NVDi Support News & Alerts » News

Alert: Microsoft to release out-of-band security update July 28th

wkwalker — Sat, 25 Jul 2009 03:06:15 +0000

Microsoft is releasing a pair of critical Windows security updates on July 28th. This is highly unusual. Microsoft normally issues security fixes on the second Tuesday of the month — “Patch Tuesday.” When they release an out-of-band update like this, it is usually because it deals with a critical vulnerability that is being actively exploited. According to Microsoft’s advance notification, the updates will affect Internet Explorer and Visual Studio. For most of us pluggers, it’s the Internet Explorer patch that will matter.

Windows 7 releases to manufacturing

wkwalker — Thu, 23 Jul 2009 03:30:16 +0000

In case you’ve been busy doing real world stuff and missed all the noise in the trade press, Windows 7 went RTM today. “RTM” means “release to manufacturing.” Microsoft has tucked in all the loose ends — at least, all the loose ends they’re going to worry about right now — and Windows 7 is officially ready to go into production. The folks who build and sell computers will get the final Windows 7 bits almost immediately. Software developers, integrators and other uber-geek types will start getting their hands on it August 6. General public availability — when normal, sane people can buy it — is October 22, 2009.

In other words, beginning on October 22, you’ll be able to buy systems with Windows 7 pre-installed. You’ll also be able to buy Windows 7 off-the-shelf on that date. In the meantime, most computer manufacturers are including a “free” upgrade to Windows 7 with their current offerings.

Temporary fix available for new Internet Explorer vulnerability

wkwalker — Thu, 16 Jul 2009 19:07:17 +0000

Just as Microsoft was rolling out this month’s collection of security patches and software updates, a new Internet Explorer vulnerability cropped up. Basically, it’s another one of those deals where you could get infected simply by visiting a maliciously crafted web page.

Unless the bad guys start exploiting this bug heavily, Microsoft will likely not fix it until the next regular second-Tuesday patch cycle. Until then, there’s a Help and Support page offering a temporary workaround.

Alert: Firefox 3.5.1 released — fixes important vulnerability

wkwalker — Thu, 16 Jul 2009 18:46:34 +0000

Firefox 3.5.1. has just been released to fix a potentially critical vulnerability. It’s not listed on the regular download page yet, but should be shortly.

A couple of days ago, proof-of-concept code was posted showing how a malicious web site could trigger a “drive-by download” when a page was viewed with Firefox 3.5. The 3.5.1 release plugs this hole.

You can get the latest version of Firefox from the Mozilla web site or by clicking on “Check for updates…” in the Firefox Help menu or you can wait for the update to be offered to you automatically when you launch Firefox. Personally, I wouldn’t wait too long.

July Microsoft patches are available

wkwalker — Tue, 14 Jul 2009 22:19:58 +0000

The July Microsoft patches for Windows and layered products, such as Office, are available for download. The servers are slow right now, probably because a whole bunch of people are jumping on them, trying to get at the “critical” Internet Explorer updates.

Swine Flu side-effects

wkwalker — Thu, 30 Apr 2009 00:16:49 +0000

The online pond scum are at it again, using public concern about the recent Swine Flu outbreak to trick people into opening infected email attachments or into visiting malicious web sites. No doubt they will be attempting to game search engine results, too, although this will be a lot tougher to accomplish than it was during the big Conficker scare.

The usual cautions apply: Avoid unverified email attachments. The same goes for links in unsolicited emails. If you are researching swine flu online, look at search result links with a jaundiced eye. Better yet, go straight to one of the authoritative web sites and work from there. The World Health Organization’s Influenza A(H1N1) is a good starting point, as is a similar page maintained by the U.S.-based Centers for Disease Control.

Be careful out there.

Office 2007 Service Pack 2 released

wkwalker — Wed, 29 Apr 2009 17:35:03 +0000

Office 2007 Service Pack 2 was released yesterday. It’s a big download — 290MB if you grab the whole thing — but worth it. For most folks, the biggest reason to get it is that a number of Office applications load and run noticeably faster. SP2 also rolls up a great many security and bug fixes and incorporates support for Open Document Format (ODF). ODF is an important, non-Microsoft document standard and the default format used by third-party packages such as Open Office. This is no more than a convenience for most small operations, but is a big deal for organizations with significant cross-platform or international exposure.

How to get it…

If you have automatic updates enabled and set up to download more than just core Windows updates, you should be offered Office 2007 SP2 automatically.
You can download it directly from Microsoft.
Or, you can get SP2 from a third party such as BetaNews fileforum.

So far, the SP2 update seems to be pretty well behaved. It reset my default news reader setting, but that was a minor irritation, easily corrected. If I encounter any significant issues, I’ll post them here.

Oh, one more thing: If you are running Windows XP, you must have Service Pack 3 installed before you can install Office 2007 SP2. For Vista, Service Pack 1 is required.

Annoying Twitter worm making the rounds

wkwalker — Mon, 13 Apr 2009 15:25:19 +0000

Chances are you won’t encounter it, but there is an annoying Twitter-based worm making the rounds. It’s a spam-generating prank created by an ethics-challenged 17-year-old “out of boredom.” There’s an article in PC World giving a decent overview and links to more information.

The Twitter folks seem to be doing a decent job of stomping the infection, although they still need to address the underlying vulnerability that made it possible. For now, do not respond to, or click any links in, any message containing the words “Mikeyy” or “Stalkdaily.” Definitely do not attempt to check out the user profile of anyone appearing to send such messages.

Patch Tuesday looms

wkwalker — Fri, 10 Apr 2009 23:35:52 +0000

April 14th is “Patch Tuesday.” Barring a major panic, Microsoft issues security updates for its products on the second Tuesday of the month. This month, we’re looking at eight patches, five of them rated “critical.” Microsoft’s offical security bulletin has all the details they’re willing to share so far.

It’s generally a good idea not to let security updates slide for very long. Once the word is out, the bad guys try to reverse-engineer the patches. If they find anything particularly juicy, they take advantage of the fact that many people are remiss about applying the patches. For instance, the primary mode of infection used by the currently infamous Conficker worm is a vulnerability that was fixed several months ago.

A little side-note: April 14, 2009 is also the day Windows XP goes on “extended support.”

Conficker starts serving up malware

wkwalker — Fri, 10 Apr 2009 02:36:34 +0000

As mentioned in the previous post, Conficker is stirring. After applying some code updates, it has started serving up malware. It’s typical of botnets like Conficker to be rented out in sections to various groups of dirtbags, so not all Conficker victims are getting identical infestations.

Some systems are being infected with a fake antivirus application called “Spyware Protect 2009.” Once launched, it buries you in a blizzard of pop-ups claiming you are infected with any number of malware programs and offering to remove them for $49.95. (Looks like the price has gone up. The standard scareware demand used to be $39.95.)

Other Conficker nodes are being infected with “Waledac,” which establishes a back door for sending spam. Waledac also acts as a password-stealing Trojan, so victims face a privacy threat, as well.