Smokey's Security Weblog

veritas odium parit

Ad Muncher ad- and poupup blocker will become completely free for everyone shortly

Today Murray Hurps, the Ad Muncher developer, announced that with upcoming Ad Muncher v5 the software will be free for everyone.

Murray Hurps: “Ad Muncher is normally available for $29.95, plus $19.95 per year after that, but will soon be available in exactly the same form as a completely free product. All users will receive the daily premium filter list updates, including users who were previously using Ad Muncher Basic”.

This is of course fantastic news, Ad Muncher is one of  (probably even the best) of the ad- and popup blockers and advertising removers there is so we all can be very pleased about Murray’s announcement. Nevertheless we all should keep in mind that Murray’s decision to make Ad Muncher a free product wasn’t easy, it’s very generous: besides his own need for earnings he have to pay salaries for three people and it’s going along with usual expenses.

We can expect that Ad Muncher will become free at the moment version 5 will be released, according to Murray version 5 release will happen shortly.

Finally, Murray also explained that those who have recently purchased Ad Muncher can ask for a refund if they’re still covered by the 30-day refund policy, but he explains too that every refund will reduce the chances of Ad Muncher surviving as a fee product. So please people, those who purchased recently Ad Muncher please support Murray and his Team and don’t ask for a refund.

From me a well-meant Thank You Murray, you are a great guy!

June 26, 2014 Posted by | Downloads, News | , , , , , | Leave a comment

Microsoft released emergency out-of-band update fixing IE zero day vulnerability

Today Microsoft have released an emergency out-of-band update (2965111) to fix a zero day publicly disclosed vulnerability in Internet Explorer (Microsoft Security Advisory 2963983). The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

More info about the fix here: MS14-021 :Security update for Internet Explorer: May 1, 2014 The advance notification of the update lists Windows XP as among the affected platforms, indicating that it will be among the platforms patched, in spite of its support period ending weeks ago.

Users with Automatic Updates enabled do not have to do anything, although running Windows Update will apply the fix immediately.

May 1, 2014 Posted by | Alerts, News, Vulnerabilities | , , , , , , , , , | Leave a comment

How to enable LTE/4G on Samsung Galaxy Note 3 (SM-N9005)

Like me you have a fancy and expensive International Samsung Galaxy Note 3 SM-N9005 that conform specifications should be LTE/4G capable and nevertheless no LTE/4G ? It’s probably making you angry and mad, I assume you damn Sammy (again) for delivering a mobile phone that doesn’t do what it should do. Of course you have installed Android KitKat 4.4.2 but still no LTE option available via Start Screen > Apps > Settings > More Networks > Mobile Networks > Network Mode.

Normally in that Network Mode menu should be following options visible/available:

– LTE/WCDMA/GSM  (auto connect)
– WCDMA/GSM (auto connect)
– WCDMA Only
– GSM only

At the moment the mentioned  LTE/WCDMA/GSM  (auto connect)” option is missing you have a problem, you aren’t able to use LTE/4G. Don’t worry. there are several solutions/fixes to solve the lack of LTE/4G. Keep in mind that the solutions will only work with a rooted phone (up to you to take the risk of rooting, you will lose probably phone-guarantee because Knox counter will be tripped and security-wise there are also reservations).

The solutions (again, keep in mind my reservations about rooting your phone):

1. Change with a root explorer of your choice (e.g. Root Explorer, Solid Explorer or EF File Explorer) the value “false” in file persist.radio.lteon into “true” by way of build-in text editor of the root explorer. The file is located in root/data/property. Be sure permissions of  persist.radio.lteon are set to rw, after altering the file save the file and make it read-only. Reboot your phone, now you will see and be able to pick the option  “LTE/WCDMA/GSM  (auto connect)” in Network Mode menu. Important: before altering ANY file on your phone be sure you have a copy of the original, unaltered file!!! Advantage of this solution: even after a phone reboot the option  “LTE/WCDMA/GSM  (auto connect)” will remain visible/activated.

2. When you are afraid or not tech-savvy enough to alter phone files you can download “Advanced Signal Status” on Google Play. Start the app, go into Advanced Info located on bottom of the app and subsequent choose  LTE/GSM/CDMA auto (PRL) in the first sub-menu of Advanced Info. In phone Network Mode menu option  “LTE/WCDMA/GSM  (auto connect)” will still not be visible but nevertheless you will be able to use LTE/4G. Disadvantage of this solution will be that after every phone reboot you have to start “Advanced Signal Status app” and reactivate LTE/GSM/CDMA option.

