MICROSOFT – Vulnerability patch on Monday

A wolf in sheep's clothing. Could one liken that to your innocent looking USB stick, which if you are a Windows user, may contain more than just your data.....Or how about a representation of some of the MVP "awardee's" - I think it can quite easily be applied to both.

The summer provides many of us with a nice holiday or two and whilst the IT scene seems to dry up a little (in respect of the subjects I like to write about) Microsoft has had its fair share of woes over the last week.   Lets cover one now, another vulnerability of Windows.

Microsoft is issuing a patch on Monday the 2nd of August for a vulnerability found in all versions of Windows (shock, horror, a vulnerability in Windows? Never!)

This is an advance notification of one out-of-band security bulletin that Microsoft is intending to release on August 2, 2010. The bulletin addresses a security vulnerability in all supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, that is currently being exploited in malware attack

You can find that release here: https://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx

Krebs on security reported it as:

a sophisticated new strain of malicious software that piggybacks on USB storage devices and leverages what appears to be a previously unknown security vulnerability in the way Microsoft Windows processes shortcut files.

How much longer are people going to suffer these repeated attacks?  Remember what Dell had to say about Linux? (before the comments were taken down) According to the Microsoft faithful, we should take heart in the fact that it’s because Windows is so well deployed.  I’m sure that’s consolation to the many Windows victims around the world.  Maybe the best way to defend a Windows PC against exploits is to become a Microsoft MVP.😉 According to one their “finest” he’s never been a victim.  I can’t recall any other MVP’s complaining, according to the them everything is just great. (except if you mention the Windows 7 Phone freebie, but we will cover that in another article)

Why do I look repeatedly at the MVP program?  Because I think it is damaging to independent opinion.  Ever seen an MVP champion OO?  Or what about FF over IE?  Lets not forget this MVP,  which after complaining to Microsoft directly, they seem happy to let that individual retain the MVP status.  I think that says it all.  As Ive said many times before, I have no problem with Windows advocates.  I have a problem with underhanded tactics and rather dubious (to me) scheme which retain people’s loyalty.  One such scheme in my opinion is the MVP program.  So take a look at my previous link and see an example of what Microsoft calls “Most Valuable”.

Lets end on part of the closing statement from http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/ (in relation to this new vulnerability)

it could soon become a popular method for spreading malware.

Happy times are here again.  Now Windows malware is not only on your desktop, it’s on that innocent looking USB stick in your pocket.

Goblin – bytes4free@googlemail.com

If you are new to this blog (or have not yet read it) please take time to view the OpenBytes statement, here.

11 Comments Add yours

  1. Robotron 2084 says:

    I never even knew what an MVP was until I saw it repeatedly mentioned by Linux advocates. I can’t say what effect they might have on the business sector, but as a guy who has read tech news on-line for more than a decade, I don’t think they are well known among regular people. I can’t see how they would be any more or less trustworthy than anyone else who takes their support of a company so far as to adopt some title or award from that company. Who could expect any such people to be impartial?

    Removable media has always been a vector for infections. I remember getting goose bumps every time I slipped an unknown floppy in my Amiga. I got burned in China when a virus infected machine wrote to my USB stick. It deleted a folder and created an executable file of the same name with a folder icon to match. Due to my own negligence I clicked it even though I should have noticed the “.EXE” extension. I was in a hurry and I got burned. I managed to clean the infection myself but I’m not sure how Microsoft could have prevented this problem except by asking for double confirmation when launching any executable from removable media. I since took the extra step of using NTFS permissions on my stick.

  2. openbytes says:

    Quote “I never even knew what an MVP was until I saw it repeatedly mentioned by Linux advocates”

    Its because the actions of the MVP’s have been observed by them. CNET, MS-WATCH, here and many other places see them promoting a MS view. That in itself is not a problem, but when you have some who are willing to nymshift and use all manner of tactics to silence opposing views, the allegations of gifting and the “threat” of loosing the MVP title, I would hope you can understand why I think it is such a toxic scheme. Of course there are decent MVP’s….. Winobs is one and you can find him on Twitter.

    Quote “I remember getting goose bumps every time I slipped an unknown floppy in my Amiga”

    And for once we have something in common as I can remember those days. However you had the write protect tab then and in those days most home Amigas didn’t have harddisks so a hard reset after every title would prevent any further infection.

    1. Robotron 2084 says:

      Life is a toxic scheme, but I have to disagree with you on a few Amiga points. Yes, you could write-protect your disks, but some games and software required data to be written back to the disk. Many games included warnings suggesting that you turn the machine off for 30 seconds before running game software to avoid any virus that could survive a warm boot, something that was possible on the Amiga. In Workbench and you had to worry if disks in any other drives were also write-protected, as well as any other disks loaded after a disk you might suspect.

      At least in the USA, more often than not, the Amigas I saw personally had a HD attached. I could be wrong, but I seem to remember a major security flaw was the auto-mounting of Amiga disks. I had heard some viruses took advantage of this to make even inserting the disk without opening it enough to allow the infection to occur. I want to say that fear was overblown, but I know many tricks were possible on Amiga hardware.

      1. openbytes says:

        Lol….I said before if I said a PC ran on electricity you would find a way to disagree.

