Archive for the ‘Best Practices’ Category

Microsoft warned about zero-day vulnerability in Microsoft Word that is being actively exploited in targeted attacks and discovered by the Google security team. At this time limited targeted attacks directed at Microsoft Word 2010. According to Microsoft’s security advisory, Microsoft Word is vulnerable to remote code execution vulnerability (CVE-2014-1761) that can be exploited by a specially crafted Rich Text Format (RTF).

An Attacker can simply infect the victim’s system with malware if a user opens a malicious Rich Text Format (RTF), or merely preview the message in Microsoft Outlook. The issue is caused when Microsoft Word parses specially crafted RTF-formatted data causing system memory to become corrupted in such a way that an attacker could execute arbitrary code. Microsoft acknowledged that remote code execution flaw also exists in Microsoft Word 2003, 2007, 2013, Word Viewer and Office for Mac 2011. Microsoft is working on an official patch, which will be released with the next Patch Tuesday security updates on April 8. But in the meantime, Windows users can use temporary ‘Fix It’ tool to patch this vulnerability and also can install Enhanced Mitigation Experience Toolkit (EMET) tool that can mitigate this vulnerability.

Do not download .RTF files from the suspicious websites, and do not open or preview .RTF email attachments from strangers.

Advertisements

Adobe released an emergency update today for its Flash Player to guard against a zero-day exploit, which could allow attackers to gain remote access to an affected machine. The security flaw has been elevated to “critical” status, which is Adobe’s highest threat level. Ars Technica reports the exploit can be triggered by “underlying code that could be exploited to execute arbitrary code” if a person navigates to a malicious site hosting an attack.

Windows and Mac users are affected by this zero-day exploit if running Adobe FLash Player 12.0.0.43 and earlier versions. Linux users are also affected if running 11.2.202.335 or earlier versions of Flash Player. Users running Google Chrome or Internet Explorer 10/11 will automatically be updated to the latest Adobe Flash Player version, 12.0.0.44, which will be bundled with the browser. Other users are advised to install the update as soon as possible.

Source: Adobe , softonic

Microsoft has announced Patch Tuesday for this July Month, with seven bulletins. Out of that, one is important kernel privilege escalation flaw and six critical Remote Code Execution vulnerabilities.
Patch will address vulnerabilities in Microsoft Windows, .Net Framework, Silverlight and will apply to all versions ofInternet Explorer from IE6 on Windows XP to IE10 on Windows 8.

Often targeted by attackers to perform drive-by malware download attacks, remote code execution flaws allow an attacker to crash an application and launch malware payloads often without any sort of notification or interaction form the user.

The Windows 8 maker is also patching a kernel vulnerability disclosed at the beginning of June by Google researcher Tavis Ormandy. The issue is to do with Windows kernel’s EPATHOBJ::pprFlattenRec function (CVE-2013-3660) and after Ormandy released the exploit code, Metasploit module was developed to exploit the bug.

1. Vulnerability assessments

Network scanners can use databases of known vulnerabilities to check for anything that might present a risk to your systems. Update that database regularly since new vulnerabilities are discovered all the time.

2. Port scans

A port scanner is a very fast way to determine what sort of systems are running on your network, and are probably the most common sort of recon you will see. Determine what should be accessible on your network from the Internet, validate that with a port scanner, and then use a combination of firewall rule cleanup and system hardening to shut down anything that doesn’t belong.

3. Default password access

There’s a reason there are tens of thousands of default password lists on the Internet-they make for a very easy way to get in. Don’t make it easy for an attacker. Make sure everything on your network has been configured with a strong password to prevent unauthorized access.

4. Running services

To compromise a service, it first has to be running. Every server has to run certain services, otherwise it’s just a space heater, but many run unneeded services either because they are on by default, or the admin who set it up didn’t know any better. Use your network scanner to find all running services, and then shut down the ones that are not needed.

5. Remote access

Speaking of default passwords, in about half of the security audits I have performed for customers, I have found remote access software that they didn’t know about, running on systems that made it very easy to get in. Use your network scanner to find all of the Telnet, SSH, RDP, GoToMyPC, LogMeIn, PCAnywhere and other applications that can provide remote access to a system, and shut down all the ones that shouldn’t be there. Finding all those “secret” ways in, and closing up the unapproved ones, will greatly reduce the risks to your network.

