Smokey's Security Weblog

veritas odium parit

Microsoft released emergency out-of-band update fixing IE zero day vulnerability

Today Microsoft have released an emergency out-of-band update (2965111) to fix a zero day publicly disclosed vulnerability in Internet Explorer (Microsoft Security Advisory 2963983). The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

More info about the fix here: MS14-021 :Security update for Internet Explorer: May 1, 2014 The advance notification of the update lists Windows XP as among the affected platforms, indicating that it will be among the platforms patched, in spite of its support period ending weeks ago.

Users with Automatic Updates enabled do not have to do anything, although running Windows Update will apply the fix immediately.

May 1, 2014 Posted by | Alerts, News, Vulnerabilities | , , , , , , , , , | Leave a comment

[UPDATED / SOLVED] Be aware: malware removal program ComboFix probably infected with Sality virus

According to Marcos, employee of security solutions vendor ESET, the well-known malware cleaning/removal program ComboFix created by sUBs is infected with the Sality virus. It seems that the current installer ComboFix contains an infected file, namely iexplore.exe

I haven’t checked the issue, however have to assume that ComboFix is indeed infected with the Sality virus, especially because other security vendors have confirmed the infection.

Please don’t download and use ComboFix until the author, sUBs, remedies the issue.

UPDATE 1: Infection is confirmed by a reliable source.

UPDATE 2: To be 100% sure I checked the issue by myself, ComboFix is indeed infected by Sality.

UPDATE 3: Added a temporary Google Drive downloadlink to obtain most recent CLEAN ComboFix.exe

Data of this clean version:

Combofix.exe
Version 13.1.28.1
Copyright sUBs
5.028.179 bytes

MD5 CHECKSUM: 0F6D28A70471051C4C7785335ACBA626

SHA256 CHECKSUM:

hex: 361548f74415a41f00d5345b3e3c489b3282b302c0c51266880eda586db01a12
HEX: 361548F74415A41F00D5345B3E3C489B3282B302C0C51266880EDA586DB01A12
h:e:x: 36:15:48:f7:44:15:a4:1f:00:d5:34:5b:3e:3c:48:9b:32:82:b3:02:c0:c5:12:66:88:0e:da:58:6d:b0:1a:12
base64: NhVI90QVpB8A1TRbPjxImzKCswLAxRJmiA7aWG2wGhI=

Download: removed

UPDATE  4 / FINAL UPDATE / 2013-01-30 22:00: problem infected ComboFix solved, clean ComboFix.exe is now live again, and available to download from its normal Bleeping Computer downloadlink here.

Because the problem is now solved I have removed the temporary downloadlink clean ComboFix.exe

January 29, 2013 Posted by | Advisories, Alerts, Anti-Virus, Malware, Vulnerabilities | , , , , , , | 4 Comments

Microsoft Security Bulletin MS13-008 – Out-Of-Band Critical Security Update for Internet Explorer (2799329)

Published: Monday, January 14, 2013 by Microsoft

Version: 1.0
General Information
Executive Summary

This security update resolves one publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 and Internet Explorer 10 are not affected. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 2794220.

Recommendation. Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

Known Issues. None

Affected and Non-Affected Software: see the Security Bulletin.

Some Frequently Asked Questions (FAQ) Related to This Security Update, for all FAQ’s see the Security Bulletin.

Is this update, MS13-008, a cumulative security update for Internet Explorer?
No. This security update, MS13-008, only addresses the vulnerability described in this bulletin.

Do I need to install the last cumulative security update for Internet Explorer, MS12-077?
Yes. In all cases MS13-008 protects customers from the vulnerability discussed in this bulletin. However, customers who have not installed the latest cumulative security update for Internet Explorer may experience compatibility issues after installing the MS13-008 update.

Customers need to ensure that the latest cumulative security update for Internet Explorer, MS12-077, is installed to avoid compatibility issues.

If I applied the automated Microsoft Fix it solution for Internet Explorer in Microsoft Security Advisory 2794220, do I need to undo the workaround before applying this update?
Customers who implemented the Microsoft Fix it solution, “MSHTML Shim Workaround,” in Microsoft Security Advisory 2794220, do not need to undo the Microsoft Fix it solution before applying this update.

However, since the workaround is no longer needed, customers may wish to undo the workaround after installing this update. See the vulnerability workarounds in this bulletin for more information on how to undo this workaround.

Where are the file information details?
Refer to the reference tables in the Security Update Deployment section for the location of the file information details.

Where are the hashes of the security updates?
The SHA1 and SHA2 hashes of the security updates can be used to verify the authenticity of downloaded security update packages. For the hash information pertaining to this update, see Microsoft Knowledge Base Article 2799329.