Please remember that LTE/4G will only work in area’s with LTE and your phone data-plan includes the use of LTE. Good luck and have fun!

April 6, 2014 Posted by | Advisories, News | , , , , , , , , , , , , | 60 Comments

Windows XP data transfer tools: Laplink PCmover Express for Windows XP and PCmover Professional

After April 8, 2014, technical assistance for Windows XP will no longer be available, including automatic updates that help protect your PC. Microsoft will also stop providing Microsoft Security Essentials for download on Windows XP on this date. (If you already have Microsoft Security Essentials installed, you will continue to receive antimalware signature updates for a limited time, but this does not mean that your PC will be secure because Microsoft will no longer be providing security updates to help protect your PC.)

If you continue to use Windows XP after support ends, your computer will still work but it might become more vulnerable to security risks and viruses. Also, as more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter greater numbers of apps and devices that do not work with Windows XP.

To help customers on Windows XP prepare to move to a new PC, Microsoft announced a free transfer tool. They partnered with Laplink to provide Windows XP users with a free data migration tool called PCmover Express for Windows XP which copies your files and settings from your Windows XP PC to a new device running Windows 7, Windows 8 or Windows 8.1. This tool will copy your files, music, videos, email and user profiles and settings from your old PC to your new device, transferring across your home or work network, and even enables Windows XP users to customize exactly what they want to bring over to their new device. The free data transfer will NOT migrate your apps. Learn more and download the free version of Laplink PCmover Express for Windows XP here.

For Windows XP users wanting to transfer applications from their old computer, Laplink is also making available its software that migrates apps, files and settings called PCmover Professional at a special price – see here for details.

Sources: Microsft and Laplink

March 22, 2014 Posted by | Advisories, Alerts, Downloads, News | , , , , , | Leave a comment

RIP ASAP – Alliance of Security Analysis Professionals: 2004-2013

Regrettably I have to tell you that Smokey’s Security Forums isn’t ‘Site Member ASAP – Alliance of Security Analysis Professionals’ anymore, reason is simple: ASAP died.

I want to express my thanks to all the people dedicated to ASAP, this includes common and VIP-members as well ASAP Counsel and Site Owners.

A special Thank You to Corrine, (former) ASAP Secretary, she was the one keeping ASAP alive till the unavoidable happened.

August 9, 2013 Posted by | News | , , , , | Leave a comment

How to Get MSN (Live) Messenger Back and beating Microsoft’s Skype

It’s obvious that countless people are very disappointed that Microsoft has substitute MSN (Live) Messenger by Skype, most people just want to chat and don’t need all the whistles and bells of Skype at all.

Past days Messenger users received one of following messages:

A newer version is available. You must install the newer version in order to continue. Would you like to do this now?

or

A newer version has been downloaded and is available. You must install this newer version in order to continue. Would you like to do this now?

This is just an ordinary Microsoft attempt to force MSN Messenger users to what Microsoft is calling an ´upgrade´ to Skype, majority of the MSN Messenger users see it entirely different and are pissed they are not able anymore to use Messenger, the ´upgrade´ is a nightmare to them.

Don´t worry and be happy again, there´s a nice little piece of software that will allow you to use Messenger again: Messenger Reviver 2 by Jonathan Kay. I have tested the software on multiple PC’s and it will do what it promise: getting MSN (Live) Messenger back. To reach the aim of getting Messenger back, Messenger Reviver 2 will make some changes to your computer. These changes are harmless and can’t hurt your PC so use it without any risk.

Some info about Messenger Reviver 2 (grabbed from author’s weblog)

Messenger Reviver 2 automatically installs, repairs and/or modifies Windows Live Messenger 2012, 2011, 2009, and 2008 as well as Windows Messenger to continue signing in despite being blocked by Microsoft.

Reviver 2 supports modifying all language versions and can automatically install either 2009 or 2012 versions in 47 different languages.

Reviver will automatically attempt to detect if Messenger is still installed, which versions are eligible for modification and if you need to run a repair or new installation to bring Messenger back (if Skype has removed it).

