Posts Tagged ‘Microsoft’

Microsoft has announced the Windows XP end of support date of April 8, 2014. After this date, Windows XP will no longer be a supported operating system*. To help organizations complete their migrations, Microsoft will continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015.

This does not affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures.

For enterprise customers, this applies to System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP. For consumers, this applies to Microsoft Security Essentials.

Our research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited. Running a well-protected solution starts with using modern software and hardware designed to help protect against today’s threat landscape.

Microsoft recommends best practices to protect your PC such as:

  • Using modern software that has advanced security technologies and is supported with regular security updates,
  • Regularly applying security updates for all software installed,
  • Running up-to-date anti-virus software.

Our goal is to provide great antimalware solutions for our consumer and business customers. We will continue to work with our customers and partners in doing so, and help our customers complete their migrations as Windows XP end of life approaches.

Source: Technet.com

It’s that time of the month again, with Microsoft Patch Tuesday just 24 hours away.

In point form, August 2013 brings you:

  • Eight bulletins
  • Three critical due to potential remote code execution
  • Critical #1: All Internet Explorer versions from 6 to 10
  • Critical #2: Exchange Server versions 2007, 2010 and 2013
  • Critical #3: Windows itself, but only XP and Server 2003
  • Patches for Server Core, but none critical
  • Reboot required

It’s hard to say just how severe (or how widely exploited, if at all) any of the critical vulnerabilities are, since Microsoft plays its cards close to its chest until the patches actually ship.

And even though some of the bulletins are listed with a Restart Requirement of “maybe,” you should assume you’ll be rebooting every Windows box within your remit.

That’s because all your systems will either have Internet Explorer on them, or be Server Core installs.

Both of those require a reboot.

As usual, SophosLabs will be publishing its own vulnerability assessments once Microsoft has officially issued its updates. (Redmond always gets to go first. Understandably, that’s the way it is.)

Although Naked Security generally recommends getting a move on with patching, lest you get sucked into a Change Control Resistance Vortex, SophosLabs gives you a Threat Level assessment for each patch.

All other things being equal, if you have to delay one or more of the eight Bulletins, the Threat Level helps you choose by assessing the likelihood that each security hole will be actively exploited.

Source : NakedSecurity.sophos.com

Microsoft has announced Patch Tuesday for this July Month, with seven bulletins. Out of that, one is important kernel privilege escalation flaw and six critical Remote Code Execution vulnerabilities.
Patch will address vulnerabilities in Microsoft Windows, .Net Framework, Silverlight and will apply to all versions ofInternet Explorer from IE6 on Windows XP to IE10 on Windows 8.

Often targeted by attackers to perform drive-by malware download attacks, remote code execution flaws allow an attacker to crash an application and launch malware payloads often without any sort of notification or interaction form the user.

The Windows 8 maker is also patching a kernel vulnerability disclosed at the beginning of June by Google researcher Tavis Ormandy. The issue is to do with Windows kernel’s EPATHOBJ::pprFlattenRec function (CVE-2013-3660) and after Ormandy released the exploit code, Metasploit module was developed to exploit the bug.

Microsoft has released an advance notification of 9 security bulletins that it plans to release on April 9, 2013. Microsoft said it will patch nine vulnerabilities in total and two of them rated critical and that of the remaining 7 as Important.

The critical vulnerabilities are remote code execution issues. First vulnerability affects Microsoft Windows and Internet Explorer while the second vulnerability affects Microsoft Windows.

The vulnerability will fix a flaw that allows a drive-by attack, which hackers can exploit to attack machines running the software using malware loaded websites. Earlier this year, Microsoft released an emergency update for Internet Explorer after all the commotion about the security holes in Java. The update aimed to patch a security vulnerability in Internet Explorer that is being used for attacks on government contractors and other organisations.
The remaining 7 vulnerabilities pertain to issues affecting Microsoft Office, Microsoft Server Software and Microsoft Windows. Microsoft will host a webcast to address customer questions on the security bulletins on April 10, 2013, at 11:00 AM Pacific Time (US & Canada).

Microsoft is expected to issue seven bulletins affecting all versions of its Windows operating system (OS), some Office components and also Mac OS X, through Silverlight and Office and 4 out of 7 are critical patches.

  • Critical : The first bulletin will address a remote code execution vulnerability affecting Windows and Internet Explorer.
  • Critical : The second bulletin addresses a remote code execution vulnerability affecting Microsoft Silverlight.
  • Critical : The third bulletin addresses a remote code execution vulnerability affecting Office.
  • The fourth security bulletin addresses a critical elevation of privilege vulnerability affecting both the Office and Server suites.
  • Important : The fifth and sixth security bulletins address an information disclosure vulnerability affecting Microsoft Office
  • The last bulletin again addresses an elevation of privilege vulnerability affecting Windows.
Microsoft and other software vendors likely to release further patch updates soon, following the  PWN2OWN competition that concluded earlier this month, which saw security researchers break the security of a number of applications. In fact over the last three months, there has been an IE update every month.
If you have Windows Update set to automatic, critical patches will be installed automatically while important patches must be installed manually.