How are Server Core installations affected by the vulnerability addressed in this bulletin?
The vulnerability addressed by this update does not affect supported editions of Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 as indicated in the Non-Affected Software table, when installed using the Server Core installation option.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided “as is” without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

January 14, 2013 Posted by | Advisories, Alerts, Downloads, Vulnerabilities | , , , , , , , , , | Leave a comment

Microsoft Advance Notification for Out-Of-Band Security Update to Address Security Advisory 2794220

Microsoft Security Response Center – MSRCTeam | 13 Jan 2013 3:00 PM

Today, we are providing Advance Notification to customers that at approximately 10 a.m. PST on Monday, January 14, 2013, we will release an out-of-band security update to fully address the issue described in Security Advisory 2794220. While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future. The bulletin has a severity rating of Critical, and it addresses CVE-2012-4792. Internet Explorer 9-10 are not affected by this issue and as always, we encourage customers to upgrade to the latest browser version.

We recommend that you install this update as soon as it is available. This update for Internet Explorer 6-8 will be made available through Windows Update and our other standard distribution channels. If you have automatic updates enabled on your PC, you won’t need to take any action. If you applied the Fix it released in Security Advisory 2794220, you won’t need to uninstall it before applying the security update.

January 14, 2013 Posted by | Advisories, Alerts, Vulnerabilities | , , , , , , , | Leave a comment

Extremely critical vulnerability Samsung Android Exynos4 based devices [CONFIRMED]

ExynosAbuse Exploit: obtaining root on Exynos4 based Samsung Android devices without ODIN flashing, malicious apps will be able to gain total control over the device by gaining root without asking and without any permissions on a vulnerable device.

Source: XDA Developers (alephzain, Chainfire)

– alephzain: http://forum.xda-developers.com/showthread.php?t=2048511
– Chainfire: http://forum.xda-developers.com/showthread.php?t=2050297

Samsung solution status: unfixed

Vulnerable devices:

– Samsung Galaxy S2 GT-I9100

– Samsung Galaxy S3 GT-I9300
– Samsung Galaxy S3 LTE GT-I9305

– Samsung Galaxy Note GT-N7000

– Samsung Galaxy Note 2 GT-N7100
– Samsung Galaxy Note 2 LTE GT-N7105
– AT&T Galaxy Note 2 SGH-I317
– Verizon Galaxy Note 2 SCH-I605

– Samsung Galaxy Tab Plus GT-P6210

– Samsung Galaxy Note 10.1 GT-N8000, GT-N8010, GT-N8013, GT-N8020

Note: Google Nexus 10 not vulnerable, Exynos5.

Temporary patch (provided by Chainfire): http://forum.xda-developers.com/showthread.php?t=2050297

Note: Chainfire requested not to redistribute the patch, instead please link to http://forum.xda-developers.com/showthread.php?t=2050297

Update Dec 20 2012

Android Central | Dec 19 2012

Official Samsung Statement Exynos kernel vulnerability issue (in full)

“Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.

The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.

Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices”

Third-party fixes

I will only mention Chainfire’s fix. It’s the only one that is secure. Both Supercurio’s and RyanZA’s method leave you with easily exploitable holes any serious malware author will abuse.

About Chainfire’s fix

Chainfire: “This is an APK that uses the ExynosAbuse exploit (by alephzain) to be able to do various things on your Exynos4 based device.

Features for non-rooters:
– Securely patch the exploit

Features for rooters:
– Root the device (SuperSU v0.99)
– Enable/disable the exploit at will
– Enable/disable patching the exploit at boot
– Unroot and cleanup (optionally leaving the exploit patch at boot in place)

Please note that patching the exploit may break camera functionality, depending on device and firmware. Also note that if use the patch method without rooting, or keep patching the exploit at boot enabled when unrooting, you need an alternate method to re-root the device to disable this feature (like CF-Auto-Root) – you cannot use ExynosAbuse to do this since it patched the exploit. Unlike other patch authors, I do not believe in keeping an invisible rooted process running in the background while pretending you aren’t rooted, to be able to unpatch this way.

While the exploit patches work (aside from possibly disabling your camera), these are more work-around than actual fixes. A proper patch would be a kernel fix, either from a third party or Samsung themselves”

Download the fix here: http://forum.xda-developers.com/showthread.php?t=2050297

Note: please do not redistribute the fix!

December 17, 2012 Posted by | Advisories, Alerts, Anti-Virus, Malware, News, Vulnerabilities | , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Emergency Bulletin – Out-Of-Band Patch: Microsoft Security Advisory (2718704)

Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing

http://technet.microsoft.com/en-us/security/advisory/2718704

Published: Sunday, June 03, 2012

Version: 1.0

General Information

Executive Summary

Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.

Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:

  • Microsoft Enforced Licensing Intermediate PCA (2 certificates)
  • Microsoft Enforced Licensing Registration Authority CA (SHA1)

Affected Software and Devices

This advisory discusses the following affected software and devices:

Operating System

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Server Core installation option

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Affected Devices

Windows Mobile 6.x
Windows Phone 7
Windows Phone 7.5

Recommendation

For supported releases of Microsoft Windows, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information, see the Suggested Actions section of this advisory. For affected devices, no update is available at this time.

TechNet Blogs > MSRC > Microsoft releases Security Advisory 2718704

http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx

We recently became aware of a complex piece of targeted malware known as “Flame” and immediately began examining the issue. As many reports assert, Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk. Additionally, most antivirus products will detect and remove this malware. That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks. Therefore, to help protect both targeted customers and those that may be at risk in the future, we are sharing our discoveries and taking steps to mitigate the risk to customers.

We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft.

We are taking several steps to remove this risk:

• First, today we released a Security Advisory outlining steps our customers can take to block software signed by these unauthorized certificates.

• Second, we released an update that automatically takes this step for our customers.

• Third, the Terminal Server Licensing Service no longer issues certificates that allow code to be signed.

These actions will help ensure that any malware components that might have been produced by attackers using this method no longer have the ability to appear as if they were produced by Microsoft.

We continue to investigate this issue and will take any appropriate actions to help protect customers. For more information, please refer back to this site and check with your anti-malware vendor for detection support.

Mike Reavey
Senior Director, MSRC

June 4, 2012 Posted by | Advisories, Alerts, Malware, Vulnerabilities | , , , , , , , , , , , , , | Leave a comment

Norton 360 v5.1.0.29 (patch 5.1) released – ENGLISH ONLY

Symantec/Norton released Norton 360 v5.1.0.29 (patch 5.1). Note: the patch is currently available to ENGLISH users ONLY. Norton will release the patches in other regions soon. You can also receive the update by running LiveUpdate and download the update. A reboot will be required.

All downloads are originating directly from the Symantec/Norton servers, for security reasons I strongly advise only to download from these vendor servers.

Fixes and improvements patch 5.1

This patch contains many changes and fixes from the previous version. Some of these changes include:

– Added Firefox 4 Support
– Added New TidSrv detection & notification
– Improved Activation Process
– Corrected an issue where your product may report a loss of subscription days after upgrading from a previous version.
– Added performance improvements for IE 9 plugins.
– Fixed some Registry Cleaner hangs that may have previously occurred.
– Online Backup & Restore fixes for very large (> 4GB) files.
– Fixed compatibility issues with 3rd party software such as Corel Paint Shop Pro & Max SEA.

Downloadlinks full version / update / trial / Norton 360 v5.1.0.29 (patch 5.1)

– Norton 360 Standard edition English version 5.1: http://buy-download.norton.com/downloads/CLT/N360/US/2011/5.1/ESD/N360-ESD-18-6-0-29-EN.exe

– Norton 360 Premier edition English version 5.1: http://buy-download.norton.com/downloads/CLT/N360P/US/2011/5.1/ESD/N360-PREMIER-ESD-18-6-0-29-EN.exe

May 12, 2011 Posted by | Advisories, Alerts, Anti-Spyware, Anti-Virus, Downloads, Malware, Norton Internet Security, Phishing, Vulnerabilities | , , , , , , , , | Leave a comment

Norton Internet Security 2011 and Norton Antivirus 2011 v18.6.0.29 (patch 18.6) released – ENGLISH ONLY

UPDATE May 12, 2011: Norton 360 v5.1.0.29 (patch 5.1) released – ENGLISH ONLY

-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-

Symantec/Norton released v18.6.0.29 (patch 18.6) Norton Internet Security 2011, Norton Antivirus 2011 and Norton Internet Security Netbook Edition 2011.  Note: the patch is currently available to ENGLISH users ONLY. Symantec/Norton will release the patches in other regions soon. You can also receive the update by running LiveUpdate and download the update. A reboot will be required.

The new NIS/NAV/NIS Netbook Edition 2011 v18.6.0.29 as offered for download in this blog can be installed over the top of existent version (18.5.0.125), the update will not deliver any problem, all previous 2011 settings will remain unaltered after the update. The update will be accomplished within 1 minute, reboot is required. All downloads are originating directly from the Symantec/Norton servers, for security reasons I strongly advise only to download from these vendor servers.

Fixes and improvements patch 18.6

– Added Firefox 4 Support
– Added New TidSrv detection & notification
– Improved Activation Process
– Corrected an issue where your product may report a loss of subscription days after upgrading from a previous version.
– Added performance improvements for IE 9 plugins.
– Fixed compatibility issues with 3rd party software such as Coral Paint Shop Pro & Max SEA.

