recent posts

Online Sellers: Beware of Fake Check Scams
Adobe Plugs 8 Security Holes in Reader
Mozilla Distributes Virus-Infected Language Pack
Robotraff: A Hacker's Go-To For Clicks
Microsoft Releases Windows XP Service Pack 3

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Microsoft's Valentine: 17 Security Updates

Microsoft today pushed out software updates to fix a large number of security flaws in computers running its Windows operating systems and other software. Notable among the patches is a critical roll-up of fixes for Internet Explorer, the Web browser used by the majority of the world's online population.

Today's bundle of fixes corrects at least 17 security vulnerabilities found in Microsoft products ranging from Windows to Microsoft Office and Works, to Internet Information Services (ISS), a popular Web server.

At least 10 of the flaws earned Microsoft's most serious "critical" rating, meaning they could be exploited by attackers to break into PCs and install software with little or no help from the victim. For example, the IE update addressed four of those critical flaws, each of which Microsoft said could be exploited merely by convincing an IE user to visit a malicious/hacked Web site or open a poisoned HTML e-mail. Ditto for another critical vulnerability present on Windows 2000 and Vista systems (as well as Microsoft Office 2004 for Mac).

Microsoft also released patches to plug seven security holes in various versions of its Office products, flaws that hackers could use to plant software on victim machines in many cases merely by convincing users to open specially-crafted Office documents.

All of the Office updates area available through the Automatic Updates or through Microsoft Update, save for the Office 2000 fixes, the most "critical" ones in the bunch. Office 2000 users will need to pay a special visit to Microsoft's Office Update Web site and let it scan for available updates. Office 2000 users may also need to have a copy of their Office installation disc on hand.

By Brian Krebs |  February 12, 2008; 4:50 PM ET Latest Warnings , New Patches , Safety Tips
Previous: Apple Releases Tiger, Leopard Security Updates | Next: Beware Bogus E-Valentines

Comments

Please email us to report offensive comments.



SANS (Internet Storm Center) revised their diary to indicate "Patch Now" for the IE update due to an "Exploit publicly available".

http://isc.sans.org/diary.html?storyid=3973

As is always the case and stated in most Microsoft security bulletins, "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

Patch using the administrator account, otherwise use a limited user account!

Posted by: TJ | February 12, 2008 5:25 PM

Is microsoft going to make vista more compatible or just re release xp.

Posted by: Dan | February 12, 2008 11:12 PM

Brian: I downloaded and installed
SnoopFree Privacy Shield 1.0.7 as you suggested and AVG tells me that there is a TrojanHorse downloader Zlob.XH in the setup.exe file ; Please Help !
Thank you

Posted by: DC | February 13, 2008 7:20 AM

Symantec says the WebDAV Mini-Redirector vulnerability has the potential to be the worst of the bunch, as the vulnerable component runs with SYSTEM privileges. So following security best practices of using an account with the least amount of privileges will have no affect on this issue.

http://www.symantec.com/enterprise/security_response/weblog/2008/02/microsoft_patch_tuesday_for_fe.html

Of course apply the patch, but unless there is a specific need for it, best practice (of disabling unneeded services) dictates:

Disable the WebClient Service

To disable the WebClient Service, follow these steps (requires administrator access):

1. Click Start, click Run, type Services.msc and then click OK.
2. Right-click WebClient service and select Properties.
3. Change the Startup type to Disabled. If the service is running, click Stop.
4. Click OK and exit the management application.

Posted by: Tim | February 13, 2008 9:12 AM

@DC SnoopFree?

Did I miss something? Did Brian recommend "SnoopFree"? What blog issue date?

Thanks

Posted by: ShortOfMemory | February 13, 2008 11:53 AM

re SnoopFree

in Security Fix Live Friday Feb 8, 2008

Transcript available at:

http://www.washingtonpost.com/wp-dyn/content/discussion/2008/02/06/DI2008020601716.html


I would use this as an opportunity to do things right. If you can't be bothered to set up a limited user account on your system, try the drop my rights approach with the browsers you use. In addition, there are free anti-keylogger programs available, such as SnoopFree and BoClean that are designed specifically to spot malware that tries to hook your keyboard.

Posted by: DC - | February 13, 2008 1:15 PM

Brian, first thanks for your recommendations of AVG free anti-virus, which I'm now using instead of Kaspersky anti-virus. I did like KAV, but when I tried to install the latest version as part of a renewal, it indicated that it is incompatible with the most recent versions of Zone Alarm firewall. The alternative fix consisted of finding a new firewall or using an older version of Zone Alarm. I decided to go with AVG--it doesn't have the bells and whistles of KAV but is perfectly adequate--and free!

