Observatório Bíblico

Microsoft detecta oito falhas críticas no Windows

A Microsoft informou nesta terça-feira ter detectado oito falhas críticas de segurança no sistema operacional Windows e no pacote Office. As brechas permitem que pessoas mal-intencionadas controlem remotamente os computadores que têm estes softwares instalados.

As atualizações que corrigem estes problemas estão disponíveis na internet –clique aqui para eliminar as brechas de segurança.

Nesta que é a maior atualização desde fevereiro de 2005, a empresa emitiu oito correções para problemas críticos, três importantes e um moderado.

Fonte: Folha Online – 14/06/2006

 

Microsoft: Zombies most prevalent Windows threat

Many Windows PCs have been turned into zombies, but rootkits are not yet widespread, according to a Microsoft security report slated for release Monday.

More than 60 percent of compromised Windows PCs scanned by Microsoft’s Windows Malicious Software Removal Tool between January 2005 and March 2006 were found to be running malicious bot software, the company said. The tool removed at least one version of the remote-control software from about 3.5 million PCs, it added. That’s compared with an overall 5.7 million machines with infections overall.

“Backdoor Trojans…are a significant and tangible threat to Windows users,” Microsoft said in the report.

A computer compromised by such a Trojan horse, popularly referred to as a zombie PC, can be used by miscreants in a network of bots, or “botnet”, to relay spam and launch cyberattacks. Additionally, hackers often steal the victim’s data and install spyware and adware on PCs, to earn a kickback from the spyware or adware maker.

Microsoft introduced the Windows Malicious Software Removal Tool in January last year. An updated version of the program ships monthly with Microsoft’s security updates. The tool aims to identify and remove prevalent malicious software from PCs. Since its release, it has run about 2.7 billion times on at least 270 million computers, Microsoft said.

Over the 15-month period covered by the report, the tool found that 5.7 million of unique Windows systems were infected. It removed 16 million instances of malicious software from these systems, Microsoft said.

Backdoor Trojans are the most prevalent threat, followed by e-mail worms, which were found on and removed from just over 1 million PCs, Microsoft said. Rootkits, which make system changes to hide another piece of possibly malicious software, are less widespread, with removals from 780,000 PCs.

“Rootkits…are a potential emerging threat but have not yet reached widespread prevalence,” Microsoft said in the report. This contrasts with a study from McAfee, which in April said the numbers of rootkits it sees are rising sharply.

Rootkits lunged into the public spotlight last year when anticopying software on certain Sony BMG Music Entertainment CDs was found to contain a rootkit. Microsoft added detection and removal capabilities for the Sony rootkit in December, and its tool wiped off the software 250,000 times, according to the report.

The Windows Malicious Software Removal Tool found a rootkit on 14 percent of the 5.7 million PCs it removed malicious software from. This figure drops to 9 percent when excluding the Sony rootkit. In about 20 percent of the cases when a rootkit was found on a computer, at least one backdoor Trojan was found as well, Microsoft said.

Attacks in which a victim is tricked into running malicious software are a significant source of infections. Worms that spread through e-mail, peer-to-peer networks and instant messaging clients account for just over one-third of the computers cleaned by the Microsoft tool, the Redmond, Wash., software maker said.

The top five threats identified by Microsoft’s removal tool: Rbot, Sdbot, Parite, Gaobot and FURootkit. Parite is an aggressive file-infecting virus that first appeared in 2001, Microsoft said, and the FURootkit is often used to hide a backdoor Trojan such as Rbot, Sdbot and Gaobot on a PC.

The free Windows Malicious Software Removal Tool is available in 24 languages to people who use Windows 2000, Windows XP and Windows Server 2003. The current release of the tool is capable of detecting and removing 61 families of malicious software, Microsoft said. It can be accessed at the company’s Web site.

Fonte: Joris Evers – ZDNet: June 12, 2006

 

No fix for ‘critical’ hole in Windows 98, ME

Microsoft will not fix a serious flaw in Windows 98 and Windows Millennium Edition because a patch could break other applications.

The security bug relates to Windows Explorer and could let an intruder commandeer a vulnerable PC, Microsoft warned in April. The software maker has made fixes available for Windows Server 2003, Windows XP and Windows 2000, but it has found that eliminating the vulnerability in Windows 98 and ME is “not feasible,” it said.

“To do so would require re-engineering a significant amount of a critical core component of the operating system,” Microsoft said in a Thursday update to its MS06-015 security bulletin. “After such a re-engineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate.”

Instead, Microsoft recommends that people who still use the older operating systems protect their PCs by using a network firewall that filters traffic on TCP Port 139. “Such a firewall will block attacks attempting to exploit this vulnerability from outside of the firewall,” it said.

The software maker even had trouble with its fix for Windows XP. It had to revise the update and release it a second time because the patch caused problems for people who used Hewlett-Packard Share-to-Web software or older Nvidia graphics drivers.

Microsoft is phasing out support for the older operating systems. Windows 98 was released in June 1998, Second Edition followed a year later, and Millennium Edition came out in 2000. Microsoft has been providing fixes for only “critical” flaws the past couple of years and is ending support altogether next month, after its planned July 11 patch release. Windows XP with Service Pack 1 reaches its end of support on Oct. 10, 2006.

Not providing fixes leaves users vulnerable, but software can’t be supported forever, said Michael Sutton, a director at security intelligence company iDefense, a part of VeriSign. “At some point, any vendor has to make a business decision to cease product support, and these products are now 7 to 8 years old,” he said.

The older Windows versions have never been secure, said Russ Cooper, a senior scientist at Cybertrust, a security vendor in Herndon, Va. “The lack of a ‘critical’ patch does not weaken these OSes. Instead, it should merely put an end to their perception that they were secure before this fault came to light,” he said.

And as far as blocking traffic on port 139 goes, it is a network port that has been abused in the past for attacks, said Don Leatham, director of solutions and strategy at PatchLink. “Most organizations will already have port 139 blocked,” he said. “Although it is good that Microsoft is reiterating this, I don’t see it being a huge impact.”

The best way to secure PCs that run older versions of Windows is upgrading the operating system, Microsoft suggested.

“With the upcoming end (of) support for these products, we strongly recommend that those of you who are still running these older versions of Windows upgrade to a newer, more secure version, such as Windows XP SP2, as soon as possible,” Christopher Budd, a staffer in Microsoft’s’ security response center, wrote on the team’s blog.

Fonte: Joris Evers – ZDNet: June 9, 2006