Posted by Monte Robertson on Mon, Aug 09, 2010 @ 07:18 PM
A week ago today, Microsoft released an out-of-cycle critical update patch that has drawn a lot of attention. This software security update has received a lot of attention because the exploit (computer security vulnerability), has gained traction on the Internet and large companies were affected.
Simply put, the exploit revolves around the shortcut links (.lnk files), the computer uses to take the user to a network share or launch a program for example. These malicious links can be put into documents by the attacker or spread via USB drives. The attackers can also spread the exploit by getting users to visit infected web sites, infecting many machines with drive by downloads.
Because the ease and criticality of this exploit reaching the Internet, it is important to download, test and deploy this computer security update as soon as possible, if not sooner, to all appropriate computers.
Speaking of Software Security Updates; tomorrow (8/10/10), Microsoft will release 14 updates patching 34 vulnerabilities in multiple products. We recommend downloading, testing and deploying the eight critical updates first because those have the highest risk. But don’t stop there because the remaining six important updates can be exploited as well. Getting infected seems to be getting easier and easier these days, especially for the common user.
It just a matter of a user effortlessly finding the wrong website, at almost any time, with the wrong permissions, or clicking on a bad link, or opening an unknown attachment to get infected. And all that is easier and more common than most people realize.
From the number of known vulnerabilities viewpoint tomorrow is the biggest computer security patch day ever. It comes right on the heels of a critical out-of-cycle security update.
So maybe you should take the day off from work and make sure your computers and servers are fully up to date. You didn’t have anything else to do, do you? Stay safe out there.
Security as a Service for Businesses who have better things to do. 303.232.9070
Posted by Monte Robertson on Mon, Feb 15, 2010 @ 09:38 AM
One of the Windows Updates released on 2/9/2010 is being blamed (possibly incorrectly), for many XP users having their machines blue screen after installing the security software update and rebooting the machine. It may be that the machines exhibiting this condition are actually infected with a Trojan released back in 2008 and by fixing the exploit via the patch(es), the machine locks up.
Anyway here the solution as it stands now:
Apparently only one Knowledge Base (KB) patch requires un-installation (or should be skipped to begin with if you have not updated yet and have XP machines), to resolve the issue.
KB977165 is the patch under current scrutiny; the other patches released Tuesday don't seem to cause the blue screen result and do not need to be uninstalled.
If you have installed KB977165 and have a machine in trouble, here are the updated steps to take. You will need the XP install disk to repair the computer, which will be a problem if you bought one that shipped without the install\repair disk.
1. Boot from your Windows XP CD or DVD and start the recovery console (recovery console instruction help) Of course the machine will have to boot first from the disk drive and a visit to system setup may be required before starting step one.
Once you are in the Repair Screen:
2. Type this command: CHDIR $NtUninstallKB977165$\spuninst - push enter
3. Type this command: BATCH spuninst.txt - push enter
4. When complete, type this command: exit - push enter
Ok you fixed it but the machine still has the vulnerability, now what do I do? - The link here shows how you can get protected from this exploit mentioned in KB977165 without installing the actual KB update: http://support.microsoft.com/kb/979682
If you have a Netbook with this problem it is going to be a bad day. I can't find much in the way of fixes for non-technical users. Can you say "bootable USB?"
Thanks to Kevin Hau and Krebs for getting the fix out. Thanks to all the crackers writing malicious code that keeps an entire industry afloat. If they really wanted to make an impact on the world they could stop writing malicious code. An entire security software industry would cease to exist. Yeah. Like that's going to happen.
Stay Safe Now.
Security as a Service for Businesses who have better things to do. 303.232.9070