|  Firefox 3.6.8 Released Firefox 3.6.8 fixes the following issues found in previous versions of Firefox 3.6:
- Fixed a single stability issue affecting some pages containing plugins.
Please see the complete list of changes in this version. You may also be interested in the Firefox 3.6.7 release notes for a list of changes in the previous version. Firefox 3.6.7 Released What’s New in Firefox 3.6.7
Firefox 3.6.7 fixes the following issues found in previous versions of Firefox 3.6:
Please see the complete list of changes in this version. You may also be interested in the Firefox 3.6.6 release notes for a list of changes in the previous version.  Microsoft Windows LNK Vulnerability Update Microsoft now has an automated "Fix It" available to implement the workaround first outlined in Microsoft Security Advisory 2286198. The automated "Fix It" is available via KB article 2286198.
Running the "Fix It" can help prevent attacks attempting to exploit this vulnerability. This workaround will disable some icons from being displayed. Microsoft Windows LNK Vulnerability US-CERT Vulnerability Note VU#940193
http://www.kb.cert.org/vuls/id/940193
Microsoft Windows automatically executes code specified in shortcut files
Overview
Microsoft Windows automatically executes code specified in shortcut (LNK) files.
I. Description
Microsoft Windows supports the use of shortcut or LNK files. A LNK file is a reference to a local file. Clicking on a LNK file has essentially the same outcome as clicking on the file that is specified as the shortcut target. For example, clicking a shortcut to calc.exe will launch calc.exe, and clicking a shortcut to readme.txt will open readme.txt with the associated application for handling text files.
Microsoft Windows fails to properly obtain icons for LNK files. A specially-crafted LNK file can cause Microsoft Windows to automatically execute code that is specified by the shortcut file. The specified code may reside on a USB drive, local or remote filesystem, a CD-ROM, or other locations. Viewing the location of a LNK file with Windows Explorer is sufficient to trigger the vulnerability. By default, Microsoft Windows has AutoRun/AutoPlay features enabled. These features can cause Windows to automatically open Windows Explorer when a removable drive, such as a USB thumb drive, is connected. Other applications that display file icons can be used as an attack vector for this vulnerability as well.
This vulnerability is being exploited in the wild to spread malware that targets control systems. Exploit code for this vulnerability is publicly available.
II. Impact
By convincing a user to display a specially-crafted LNK file, an attacker may be able to execute arbitrary code with the privileges of the user. Depending on the operating system and AutoRun/AutoPlay configuration, this can happen automatically by connecting a USB device.
III. Solution
We are currently unaware of a practical solution to this problem. Please review Microsoft Security Advisory 2286198 and consider the following workarounds:
Disable the displaying of icons for shortcuts
According to Microsoft Security Advisory 2286198:
Note See Microsoft Knowledge Base Article 2286198 to use the automated Microsoft Fix it solution to enable or disable this workaround.
Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe.
1. Click Start, click Run, type Regedit in the Open box, and then click OK
2. Locate and then click the following registry key:
HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler
3. Click the FileExport[/b]
4. In the Export Registry File dialog box, enter LNK_Icon_Backup.reg and click Save
Note This will create a backup of this registry key in the My Documents folder by default
5. Select the value (Default) on the right hand window in the Registy Editor. Press Enter to edit the value of the key. Remove the value, so that the value is blank, and press Enter.
6. Restart explorer.exe or restart the computer.
Note that this mitigation will prevent Windows shortcuts from displaying icons.
Disable AutoRun
Disabling AutoRun can increase the amount of user interaction that is required to trigger this vulnerability. It will not block the vulnerability, however. Please see Microsoft Support article 967715 for more details. Setting the NoDriveTypeAutoRun registry entry to 0xFF should provide the highest amount of protection.
Use least privilege
Use "least privilege" approach to user accounts. By reducing the privileges of the user accounts, the impact of this and other vulnerabilties may be reduced. More information about this technique is available in the Microsoft TechNet article Applying the Principle of Least Privilege to User Accounts on Windows XP. Note that these concepts still apply to Windows Vista and newer operating systems.
Disable the WebClient service
According to Microsoft Security Advisory 2286198:
Disabling the WebClient service helps protect affected systems from attempts to exploit this vulnerability by blocking the most likely remote attack vector through the Web Distributed Authoring and Versioning (WebDAV) client service. After applying this workaround, it will still be possible for remote attackers who successfully exploited this vulnerability to cause Microsoft Office Outlook to run programs located on the targeted user's computer or the Local Area Network (LAN), but users will be prompted for confirmation before opening arbitrary programs from the Internet.
To disable the WebClient Service, follow these steps:
1. Click Start, click Run, type Services.msc and then click OK.
2. Right-click WebClient service and select Properties.
3. Change the Startup type to Disabled. If the service is running, click Stop.
4. Click OK and exit the management application.
Block outgoing SMB traffic
Block outgoing connections on ports 139/tcp, 139/udp, 445/tcp, and 445/udp at your network perimeter. Doing so will help prevent machines on the local network from connecting to SMB servers on the internet. While this does not remove the vulnerability, it does block an attack vector for this vulnerability.
