Tuesday, 16 July 2013
Half your video missing in Windows Movie Maker? MS13-057 to blame.
I didn't investigate the problem very closely because I finished the project using Sony Vegas instead. However, it turns out that I am not alone.. an InfoWorld post also indicates that there are problems with Adobe Premiere Pro, Techsmith Camtasia Studio, Serif MoviePlus X6 plus some games due to the MS13-057 update pushed out a week ago.
If you are experiencing critical problems with missing video, then the only thing to do seems to be to uninstall the Windows Media Player patch listed as KB2803821 or KB2834904. If this isn't causing a problem then you may as well keep the patch in place to protect your system. I would expect another patch to be re-issued soon.
Friday, 12 April 2013
MS13-036 buggy, withdrawn
********************************************************************Title: Microsoft Security Bulletin Re-ReleasesIssued: April 11, 2013********************************************************************Summary=======The following bulletins have undergone a major revision increment.Please see the appropriate bulletin for more details.* MS13-036 - Important* MS13-aprBulletin Information:=====================* MS13-036 - Important- Reason for Revision: V2.0 (April 11, 2013): Added links toMicrosoft Knowledge Base Article 2823324 and Microsoft KnowledgeBase Article 2839011 under Known Issues. Removed Download Centerlinks for Microsoft security update 2823324. Microsoft recommendsthat customers uninstall this update. See the Update FAQ fordetails.- Originally posted: April 9, 2013- Updated: April 11, 2013- Bulletin Severity Rating: Important- Version: 2.0* MS13-apr- Reason for Revision: V2.0 (April 11, 2013): For MS13-036,removed the links to security update 2823324 due to a knowninstallation issue. See bulletin for details.- Originally posted: April 9, 2013- Updated: April 11, 2013- Version: 2.0Other Information=================Follow us on Twitter for the latest information and updates:Recognize and avoid fraudulent email to Microsoft customers:=============================================================If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, it is not required to read security notifications, security bulletins, security advisories, or install security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/bulletin/pgp.To receive automatic notifications whenever Microsoft Security Bulletins and Microsoft Security Advisories are issued or revised, subscribe to Microsoft Technical Security Notifications on http://technet.microsoft.com/security/dd252948.********************************************************************THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.********************************************************************To manage or cancel your subscription to this newsletter, visit the Microsoft.com Profile Center at <http://go.microsoft.com/fwlink/?LinkId=245953> and then click Manage Communications under My Subscriptions in the Quicklinks section.For more information, see the Communications Preferences section of the Microsoft Online Privacy Statement at:For the complete Microsoft Online Privacy Statement, see:For legal Information, see:This newsletter was sent by:Microsoft Corporation1 Microsoft WayRedmond, Washington, USA98052
Tuesday, 13 March 2012
MS12-020: this is not good
Update: the folks at the ISC think so too. This is wormable and apparently not difficult to exploit, assuming it is switched on. So, you either need to patch or disable it.. or a combination of both.
Update 2: a visitor left a note to say they were working on a vulnerability scanner at rdpcheck.com . It's not ready yet, but there's a signup form on the page for more information.
Update 3: Allegedly, there is PoC code available for this on Pastebin, although this has not been independently confirmed.
Update 4: The ISC have changed the INFOCON status to yellow because of the perceived high risk.
Update 5: There is now an nmap script available to scan for vulnerable machines here.
Tuesday, 28 September 2010
MS10-070 - don't panic.. on second thoughts.. PANIC
Well, MS10-070 is one such patch, and to be brutally brief it means that IIS servers are vulnerable to an information disclosure attack.. very bad news if you are running IIS.
The ISC have more here, but be sure to read the comments.. because this one is looking like a complete fragging disaster zone..
Tuesday, 28 July 2009
MS09-034 is coming..
More info here and here.
Wednesday, 14 January 2009
MS09-001 prognosis. Install it now? Leave it for later?
If you are administering a corporate network, then the question that you probably ask yourself each week is "do I need to patch my servers"?
The prognosis for this one seems to be.. "maybe". Microsoft's own bulletin summary gives MS09-001 an exploitability index of "3 - Functioning exploit code unlikely". But the flaw itself is rated "Critical" and could lead to remote code execution.. so there is a low probability of a very serious exploit.
It turns out that it is much more likely that an attempted attack using MS09-001 would blue screen the target system - and that is more likely to be a worry, especially on delicate servers. The Microsoft Security blog has a good writeup and recommends the following priorities:
In terms of prioritizing the deployment of this update, we recommend updating SMB servers and Domain Controllers immediately since a system DoS would have a high impact. Other configurations should be assessed based on the role of the machine. For example, non-critical workstations could be considered lower priority assuming a system DoS is an acceptable risk. Systems with SMB blocked at the host firewall could also be updated more slowly.
Some further reading gives mixed signals: Sophos labels this as a medium threat, SC Magazine reports differing opinions, ZDnet also mentions the denial of service risk, ISC rates it as "Critical" but not "Patch now".