Using a network scanner, set up a regular schedule of scanning your systems for these five critical checks. Scan from the outside to see what the firewall cannot stop, and scan from the internal network so you understand just how much damage an inside threat can cause. Knowing your systems the way an attacker will, helps you to ensure everything is safe.

Microsoft has released an advance notification of 9 security bulletins that it plans to release on April 9, 2013. Microsoft said it will patch nine vulnerabilities in total and two of them rated critical and that of the remaining 7 as Important.

The critical vulnerabilities are remote code execution issues. First vulnerability affects Microsoft Windows and Internet Explorer while the second vulnerability affects Microsoft Windows.

The vulnerability will fix a flaw that allows a drive-by attack, which hackers can exploit to attack machines running the software using malware loaded websites. Earlier this year, Microsoft released an emergency update for Internet Explorer after all the commotion about the security holes in Java. The update aimed to patch a security vulnerability in Internet Explorer that is being used for attacks on government contractors and other organisations.
The remaining 7 vulnerabilities pertain to issues affecting Microsoft Office, Microsoft Server Software and Microsoft Windows. Microsoft will host a webcast to address customer questions on the security bulletins on April 10, 2013, at 11:00 AM Pacific Time (US & Canada).

Microsoft is expected to issue seven bulletins affecting all versions of its Windows operating system (OS), some Office components and also Mac OS X, through Silverlight and Office and 4 out of 7 are critical patches.

  • Critical : The first bulletin will address a remote code execution vulnerability affecting Windows and Internet Explorer.
  • Critical : The second bulletin addresses a remote code execution vulnerability affecting Microsoft Silverlight.
  • Critical : The third bulletin addresses a remote code execution vulnerability affecting Office.
  • The fourth security bulletin addresses a critical elevation of privilege vulnerability affecting both the Office and Server suites.
  • Important : The fifth and sixth security bulletins address an information disclosure vulnerability affecting Microsoft Office
  • The last bulletin again addresses an elevation of privilege vulnerability affecting Windows.
Microsoft and other software vendors likely to release further patch updates soon, following the  PWN2OWN competition that concluded earlier this month, which saw security researchers break the security of a number of applications. In fact over the last three months, there has been an IE update every month.
If you have Windows Update set to automatic, critical patches will be installed automatically while important patches must be installed manually.

Microsoft Sri Lanka Buy Genuine

Each year, millions of consumers and small businesses worldwide are hurt by counterfeit software they have purchased unwittingly, and many companies that sell legitimate software have difficulty competing with low “too good to be true” prices offered by software counterfeiters. Many consumers still end up with counterfeit copies of Microsoft software and are unwitting victims of a crime. These consumers believe they purchased a properly licensed copy and often have the documents to back this up, but their copy is not properly licensed.

In addition, counterfeit software is increasingly becoming a vehicle for the distribution of viruses and malware that can target unsuspecting users, potentially exposing them to identity theft and corruption or loss of personal or business data.

Don’t fall victim to software piracy

Each year, millions of consumers and small businesses worldwide are hurt by counterfeit software they have purchased unwittingly, and many companies that sell legitimate software have difficulty competing with low “too good to be true” prices offered by software counterfeiters. Many consumers still end up with counterfeit copies of Microsoft software and are unwitting victims of a crime. These consumers believe they purchased a properly licensed copy and often have the documents to back this up, but their copy is not properly licensed.

In addition, counterfeit software is increasingly becoming a vehicle for the distribution of viruses and malware that can target unsuspecting users, potentially exposing them to identity theft and corruption or loss of personal or business data.

Buy Genuine Software

When you consider that a high percentage of software in use in Sri Lanka is illegally copied, you begin to see the scope of the problem. There are the costs to businesses and agencies using pirated software: higher total cost of PC ownership; lack of technical support; software incompatibility; viruses; and, in the worst cases, legal costs and fines. And what about the rising cost of honesty? Piracy puts the honest software reseller on an uneven playing field, often bidding against competitors who use illegal products as a price weapon. Unchecked, these practices destroy honourable businesses, handing huge portions of the PC distribution channel to pirates.

