[APK]

MS10-002 Cumulative Security Update for Internet Explorer (978207)

Look for THAT on the page...

(There you go, FloppyBootStomp!)

APK

P.S.=> Well, to save you time? The DIRECT linkage is here -> http://www.microsoft.com/technet/sec.../ms10-002.mspx

apk

[floppybootstomp]

Downloaded it, ran it, got this:



It's only 3.16Mb and not zipped.

Possibly corrupt I suppose.

[APK]

Quote:

Originally Posted by floppybootstomp

Downloaded it, ran it, got this:



It's only 3.16Mb and not zipped.

Possibly corrupt I suppose.

Per my subject-line above:

Are you out of OR nearing/on the way to being out of diskspace possibly?

(I say this, because of the nature of the err/abend being displayed is all & many times, installations use the %TEMP% &/or %TMP% environmental variable values to do their jobs, as a place to do their temporary ops like extracts etc./ et al)

... so, other than that??

Well - You might be correct - because corrupt executables spit back that SAME message many tiems also... try to "haul it in again" I guess & to reinstall it!



* GOOD LUCK!

APK

P.S.=> I wouldn't be surprised @ a corrupted patch on download, because MS' servers are being HIT HARD by the sheer #'s of folks that have been "nailing them" for download for this patch since Mid-Thursday 01/21/2010 (lol, I almost typed 2009, still donig that here... don't you HATE that?)... apk

[floppybootstomp]

Thanks for the good luck wish.

Don't think I'm short of space:

[APK]

Quote:

Originally Posted by floppybootstomp

Thanks for the good luck wish.

Don't think I'm short of space:

Again: Good luck & I'd still try to "snag" it IF you can, or just let Windows Update "do its thing" to do so, even though sometimes it takes longer than doing it manually yourself.

AND?

This is pretty good advice, even if you folks don't use IE as your "default browser", it may be a GOOD idea to get this anyhow... why?

Well, because SOME apps force the use of it on users is why... w/ out them knowing @ first (& there is no TRUE guanrantee of "absolute safety" on ANY website really).

Example? MS even has been "HIT" by adbanners carrying malicious payloads (because the adbanners that come from other servers are NOT being checked for 1 thing -> http://it.slashdot.org/story/09/06/1...May-Be-a-Virus ), so even if say an app directs you there, as SOLID as the talent they get usually is? It's possible to get "hosed".

Examples of apps that do so, are here:

http://tech.slashdot.org/comments.pl...d&cid=30854906

Perhsaps an "interesting read" for those of you interested in PC Security & how apps work this way @ times (even GOOD apps).

APK

P.S.=> Others @ /. liked it, you may also, as it was "modded up" etc. et al there... again, good luck too! apk

[APK]

A security vulnerability exists in, and has existed in since 1992-1993, the emulation subsystems for DOS &/or Win16 applications under 32-bit versions of Windows NT-based OS:

Microsoft Security Advisory (979682)

Vulnerability in Windows Kernel Could Allow Elevation of Privilege:

http://www.microsoft.com/technet/sec...ry/979682.mspx

----

THE "FIX":

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems

(via removing support for said subsystems by blanking out the files they point to.)

These excerpts will help you identify each component used:

The NTVDM:

16 bit DOS and older 16 bit windows applications are supported by the NT virtual DOS machine (NTVDM) which runs in the Client/Server Runtime (CSR) subsystem. Since each copy of the NTVDM is given its own thread of execution, if it fails, it will not affect the operating system or other programs.

The following components support the NTVDM:

NTVDM.EXE - Starts the NTVDM and emulated the DOS environment.

NTIO.SYS - Emulates the DOS IO.SYS system file.

NTDOS.SYS - Emulates the DOS.SYS file.

Virtual Device Driver (VDD) - Used to allow DOS to interface with system devices on various ports such as the mouse, keyboard, serial ports, parallel ports, and video devices. This component is required since DOS expects to access hardware devices directly, but cannot do so when running on Windows NT.

VDMREDIR.DLL - Redirects file system input/output requests to the Win32 subsystem.

AUTOEXEC.NT - Replacement for AUTOEXEC.BAT.

CONFIG.NT - Replacement for CONFIG.SYS.

NT always loads a PIF for MS-DOS based applications. You can create a PIF to define requirements of the DOS application such as memory needs. In Windows NT 4.0, the PIF settings can be accessed by right clicking on the DOS executable file and selecting properties. On RISC based systems, an instruction execution unit (IEU) works with the NTDVM to emulate I383 Intel processor instruction sets.

----

What this "fix" (hopefully only needed temporarily) does, is remove the subsystem for DOS/Win16 applications.

It is the ONLY "work-around" I am aware of for this until it is fixed, IF ever, and it is very similar to a recommendation that others "tear out" the POSIX subsystem for the same potential reasons: Security vulnerabilities issues.