Posted by: GCV | February 13, 2008 4:33 PM

I went to windows update just now to get the patches but it only showed 4 updates I needed. Am I missing something? Or were the '16' updates a cumulative figure of WinXP and WinVis combined?
Thanks

Posted by: random | February 13, 2008 7:56 PM

@random -- Only some of the updates apply to Windows XP. Keep in mind also that Microsoft often bundles numerous fixes in one patch. So, for example, the IE patch actually fixes four separate problems (all are present on XP, but you will only see one patch listed for IE).

Posted by: Bk | February 13, 2008 8:06 PM

My son applied the latest on his HP 6100 series PC running Vista and now it won't boot. Great! I know XP and earlier but not Vista. Any suggestions on backing out this stuff?

Posted by: wally | February 13, 2008 9:34 PM

@wally -- try booting into safe mode (hold or continuously press the F8 key after powering up the system). If you can boot into the desktop, try using system restore to bring the system back to a pre-patch state (it may be slightly different to get to system restore on Vista, but on XP it's Start, Programs, Accessories, System Tools).

Posted by: Bk | February 13, 2008 11:41 PM

re: SnoopFree

Brian: after I downloaded and installed SnoopFree
version 1.0.7 from www.snoopfree.com
AVG has detected two Trojan Horses
The service SnoopFreeSvc cannot be stopped nor disabled by administrators, and there is no way to uninstall, although you can run SnoopFree.exe /U
I think it reinstalls itself after rebooting.

My machine has been connecting to
blk-7-215-184.eastlink.ca port 44687 from my
localhost port 1056.

I have the first 1055 ports stealth according to grc's Shields Up!.

That domain name (snoopfree.com) is registered through networksolutions to:

Administrative Contact :
SnoopFree
Stephen Nichols
stephenln@hotmail.com
1410 Katie Lynch Drive
Pflugerville, TX 78660
Phone: (512)670-1585

also see

http://www.manta.com/coms2/dnbcompany_g13gxg

GoogleMaps satellite shows a nice residential location

http://maps.google.com/maps?f=q&hl=en&geocode=&q=1410+katie+lynch+78660&sll=38.906982,-77.014231&sspn=0.208386,0.464859&ie=UTF8&ll=30.461987,-97.631979&spn=0.000902,0.001816&t=h&z=19&pw=2

Posted by: DC | February 14, 2008 8:02 AM

@Wally

SANS Internet Storm Center has a diary on the Vista "reboot loop" problem.

http://isc.sans.org/diary.html?storyid=3998

Posted by: TJ | February 20, 2008 10:02 AM

I am locked in a never-ending battle with Automatic Updates. Three or four times (at least) I've received notice that the same update is pending download and installation (KB943983) - after I download it, it installs during shutdown and sure enough, sooner or later, it reappears anew as an update pending installation.

I know I'm not the first to encounter this, but an admittedly brief Google search turned up no leads.

Thanks for anything anyone can offer.

_Brian

Posted by: _Brian | February 23, 2008 1:14 AM

Useful site. Thanks!
http://illinois-loan-online-payday.ttrussgun.net/map.html illinois loan online payday

Posted by: illinois loan online payday | April 17, 2008 10:44 AM

Useful site. Thank you!
http://bank-chase-equity-home-loan.ttrussgun.net/map.html bank chase equity home loan

Posted by: bank chase equity home loan | April 17, 2008 12:25 PM

Useful site. Thanks:-)
http://zero-down-payment-mortgage-loan.ttrussgun.net/map.html zero down payment mortgage loan

Posted by: zero down payment mortgage loan | April 17, 2008 2:40 PM

Useful site. Thanks:-)
http://7-biography-allegra-anne-may.blogspot.com/map.html 7 biography allegra anne may

Posted by: 7 biography allegra anne may | April 25, 2008 8:58 AM

Useful site. Thank you.
http://0-best-price-for-allegra.blogspot.com/map.html 0 best price for allegra

Posted by: 0 best price for allegra | April 25, 2008 9:04 AM

Post a Comment

We encourage users to analyze, comment on and even challenge washingtonpost.com's articles, blogs, reviews and multimedia features.

User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions.




 
 

©  The Washington Post Company