System Requirements

Windows XP, Windows Vista, Windows 7 or Windows 8.
.NET Framework 2.0 or higher (included with Windows Vista or newer), .NET 3.5 or 4.0 recommended

How-To

To revive Messenger, click Start in the Messenger Reviver 2 Screen and the process will automatically modify Messenger and restart it.

If Windows Live Essentials is not installed, you will presented with options to either install Messenger 2009 or 2012 in the language of your choosing. Reviver will attempt to guess which language you prefer based on your prior Windows and Essentials language settings.

Additionally if Essentials is still installed, but Skype has removed it, you will be offered to just repair your Essentials install.

Advanced

If you wish to do a manual re-install or repair, you can select these options by clicking the Advanced button and choosing the function you would like.

I want to make clear again that the use of Messenger Reviver 2 will not damage your PC. Also that you have to say ‘Thank You’ to the author of the application, Jonathan Kay. His weblog and Reviver Support can be found here.

Downloadlinks Messenger Reviver 2 (0,5 MB, zipped)

Link 1

Link 2

Link 3

Please report broken links, thanks in advance!

May 1, 2013 Posted by | Downloads, News | , , , , , , , , , , , , , | Leave a comment

Extremely critical vulnerability Samsung Android Exynos4 based devices [CONFIRMED]

ExynosAbuse Exploit: obtaining root on Exynos4 based Samsung Android devices without ODIN flashing, malicious apps will be able to gain total control over the device by gaining root without asking and without any permissions on a vulnerable device.

Source: XDA Developers (alephzain, Chainfire)

– alephzain: http://forum.xda-developers.com/showthread.php?t=2048511
– Chainfire: http://forum.xda-developers.com/showthread.php?t=2050297

Samsung solution status: unfixed

Vulnerable devices:

– Samsung Galaxy S2 GT-I9100

– Samsung Galaxy S3 GT-I9300
– Samsung Galaxy S3 LTE GT-I9305

– Samsung Galaxy Note GT-N7000

– Samsung Galaxy Note 2 GT-N7100
– Samsung Galaxy Note 2 LTE GT-N7105
– AT&T Galaxy Note 2 SGH-I317
– Verizon Galaxy Note 2 SCH-I605

– Samsung Galaxy Tab Plus GT-P6210

– Samsung Galaxy Note 10.1 GT-N8000, GT-N8010, GT-N8013, GT-N8020

Note: Google Nexus 10 not vulnerable, Exynos5.

Temporary patch (provided by Chainfire): http://forum.xda-developers.com/showthread.php?t=2050297

Note: Chainfire requested not to redistribute the patch, instead please link to http://forum.xda-developers.com/showthread.php?t=2050297

Update Dec 20 2012

Android Central | Dec 19 2012

Official Samsung Statement Exynos kernel vulnerability issue (in full)

“Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.

The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.

Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices”

Third-party fixes

I will only mention Chainfire’s fix. It’s the only one that is secure. Both Supercurio’s and RyanZA’s method leave you with easily exploitable holes any serious malware author will abuse.

About Chainfire’s fix

Chainfire: “This is an APK that uses the ExynosAbuse exploit (by alephzain) to be able to do various things on your Exynos4 based device.

Features for non-rooters:
– Securely patch the exploit

Features for rooters:
– Root the device (SuperSU v0.99)
– Enable/disable the exploit at will
– Enable/disable patching the exploit at boot
– Unroot and cleanup (optionally leaving the exploit patch at boot in place)

Please note that patching the exploit may break camera functionality, depending on device and firmware. Also note that if use the patch method without rooting, or keep patching the exploit at boot enabled when unrooting, you need an alternate method to re-root the device to disable this feature (like CF-Auto-Root) – you cannot use ExynosAbuse to do this since it patched the exploit. Unlike other patch authors, I do not believe in keeping an invisible rooted process running in the background while pretending you aren’t rooted, to be able to unpatch this way.

While the exploit patches work (aside from possibly disabling your camera), these are more work-around than actual fixes. A proper patch would be a kernel fix, either from a third party or Samsung themselves”

Download the fix here: http://forum.xda-developers.com/showthread.php?t=2050297

Note: please do not redistribute the fix!

