Information Security Philippines

Viruses and threats are changing.

They are now more dangerous than ever. They are more discreet. They are faster. They are frequently designed to steal confidential information or money. They can even be ‘tailor-made’ to target each victim.

Malware Radar is a revolutionary breakthrough scanning technology developed by Panda Software.  Malware Radar has found banks, Fortune 500 companies, small businesses, and even government agencies infected with hidden malicious programs actively stealing information despite being “protected” by what they thought were the best antivirus and Internet security measures available.

Fast, comprehensive, and easy to use:

•     Works online - nothing to install
•     Finds and completely removes hidden malware
•     Works with all antivirus and security programs (does NOT replace them)
•     Leaves no trace on system after scan
•     Produces full comprehensive reports on system vulnerabilities and malware found

Take Malware Radar for a spin to get an automated malware audit.

Microsoft has released a free tool called Microsoft Office Isolated Conversion Environment, or MOICE, to help protect users from malware placed in Office files, a vector of attack that has recently gained popularity. 

MOICE converts Word, Excel and PowerPoint docs to their OpenXML counterparts and opens them in a quarantined environment to protect users’ computers from embedded malicious payloads designed to exploit holes in Microsoft Office. 

MOICE works in tandem with the File Block, a tool that allows administrators to establish group policies regarding users’ permissions to open certain file types.  Both tools work out of the box with Microsoft ffice 2007. 

Microsoft Office 2003 users need to install the Compatibility Pack for Word, Excel and PowerPoint 2007 Office File Formats first. 

There currently is no protection offered for users running versions prior to Microsof Office 2003.

http://support.microsoft.com/kb/935865

The Microsoft Threat Analysis & Modeling tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as:

- Data access control matrix
- Component access control matrix
- Subject-object matrix
- Data Flow
- Call Flow
- Trust Flow
- Attack Surface
- Focused reports

Download from Microsoft

National Cyber Alert System
Technical Cyber Security Alert TA07-089A
Microsoft Windows ANI header stack buffer overflow

Original release date: March 30, 2007
Last revised: –
Source: US-CERT

Systems Affected

Microsoft Windows 2000, XP, Server 2003, and Vista are affected. Applications that provide attack vectors include:

* Microsoft Internet Explorer
* Microsoft Outlook
* Microsoft Outlook Express
* Microsoft Windows Mail
* Microsoft Windows Explorer (more…)

Microsoft on Thursday released an upgrade to its Windows Defender application, raising the version number from 1.1 to 7.0. The reason behind the version change is not clear, although the release does bring a redesigned user interface and new malware detection engine.

Windows Defender supports 64-bit operating systems, but no longer runs on Windows 2000, because Microsoft says the aging operating system has left mainstream support. WGA checking will also be enforced, meaning that Windows Defender will only remove “Severe” threats from computers that do not pass validation.

System Requirements:
- Supported Operating Systems: Windows Server 2003 Service Pack 1; Windows XP Service Pack 2
- Windows Defender no longer supports Windows 2000 as it went out of mainstream support in June 2005.

********************************************************************

Title: Microsoft Security Bulletin Summary for March 2007

Issued: March 13, 2007 Version Number: 1.0 Bulletin Summary: http://go.microsoft.com/fwlink/?LinkId=85543 ********************************************************************

Summary:

========

Microsoft has not released any security bulletins on March 13, 2007.

Microsoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance.

Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.

MBSA is currently in v2.1 Beta. Version 2.0 is the stable version; Version 2.1 includes support for Windows Vista.

Download Microsoft Baseline Security Analyzer 2.1 Beta 

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net - WindowsIT Pro

Rootkits are a growing problem, and as you might expect, the list of tools that can help you prevent rootkit infiltration is also growing.

The list of standalone tools that can help with rootkit detection and removal is also expanding. This week, I give you a list of the standalone detection and removal tools that I know about.

The alphabetical list below can be a resource to help you add some useful tools to your security toolkit. As with antivirus and antispyware tools, using multiple rootkit detection and removal tools is a good idea because not every tool can detect and remove every rootkit.

Of the tools listed, I’ve used RootkitRevealer, F-Secure BlackLight, Sophos Anti-Rootkit, and IceSword, all of which are from entities that I’m familiar with and trust to some extent or other.

(more…)

Microsoft is disputing claims of a zero-day flaw in its PowerPoint application that could allow remote code execution.

“Microsoft’s initial investigation has revealed that this is not a new zero-day vulnerability,” says a Microsoft spokesman. “Microsoft is actively working in conjunction with MSRA partners to verify those findings and will provide additional information and customer guidance once the investigation is complete.”

However, the flaw, whether zero-day or otherwise, appears to be the target of a Trojan.

(more…)

eEye Digital Security uncovered a new security vulnerability in IE 6.0 Service Pack 1 when it began investigating reports that IE patched with the latest cumulative fix was crashing when browsing some Web sites. The group found that the patch, issued Aug. 8, was the source of a new security flaw that allows an attacker to run code with the same permissions as the logged-on user.

Microsoft privately issued a patch for the newly introduced flaw on Aug. 11 and had planned to release the patch for general distribution today. The updated advisory and patch will be available here, likely next week, researchers say.

“Due to an issue discovered in final testing that impacts a customer’s ability to broadly deploy the update, Microsoft will not be re-releasing MS06-042 today,” says a Microsoft spokesman. “Microsoft will re-release the update for those customers running Internet Explorer 6 Service Pack 1 when that issue is resolved.”

(more…)