This patch also contains fixes from previous patch 18.5. Some of those changes included:

– Fixed an issue where Norton Insight might falsely report 0% trusted when Performance Monitoring was disabled.
– Fixed an issue with the Activity Map might not update when Smart Definitions are enabled.
– Improved instances where the Norton AntiSpam Toolbar might be erroneously disabled (or “grayed out”) in Microsoft Outlook 2007 and Microsoft Outlook 2010.
– Corrected an issue where “Custom UI Runtime Error in Norton AntiSpam Outlook Plugin” might display when using Microsoft Outlook.
– Fixed an issue where the option to “run” an executable was missing from a File Insight/Download Insight window.
– Corrected an issue where Idle Full System Scans would show report inconsistent amounts of Scanned Files.
– Fixed an issue where Full System Scans would not run continuously, including when the machine is left idle.
– Fixed an issue where the Norton Product may display “Subscription Expired” after updating from a previous version.
– Fixed Internet Explorer crashes that were due to Intrusion Prevention.
– Performance Enhancements were made on the Norton Toolbar for Internet Explorer 9 Beta.
– Enhanced Settings migration when updating from an older version.
– Usability and Performance improvements to the support experience.
– Added better Norton AntiSpam support for Microsoft Outlook configured with multiple accounts.
– Corrected a few instances of 8504 errors that may appear when the Norton product is launched.
– Fixed a Registry Leak issue that may occur during shutdown.

Downloadlinks full version / update / trial / Norton Internet Security 2011, Norton Antivirus 2011 and NIS Netbook Edition v18.6.0.29 (patch 18.6)

– Norton Antivirus 2011 English version: http://buy-download.norton.com/downloads/CLT/NAV/US/2011/18.6/ESD/NAV-ESD-18-6-0-29-EN.exe

– Norton Internet Security 2011 English version: http://buy-download.norton.com/downloads/CLT/NIS/US/2011/18.6/ESD/NIS-ESD-18-6-0-29-EN.exe

– Norton Internet Security Netbook Edition 2011 English version: http://buy-download.norton.com/downloads/CLT/NISNE/US/2011/18.6/ESD/NIS-NETBOOK-ESD-18-6-0-29-EN.exe

May 9, 2011 Posted by | Advisories, Alerts, Anti-Spyware, Anti-Virus, Downloads, Malware, Norton Internet Security, Phishing, Vulnerabilities | , , , , , , , , , , , , , | 2 Comments

Norton Internet Security 2011 and Norton Antivirus 2011 v18.5.0.125 (patch 18.5) released

UPDATE May 9, 2011: Norton Internet Security 2011, Norton Antivirus 2011 and Norton Internet Security Netbook Edition 2011 v18.6.0.29 (patch 18.6) released – ENGLISH ONLY

UPDATE May 12, 2011: Norton 360 v5.1.0.29 (patch 5.1) released – ENGLISH ONLY

-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-

Symantec/Norton released v18.5.0.125 (patch 18.5) Norton Internet Security 2011, Norton Antivirus 2011 and Norton Internet Security Netbook Edition 2011 (Stable/Official Release).

Like before, I installed the new NIS 2011 v18.5.0.125 over the top of my existent version (18.1.0.37), also this time the update was no problem, all previous 2011 settings remained unaltered after the update. The update was accomplished within 1 minute, reboot was required.

Note: all downloads are originating directly from the Symantec/Norton servers, for security reasons I strongly advise only to download from these vendor servers.

Fixes and improvements

– Fixed an issue where Norton Insight might falsely report 0% trusted when Performance Monitoring was disabled.
– Fixed an issue with the Activity Map might not update when Smart Definitions are enabled.
– Improved instances where the Norton AntiSpam Toolbar might be erroneously disabled (or “grayed out”) in Microsoft Outlook 2007 and Microsoft Outlook 2010.
– Corrected an issue where “Custom UI Runtime Error in Norton AntiSpam Outlook Plugin” might display when using Microsoft Outlook.
– Fixed an issue where the option to “run” an executable was missing from a File Insight/Download Insight window.
– Corrected an issue where Idle Full System Scans would show report inconsistent amounts of Scanned Files.
– Fixed an issue where Full System Scans would not run continuously, including when the machine is left idle.
– Fixed an issue where the Norton Product may display “Subscription Expired” after updating from a previous version.
– Fixed Internet Explorer crashes that were due to Intrusion Prevention.
– Performance Enhancements were made on the Norton Toolbar for Internet Explorer 9 Beta.
– Enhanced Settings migration when updating from an older version.
– Usability and Performance improvements to the support experience.
– Added better Norton AntiSpam support for Microsoft Outlook configured with multiple accounts.
– Corrected a few instances of 8504 errors that may appear when the Norton product is launched.
– Fixed a Registry Leak issue that may occur during shutdown.