        Quote “but I have to disagree with you on a few Amiga points. Yes, you could write-protect your disks”

        Few and far between. At the time the only one which did that was in my collection was dungeon Master and if memory served you used a different data disk (a blank floppy) I can’t think of any others…..oh and Frontier…but then I had the original so where would the virus come from?

        Quote “Many games included warnings suggesting that you turn the machine off for 30 seconds before running game software to avoid any virus that could survive a warm boot, something that was possible on the Amiga”

        So was that a problem for you? I did turn my machine off and wait. Workbench was run off a write protected floppy with df1 being my blank data disk for whatever I created (or sometimes the Extra’s disk)

        Quote “At least in the USA, more often than not, the Amigas I saw personally had a HD attached.”

        Fine. In the UK they were not so common and it wasnt until the A1200 that the HD took off on the Amiga platform.

  3. Removable media has always been a vector for infections. I remember getting goose bumps every time I slipped an unknown floppy in my Amiga. I got burned in China when a virus infected machine wrote to my USB stick. It deleted a folder and created an executable file of the same name with a folder icon to match. Due to my own negligence I clicked it even though I should have noticed the “.EXE” extension. I was in a hurry and I got burned. I managed to clean the infection myself but I’m not sure how Microsoft could have prevented this problem except by asking for double confirmation when launching any executable from removable media. I since took the extra step of using NTFS permissions on my stick.

    And that’s why I don’t use Windows anymore. It’s just not worth the trouble. Nothing from Microsoft is worth the trouble – Internet Information Server has an incredibly low marketshare, and it get’s hacked all of the time, while Apache, the industry leader, has very few hacks.

    Microsoft software is a total disaster.

    1. Robotron 2084 says:

      There is little trouble for me. I prefer the design, performance, and software selection available when using Windows. For example, I need to run QQ to keep in touch with people, but the Linux version is outdated and silently crashes (a major pet peeve of mine in Linux). WINE won’t run the Windows version, so that’s no help either. Windows isn’t perfect, and nothing is, but it gives me few troubles in comparison to the alternatives. I’ve yet to see a single product that has universal acceptance.

      I used to work for a website developer that was using IIS. They never had any incidents of hacking, but as far as I understand most instances of hacking occurred due to using either an outdated version or a poorly configured server. Though, I’m having trouble understanding how something can get hacked all the time if it also has an “incredibly low marketshare”.

      1. That’s your choice – I think you are making a terrible mistake myself, I get a lot of calls for help from people, and everyone who calls is running Windows. The people I know who run Linux or OSX don’t have any problems.

        1. openbytes says:

          Mad Hatter, you could say that it was unsafe to jump out of a plane without a parachute and Robotron would find a way to argue it!

          He/she can also make implications without fear of comeback since Robotron doesn’t have a permanent net presence or a point of reference….If things get too toxic they can simply stop using the name Robotron.

          I think readers see that, and my request of Robotron and the work he/she had done was more to try and get Robotron to take personal responsibility for their posts….Im not particularly interested in what Robotron has or hasnt done.

          Just like you Mad Hatter I have to take responsibility for my words, we have both spent much time building up a net presence and a “home” A wrong comment from either of us could be quite costly to what we have spent so long building up. Robotron on the otherhand has no such worries and can do as they please…no risk.

  4. openbytes says:

    Quote “There is little trouble for me”

    Why should there be trouble? You merely have a different preference….

    Quote “I prefer the design, performance, and software selection available when using Windows”

    Design wise, I find as a Linux user I can customize whatever I want….Performance was the exact reason why I moved off a Windows platform….my distro is at warp speed compared to the exact same rig running Windows. Maybe I was unlucky, maybe you are lucky, who knows? It doesn’t matter. Software wise , well nearly all the FOSS packages I have are available for the Windows platform and the one or two Windows packages I run, operate better through Wine than they did through Windows…

    Quote “but the Linux version is outdated and silently crashes (a major pet peeve of mine in Linux)”

    Im not sure what you mean. My Linux distro is updated far more often than Windows and since the majority of users still want to stay with XP, “outdated” is a little rich is it not? Crashes? Every system can crash, anyone who’s used Linux for a long period of time I think would agree that its a damn sight more stable than Windows.

    I wont get into an argument about the reasons why (or why not Linux is more secure than Windows), since its been thrashed to death so often. The fact is Windows exploits and malware ARE a big problem for users.

    If anyone wants to see how secure/safe Windows V Linux is, run both of them on the net for 24 hours without any virus software or firewall, after 24 hours of surfing come back and tell me Windows is the more secure/safe system.

    Robotron, I tackle the Microsoft issue from an angle of highlighting that which is not highlighted, asked or questioned. The final decision any user makes MUST be from their own research and personal preference. I champion Linux/Foss, you may differ but I would hope people would listen to neither of us and form their own balanced opinion.

    I’m happy to let users decide, why do people who post less than favourable opinions about Microsoft get attacked so harshly? Where’s Apple advocates? Could it be that Linux, is actually relevant and a concern for people trying to push a system which has “new” features that have been enjoyed by Linux /alternatives users for years?

    I’ll end on market share is irrelevant in terms of how good a product is. Theres less Bentleys on the road than Lada’s….I know which one I’d rather have.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s