    The following has been copied/pasted from http://secunia.com/advisories/49489/

    Description

    Apple has reported two vulnerabilities in Apple iTunes [at least one of which is rated "highly critical"], which can be exploited by malicious people to compromise a user's system.

    1) An error in the handling of .m3u playlists can be exploited to cause a heap-based buffer overflow via a specially crafted M3U (".m3u") file.

    2) A vulnerability is caused due to a bundled vulnerable version of WebKit.

    For more information see vulnerability #3 in: http://secunia.com/advisories/48454/

    NOTE: This vulnerability does not affect the application on OS X Lion systems.

    Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

    Solution
    Update to version 10.6.3.

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • The following 3 updates are rated CRITICAL:

    MS12-036 Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939) 

    MS12-037 Cumulative Security Update for Internet Explorer (2699988) 

    MS12-038 Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726) 

    =================================================

    The following 4 updates are rated IMPORTANT:

    MS12-039 Vulnerabilities in Lync Could Allow Remote Code Execution (2707956) 

    MS12-040 Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100) 

    MS12-041 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162) 

    MS12-042 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167) 







    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Windows Malicious Software Removal Tool for June, version 4.9

    32-bit version for Windows 7/Vista/XP/Server 2003: http://www.microsoft.com/en-us/download/details.aspx?id=16 

    x64-bit version http://www.microsoft.com/en-us/download/details.aspx?id=9905 

    This month's tool adds detection/removal of

    Win32/Cleaman  - "a family of multi-component, obfuscated trojans that are distributed via drive-by exploit kits. Its main purpose is to redirect BingGoogle, and Yahoo search results to bogus webpages that serve advertisements, adware programs, and malware".

    and

    Win32/Kuluoz - "a trojan that tries to steal passwords that are stored in certain applications and sensitive files from your computer. This trojan could also download other malware to your computer such as other variants of Win32/Kuluoz and Win32/Sirefef, and variants of rogue security software such asWin32/FakeSysdef and Win32/Winwebsec "

    EDIT:  Additional information on  Kuluoz  may be found at http://blogs.technet.com/b/mmpc/archive/2012/06/12/msrt-june-12-cleanup-on-aisle-one.aspx


     

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • For people who have Java, it's time to update again... "This release contains fixes for security vulnerabilities".

    Release Notes:  http://www.oracle.com/technetwork/java/javase/7u5-relnotes-1653274.html

    Java Version 7 Update 5  http://java.com/en/download/manual.jsp

    Be sure to UNcheck any offers for toolbars/programs [unless you really want them]:

    "Oracle has partnered with companies that offer various products. The installer may present you with option to install these programs when you install Java.  If you don’t want these “piggybacked” programs, UNcheck the box for Optional 3rd Party Applications [see diagram].  After ensuring that the desired programs are selected, click the Next button to continue the installation. 

     


    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Microsoft also released a "Fix It" ("temporary work-around") for an extremely critical UNpatched vulnerability in its XML Core Services.   See my post here:  http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19452809.aspx 

    [I believe the Fix It (for an UNpatched vulnerability) deserves a separate thread of its own.]

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Well, I knew I was in for headaches when I saw that .Net Framework patch, but I wasn't quite prepared for the 4 (!) .Net patches offered by MSU today for my XP/sp3 system.

    I installed them all successfully, and they all appear in my Add/Remove list, and in my update history. Yet MSU keeps offering them. I hid them all. FWIW, I no longer trust Secunia PSI or Belarc to verify their installation properly.

    It is beyond me.

    _________________________________________

    Dell Forum Member since 2,000

    WOT Web of Trust    Use OpenDNS   MalwareBytes' Anti-Malware Free

    (Mostly) Free Security Software- A Primer

    Windows 7 Home Premium (64- Bit), Panda Cloud AV Free, OpenDNS, SpywareBlaster, MVPS Hosts file, WinPatrol PLUS, IE11, HitmanPro (on-demand 2nd opinion AV scanner),HitmanPro.Alert. Windows software firewall, MBAM Premium, CryptoPrevent, Zemana Antilogger Free, Secunia PSI, WOT, Sandboxie, CCleaner Free, Emsisoft Anti-Malware Free.(yeah, it's probably overkill).

  • Joe,

    All I can say is that on my XP-Pro/SP3 system, 1) MSU is NOT re-offering me the .NET  [nor any other] updates, and 2) Secunia's PSI is not complaining about my .NET versions.   [I haven't used BelArc on this system in quite a while...]

    Interestingly, Secunia is still reporting that all FLASH versions (since 11.1.102.55, last December) are suffering from an UNpatched "unspecified highly critical" vulernerability.

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • <SIGH>More .net headaches from Microsoft this month....Crying

    Update KB2656370 for .net framework 1.1  SP1 failed on my system running XP Pro SP3. Now what am I supposed to do...?