December 17, 2012 Posted by | Advisories, Alerts, Anti-Virus, Malware, News, Vulnerabilities | , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Smokey’s Security Forums will drop support for IE6 starting 2012-01-01

Internet Explorer 6 was released on August 27, 2001 so the browser is now 10 years old. Despite numerous campaigns to dissuade further use of IE6, 9% of the world is still using IE6 as browser.

The web has changed significantly over the past 10 years, regrettably IE6 not. It can’t handle new web technologies and is highly insecure. Besides, performance is really bad and there are also severe rendering issues.

It’s obvious that most of IE6 (corporate) users and IT Organizations aren’t interested at all to upgrade to a modern browser like IE8/IE9 or to use e.g. Opera 11, Firefox 7 or Chrome 15 browser instead. I know their argumentation to well however I can’t take it seriously anymore. Especially not because IE6 is End of Life (EOL) and the problems with the browser are on the rise.

Considering the never ending argumentation as well all con’s to use an outdated, insecure IE6 instead of a modern and safe browser, Smokey’s Security Forums will drop support for IE6 and will take the ultimate consequence by DENYING SITE ACCESS TO IE6 USERS STARTING 2012-01-01.

Smokey

Owner Smokey’s Security Forums

October 30, 2011 Posted by | News | , , , , , , | Leave a comment

Breaking News: former Libyan leader Moammar Kadafi killed in Sirte, Libya

Sirte, Libya, October 20, 2011

According to the Libyan National Transitional Council (NTC), today former Libyan dictator Moammar Kadafi succumbed to gunshot wounds in his head and his legs. After his capture in Sirte, Libya, he was in critical condition carried off with an ambulance.

Kadafi was in a convoy trying to flee Sirte. NATO would have bombard the convoy. The death of the former dictator was confirmed by the Libyan top official Abdelmajid of the National Transitional Council.

U.S. President Barack Obama’s statement on Kadafi’s death:

“Today, the government of Libya announced the death of Moammar Gadhafi. This marks the end of a long and painful chapter for the people of Libya, who now have the opportunity to determine their own destiny and a new and democratic Libya. For four decades, the Gadhafi regime ruled the Libyan people with an iron fist. Basic human rights were denied, innocent civilians were detained, beaten and killed, Libya’s wealth was squandered. The enormous potential of the Libyan people was held back, and terror was used as a political weapon,. Today we can definitively say that the Gadhafi regime has come to an end. The last major regime strongholds have fallen. A new government is consolidating control over the country. One of the world’s longest serving dictators is no more.

“One year ago, the notion of a free Libya seemed impossible, but then the Libyan people rose up and demanded their rights. And when Gadhafi and his forces started going city to city, town by town to brutalize men, women and children, the world refused to stand idly by. Faced with the potential of mass atrocities and a call for help from the Libyan people, the United States and our friends and allies, stopped Gadhafi’s forces in their tracks. A coalition that included the United States, NATO and Arab nations persevered through the summer to protect Libyan civilians. Meanwhile, the courageous Libyan people fought for their own future and broke the back of the regime.

“This is a momentous day in the history of Libya. The dark shadow of tyranny has been lifted, and with this enormous promise, the Libyan people now have a great responsibility: to build an inclusive, tolerant and democratic Libya that stands as the ultimate rebuke to Gadhafi’s dictatorship. We look forward to the announcement of the
Country’s liberation, a quick formation of an interim government, and a stable transition to Libya’s first free and fair election. And we call on our Libyan friends to continue to work with the international community to secure dangerous materials and to respect the rights of all Libyans, including those who’ve been detained.

“We are under no illusions. Libya will travel a long and winding road to full democracy. There will be difficult days ahead. But the United States, together with the international community, is committed to the Libyan people. You have won your revolution. Now we will be a partner as you forge a future that provides dignity, freedom and opportunity. For the region, today’s events prove once more that the rule of an iron fist inevitably comes to an end. Across the Arab world, citizens have stood up to claim their rights. Youth are delivering a powerful rebuke to dictatorship. And those leaders who try to deny their human dignity will not succeed.”

Update 10-20-2011: according to the News Channel al-Arabiya is the body of Kadafi transferred to the city of Misurata.
Update 10-20-2011: Anees al-Sharif, spokesman for Tripoli’s military council, said Gadhafai’s son Muatassim and his chief of intelligence, Abdullah al-Senussi, also were killed.
Update 10-20-2011:  statement U.S. President Barack Obama on Kadafi’s death.

