Brian Krebs at the Security Fix has done an interesting study related to how long it takes Microsoft to release a security fix for a problem, starting from the time they are notified of the security vulnerability. For the most part, 134.5 days has been the window between notification and vulnerability patching for the last 2 years from Microsoft. (That is for vulnerabilities that were submitted to Microsoft through the normal process…)
Category: Computers
-
Codeweavers fixes WMF vulnerability in Crossover Office
There has been a bugfix release to Crossover Office, released by Codeweavers. Crossover Office is an offshoot of the Wine project, which is a windows compatibility suite for Linux, to allow Windows applications to run under modern Linux operating systems. It was found recently that wine suffered from the WMF vulnerability just the same as Windows. The new release is 5.0.1, notes on what has changed can be found here.
-
Symantec fixes possible rootkit issue
Brian Krebs at the SecurityFix has the story. Symantec, has fixed a problem with their SystemWorks and SystemWorks premier software that could allow malicious software to hide in the Norton Protected Recycle Bin. That software, could have used the nprotect directory to evade detection by antivirus and antispyware programs.
-
How-to Remove SpyAxe and SpywareStrike
There’s a good post at Spyware Confidential about the removal of the SpyAxe and SpywareStrike pests that are circulating widely these days. There is a good CastleCops Wiki page with Malware removal information on SpyAxe (With screenshots). Also, there is a good walkthrough of removal here, which includes instructions for smitremfix.
-
Clamav vulnerability
There’s a security fix available for a vulnerability in Clamantivirus. Version 0.88 fixes the vulnerability which could allow a remote attacker to control a machine running clamantivirus. The Security Fix has coverage on this, and the update can be found at the clamav site. This affects ClamWin as well, available here
-
January Patch Tuesday
Microsoft has issued two advisories related to patches coming out today. Both are remote code execution vulnerabilities, the first affects Outlook and Exchange server, the second is related to embedded Web fonts. The links above don’t yet seem active, but should go to the technet Security bulletins once Microsoft finishes publishing those.
-
More WMF problems for Windows
I can’t really say I’m surprised, after the big WMF vulnerability of the last couple weeks, I suspected we’d see closer scrutiny of other WMF “vectors”…. but….. The SecurityFix is one of the outlets, that have been reporting on another WMF vulnerability. According to the analysis so far, it can “only” cause a Denial of Service (DoS), not remote code execution. Hopefully, that’s as far as this vulnerability will allow external attackers to mess with a system. *(Basically the DoS could freeze/crash “cause to exit unexpectedly” the program used to view WMF’s)
-
Windows 98 WMF patch
This hopefully will be my last post on the whole WMF exploit stuff…. It’s prompted in part by a comment on one of the articles on Windows 98 and the vulnerability. I realized that I hadn’t really brought things to a full conclusion for the Windows 98 users. Of course, Microsoft has released an official patch for Windows 2000 and XP and 2003, the sky is no longer falling quite as quickly and all is well right? Well, not exactly for pre-2000 Windows users. They’ve just been told, they have a vulnerability, it’s not as critical as it is for XP/2000/2003 and if it were critical – “oh we’d fix it there too”, but it’s not, better luck next time (and who knows the same vulnerability could come around more critical for earlier Windows versions next time…) Anyway, there IS a patch for Windows 98 systems.
-
Google Video Store
It looks as though Google will be selling video content for as little as $1.99 each. At CES today they’ve announced deals with CBS for some current running shows (CSI for instance). Also, a large number of older CBS shows including a few entries in the Star Trek franchise, I Love Lucy, The Brady Bunch, etc… will be made available. There’s a deal with the NBA for games (24 hour delay.) Looks like some music videos, and a good deal of other content.