Largest Microsoft Patch Ever Coming Soon!

Next Tuesday will be Microsoft’s Patch Tuesday for the month of October. For IT admins this means it’s time to clear your calendar and prepare to address a record-setting 16 security bulletins addressing 49 different identified vulnerabilities. This breaks the current record of 14 security bulletins that were issued back in August 2010.

Most of the updates plug security holes that could allow malevolent internet users to inject malicious code into the users’ computers. As these holes are usually in features not switched on by default, Microsoft usually labels them as Important (the most critical updates are labeled Critical).

It’s a long list of affected software that includes: Windows XP, Vista, Windows 7, Windows Server 2003 and 2008, Microsoft Office XP Service Pack 3, Office 2003 Service Pack 3, Office 2007 Service Pack 2, Office 2010, Office 2004 for Mac and 2008 for Mac, Windows SharePoint Services 3.0, SharePoint Server 2007, Groove Server 2010, and Office Web Apps.

These patches are considered important as we head into the last quarter of the year, a time when many businesses have a heavy volume of online shopping. This period sees many financial and retail companies going into lockdown mode where they don’t update their systems.

Microsoft will release the 16 updates at approximately 1 p.m. ET on Oct. 12.  I think I’ll take that afternoon off and turn off my phones.

Ed

You Can NEVER Have Enough Backups!

Just a brief post today to say what we’ve all heard so many times. “You can NEVER have enough back ups!”

Recent storms in our area caused us to suffer data loss when lightening ran in on some equipment, burning out both internal and external (backup) hard drives.  I have been working all week just to get back to some form of resemblance of normality, but want to tell you, BACKUP your BACKUPS!

If anyone has sent us any email recently, please resend your mail. I lost ALL email (sent and received) back to August 7th of last year. Long story as to why we didn’t lose it all… but backups on one external drive that I stopped using last August still had all old mail on it… so ALL was not lost. And yes, surge protectors were in place… but most surge protectors will not stop the power of lightening. My office consists of a total of 7 surge protector units, and only the larger, more expensive ones, performed well enough to stop the surge we experienced, and this was not even a direct hit.

Make sure you back up your back ups, and make sure your surge protectors will REALLY protect you, or be prepared to face (someday) what I’ve been dealing with this week.

 

Real Player Vulnerable to Silent Attack

On Jan. 1, the Russian security-research group Immunity Inc. told the world that RealPlayer 11 is vulnerable to a serious attack. The vulnerability could let a bad guy run code of his choice on your computer.

As far as I know, there aren’t any exploits floating around yet, which is a bit of a relief.  However, there also isn’t an update available from Real Networks at this time to address the problem.

I consider this threat to be serious enough that you shouldn’t use RealPlayer until a patch is released.  Your best defense is to completely uninstall the player, using the Add/Remove Software control panel.  Otherwise, you might inadvertently visit a Web site that launches an exploit by simply invoking RealPlayer’s vulnerable code.

I’ve uninstalled the player from all of my machines, simply because it is "NOT WORTH THE RISK" to me… and Windows Media Player is my preferred player over Real Player anyway.  I suggest you do the same… or don’t call me when someone invades your computer thorugh Real Player 😉

If you don’t want to just take my word for it, but prefer to read the technical data on this flaw… here is a link to the analysis by Vnunet.

I’ll have more for you on several other points and subjects in another post coming tomorrow. 

 

Ed

 

 

Updates Without Your Permission

Holy cow!  One of the two monsters of the Internet is at it again.  For all of our newer clients who have not followed my thought processes over the years as to the “Two Monsters” I so lovingly refer to, they are “Google” and “Microsoft”.

 

Microsoft has begun patching files on Windows XP and Vista without users’ knowledge, even when the users have turned off auto-updates!

 

In recent days, Windows Update (WU) started altering files on users’ systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC.

 

It’s surprising that these files can be changed without the user’s knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft’s latest stealth move, updates to the WU executables seem to be installed regardless of the settings — without notifying users.

 

When users launch Windows Update, Microsoft’s online service can check the version of its executables on the PC and update them if necessary. What’s unusual is that people are reporting changes in these files although WU wasn’t authorized to install anything.

 

For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn’t need permission to patch Windows Updates files, even if you’ve set your preferences to require it.

 

To make matters even stranger, when I search on Microsoft’s Web site, there is no information at all on the stealth updates.  Let’s say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system.  You’d be hard-pressed to find the updated files in order to download them.  As of this writing, you either get a stealth install or nothing.

 

Microsoft appears to have no malicious intent in patching them. However, writing files to a user’s PC without notice (when auto-updating has been turned off) is behavior that’s usually associated with hacker Web sites.  The question being raised in discussion forums is, “Why is Microsoft operating in this way?”

 

It’s important to note that there’s seems to be nothing harmful about the updated files themselves.  There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches).  My biggest gripe is the mechanism Microsoft is using to perform its patching, and how this mechanism might be used by the software giant in the future.

 

On another note pertaining to Microsoft and their updates, Microsoft patched four vulnerabilities this month, but you’re still not entirely safe.

 

There’s a dangerous unpatched vulnerability, and the bad guys are actively exploiting it.  Until Microsoft releases a fix for the severe vulnerability involving Visual Basic, guard your systems against files that have a .vbp (Visual Basic Project) extension.

 

We considered putting a server-wide block on incoming email that contained a .vbp file attachment, but taking that step would keep you from running any legitimate VB projects.  So instead, I’m just sending you a MAJOR CAUTION FLAG to NOT open any attachments that may find their way to your in-box that has a .vbp extension unless you are absolutely, positively, without any shadow of a doubt, sure of who sent it to you, and that whomever sent it is free of any infections in their Visual Basic programming.

 

Finally… some readers last week expressed concerns about the recommended resource I referred you to (Secunia) to scan your system for outdated files, wondering about it’s safety.  Let me emphasize, the scan is safe, it is free, and can take you a couple of steps further along in the “Protect Your PC and Data at All Costs” goal.

 

Since their privacy policy seems to be hidden on their site, I did a little digging and found it (for those who even care)… and it can be found here:

https://psi.secunia.com/?page=privacy

 

If you had problems running the scan on your system for some reason (a few select users apparently encountered errors), it may be due to you either having major system files out of date, cookies disabled, or a couple of other things that I am not going to get in to in this post.  My only suggestion is, try it again, and also sign up for their software update reminder service.  It too is free, and they will not spam you or sell your address to any third parties.

 

I ran my system through their scanners again yesterday, (only a week after updating everything the first time) and found two more outdated applications that need to be updated to prevent vulnerabilities.  So again, I encourage you to bookmark their site, and make it a weekly part of your PC Maintenance to scan your system for outdated applications.

http://secunia.com/software_inspector/

 

That’s it for today!  Be safe, and have a great weekend.

 

Ed