October 20, 2011 Posted by | News | , , , , , , , , , , , , , | Leave a comment

Osama Bin Laden death related malware expected: be careful

(CNN – May 2, 2011) — Osama bin Laden, the mastermind of the worst terrorist attacks on American soil, is dead, officials said — almost 10 years after the attacks that killed about 3,000 people.

The founder and leader of al Qaeda was killed by U.S. forces Monday in a mansion in Abbottabad, north of the Pakistani capital of Islamabad, along with other family members, a senior U.S. official told CNN.

In an address to the nation Sunday night, U.S. President Barack Obama called bin Laden’s death “the most significant achievement to date in our nation’s effort to defeat al Qaeda.”

“Today, at my direction, the United States launched a targeted operation against that compound in Abbottabad, Pakistan,” Obama said. “A small team of Americans carried out the operation with extraordinary courage and capability. No Americans were harmed. They took care to avoid civilian casualties. After a firefight, they killed Osama bin Laden and took custody of his body.”

To satisfy the curiosity of many people, here the location of Osama bin Laden’s compound on Google Maps. The compound is located at 34°10′9″N 73°14′33″E, 2.5 miles (4 km) northeast of the center of Abbottabad and three-quarters of a mile (1.3 km) southwest of the Pakistan Military Academy (PMA).

Expect a flurry of e-mails, and likely black hat search engine operations trying to take advantage of the event to distribute malware. Be aware for the dangers of emails proclaiming to have information and searching for websites about his death. If you look-out for news about the death of Bin Laden and related issues, please only visit trusted news sites, also don’t click blindly on images related to the news.

Update May 2: there are reports the Bin Laden death scams are already all over Facebook.
Update May 3: malware is found on numerous sites optimized to show up on Web searches related to the event, also in scams on social networks like Facebook, Twitter & Co.

May 2, 2011 Posted by | Advisories, Alerts, Malware, News | , , , , , , , , , , , , , , , , , , , | Leave a comment

AQMRB – Alliance of Qualified Malware Removal Boards™

I am really pleased to announce that a new Security Alliance is born: AQMRB – Alliance of Qualified Malware Removal Boards™.

Aim of the Alliance is, to provide the user searching for malware remove help with the best available and fully qualified services to remove malicious content from his PC, this all free of charge. Only boards that satisfy an extensive list with demanded qualifications/demands can apply for AQMRB membership, all applications will be thoroughly reviewed and evaluated, this with the aim that only fully qualified boards can join the Alliance.

About AQMRB

AQMRB is an Alliance of fully qualified Malware Removal Boards.

AQMRB main aim is to serve customers searching and asking for malware removal help in the best possible way.

AQMRB guarantee free professional malware removal help to non-commercial users.

AQMRB boards offer malware removal help solely provided by staff that are trained and graduated at acknowledged malware removal schools/universities.

AQMRB is a non-profit, volunteer network of independent Malware Removal Boards, and is not affiliated with any organisation.

General Info

More info about the Alliance can be found here: AQMRB
Boards that have the intention to join the Alliance are invited to look at the home page of AQMRB for demanded qualifications.

On behalf of AQMRB,

Smokey, Founder

July 18, 2010 Posted by | Anti-Spyware, Anti-Virus, Bundleware, Malware, News, Phishing, Recommended External Security Related Links, Toolbarware | , , , , , , , , | Leave a comment

HP (Hewlett-Packard Company) Smokey’s Security Weblog 2010/2011 Hall of Shame Awardee

Are you opinion that only shabby, (many times) small companies have doubtful practices? That well-known, established companies can be trusted?
Let’s wake you up: even established companies with an apparently fine reputation can and will perform actions that are wrong, indecent, intolerable and/or condemnable. One of these questionable companies is, regrettably, Hewlett-Packard Company. For reason of what happened in the past, and also for current occurrences, I have the honor to announce that

HP (Hewlett-Packard Company) is Smokey’s Security Weblog Hall of Shame 2010/2011 Awardee

Like all other Hall of Shame Awardees, it is not without good reason that Hewlett Packard received this prestigious Award.