(The only people that need to be concerned here, are those running 32-bit versions of Windows NT-based OS (NT 3.x, NT 3.5x, NT 4.0, Windows 2000/XP/Server 2003/VISTA/Server 2008/7), because 64-bit versions of Windows OS do not have a 16-bit subsystem emulator present in them)

APK

P.S.=> Many, if not MOST, people today can do without these entries, UNLESS they have legacy applications from DOS or 16-bit Windows applications they need for "mission critical" purposes... those folks will have to leave these in place until a fix is created by Microsoft (the same can go for those who don't need this as well, but you "take your chances" until MS fixes this)... apk

[APK]

To help users automate this fix for the security issue in the NTVDM DOS 16-bit emulation subsystem present in 32-bit Windows NT-based OS (all of them & since 1992-1993 no less) that was noted in my last post above, You can do this far faster/easier/simpler, by using something Microsoft themselves devised to make it easier & simpler than registry editing, see the URL below:

http://support.microsoft.com/kb/979682

(It's easier/faster/simpler than wholesale disabling via renames or deletions of the files the NTVDM DOS 16-bit emulation subsystems components as shown above OR via registry edits, & thus, you can use what's in that URL above instead (and enable it again easily enough when a fix arrives IF you choose to do so as well)).

APK

[APK]

IF A WEBSITE PROMPTS YOU TO PRESS THE "F1" KEY? DON'T!

Here is why:

http://secunia.com/advisories/38727/

Secunia Advisory SA38727

Microsoft Windows "MsgBox()" HLP File Execution VulnerabilitySecunia Advisory SA38727
Track and eliminate the complete Vulnerability threat lifecycle

Release Date 2010-03-01

Criticality level Moderately critical

Impact System access

Where From remote

Solution Status Unpatched

Operating System(s):

Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Storage Server 2003
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Description

Maurycy Prodeus (my fellow "polish person") has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the VBScript "MsgBox()" function allowing the execution of arbitrary HLP files. This can be exploited to execute an HLP file from e.g. an SMB share by tricking a user into pressing F1 when viewing a specially crafted website.

Successful exploitation allows execution of arbitrary commands via HLP macros.

The vulnerability is confirmed with Internet Explorer 7 on a fully patched Windows XP SP3, and additionally reported in Windows 2000 and Windows Server 2003.

Solution

Avoid pressing F1 on untrusted websites. Disable Active Scripting support.

APK

P.S.=> I was a "wee bit" slow on posting this one, but, here tis (around 28 days later than I ordinarily would, sorry about that, "busy boy" here is all)... apk

[APK]

MS Issues Emergency IE Security Update:

http://www.microsoft.com/technet/sec.../ms10-018.mspx

----

Microsoft has issued an emergency patch for 10 IE security holes. 'The cumulative update, which Microsoft announced on Monday, resolves nine privately reported flaws and one that was publicly disclosed. Software affected by the cumulative update addressing all the IE vulnerabilities includes Windows 2000, Windows XP, Windows Server 2003 and Server 2008, Vista, and Windows 7.

----



* This one closes a LOT of "security holes" in Internet Explorer, through ALL of Microsoft's 32 & 64 bit Windows NT-based Operating Systems of "modern variety"...

APK

P.S.=> Well, "have @ it folks", & that's "hot off the presses"... enjoy! apk

[APK]

For those of you who are aware of the advantage of using a custom HOSTS file, for both noticeable added speed, AND NOTICEABLE ADDED SECURITY ONLINE (this latter being via the SIMPLE PRINCIPLE of "You can't get burned, if you can't go into the 'malscripted site kitchen'")?

I have just edited my post point #5 here with the list below (of reputable & updated sites that keep lists of KNOWN BAD SITES &/or SERVERS, or entire HOSTS files too) so you can integrate their entries into YOUR CUSTOM HOSTS FILE (as I have been doing for years now, with approximately 828,342 entries of known bad sites &/or servers in it):

RESULTS USERS WHO HAVE USED MY HOSTS FILE ARE SEEING? OK - THIS TESTIMONIAL SHOULD SERVE THE PURPOSE AS A "NUFF SAID":

----

http://forums.theplanet.com/index.ph...st=60&start=60

"the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK."

- Kings Joker, user of my guide @ THE PLANET

----

So, as you can see?

Someone who used to get HUNDREDS of malware infestations a month, by stumbling into bad malscripted websites or those that serve up malware executable downloads, etc./et al, is now FAR BETTER PROTECTED by the version of my HOSTS file I use, & NO LONGER SEES THAT LEVEL OF INFESTATION, no less!

(He gets it each day from me, via email, because I keep up on it everyday via the lists below (And, via a program I wrote to integrate the entries, alphabetize them (helps with DNS client cache loads, or B-Tree populations in diskcache), & lastly, to "normalize it" via duplicated entries removal (so file is smaller & faster to load/read too))

It just works!