What is Software Piracy?

Software Piracy occurs in many forms. It is important to understand the different ways software is pirated, not just to comply with the law but to protect yourself and your computer. Common types of piracy:

End user or corporate copying: When the number of copies of software installed on PCs exceeds the number of licenses held for that relevant software.

Counterfeiting: The unauthorised use of Microsoft’s trademarks for example reproducing Microsoft? software or packaging, where buyers are deliberately misled into believing the product they are buying is genuine.

Hard disk loading: When a new or second-hand PC has Microsoft? software installed but has been supplied without the original disks, Certificate of Authenticity, End User License Agreement, or the operating manual for the software installed on that PC.

Mis-channelling: Software that has been distributed under special discount licenses and then redistributed to others who do not qualify for these licenses. Try to buy locally to avoid scams from other regions. Software is often stolen in one region and sold cheaply in another.

Beware of internet piracy

During the past few years, the use of the Internet to distribute pirated software has grown – threatening customers and legitimate Internet businesses. Distinguishing pirated software on the Internet is extremely difficult because you can’t check the product for physical warning signs or even see the person you’re buying from. Many people who try to buy software over the Internet never even receive the programs they’ve ordered. Others find they are unable to get their money back if they discover that the software is pirated. Microsoft does not authorize any other Web sites to offer downloads of Microsoft software. Some of these counterfeit downloads may include viruses or broken code. The only way to download genuine Microsoft software is through Microsoft.com

How will genuine software benefit you?

The capabilities you expect: With genuine software, you receive the real product, complete and fit for the use intended – not an imitation. Your system will deliver the features, options, and performance you need to maximize your productivity and enjoyment.

Support is there when you need it: Genuine software is eligible for technical support. If there are any problems with the product or if you need help, you can contact Microsoft or one of its partners for the support you need.

Ongoing improvements: you’ll get access to updates, enhancements, and innovations that help you do more with your PC.

Confidence and peace of mind: your software is authentic, properly licensed, and you know that your business does not have to be concerned about legal troubles associated with pirated software.

Your genuine software is secure software: Using genuine software is an important part of keeping systems secure and running smoothly, because it means continued access to the latest security enhancements and product updates.

Your reputation is safe: Using genuine software is part of maintaining a professional reputation among friends, customers, partners and employees.

Windows Genuine Advantage

Microsoft Genuine Advantage programs, including Windows Genuine Advantage (WGA), provide technologies that help you determine whether or not your copy of Windows is genuine, including product activation and validation. Both help you ensure that your copy of Windows is genuine and properly licensed. You can rest assured Genuine Windows software is published by Microsoft, and supported by Microsoft or an authorized partner, giving you full capabilities, access to all the latest updates, and confidence that you are getting the experience you expect. Microsoft values your privacy and does not use any information collected to contact you or identify you.

You can find out if you’re running genuine by clicking Validate Windows on http://www.microsoft.com/genuine

WGA Notifications

Windows Genuine Advantage Notifications is a program that helps Microsoft fight software piracy and helps you validate that the copy of Microsoft Windows XP installed on your computer is genuine and properly licensed.

If your copy is not genuine, WGA Notifications will provide periodic reminders to help you take the appropriate action. It’s part of Microsoft’s commitment to fight software counterfeiting and help you avoid problems before they happen.

Software piracy is a worldwide problem that affects Microsoft, consumers, partners, and the broad industry. Unlike a pirated or counterfeit copy, a genuine copy of Windows XP is backed by Microsoft or a trusted partner, and comes with the features and performance you’d expect. Recent research shows that acquiring and using counterfeit software can be risky. Installing the latest WGA Notifications can keep your system up to date and alert you to the presence of counterfeit.