Motivation to grant Hewlett-Packard Company the Award:

– the pre-install of BETA Microsoft Windows service packs on their boxes, especially the pre-install of Vista SP2 EVALUATION COPY.BUILD 6002. Microsoft stressed that the general public should not install it until it is done being tested, it’s obvious that HP ignored the valid Microsoft advice and installed the beta Vista SP2 on an overwhelming amount of HP boxes. Despite the fact we all know that NO beta version of any services pack should be installed on any production machine, HP is apparently different opinion. In this way HP sold boxes with pre-installed OS and SP to faithful customers, with as result that all those boxes can be considered as crippled.

– the incredible miserable support of HP to their customers. ‘After Sales’ is an unknown expression to HP, they treat their customers like a bunch of nasty, unknowing and condemnable people, and have no interest at all in their problems. HP is also not prepared to solve issues caused by wrong, indecent or questionable HP policies in a fast and uncomplicated way.

– supplying boxes with pre-installed OS without delivering of installation or rescue discs for Operating Systems.

Conclusion:

If you consider to buy a HP box, please also consider that HP is Hall of Shame Awardee. Evaluate the motivation to grant HP that Award, and subsequent be very well convinced about where to acquire a new machine. Same is valid for any other HP device.

Note:

I contacted HP Headquarters before granting them the Smokey’s Security Weblog Hall of Shame Award, regrettably they refused to listen. They didn’t answer any of my questions, HP also promised to contact me via a phone call. Superfluous to say that HP also didn’t accomplished what they promised: calling me. Common HP behavior so to speak, I didn’t expected anything else.

Smokey

April 3, 2010 Posted by | Advisories, Alerts, News, Recommended External Security Related Links, Vulnerabilities | , , , , , | 8 Comments

FREE Commercial- and Good Deal Software on Smokey’s Security Forums

Smokey’s Security Forums have started a new project: Freebies and Good Deal Software. The board have therefore now a new section, divided into 2 sub-forums:

Freebies and Good Deals, regarding Security software
Freebies and Good Deals, regarding Common Software

Leader of this new section is Chubb, he will do all the necessary to keep the 2 forums up-to-date. His opinion regarding this kind of software:

Security solution is an important part of our life. Freebies or discounts can encourage people to try different products and choose their own security solution. Some inexperienced users simply surf unsafely and are facing high risk. Freebies can sometimes help them learn more on using security products. It also helps to combat software piracy.

We advise to visit these 2 forums every day, to check on the existence of new Freebies and/or Good Deals.

Happy computing and safe surfing, 🙂

Smokey

February 7, 2010 Posted by | Advisories, Alerts, Anti-Spyware, Anti-Virus, Downloads, News, Recommended External Security Related Links | , , , , , , , , | Leave a comment

0-Day Extremely Critical Vulnerability in Internet Explorer Could Allow Remote Code Execution

Microsoft Security Advisory (979352)
Vulnerability in Internet Explorer Could Allow Remote Code Execution

Published: January 14, 2010 | Updated: January 15, 2010
Version: 1.1

Executive Summary

Microsoft is investigating a report of a publicly exploited vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.

The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

At this time, we are aware of limited, active attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other affected versions of Internet Explorer. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.

Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.

Mitigating Factors:

• Protected Mode in Internet Explorer on Windows Vista and later Windows operating systems limits the impact of the vulnerability.
• In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
• By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone.
• By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone. The Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.

Affected Software

Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 6 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 7 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 7 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Internet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 8 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 8 for Windows Server 2003 Service Pack 2, and Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 8 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Internet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 8 in Windows 7 for 32-bit Systems
Internet Explorer 8 in Windows 7 for x64-based Systems
Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems
Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems

Non-Affected Software

Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000 Service Pack 4

Revisions

• V1.0 (January 14, 2010): Advisory published
• V1.1 (January 15, 2010): Revised Executive Summary to reflect invesigation of limited targeted attacks. Added Data Execution Protection (DEP) information to Mitigating Factors section. Updated “How does configuring the Internet zone security setting to High protect me from this vulnerability?” in the Frequently Asked Questions section.

Related:

The Microsoft Security Response Center (MSRC) – Security Advisory 979352 Released
The Microsoft Security Response Center (MSRC) – Advisory 979352 Updated

This is a serious vulnerability, and should be rated as ‘extremely critical’

January 15, 2010 Posted by | Advisories, Alerts, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , | Leave a comment