Sunbelt is still finding fake codec sites…. This most recent site is mpcodec.com and the ip address of 69.50.160.58
(I had to do a doubletake as THIS site (averyjparker.com) is hosted at 69.36.180.58 – I usually see the first and last numbers first and thought – “wait a minute – that looks familiar…” the middle numbers matter too though….)
Beware of audio/video codec downloads that claim they’re the best thing since sliced bread… Here’s another…
The last zero day (activeX) seems to be less interesting than this NEW zero-day that really made a news splash in the last day. It looks as though this NEW 0-day affects VML… Incidents.org has good coverage here. Microsoft has an advisory up and they expect to release a patch on the next scheduled patch day (earlier if needed…. ahem….) Sunbelt is blogging about the “epic loads of adware” being pushed into systems via this vulnerability. Now, some workarounds….
This time around, the zero day is related to Internet Explorer and activex… (directanimation specifically). Incidents has a good update on the issue. This is a second exploit, there was another at the end of August, MS has an advisory on the issue. I think a safe bet would be alternative browsers until this is patched. It is possible though to enable a kill bit, or vary security settings to disable/always prompt before using activex.
Yesterday, of course, Microsoft released it’s monthly patches. I found the Windows update site to be painfully slow (and in some cases unresponsive.) It wasn’t quite a huge update day by recent standards, but here’s the summary…. Incidents.org has a nice chart showing the two re-released patches (one is actually re-re-released…) They are MS06-040 (server service patch – critical) and MS06-042 (IE 6 patch). Both of those vulnerabilities addressed are well known and could be actively exploited. The “first release” updates from this month affect Microsoft Queue System MS06-052 which is the most important of the releases….
This is getting to be like clockwork, but it sounds like this may be one of the nastiest problems so far. It appears that there is a problem with one of the recent patches from Microsoft MS06-49. It looks as though the problem is data corruption for small files (under 4096 bytes.) There’s a google groups thread here. The key factor seems to be that IF the folder is compressed, the data within is subject to this possible corruption.
Some time back I remember an article I had on vcodec not being a legitimate video codec. At the time there was some malware claiming to be vcodec and “required” to view some content…. well, posing as a codec download is a good way to trick people into downloading it seems and there are more out there that use the same trick. Sunbeltblog brings not one, but two fake codec sites to watch for today.
Not too long ago I was installing a fax machine for someone that supported Outlook Express’ addressbook, but not Outlook’s default addressbook. My first thought was to get Outlook (2002)/Outlook Express using the same contact format and then we’d be in business… But…, they had an exchange server so, Outlook was installed in Corporate/Workgroup mode, which means, officially “you can’t get there from here.” But…. there is still a way. Details from slipstick.com, it turns out there is a registry edit that can get you around the Corporate/Workgroup “limitation”. This may not work for all installs, and is not guaranteed or supported, but…
Sans brings this from AOL, advising of vulnerabilities in the ICQ client and the ICQ toolbar for IE. The latest version of ICQ client is 5.1 and is claimed to not be vulnerable. (Toolbar version 1.3 is said to be vulnerable as well. No more recent version of that is available – you might consider disabling the toolbar.)
I didn’t really think of this in context, but George Ou points out that Microsoft issued an “out of cycle” patch for their DRM software in response to the FairUse4WM software that stripped DRM protections from Windows Media Files. It took a mere 3 days from being made aware of the issue to releasing a patch. In context, we have seen numerous instances in the last year of “zero-day” vulnerabilities becoming known just after a monthly patch day, and Microsoft waiting until the next patch day to release a fix. So why the different response?
Some time ago, I’ve talked about chntpasswd as a great utility for when you’re locked out of a Windows 2000 or XP installation because you’ve either forgotten (or weren’t informed) of the valid password to get in. It turns out there is a different approach… well yes, you could format and install from scratch blowing away all data on the drive, OR you could do a second installation in the same partition – that could be messy though and waste space. If you just need a few files off, you could boot up a linux livecd and copy the files to another disc before wiping and rebuilding, but there is yet another possibility….