Windows updates for June 2014

Tuesday June 10, 2014 - Microsoft released a rather large number of updates for Windows. A total of 59 updates were released with 7 being labeled as CRITIAL. These updates are expected to address over 60 vulnerabilities that have been discovered. Below is a list of a few of the updates. The information listed below comes from ZDNet. For more information about this round of updates go to http://www.zdnet.com/large-internet-explorer-update-headlines-june-patch-tuesday-7000030390/ for the full article.
  • MS14-030: Vulnerability in Remote Desktop Could Allow Tampering (2969259) — This is an unusual vulnerability, which could allow an attacker to modify the traffic content of an active RDP session. It is blocked by Network Level Authentication (NLA) and good firewall practices and, in any case, Microsoft considers it unlikely that successful exploit code could be written.
  • MS14-031: Vulnerability in TCP Protocol Could Allow Denial of Service (2962478) — An attacker could cause a system to stop responding. Microsoft considers it unlikely that successful exploit code could be written.
  • MS14-032: Vulnerability in Microsoft Lync Server Could Allow Information Disclosure (2969258) — Lync Server content could potentially execute scripts in the user's browser to obtain information from web sessions. Microsoft considers it unlikely that successful exploit code could be written.
  • MS14-033: Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2966061) — XML processing could allow an attacker access to more information than is proper. Microsoft considers it unlikely that successful exploit code could be written.
  • MS14-034: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261) — Word's handling of embedded fonts could be abused to give an attacker remote code execution with the same privileges as the user running Word.
Microsoft also released numerous non-security updates today. The vast majority are for Windows 8 and 8.1, a few for Windows RT and Windows Server 2012 and two for Windows 7 and Windows Server 2008 R2. A new version of the Microsoft Malicious Software Removal Tool is also available, and runs automatically when users run Windows Update. The new version adds detection and removal for Win32/Necurs, a sophisticated rootkit that puts great effort into combating security software.

Cryptolocker has returned

 

The management of Computrs Inc. has strenuously attempted to alert as many clients as possible to be wary of this infection since October 2013. Three of our client have been attacked by it. Countless others have been notified about this. Many were protected with a batch file that was created by a programmer to block the installation of Cryptolocker. Now comes news that Cryptolocker may have something is store for us in two weeks. Computrs Inc. is recommending running a scan from SOPHOS which they claim will remove files from this Ransomware infection before it becomes an issue. Below is  a more in depth article from Techweekeurope regarding Cryptolocker.

http://www.techweekeurope.co.uk/comment/cryptolocker-two-weeks-protection-146628

 

A 2 Week Deadline To Clean Zeus And Cryptolocker.

Police say sers have two weeks to rid their machines of Cryptolocker and Zeus Gameover. That means the crooks are coming back, says Tom Brewster
On June 3, 2014 by Thomas Brewster 0
Global law enforcement bodies came together last week in an operation designed to disrupt two of the most pesky pieces of malware on the planet: Gameover Zeus and Cryptolocker. Gameover Zeus, the alleged creator of whom, Evgeniy Bogacheve is now on the FBI’s Most Wanted list, was both pilfering people’s banking data and dropping the aggressive ransomware Cryptolocker. The latter was one of the most significant malware plagues of the last year, as it locked hundreds of thousands out of their machines and demanded payment of one Bitcoin. The police effectively sinkholed the entire Gameover Zeus botnet infrastructure and took control of Cryptolocker command and control servers, thereby disrupting both malware operations. It was a big day for the “good guys”.

Why two weeks?

CryptoLocker_20131120_SendcoinstoBut the UK’s National Cyber Crime Unit put out a somewhat perplexing piece of advice: users have two weeks to rid their machines of Gameover and Cryptolocker, whilst getting a decent anti-virus to protect themselves in the future. People rightly asked, why two weeks? What happens in 14 days? The answer is the two weeks was something of an estimate – a guess at how long it would take the criminal hackers to regain control of their bots. It could be more, it could be less. Either way, the advice people should take is the same advice security experts have been giving out for years: get protected as soon as possible if you aren’t already, always update your Windows OS (or whatever OS you’re using), scan your machine regularly and back-up your stuff. What police have done is admirable and worthwhile, as any operation is that educates people and scares them into taking action to protect against malware. In doing so, the general public can help make the Gameover and Cryptolocker operations considerably less profitable for the crooks running them.

Cryptolocker is dead. Long live Cryptolocker

Yet we should also be slightly perturbed by that two-week figure. It’s a fairly short window of opportunity and proves that sinkholing operations, which saw “key nodes” in the peer-to-peer network of Gameover taken over, don’t bring down cyber criminal operations. Only arrests can do that and even then malware can always make a comeback. Code is rather difficult to kill. And unfortunately, with no extradition agreement in place with Russia, it’s unlikely that the alleged mastermind of GameOver Zeus, Evgeniy Bogachev will actually be arrested any time soon. The advice to use anti-virus might also bring a false sense of security. It’s likely the malware creators will tweak their code, or use encryption services that obfuscate binaries. That will render AV almost ineffective at blocking new strains of Gameover and Cryptolocker. As Lucas Zaichkowsky, enterprise defense architect at AccessData, tells me, “there are severe limitations” with relying on AV. “I’ve rarely seen antivirus software catch new samples of ZeuS as they emerge. However, as antivirus definitions update, they have a fighting chance of removing the botnet malware anywhere from hours to days after infection.” Others don’t believe AV will work at all in protecting against new versions of the malware. “For years the antivirus industry has been promoting a flawed product to the mass market as a protection product – a huge con. As a result, there are millions of business and home users who think that they are safe online, just by running an antivirus product – this is madness! Traditional antivirus products do not and can not protect you from new malware like Cryptolocker that they can’t detect – what Donald Rumsfeld would call ‘unknown unknowns’,” says CEO of security company Comodo Melih Abdulhayoglu. This is hyperbole, of course. Whilst businesses should be doing a lot more than relying on AV, the reality for consumers is that it’s one of the few forms of anti-malware technology available to them. And if it has a fighting chance of protecting them, it’s wholly necessary. It just won’t help bring about the ultimate death of Gameover or Cryptolocker, regardless of what happens over the next two weeks. What do you know about Internet security? Find out with our quiz!

Has the Cryptolocker Ransomware infection been stopped?

After nearly a year of fear and intimidation the joint task forces from many nations have finally moved on the people behind the CryptoLocker infection.

What happens next?

The next stage - the part of the operation that is the duty of all of us - is to dismantle the rest of the botnet, by progressively disinfecting all the zombie-infected computers that made the Gameover and Cryptolocker "business empires" possible in the first place. US-CERT has come up with a whole list of free tools so you can do just that, and (if you are the go-to person for IT problems amongst your friends and family) so that you can help others, too. I'm delighted to say that the Sophos Virus Removal Tool is amongst the recommended cleanup utilties. It's a free download; you don't have to uninstall your existing anti-virus first; and it detects and cleans the same malware, including rootkits, that Sophos Anti-Virus knows about, not just CryptoLocker. Why not try it and see by scanning your home PCs today? As we've said before, if you don't make an effort to clean up malware from your own computer, you aren't part of the solution, you're part of the problem.