Microsoft Patches MS-Word Exploit That Spreads Malware

April 12, 2017

On the same day Microsoft officially began rolling out the Creators Update for Windows 10, they were also rolling out a patch for a zero-day exploit (that spreads malware) for all current Microsoft Office versions used on every Windows operating system (including the latest Office 2016 running on Windows 10). If you are running Microsoft Office at home, make sure you have installed the patch. To learn more, click on the source link below…

All versions of Office on all versions of Windows are vulnerable to this zero-day that spreads malware, so make sure you patch quickly

Source: Microsoft patches Word zero-day booby-trap exploit – Naked Security


Temporarily Fix A Serious Security Flaw In Internet Explorer With Microsoft’s Enhanced Mitigation Experience Toolkit (EMET)

September 18, 2012

When I am informed that a browser security issue (or flaw) exists that is of large scale or is a zero-day vulnerability, I find it important to alert everyone; especially the readers of this blog. Let’s face it, we spend the majority of the time on our computers in our web browser.

imageThe security issue I am alerting you about involves Microsoft’s Internet Explorer and in my opinion is a very serious issue.  In the interim, until this issue is completely resolved, I am recommending that you download and install Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). The enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system. Currently there are no patches available to protect you from this security flaw.

Eric Romang, a researcher in Luxembourg, discovered the flaw in Internet Explorer on Friday, when his PC was infected by a piece of malicious software known as Poison Ivy that hackers use to steal data or take remote control of PCs.

The security flaw, which researchers say could allow hackers to take remote control of an infected PC, affects Internet Explorer browsers used by hundreds of millions of consumers and workers. Microsoft said it will advise customers on its website to install the security software as an interim measure, buying it time to fix the bug and release a new, more secure version of Internet Explorer. – [ source: NBCNews.com TECH]

Reportedly many of the anti-virus software makers are aware of this issue and have already updated their products to protect end-users against this bug; however, this alone may not be sufficient to protect you.  Best bet here with this is make sure your security software is up-to-date and to download and install the Enhanced Mitigation Experience Toolkit (EMET).

The toolkit includes several pseudo mitigation technologies aimed at disrupting current exploit techniques. These pseudo mitigations are not robust enough to stop future exploit techniques, but can help prevent users from being compromised by many of the exploits currently in use. The mitigations are also designed so that they can be easily updated as attackers start using new exploit techniques.

——————————————-

GEEK BONUS AREA

Technology News, Software, Apps, Wallpapers, Tech Products and MORE… FEATURING OCZ ModXStream Pro 700W Power Supply

Where Computer Viruses Lurk

Connectify: Turning Your Windows 7 Laptop into a Wi-Fi Hotspot

Bookmarks4Techs

Gold Box: New Deals. Every Day.

——————————————-

Bookmark and Share

[ CLICK HERE TO LEAVE A COMMENT ]


Downadup (aka: Conficker, Kido) is using AutoRun to spread “like a can of worms”…

January 23, 2009

Did you know that you opened a can of worms if you did not apply the Windows update for an already known Windows vulnerability, back in October?  worms

 

The Downadup worm virus (aka: Conficker, Kido) has globally spread like wildfire.  I am now reading stories [ click here ] where over 8 million PC’s have been infected (or 1 in 16 PC’s).  That is over 8 million PC’s that failed to patch their systems back in October.  The most concerning part, at least to me, is that this worm can use the “AutoRun” functionality in Windows to infect other PC’s.  Here is how this works.  You plug in your USB flash drive in a computer that has been infected with the Downadup worm and the worm copies a file (autorun.inf), to your flash drive.  You remove the flash drive and plug it into another PC, the Windows AutoRun function kicks in and the autorun.inf file, that was copied to your flash drive, now executes and infects that PC.

Downadup is a worm (self-replicating).

A standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network. – F-Secure

Propagation (How it spreads)…

Downadup uses a variety of methods to spread itself.

Downadup exploits a Windows vulnerability; patched by the October ‘08 security update.

If the vulnerability is successfully exploited, it could allow remote code execution when file sharing is enabled. Depending on the specific variant, it may also spread via removable drives and by exploiting weak passwords. It disables several important system services and security products and downloads arbitrary files. – Microsoft Malware Solution Center

Additionally, it uses Windows AutoRun functionality; autorun.inf files are copied to USB drives and other removable media.

If your computer is infected…

You may not experience any symptoms, or you may experience any of the following symptoms:

Account lockout policies are being tripped.

Automatic Updates, Background Intelligent Transfer Service (BITS), Windows Defender, and Error Reporting Services are disabled.

Domain controllers respond slowly to client requests.

The network is congested.

Various security-related Web sites cannot be accessed.

Removal Assistance…

Visit the Microsoft’s Help & Support (to learn about the manual removal method(s) and the available Malicious Software Removal tool (MSRT) tool option that is available.  Many of the anti-virus sites are carrying removal options and instructions, as well.  Like many viruses, this thing will continue to evolve with a variety of different payloads.  If you have a PC that is connected to the internet, it is very important that you keep your systems patched (via the Windows Update) and that you keep your Security software updated (e.g. anti-virus, anti-spyware, anti-malware).  The internet is in one sad shape and it is important that our defenses are in place and that we educate ourselves about any potential threats.  Thank you visiting the blog and please push this info onward to make others aware.

[ CLICK HERE TO LEAVE A COMMENT ]

Bookmark and Share