Microsoft’s free Security Essentials antivirus tool has failed the approval process from a leading antivirus test lab, a stinging rebuke for Microsoft’s security efforts.

Microsoft, for its part, essentially claimed that the tests were unfair, and that the malware that its software didn’t detect affected just 0.0033 percent (or just over three one-thousandths of one percent) of its user base.

The good news is that there are numerous free antivirus solutions for Windows users, so those that worry if their data is safe can download a replacement while Microsoft and AV-test.org, the lab that performed the test, hash out a resolution. But those that have criticized Microsoft’s security efforts will also find fresh ammunition in AV-test.org’s results.

Microsoft’s Security Essentials antivirus for Windows XP, Vista, and Windows 7 is a free add-on to Windows Defender, which blocks adware and spyware on Windows. (Windows 8 includes an improved version of Windows Defender, which blocks malware, too.) Microsoft launched Security Essentials in 2008. Security Essentials replaced Windows Live OneCare suite, which didn’t do too much for users, either. Essentially, Essentials provided basic protection for users, including those in emerging regions, Microsoft said, who apparently couldn’t figure out how to download and install free antivirus software from Avira, AVG, or others.

Each year, two leading antivirus test labs, AV-test.org and AV-comparatives.org, download and test both free and paid antivirus solutions and run them through rigorous tests of how they detect, respond to, and clean up infected PCs. AV-test.org also evaluated each product for how easy it was to use.

The vast majority – 23 of 26 – of antivirus solutions AV-test.org evaluated in the November-December time frame were awarded an “AVtest Certified” logo. The exceptions were AhnLab’s V3 Internet Security 8.0, PC Tools Internet Security 2012, and Microsoft.

The lab didn’t explain why Microsoft failed to earn its approval, but one metric offers a clue: in November, Security Essentials only detected and caught 71 percent of so-called “zero-day” malware, or worms and viruses that have not been previously released into the wild. The industry average was 92 percent, meaning that if you used Microsoft’s product as your PC’s immune system, you’d stand a much better chance of catching something nasty as you crawled the Web. Security Essentials also trailed other providers in detecting a “representative set of malware” discovered in the last two to three months.

In a blog post, Microsoft defended its product. “Our review showed that 0.0033 percent of our Microsoft Security Essentials and Microsoft Forefront Endpoint Protection customers were impacted by malware samples not detected during the test,” its Malware Protection Team wrote. “In addition, 94 percent of the malware samples not detected during the test didn’t impact our customers.”

Microsoft also said that it designed its protection to meet “prevalence and customer impact” metrics, another way of saying that it sought to protect the most customers from the most common malware. Microsoft’s team also defended its poor zero-day showing, claiming that it knew from “telemetry,” or reports from hundreds of millions of systems around the world, that “99.997 percent of our customers hit with any 0-day did not encounter the malware samples tested in this test.” Finally, Microsoft also accused AV-test.org of crafting special test cases that aren’t in line with the real world.

That all may be true. A typical Windows Security Essentials user may be someone who visits Facebook daily, checks email, reads a sports score or a blog, and does little else. But Security Essentials users are just as prone to click a suspicious link, or respond to an instant message, or do all the inadvisable but common Internet behaviors that lead to trouble. A few months ago, my wife, who worked in business development for a major Internet security firm, carelessly tripped on some socially-engineered malware on one of our Windows machines while surfing one night. Accidents happen.

Microsoft’s blog post goes into more of the percentages analysis, which you can explore if you want. But here’s the bottom line: Microsoft failed where the vast majority of other antivirus vendors succeeded.

Microsoft’s explanation may be valid, as is its commitment to eliminate the 0.0033 percent of malware it missed. But that doesn’t mean that it’s excused from releasing what a respected test lab refers to as a sub-par product. For now, I’d follow AV-test.org’s lead, uninstall Security Essentials, and replace it with another, comparable antivirus product that does the job.

Source: http://www.readwrite.com

As Windows 8 in conjunction with an antivirus solution can block rootkit-based malware via ELAM technology and the SafeBoot option stops bootkit interference, Trojans and worms are the most likely to work out of the box if not detected when they get copied on the computer.

With every new operating system release since Windows Vista, Microsoft has sought to preserve backwards compatibility with previous operating systems. This compatibility extends to malicious software that, ever since the introduction of User Account Control, has been designed to run in user-accessible locations such as the temporary folder, the Application Data directory or even the Desktop and the Downloads folders.

The test on Windows 8 confirmed that most Trojans, once they reach the PC, can run without any compatibility issues. Among the most dangerous applications that ran smoothly on Windows 8 were backdoors and password-stealing applications.

Source : http://www.hotforsecurity.com