Important Symantec Corporation Statement

The issues that some users were experiencing where the Norton product would lock up after installing the 18.5 update was due to a definition that was applied after 18.5 was installed. Symantec have since corrected that definition and the issue will not occur.

Downloadlinks full version / update / trial / Norton Internet Security 2011 and Norton Antivirus 2011 v18.5.0.125 (patch 18.5)

– Norton Antivirus 2011 English version: http://buy-download.norton.com/downloads/CLT/NAV/US/2011/18.5/ESD/NAV-ESD-18-5-0-125-EN.exe

– Norton Internet Security 2011 English version: http://buy-download.norton.com/downloads/CLT/NIS/US/2011/18.5/ESD/NIS-ESD-18-5-0-125-EN.exe

– o – o – o – o – o – o – o – o -o –

– Norton Antivirus 2011 French version: http://buy-download.norton.com/downloads/CLT/NAV/FR/2011/18.5/ESD/NAV-TW-30-18-5-0-125-FR.exe

– Norton Internet Security 2011 French version: http://buy-download.norton.com/downloads/CLT/NIS/FR/2011/18.5/ESD/NIS-TW-30-18-5-0-125-FR.exe

– o – o – o – o – o – o – o – o -o –

– Norton Antivirus 2011 German version: http://buy-download.norton.com/downloads/CLT/NAV/GE/2011/18.5/ESD/NAV-TW-30-18-5-0-125-GE.exe

– Norton Internet Security 2011 German version: http://buy-download.norton.com/downloads/CLT/NIS/GE/2011/18.5/ESD/NIS-TW-30-18-5-0-125-GE.exe

– o – o – o – o – o – o – o – o -o –

– Norton Antivirus 2011 Dutch version: http://buy-download.norton.com/downloads/CLT/NAV/NL/2011/18.5/ESD/NAV-TW-30-18-5-0-125-NL.exe

– Norton Internet Security 2011 Dutch version: http://buy-download.norton.com/downloads/CLT/NIS/NL/2011/18.5/ESD/NIS-TW-30-18-5-0-125-NL.exe

– o – o – o – o – o – o – o – o -o –

Downloadlinks full version / update / trial / Norton Internet Security Netbook Edition 2011 v18.5.0.125 (patch 18.5)

– Norton Internet Security Netbook Edition 2011 English version: http://buy-download.norton.com/downloads/CLT/NISNE/US/2011/18.5/ESD/NIS-NETBOOK-ESD-18-5-0-125-EN.exe

December 29, 2010 Posted by | Advisories, Alerts, Anti-Spyware, Anti-Virus, Bundleware, Downloads, Malware, Norton Internet Security, Phishing, Recommended External Security Related Links, Toolbarware, Vulnerabilities | , , , , , , , , , , , , , , , , , , , , , , , , , | 1 Comment

After applying the Norton Internet Security/Norton AntiVirus 18.5 patch, the Norton product may lock up or cause the system to become unstable

Official Symantec/Norton statement regarding Norton Internet Security 2011 and Norton AntiVirus 2011 v18.5.0.125

12-11-2010

There have been several reports on the forums where after applying the Norton Internet Security/Norton AntiVirus 18.5 patch (is version 18.5.0.125), the Norton product may lock up or cause the system to become unstable.

While this issue only seems to affect a small number of installations, we’re still taking this issue seriously and are quickly researching the cause of this problem.

We will be halting the throttled LiveUpdate release of 18.5 for the time being while we investigate these issues.

If you are experiencing this issue and would like to assist us in gathering information (debug logs and process dumps) for this issue, please post a response in THIS THREAD. The more logs and dumps we get, the more information we have that will help us make the proper corrections.

If you are having these issues and need to revert your system back to 18.1 (is version 18.1.0.37), simply uninstall 18.5 using Control Panel (or Uninstall from the Norton Product Program Group), and reinstall 18.1 from the following locations:

  • Norton Internet Security 18.1 – http://www.norton.com/nis11
  • Norton AntiVirus 18.1 – http://www.norton.com/nav11
  • Norton Internet Security 18.1, Norton AntiVirus 18.1 and Norton Netbook Edition 18.1 in English, French, German and Dutch language (direct downloads from Symantec/Norton servers too) – https://smokeys.wordpress.com/2010/08/28/norton-internet-security-2011-and-norton-antivirus-2011-final-rtm-released/Some users are reporting troubles uninstalling. Try uninstalling from Safe Mode. If that fails, you can use the Norton Removal Tool.If you have 18.5, but are not experiencing any issues, it is advised that you remain on 18.5.
  • Update 12-29-2010

    Symantec Statement: “The issues that some users were experiencing where the Norton product would lock up after installing the 18.5 update was due to a definition that was applied after 18.5 was installed. Symantec have since corrected that definition and the issue will not occur.”

