The big computer security news of the day is the release of exploit code publicly for MS06-040. The patch of course was released Tuesday and it is fairly critical to get the update installed. This is “wormable” It CURRENTLY affects all Windows 2000 systems and XP (with no service pack) as well as SP1. It currently doesn’t seem to work with SP2 of Win XP, or with Windows 2003 or NT4. A bit more information is at the incidents.org link above.
Category: Windows Tech Support
-
Microsoft August Updates
Incidents.org has an initial list of the updates today from Microsoft, there is also a brief from Microsoft on the updates. It appears as though one is Powerpoint specific, another is Office releated, one is tagged as an Internet Explorer update and the rest Windows. More details later in the day. Hopefully we can get more details from the technet security page when it’s updated.
Update…. Details time…
-
HDR – High Dynamic Range – Images under linux
HDR – recently I heard someone talking about this with regards to digital imaging. The idea is that you have three identical images (landscapes) taken from a stationary (tripod) camera. The only difference is the exposure times vary. Together you can blend them to create a more impressive final picture. Yes, I just talked about fake photos and digital imaging. This, to me, is in a different class of photo editing…. enhancement(?) – well… anyway. There are a number of ways to do this, photoshop, I understand has support for doing this and it’s possible under linux as well with the Gimp.
-
Vista’s fatal flaw?
Backwards compatibility. It’s something that many vendors strive for and Microsoft is certainly one that has placed a value on making things backwards compatible for third party software. According to this story at Sci-Tech Today, Symantec thinks this eagerness to be backwards compatible may be a big issue for Vista’s security. They expect several “privilige escalation” vulnerabilities to be found and say that if those such vulnerabilities are discovered in the prompt for user consent…. well essentially all of the systems security precautions could be undermined. The whitepaper on the details talks about several issues that have been patched at this stage in the Vista development process, but the main question is how many are out there?
-
AVG antivirus false positive
Incidents.org has some reports of false positives reported by Grisoft’s AVG antivirus running on Windows XP (SP1)…. The false positive was with a file named C:\i386\REG.EXE which is a legit file from the Windows XP SP1 install. No other news or details on this as of yet.
-
Windows update advance notice for August 2006
August’s advance bulletin of Microsoft updates is already up. Tuesday of course is the monthly Microsoft patch day. It appears as though there will be 12 updates this time around. As usual, it could be that individual updates fix multiple problems. 10 updates will affect Windows at least 1 critical, will require a restart. 2 updates will affect Office, at least 1 critical, MAY require a restart. Also the malicious software removal tool will see an update.
-
Possible Windows Scheduler local privilige escalation
Sans has a writeup on Windows local privilige escalation using the Windows scheduler and among other things it might be worth starting out by saying that typically, only Administrative group users in Windows XP are allowed to access the Windows Scheduler. However, I have read reference of some installs that even give guests that capability. If that’s a default setting under some install profile – this is a big problem, if it’s just because the administrator chose to make the scheduler accessible to everyone it’s LESS of a problem, but still worth KNOWING about.
-
Firefox 1.5.0.6 is out
That was a quick turn around…. It appears as though some of the multimedia streaming issues were severe enough to require a quick turnaround for Mozilla Firefox 1.5.0.6 Sans had the initial heads up…. But it looks as though it’s now officially out (and labeled as a stability update.) Download page.
-
Wireless Driver Vulnerabilities
There are a couple notes to pass along with regards to some pretty serious vulnerabilities in various wireless network adapter drivers. First, Sans has information on some Intel Centrino updates that resolve some vulnerabilities that would affect the Windows Centrino driver and the ProSet management software. F-secure chimes in on this noting that the download is a whopping 129MB.
-
New site domain www.computerrepairasheville.com
Just by way of information….. I’ve seperated out the www.computerrepairasheville.com and www.ashevillecomputerhelp.com domains now to point to a seperate web site with the main goal of simplifying and clarifying my computer services in the Asheville, NC area. I’ll keep the brief page on this site that gives an overview, but the new computerrepairasheville.com domain will act as the main point of information for those services. On there I’ve tried to put a list of all of the “things I do” although I’m sure I’ve forgotten something.