     

    If this answers your question, please click  Yes  

    Ron

    Forum Member since 2004

    I am NOT a Dell employee

  • Oh, and Belarc is suddenly telling me KB2656369 is unlocked and failed verification, even though it was previously locked/verified.

    If this answers your question, please click  Yes  

    Ron

    Forum Member since 2004

    I am NOT a Dell employee

  • This just keeps getting worse!  Angry

    I followed Method 1 here to fix error 0x643 using the Microsoft Fix It tool for .net. That didn't help so I proceeded to Method 2 for .net  framework 1.0, 1.1, 2.0, 3.0, 3.5. I ran dotnetfx_cleanup_tool to remove .net 1.1 and rebooted. Then downloaded and installed .net 1.1 and rebooted again.

    But when I tried to install .net 1.1 SP1 as instructed, I got this error message: 

    c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll could not be loaded

    I see a file with that name in the designated folder, but it doesn't seem to want to load.

    So, not only don't I have update KB2656370 installed, I no longer have .net 1.1 SP1 installed. Super Angry

    I HATE MICROSOFT! Ick!

     

    If this answers your question, please click  Yes  

    Ron

    Forum Member since 2004

    I am NOT a Dell employee

  • Ron.

    Sorry to hear about your problem. I do not know if it is of any consolation but it is not only you. I did not apply any MS fix-up when it ( KB2656370 ) failed on me thru Automatic Updates this afternoon. I just went to the MS update page and tried to install it again. Winpatrol alerted me of some changes and Comodo with firewall and D+ alerts. Even Comodo autosandbox did not recognized some files. Twice I tried and failed. I took a deep breath and drop my pants off ( security off ), and it installed without a glitch.

     

    Next time I will install my MS patches by turning off the comp so that no security bothers the installment.

    Hernan.

    Dim9200/XPS 410.C2D 2.40GHz.2GB RAM.XP Pro_86 SPk3.IE8 & FF29

    Avast!Free 9.0.2018. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. WOT. OpenDNS. SAS(o/d)

    "We are all ignorant, but we don't all ignore the same things..." Albert Einstein

     "When you've excluded the impossible, whatever remains, however improbable, must be the truth..." Sherlock Holmes.

  • For what it's worth, I had no problems installing KB2656370 on my XP-Pro/Sp3 system.   No pop-ups from WinPatrol.   [I don't have Comodo.]   I had disabled the behavior-shield on avast [but all its other shields remained active]... not sure if that made the difference.

    KB2656370 is showing up in my Windows Update history, and in my Control Panel Add/Remove.

    KB2656370 in June is a RE-ISSUE of a previous update (same KB#, as part of MS12-025) in April.

    Relevant file information for this update: 

    File nameFile versionFile sizeDateTime
    System.Drawing.dll 1.1.4322.2497 471,040 25-Apr-2012 17:45

    Note  If you previously installed hotfix 2712189 to address printing issues in Windows Forms and are now installing this re-release of this security update, you may see that installing this update does not change the version number of the files that are installed. This behavior is expected because hotfix 2712189 contains a more recent file version of the installed files and supersedes this re-release.  

     

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • I tried installing the failed KB2656370 again, after disabling ZoneAlarm firewall and Microsoft Security Essentials before I tried the other fixes MS recommended for this problem. Nothing worked.

    And because I got stuck reinstalling .net 1.1 SP1 after using their "fix", I decided to NUKE every version of .net on my XP Pro SP 3 system with their .net removal tool. That felt soooo good after all these problems with .net! Stick out tongue

    Then downloaded and installed .net 1, 1.1, 2, 3, 3.5 and all their service packs, with reboots and System Restore points in between everything. That took quite a long time! When that was done, I went to the MS update site and found I needed 19 .net updates. They took another hour to install.

    To my surprise, they all installed without a single issue, including KB2656370. Belarc with their latest (today's) definitions file says I'm now fully up-to-date. Hallelujah!!!

    And as a side issue, it feels like IE8 is running with lightening speed now, compared to before all this cleanup. Will wonders never cease....?

    But I still HATE MICROSOFT because I wasted almost a whole day on their nonsense... Angry

    If this answers your question, please click  Yes  

    Ron

    Forum Member since 2004

    I am NOT a Dell employee

  • Update:: I had queried MS yesterday about how to resolve this .net problem.

    They just responded that if "method 2" fails to fix it after a 0x643 .net installation error, the only option left is to do exactly what I'd already done:

    Nuke all .net versions using their .net removal tool and install all of them over from scratch, starting with v1.  

    Gee, maybe I should be working for MS...!

    And IE8 is definitely running faster now.

    If this answers your question, please click  Yes  

    Ron

    Forum Member since 2004

    I am NOT a Dell employee