    Download Norton Internet Security 2011, Norton Antivirus 2011 and Norton Internet Security Netbook Edition 2011 v18.5.0.125 (patch 18.5, stable/official release) here: https://smokeys.wordpress.com/2010/12/29/norton-internet-security-2011-and-norton-antivirus-2011-v18-5-0-125-patch-18-5-released/

    December 12, 2010 Posted by | Advisories, Alerts, Anti-Virus, Downloads, Norton Internet Security, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , , , , , , | 1 Comment

    Top-notch F-Secure Anti-Virus 2011 [1-PC, 1-Year] for FREE

    Information provided by the vendor:

    F-Secure Anti-Virus 2011 protects your privacy online.

    Fast and easy so you get more out of your computer while staying protected.Fast and easy so you get more out of your computer while staying protected.

    Viruses and spyware don’t always ask for your permission before they install themselves on your computer. Most of today’s malware is delivered silently, via the Web. F-Secure® Anti-Virus™ 2011 is must-have protection, making sure that your system is safe.

    This is what you get:

  • Total protection against viruses and spyware
  • Easy to install and use
  • Instant Protection against new threats
  • Grab this great free offer asap, F-Secure Anti-Virus 2011 is a top-notch AV product.

    How to obtain the free 1 year license

    Visit the facebook promotion page (mentioned below), click “Like” (“Gefällt Mir”) at the right hand top and then enter your name and email address.

    http://www.facebook.com/pages/Bjoerns-Windows-Blog/212088222911?v=app_123121377739575]http://www.facebook.com/pages/Bjoerns-Windows-Blog/212088222911?v=app_123121377739575

    Keep in mind, a facebook account is required to obtain the free license.

    September 26, 2010 Posted by | Anti-Spyware, Malware, Phishing, Recommended External Security Related Links, Toolbarware, Vulnerabilities | , , , , , , , , , | Leave a comment

    Norton Internet Security 2011 and Norton Antivirus 2011 (Final RTM) released

    UPDATE Dec. 29, 2010: v18.5.0.125 (patch 18.5) Norton Internet Security 2011, Norton Antivirus 2011 and  Norton Internet Security Netbook Edition 2011 released; release info, fixes/improvements and downloads here:https://smokeys.wordpress.com/2010/12/29/norton-internet-security-2011-and-norton-antivirus-2011-v18-5-0-125-patch-18-5-released/

    UPDATE May 9, 2011: Norton Internet Security 2011, Norton Antivirus 2011 and Norton Internet Security Netbook Edition 2011 v18.6.0.29 (patch 18.6) released – ENGLISH ONLY

    UPDATE May 12, 2011: Norton 360 v5.1.0.29 (patch 5.1) released – ENGLISH ONLY

    -o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-

    Aug. 28, 2010

    Symantec offered today via their download servers Norton Internet Security 2011 and Norton Antivirus 2011 v18.1.0.37 Final RTM. Like I wrote before regarding NIS 2009, same positive words are (even more!) valid for today’s released Norton 2011 AV products: “without any hesitation I highly recommend Norton Internet Security 2011 to all people looking for a top-notch, reliable, easy to use all-in-one security suite.” Of course I also highly recommend NAV 2011: like NIS, great product for an acceptable price.

    I installed NIS 2011 on top of my NIS 2010 , the upgrade was no problem, all previous 2010 settings remained unaltered after the upgrade. The upgrade was accomplished within 1 minute, reboot was required.

    Full version / Upgrade / Trial download links NIS/NAV 2011 Final RTM 18.1.0.37 versions

    – Norton Antivirus 2011 English version: http://buy-download.norton.com/downloads/CLT/NAV/US/2011/18.1/ESD/NAV-TW-30-18-1-0-37-EN.exe

    – Norton Internet Security 2011 English version: http://buy-download.norton.com/downloads/CLT/NIS/US/2011/18.1/ESD/NIS-TW-30-18-1-0-37-EN.exe

    – o – o – o – o – o – o – o – o -o –

    – Norton Antivirus 2011 French version: http://buy-download.norton.com/downloads/CLT/NAV/FR/2011/18.1/ESD/NAV-TW-30-18-1-0-37-FR.exe

    – Norton Internet Security 2011 French version: http://buy-download.norton.com/downloads/CLT/NIS/FR/2011/18.1/ESD/NIS-TW-30-18-1-0-37-FR.exe