Proof of genuine licensed software

Commonly, businesses inadvertently throw away valuable documentation relating to proof of purchase such as receipts. It is extremely important that you are able to prove that your organisation has valid licences for all of its software assets. Failure to do so may result in legal action, the outcome of which may require your organisation to purchase new licences. To satisfy proof of purchase and your legal right to use the software, you should keep track of your software inventory and ensure that your organisation always has the following:

Original media (CD ROM and/or diskettes)

A licensing document, often called an “End-User Licence Agreement” (EULA)

Certificate of authenticity

Manuals and user guides

Printed copies of any license agreements entered into online

Keep invoices and receipts that show original purchase dates. In the event of an investigation, you may need these.

Tips for buying software

Here are some smart tips to help you shop safely:

Be aware that not everyone is as honest as you are. Pirated software is widely available. Get full company addresses and phone numbers up front.
Avoid doing business with companies or individuals who won’t verify their identity and full business name or provide a physical street address and telephone number for follow-up after the purchase has occurred. Always ask for full details regarding returns, service and warranty policies.

Avoid purchasing from distributors who are unwilling or unable to provide adequate or satisfactory descriptions of these policies.
Keep records. Keep the invoice and any other receipts or related documents, and keep them until the software arrives and proves satisfactory.

Be wary of bargain prices. If the price seems too good to be true, then it probably is. As a guide, check the offer against the publisher’s recommended or estimated retail price (note: Reseller prices may vary). It’s all right if the price is lower, but be wary if it’s too much lower.

Be cautious of distributors that offer unusual inventory explanations. These include references to special deals, and liquidation or bankruptcy sales. Software pirates often use these types of phrases to fool people into believing that they are getting genuine product. If in doubt, call the software publisher.The publisher will provide details about what you should receive when you acquire the software and will give an indication of the price range.

Tips for safe Internet shopping

Be on the look out for spam emails, unsolicited commercial email otherwise known as junk mail, offering software prices that are too good to be true. There is a high risk that these software titles are unauthorised or pirated. Be cautious about offers requesting the wiring of money to foreign banking institutions. Be wary of software shipping into Sri Lanka from overseas. Be careful of pirated software that may contain hidden viruses and worms that a hacker could use to take control of your computer or steal your personal information.

Software Asset Management

Besides implement the tips for buying software given above, you could implement Software Asset Management Guidelines. With proper Software Asset Management (SAM), you know what you have, license only what you need, and use your software assets effectively.
A clear understanding of your software assets will ensure that you are able to budget for software more effectively, procure software from your publisher at the best possible price, eliminate unwanted applications and ensure that you and your company stay within the prevailing laws in Sri Lanka.

This is what you can do:

Create a written company policy regarding the acquisition and storage of software. Communicate the policy clearly to all employees who purchase, manage, or use software in the organization. For a suggested policy, visit http://www.bsa.org and download the “Guide to Software Management”.

Clearly identify a software asset manager, who is responsible for ensuring that the policy is understood, implemented, and followed.

Conduct a software audit, first counting all the PC’s in your company and then taking an inventory of the software installed on them. You’ll need all the software product names, version numbers, and serial numbers.

Announce a piracy prevention policy to keep your organization in line with the IPR Act 2003; then keep watch on your PC’s to ensure that suspect software does not find its way in.

Software Asset Management allows you to:

Work more efficiently – multi-versions of software may be hampering business processes

Save money – avoid overbuying and check you have the most cost-effective program

Justify software investments – understand the value and be able to identify your needs;

Peace of mind – know what you have and where it is, and that your software is appropriate and safe

Keep your data safe, optimise deployment, improve employee satisfaction and business performance

For more information on SAM, please visit http://www.microsoft.com/resources/sam/default.mspx

Examples of Counterfeit Software

Counterfeit software is the result of unauthorized copying, reproduction, or manufacture of software products. Counterfeit software often looks authentic and is sometimes distributed in packaging that imitates the original manufacturer’s packaging.

The Counterfeit Gallery

The Counterfeit Gallery shows examples of counterfeit software in three categories (low-grade, mid-grade, and high-grade counterfeits). The more you know about counterfeit software, the easier it will be for you to ensure you always purchase genuine Microsoft software.

Launch the Counterfeit Software Gallery now.

Source: http://www.microsoft.com/srilanka/BuyGenuine.aspx