• United States

Microsoft patches up Office, Windows

Mar 16, 20065 mins

* Patches from Microsoft, Debian, Gentoo, others * Beware Trojan that encrypts data and demands ransom for its return * DHS gets failing grade in computer security repor, and other interesting reading

Today’s bug patches and security alerts:

Microsoft patches up Office

Microsoft has issued two security updates for its Windows and Office products, including a patch that fixes a number of critical vulnerabilities found in the Office suite. IDG News Service, 03/15/06.

Microsoft’s advisory

US-CERT advisory

NGSSoftware advisory for Excel flaw


New security update from Apple for Mac OS X

The latest update for Mac OS X fixes flaws in CoreTypes, Mail, Safari and LaunchServices. The most serious of the vulnerabilities could be exploited to run arbitrary code on the affected machine.

Security hole found in crypto program Gnu Privacy Guard

Developers of the open source Gnu Privacy Guard encryption software have reported a security flaw that could allow an attacker to sneak malicious code into a signed e-mail message. IDG News Service, 03/13/06.

Related fixes:

Faulty McAfee update filters too many files

Executives at McAfee were adding new testing procedures Monday after thousands of customers downloaded faulty software on Friday. Instead of identifying only malicious worms and viruses, the software flagged many popular programs as threats. That prompted users to delete utility files from software such as Adobe Update Manager, Google Toolbar Installer, Macromedia Flash Player and Microsoft Excel. IDG News Service, 03/13/06.

Instructions for repairing the damage


Gentoo patches Cube

A buffer overflow in Cube, a game for the Gentoo platform, could be exploited to run malicious code on the affected machine.


Four new updates for Drupal

There are four new updates for Drupal, the open source content management/Weblog software:

Session hijack issue

Mail header injection

Cross-scripting attack

Access control issue


New updates from Ubuntu

Linux Kernel (denial of service)

Version 5.10 installer (password disclosure)


New patches from Debian:

Lurker (several flaws)

libextractor (multiple flaws)

bomberclone (multiple buffer overflows)

Perl Crypt::CBC module (weak encryption)

metamail (buffer overflow, code execution)

freeciv (denial of service)

Webcalendar (multiple flaws)

crossfire (buffer overflow, code execution)

Apache2 (denial of service)


Today’s roundup of virus alerts:

New Trojan encrypts data, demands ransom

A virus that encrypts documents and demands a ransom to get them back is circulating on the Internet, but at least one security company has released the password needed to recover the files. IDG News Service, 03/16/06.

W32/Sdbot-BBA — A new Sdbot variant that attempts to provide backdoor access to the infected host through IRC. It is installed in the Windows folder as “winhost32.exe” and spreads through network shares with weak passwords and known Windows flaws. (Sophos)

Troj/IRCBot-FP — This Trojan communicates with remote sites via HTTP and may allow access to the infected host through IRC. It drops “smss.exe”, “netf.dll” and “nvsvcd.exe” in the System folder. It may also disable anti-virus applications running on the host. (Sophos)

Troj/Bancos-RS — A Trojan that targets passwords for Brazilian banking sites and send them to the author. It is installed as “kernels32.exe” in the Windows System folder. (Sophos)

Troj/Multidr-FG — This virus drops child porn on the infected host and can be used to download additional malicious files. It puts “childporn.wmv” in the Temp folder and “loadadv713.exe”, “msits.exe” and “win32.exe” in the System directory. (Sophos)

Troj/Zapchas-AS — A Trojan that drops multiple files in the Lavan directory, including “lsass.exe”. It can allow access to the infected host through a backdoor. (Sophos)

Troj/Zapchas-AT — Another similar Zapchas variant that drops many files on the infected system. The main executable is “svchost.exe” in the Windows System folder. (Sophos)

W32/Nafbot-A — A virus that spreads through peer-to-peer networks and shared drives. It drops multiple files on the host including “services.exe” in the Windows directory. It can modify the Windows HOSTS file to prevent access to certain security related Web sites. (Sophos)

Troj/Haxdoor-BC — Yet another Trojan for the Windows family. This one drops “dvd4free.dll” and “dvdkernl.sys” in the System directory. (Sophos)

Troj/Drsmartl-R — A downloader Trojan that can be used to install advertising software on the infected host without the user’s knowledge. It is initially installed as “drsmartload.exe” in the Windows directory. (Sophos)

Troj/Drsmartl-S — This Drsmartl variant drops “newname.dat” in the Windows folder and uses a randomly named executable. (Sophos)

Troj/IBank-E — An Internet banking Trojan that attempts to steal passwords via keylogging. It is installed as “mshost32.exe” in the Windows System folder. (Sophos)

W32/Sality-I — A keylogging Trojan that periodically sends its bounty via e-mail to the virus’ author. It places “wmimgr32.dll” in the Windows System folder. (Sophos)

Troj/Dumaru-BZ — A Trojan that’s used to steal passwords for various applications. It drops a number of files on the infected host, including “winldra.exe” in the Windows System directory. (Sophos)


From the interesting reading department:

DHS gets failing grade in computer security report

The U.S. government will get low marks for computer security in a congressional report scheduled to be released Thursday. According to documents obtained by the IDG News Service, the federal government will get a D+ overall rating in the 2005 federal computer security scorecards, the same score it received last year. IDG News Service, 03/16/06.

Free CDs highlight security weaknesses

To office workers trudging to their cubicles, the promotion looked like a chance at sweet relief from the five-day-a-week grind. IDG News Service, 03/13/06.