    – o – o – o – o – o – o – o – o -o –

    – Norton Antivirus 2011 German version: http://buy-download.norton.com/downloads/CLT/NAV/GE/2011/18.1/ESD/NAV-TW-30-18-1-0-37-GE.exe

    – Norton Internet Security 2011 German version: http://buy-download.norton.com/downloads/CLT/NIS/GE/2011/18.1/ESD/NIS-TW-30-18-1-0-37-GE.exe

    – o – o – o – o – o – o – o – o -o –

    – Norton Antivirus 2011 Dutch version: http://buy-download.norton.com/downloads/CLT/NAV/NL/2011/18.1/ESD/NAV-TW-30-18-1-0-37-NL.exe

    – Norton Internet Security 2011 Dutch version: http://buy-download.norton.com/downloads/CLT/NIS/NL/2011/18.1/ESD/NIS-TW-30-18-1-0-37-NL.exe

    – o – o – o – o – o – o – o – o -o –

    Full version / Upgrade / Trial download links Norton Internet Security Netbook Edition 2011 Final RTM 18.1.0.37, English and German versions

    – Norton Internet Security Netbook Edition 2011 English version: http://buy-download.norton.com/downloads/CLT/NISNE/US/2011/18.1/ESD/NIS-NETBOOK-ESD-18-1-0-37-EN.exe

    – Norton Internet Security Netbook Edition 2011 German version: http://buy-download.norton.com/downloads/CLT/NISNE/GE/2011/18.1/ESD/NIS-NETBOOK-ESD-18-1-0-37-GE.exe

    – o – o – o – o – o – o – o – o -o –

    Reviews, tests and awards NIS 2011 and NAV 2011

    – PCMag review Norton AntiVirus 2011: http://www.pcmag.com/article2/0,2817,2368764,00.asp
    – PCMag review Norton Internet Security 2011: http://www.pcmag.com/article2/0,2817,2368876,00.asp
    – CNet review Norton AntiVirus 2011: http://download.cnet.com/Norton-AntiVirus-2011/3000-2239_4-10592477.html
    – CNet review Norton Internet Security 2011: http://download.cnet.com/Norton-Internet-Security-2011/3000-18510_4-10592551.html
    – AV-Comparatives Award Best Anti-Virus Product of 2009: Symantec/Norton
    – PCWorld/AV-Test.org review Norton Internet Security 2011: http://www.pcworld.com/article/id,214625/article.html
    – Chip Online review Norton Internet Security 2011 (German language): http://www.chip.de/downloads/Norton-Internet-Security-2011_16463672.html

    August 28, 2010 Posted by | Advisories, Alerts, Anti-Spyware, Anti-Virus, Downloads, Malware, Norton Internet Security, Phishing, Recommended External Security Related Links, Toolbarware, Vulnerabilities | , , , , , , , , , , , , , , , , , , , , , , , , , | 1 Comment

    Get Protected: Facebook Privacy Settings Scanner & Fix Tool

    Found for you an excellent tool via an article on NetworkWorld, to check and fix your Facebook privacy settings, the tool work really well.

    This one-stop privacy fix-up tool for your Facebook profile, ReclaimPrivacy, tells you what you need to know. Using it is simple: Just surf over to ReclaimPrivacy.org and look for the link that says “Scan for Privacy.” Add that link as a bookmark in your browser, either by dragging it onto a bookmark toolbar or by right-clicking it and selecting the “Bookmark” option.

    Now head over to Facebook. Sign into your account, then open the bookmarked link.

    This will cause ReclaimPrivacy’s Facebook privacy scanner to open right at the top of your current Facebook window. Within a few seconds, ReclaimPrivacy will scan through six areas of potential privacy concern and let you know how your account stacks up.

    ReclaimPrivacy analyzes everything from your personal information controls to your “instant personalization” settings. It even checks account settings that affect what your friends could inadvertently share about you without your knowledge.

    For each area, ReclaimPrivacy will give you a green (“good”), yellow (“caution”), or red (“insecure”) ranking. If you hit yellow or red, it’ll provide you with specific steps to fix the problem so you don’t have to waste time searching for the right setting.

    Happy and Secured Facebooking!  🙂

    May 18, 2010 Posted by | Advisories, Downloads, Recommended External Security Related Links, Uncategorized, Vulnerabilities | , , , , , , , | Leave a comment

    HP (Hewlett-Packard Company) Smokey’s Security Weblog 2010/2011 Hall of Shame Awardee

    Are you opinion that only shabby, (many times) small companies have doubtful practices? That well-known, established companies can be trusted?
    Let’s wake you up: even established companies with an apparently fine reputation can and will perform actions that are wrong, indecent, intolerable and/or condemnable. One of these questionable companies is, regrettably, Hewlett-Packard Company. For reason of what happened in the past, and also for current occurrences, I have the honor to announce that

    HP (Hewlett-Packard Company) is Smokey’s Security Weblog Hall of Shame 2010/2011 Awardee

    Like all other Hall of Shame Awardees, it is not without good reason that Hewlett Packard received this prestigious Award.