Vendor Information
References
http://www.microsoft.com/technet/security/advisory/2286198.mspx
http://support.microsoft.com/kb/2286198
http://www.securityfocus.com/bid/41732
http://secunia.com/advisories/40647/
http://support.microsoft.com/kb/967715
http://www.anti-virus.by/en/tempo.shtml
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/
http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf
http://www.f-secure.com/weblog/archives/00001986.html
http://www.f-secure.com/weblog/archives/00001987.html
Credit
This vulnerability was discovered by VirusBlokAda through its exploitation in the wild.
This document was written by Will Dormann. It's Patch Tuesday for July 2010 This month's 'Patch Tuesday' includes four bulletins addressing five vulnerabilities.
- Two bulletins, both with a severity rating of Critical, affect Windows.
- Two of the bulletins affect Microsoft Office; of those, one carries a Critical severity rating and one is rated Important.
Microsoft will also close out two Security Advisories this month.
Also, July marks the end of Microsoft support for the Windows 2000 and Windows XP SP2 platforms. Customers should actively seek out either a supported operating system or the latest service pack in order to keep receiving necessary security updates.  GFI Software Acquires Sunbelt Software Raleigh, NC — Jul 13, 2010 — GFI Software, a market leading provider of software infrastructure products for small and medium-sized enterprises, announced today that it has acquired Sunbelt Software and specifically its VIPRE® product suite. Terms of the transaction were not disclosed.
Read Full Press Release
Sunbelt Software is a leading provider of Windows security software including enterprise antivirus, antispyware, email security, and malware analysis tools. Leading products include the VIPRE® and CounterSpy® product lines, Sunbelt Exchange Archiver™, CWSandbox™, and ThreatTrack™. Google Chrome 5.0.375.99 has been released Google Chrome 5.0.375.99 has been released to the Stable channel on Linux, Mac, and Windows.
This release fixes the following security issues:
[42396] Low OOB read with WebGL. Credit to Sergey Glazunov; Google Chrome Security Team (SkyLined).
[42575] [42980] Medium Isolate sandboxed iframes more strongly. Credit to sirdarckcat of Google Security Team.
[$500] [43488] High Memory corruption with invalid SVGs. Credit to Aki Hekin of OUSPG; wushi of team509.
[$500] [44424] High Memory corruption in bidi algorithm. Credit to wushi of team509.
[45164] Low Crash with invalid image. Credit to javg0x83.
[$1000] [45983] High Memory corruption with invalid PNG (libpng bug). Credit to Aki Helin of OUSPG.
[$500] [46360] High Memory corruption in CSS style rendering. Credit to wushi of team509.
[46575] Low Annoyance with print dialogs. Credit to Mats Ahlgren.
[47056] Low Crash with modal dialogs. Credit to Aki Helin of OUSPG. Emsisoft acquires Online Armor! Emsisoft is primarly known for our Anti-Malware products. Two years ago we started marketing and selling the German version of the Online Armor firewall from Tall Emu, who are based in Australia. Both the positive feedback from our customers and excellent cooperation with Tall Emu led us to proudly announce that Emsisoft has taken over the support and development of Online Armor, including aquiring all of its developers.
The sophisticated Online Armor Firewall ensures that only programs explicitly approved by the user have access to the local network or Internet. Other modules have been added to the classical Firewall features, such as Web protection, an Online Banking mode and protection against undesired Autostarts.
The Online Armor Firewall is the perfect enhancement to our security software and expands our product range in exactly the right direction. It is already regarded as one of the world's best Firewalls, so users can rest easy in the knowledge that they will now have two top security products from the same source that are directly matched to each other.
Online Armor is the one firewall that I routinely recommend to people who do not have a third-party firewall installed. With Emsisoft's acquisition of Online Armor, and its developers, will strengthen Emsisoft's position with it's European market. Malwareteks is being attacked We have been under a sustained attack for nearly a month. We are getting literally thousands of requests a hour for the same 2 pages. There appears to be at least 3 bot nets involved in the sustained attack. The attackers are attempting to exploit a vulnerability, in the CMS that powers this site, that has been closed for 2 months. Some webmasters have failed to keep their site software up-to-date and as a result their servers have been compromised and are now zombies. Adding one more machine to the bot net.
The attack has effected hundreds of websites running the same CMS as used here at Malwareteks. Because so many sites are being attacked has been fortunate for us. I don't believe this was meant to have been a DDoS. However, it appears that one script kiddie has a flawed controller script that is flooding servers with requests, resulting in a DDoS. Some sites have not been able to handle the server load caused by the attack, and are no longer responding. I have been working to mitigate the effects of this sustained attack, and as a result Malwareteks has remained operational. I have hardened the CMS and it is up-to-date. There are scripts running in the background that help protect the site from exactly this type of scenario.
Because this is in essence a DDoS, due to at least one flawed controller script, you may from time to time experience problems connecting to the site, posting to the forums, or uploading attachments to forum posts. Rest assured I am doing everything in my power to keep Malwareteks up and available. Firefox 3.6.6 Released Firefox 3.6.6 modifies the crash protection feature to increase the amount of time that plugins are allowed to be non-responsive before being terminated.
Please see the complete list of changes in this version. You may also be interested in the Firefox 3.6.4 release notes for a list of changes in the previous version. | |
|