Additionally, it works SO WELL, that Kings Joker above runs Windows 2000, no service packs, no hotfixes, no antivirus, no antispyware programs (he just installed them recently to check his infestations levels in fact, but for 1/2 a year++ or more, he did not to test this, acting as my "Lab Rat #1 in fact)... And, his results? NO SPYWARE/MALWARE/TROJANS/VIRUSES/WORMS (NO malware-in-general):

For direct reply on his findings & results? Write he here -> (E-Mail Removed)

He can "fill you in" on the rest, as to his results &/or findings (which basically state that all you need, is to run a protective custom HOSTS file that's kept current, & be judicious about your usage of javascript (both points are covered in this article/guide, extensively, AND THEY WORK!)

----

ADVANTAGES OF HOSTS FILES OVER BROWSER ADDONS ALONE, & EVEN DNS SERVERS:

1.) HOSTS files eat A LOT LESS CPU cycles than browser addons do no less (since browser addons have to parse each HTML page & tag content in them, while HOSTS files only really consume "CPU cycles" during their loads (a programming data storage construct, which is an analog to a PASCAL record). Then, the IP stack uses the DNS client C/C++ structure, or possibly an object (not sure anymore, I'd have to see the BSD reference code again to be sure) to do the rest (that, or the local diskcache, because if you have a LARGE hosts file, you have to turn off the DNS Client Cache service, or your system will lag badly (I have notified Microsoft of this occurrence in fact, directly))!

2.) HOSTS files are also NOT severely LIMITED TO 1 BROWSER FAMILY ONLY... browser addons, are. HOSTS files cover & protect (for security) and speed up (all apps that are webbound) any app you have that goes to the internet (specifically the web).

3.) HOSTS files allow you to bypass DNS Server requests logs (via hardcoding your favorite sites into them to avoid not only the TIME taken roundtrip to an external DNS server, but also for avoiding those logs OR a DNS server that has been compromised (see Dan Kaminsky online, on that note)).

4.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR (by saving the roundtrip inquiry time to a DNS server & back to you).

5.) HOSTS files also allow you to not worry about a DNS server being compromised, or downed (if either occurs, you STILL get to sites you hardcode in a HOSTS file anyhow in EITHER case).

6.) HOSTS files are EASILY user controlled, obtained (for reliable ones -> http://en.wikipedia.org/wiki/Hosts_file ) & edited too, via texteditors like Windows notepad.exe or Linux nano (etc.)

7.) HOSTS files aren't as vulnerable to "bugs" either like programs/libs/extensions of that nature are, OR even DNS servers, as they are NOT code, & because of what's next too

8.) HOSTS files are also EASILY secured well, via write-protection "read-only" attributes set on them, or more radically, via ACL's even.

9.) HOSTS files are a solution which also globally extends to EVERY WEBBOUND APP YOU HAVE - NOt just a single webbrowser type (e.g. FireFox/Mozilla & its addons exemplify this, such as ADBLOCK)

10.) AND, LASTLY? SINCE MALWARE GENERALLY HAS TO OPERATE ON WHAT YOU YOURSELF CAN DO (running as limited class/least privlege user, hopefully, OR even as ADMIN/ROOT/SUPERUSER)? HOSTS "LOCK IN" malware too, vs. communicating "back to mama" for orders (provided they have name servers + C&C botnet servers listed in them, blocked off in your HOSTS that is) - you might think they use a hardcoded IP, which IS possible, but generally they do not & RECYCLE domain/host names they own, & this? This stops that cold, too! Bonus...

(Still - It's a GOOD idea to layer in the usage of BOTH browser addons for security like adblock, &/or NoScript (especially this one, as it covers what HOSTS files can't in javascript which is the main deliverer of MOST attacks online & SECUNIA.COM can verify this for anyone really by looking @ the past few years of attacks nowadays), for the concept of "layered security")

APK

P.S.=> To keep "ontop of the latest known malicious sites" online? See these sites (1 I mentioned here already, this is the rest of the list I use, & others too):

START OF WEBSITES & SOURCES + TOOLS I USED TO POPULATE THIS LIST + MY ORIGINAL LIST OF BLOCKED ADBANNERS SERVERS

http://ddanchev.blogspot.com/
http://www.malwareurl.com/listing-urls.php
http://www.malware.com.br/lists.shtml
http://securitylabs.websense.com/content/alerts.aspx
http://www.stopbadware.org
http://blog.fireeye.com/
http://mtc.sri.com/
http://www.scansafe.com/threat_center/threat_alerts
http://news.netcraft.com
http://www.shadowserver.org/
https://zeustracker.abuse.ch/monitor.php?filter=online
http://en.wikipedia.org/wiki/Hosts_file
http://www.mvps.org/
http://someonewhocares.org/
http://hostsfile.mine.nu/hosts0
http://hosts-file.net/?s=Download
http://www.stopbadware.org/home

Between they, & SpyBot "Search & Destroy"? You have most of, if not ALL of what a "body needs" for these purposes. if you know of others? Please list them, & thanks! apk