Archive for December, 2012

Attackers Target Internet Explorer Zero-Day Flaw

December 29, 2012

Attackers are breaking into Microsoft Windows computers using a newly discovered vulnerability in Internet Explorer, security experts warn. While the flaw appears to have been used mainly in targeted attacks so far, this vulnerability could become more widely exploited if incorporated into commercial crimeware kits sold in the underground.

In a blog posting Friday evening, Milpitas, Calif. based security vendor FireEye said it found that the Web site for the Council on Foreign Relations was compromised and rigged to exploit a previously undocumented flaw in IE8 to install malicious software on vulnerable PCs used to browse the site.

According to FireEye, the attack uses Adobe Flash to exploit a vulnerability in the latest (fully-patched) version of IE8. Dustin Childs, group manager for response communications at Microsoft, said the vulnerability appears to exist in previous versions of IE.

“We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,” Childs said in an emailed statement. “We will take appropriate action to help keep customers protected once our analysis is complete. People using Internet Explorer 9-10 are not impacted.”

The 20 Most Common Shortcuts Everyone Needs to Know

December 20, 2012

Even if you don’t want to dig into the deeper recesses of keyboard shortcuts, and few of the most common shortcuts can still save you a ton of time. If you need to really learn these set the below image up as a desktop background, or print it and place it on your wall (click to expand or right-click to save):

Keyboard Shortcuts

Critical Updates for Flash Player, Microsoft Windows

December 11, 2012

Adobe and Microsoft have each released security updates to fix critical security flaws in their software. Microsoft issued seven update bundles to fix at least 10 vulnerabilities in Windows and other software. Separately, Adobe pushed out a fix for its Flash Player and AIR software that address at least three critical vulnerabilities in these programs.

A majority of the bugs quashed in Microsoft’s patch batch are critical security holes, meaning that malware or miscreants could exploit them to seize control over vulnerable systems with little or no help from users. Among the critical patches is an update for Internet Explorer versions 9 and 10 (Redmond says these flaws are not present in earlier versions of IE).

Other critical patches address issues with the Windows kernelMicrosoft Word, and Microsoft Exchange Server. The final critical bug is a file handling vulnerability in Windows XPVista and 7 that Microsoft said could allow remote code execution if a user browses to a folder that contains a file or subfolder with a specially crafted name. Yikes. Updates are available through Windows Update or via Automatic Updates.

 

Adobe shipped a Flash Player update for Windows, MacLinux and Androidinstallations of the software. The appropriate new version number is listed by operating system in the chart below. Adobe says that Flash Player installed with Internet Explorer 10 for Windows 8 and Google Chromeshould be updated automatically; on Windows the latest version should be 11.5.502.135, and Chrome users on Windows, Mac or Linux who have the latest version of Chrome (v. 23.0.1271.97) should have version 11.5.31.5installed.

Most users can find out what version of Flash they have installed by visiting this link. Adobe urges users to grab the latest updates from its Flash Player Download Center, but that option pushes junk add-ons like McAfee VirusScan. Instead, download the appropriate version for your system from Adobe’s Flash Player Distribution page.

Updates for Adobe AIR are available from this link.

If all of this updating nonsense has your head spinning, or if you are the unofficial or de facto tech support person for your friends and family, consider installing a free update management product like Secunia’s Personal Software Inspector (I prefer the 2.x version) or FileHippo’s Update Checker, either of which can make it far easier to stay on top of the latest security patches for important software.

As always, if you experience problems or issues installing any of these updates, please leave a note about in the comments below.