    Motivation to grant Hewlett-Packard Company the Award:

    – the pre-install of BETA Microsoft Windows service packs on their boxes, especially the pre-install of Vista SP2 EVALUATION COPY.BUILD 6002. Microsoft stressed that the general public should not install it until it is done being tested, it’s obvious that HP ignored the valid Microsoft advice and installed the beta Vista SP2 on an overwhelming amount of HP boxes. Despite the fact we all know that NO beta version of any services pack should be installed on any production machine, HP is apparently different opinion. In this way HP sold boxes with pre-installed OS and SP to faithful customers, with as result that all those boxes can be considered as crippled.

    – the incredible miserable support of HP to their customers. ‘After Sales’ is an unknown expression to HP, they treat their customers like a bunch of nasty, unknowing and condemnable people, and have no interest at all in their problems. HP is also not prepared to solve issues caused by wrong, indecent or questionable HP policies in a fast and uncomplicated way.

    – supplying boxes with pre-installed OS without delivering of installation or rescue discs for Operating Systems.

    Conclusion:

    If you consider to buy a HP box, please also consider that HP is Hall of Shame Awardee. Evaluate the motivation to grant HP that Award, and subsequent be very well convinced about where to acquire a new machine. Same is valid for any other HP device.

    Note:

    I contacted HP Headquarters before granting them the Smokey’s Security Weblog Hall of Shame Award, regrettably they refused to listen. They didn’t answer any of my questions, HP also promised to contact me via a phone call. Superfluous to say that HP also didn’t accomplished what they promised: calling me. Common HP behavior so to speak, I didn’t expected anything else.

    Smokey

    April 3, 2010 Posted by | Advisories, Alerts, News, Recommended External Security Related Links, Vulnerabilities | , , , , , | 8 Comments

    0-Day Extremely Critical Vulnerability in Internet Explorer Could Allow Remote Code Execution

    Microsoft Security Advisory (979352)
    Vulnerability in Internet Explorer Could Allow Remote Code Execution

    Published: January 14, 2010 | Updated: January 15, 2010
    Version: 1.1

    Executive Summary

    Microsoft is investigating a report of a publicly exploited vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

    Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.

    The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

    At this time, we are aware of limited, active attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other affected versions of Internet Explorer. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

    We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.

    Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.

    Mitigating Factors:

    • Protected Mode in Internet Explorer on Windows Vista and later Windows operating systems limits the impact of the vulnerability.
    • In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
    • An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
    • By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone.
    • By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone. The Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.

    Affected Software

    Microsoft Windows 2000 Service Pack 4
    Windows XP Service Pack 2 and Windows XP Service Pack 3
    Windows XP Professional x64 Edition Service Pack 2
    Windows Server 2003 Service Pack 2
    Windows Server 2003 x64 Edition Service Pack 2
    Windows Server 2003 with SP2 for Itanium-based Systems
    Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
    Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
    Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service pack 2
    Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
    Windows 7
    Windows 7 for x64-based Systems
    Windows Server 2008 R2 for x64-based Systems
    Windows Server 2008 R2 for Itanium-based Systems
    Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
    Internet Explorer 6 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
    Internet Explorer 6 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
    Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
    Internet Explorer 7 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
    Internet Explorer 7 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
    Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
    Internet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
    Internet Explorer 8 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
    Internet Explorer 8 for Windows Server 2003 Service Pack 2, and Windows Server 2003 x64 Edition Service Pack 2
    Internet Explorer 8 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    Internet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
    Internet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
    Internet Explorer 8 in Windows 7 for 32-bit Systems
    Internet Explorer 8 in Windows 7 for x64-based Systems
    Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems
    Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems

    Non-Affected Software

    Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000 Service Pack 4

    Revisions

    • V1.0 (January 14, 2010): Advisory published
    • V1.1 (January 15, 2010): Revised Executive Summary to reflect invesigation of limited targeted attacks. Added Data Execution Protection (DEP) information to Mitigating Factors section. Updated “How does configuring the Internet zone security setting to High protect me from this vulnerability?” in the Frequently Asked Questions section.

    Related:

    The Microsoft Security Response Center (MSRC) – Security Advisory 979352 Released
    The Microsoft Security Response Center (MSRC) – Advisory 979352 Updated

    This is a serious vulnerability, and should be rated as ‘extremely critical’

    January 15, 2010 Posted by | Advisories, Alerts, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , | Leave a comment