Given that it doesn't take long for the bad guys to implement an exploit for these flaws, and the recent well-publicised spread of the Downadup / Conficker worm then perhaps Microsoft's advice is very pertinent - start by protecting those systems that would suffer the most if they crashed, but there is perhaps not the urgency of the MS08-067 patch that came late last year.
Thursday, 23 October 2008
MS08-067
Let's make it simple: PATCH NOW. Microsoft's say that this can spread from machine to machine without authentication, and reliable exploit code is likely. This makes it the ideal security flaw to hook a worm onto, like Blaster or Sasser.
If you're a corporate user with a firewall DO NOT imagine that the firewall will offer you much in the way of protection. Eventually either a worm-infected laptop will be plugged into your internal network, or possibly a infected machine may breach the firewall when it connects through the VPN. If there is a widespread outbreak and you're not prepared, then shutting off your VPN may buy you some time.
Wednesday, 9 July 2008
ZoneAlarm: "The firewall has blocked Internet access to.."
ZoneAlarm Security Alert
Protected
The firewall has blocked Internet access to whatever.com (0.0.0.0) (HTTP) from your computer (TCP Flags: S)
This is because the Microsoft patch you just applied has made some fairly significant changes to the way your PC looks up internet names (such as web pages, email hosts etc) and ZoneAlarm isn't aware of those changes and is consequently having a panic.
It isn't really a fault with the patch, and given the nature of the change, you can perhaps expect ZoneAlarm not to cope [see note below]. If you really want some more technical background read this article at the Internet Storm Center: Multiple Vendors DNS Spoofing Vulnerability.
As a temporary workaround, the best advice is to deinstall the KB951748 until ZoneAlarm is updated. It is an important update, but you are either going to have to disable ZoneAlarm or remove the patch and at the moment my advice would be to stick with ZoneAlarm.
To remove the patch in Windows XP (Vista will be similar):
- Click Start and select Control Panel (or Start.. Settings.. Control Panel depending on your setup).
- Open "Add or Remove Programs"
- Tick "Show Updates"
- Scroll down (probably very near the bottom of the list) to Security Update for Windows XP (KB951748) (Vista may be worded differently, but the key thing to look for is KB951748).
- Click Remove
- Follow the steps to remove the patch and then reboot
Update 1:
Sandi made the following comment:
It is not necessary to uninstall the patch, or disable/remove Zonealarm. Simply reset the ZoneAlarm database:Update 2:
http://forum.zonelabs.org/zonelabs/board/message?board.id=cfg&message.id=52727
"To solve this, just reset the ZA database and the ZA will be "fresh" as when it was first installed:
Boot your computer into the Safe Mode
Navigate to the c:\windows\internet logs folder
Delete the backup.rdb, iamdb.rdb, *.ldb and the tvDebug files in the folder
Clean the Recycle Bin
Reboot into the normal mode
ZA will be just like new with no previous settings or data
Once this is finished, reboot back into the normal mode and in the new network found windows, set the new network to Trusted.
Then do this to ensure the ZA is setup properly:
Make sure your DNS and DHCP server IP's are in your Firewall's Trusted zone. Finding DNS and DCHP servers, etc
1. Go to Run and type in command and hit 'ok', and in the command then type in ipconfig /all then press the enter key. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side. Make sure there is a space between the ipconfig and the /all, and the font is the same (no capitals).
2. In ZA on your machine on the Firewall, open the Zones tab, click Add and then select IP Address. Make sure the Zone is set to Trusted. Add the DNS IP(s) .
3. Click OK and Apply. Then do the same for the DHCP server.
4. The localhost (127.0.0.1) must be listed as Trusted.
5. The Generic Host Process (svchost.exe) as seen in the Zone Alarm's Program's list must have server rights for the Trusted Zone.
Plus it must have both Trusted and Internet Access."
ZoneAlarm have a press release with a couple of workarounds here.
Workaround to Sudden Loss of Internet Access Problem
Date Published : 8 July 2008
Date Last Revised : 9 July 2008
Overview :
Microsoft Update KB951748 is known to cause loss of internet access for ZoneAlarm users on Windows XP/2000. Windows Vista users are not affected. Impact :
Sudden loss of internet access Platforms Affected :
ZoneAlarm Free, ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Anti-Spyware, and ZoneAlarm Security Suite
Recommended Actions -
Download and install the latest versions which solve the loss of internet access problem here:
ZoneAlarm Internet Security Suite ZoneAlarm Pro ZoneAlarm Antivirus ZoneAlarm Anti-Spyware ZoneAlarm Basic Firewall - or follow the directions below.
Option 1: Move Internet Zone slider to Medium
- Navigate to the "ZoneAlarm Firewall" panel
- Click on the "Firewall" tab
- Move the "Internet Zone" slider to medium
Option 2: Uninstall the hotfix
- Click the "Start Menu"
- Click "Control Panel", or click "Settings" then "Control Panel"
- Click on "Add or Remove Programs"
- On the top of the add/remove programs dialog box, you should see a checkbox that says "show updates". Select this checkbox
- Scroll down until you see "Security update for Windows (KB951748)"
- Click "Remove" to uninstall the hotfix