Microsoft set to patch IE, Windows, Office this week

Today’s bug patches and security alerts:

Microsoft set to patch IE, Windows, Office this week

Microsoft is set to release five security patches for its products next Tuesday, including a highly anticipated Internet Explorer (IE) fix that will address a bug that hackers have been exploiting over the past two weeks. Along with the critical IE patch, Microsoft will repair three other issues in its Windows operating system, as well as an unspecified problem in Office that is rated moderate. IDG News Service, 04/06/06.

**********

HP fills LaserJet security hole

HP is warning of a vulnerability in some of its printer driver software that could allow hackers to siphon information from a user’s PC. TechWorld, 04/06/06.

HP advisory

**********

Cisco warns of HTTP request flaw in 11500 Content Services Switch

Cisco 11500 Content Services Switch are vulnerable to a denial-of-service attack when configured for HTTP compression, according to an advisory from the company. A free update is available to fix the flaw.

**********

New updates from Debian

ClamAV (multiple flaws)

cacti (multiple flaws)

sudo (privilege escalation)

**********

New patches from Fedora

xine (multiple flaws)

mod_python (information leak)

tcpdump (multiple flaws)

cyrus-imapd (multiple flaws)

imap (buffer overflow, code execution)

unzip (buffer overflow, code execution)

tar (buffer overflow, code execution)

pine (denial of service)

libc-client (buffer overflow, code execution)

**********

Today’s roundup of virus alerts:

Virus threatens PCs running Linux or Windows

Hackers have released a sample code for a virus that could infect both Linux and Windows PCs. The virus, which was given the double name Virus.Linux.Bi.a/ Virus.Win32.Bi.a, was reported Friday by security firm Kaspersky Lab. Security researchers worry that the malicious code may be part of a disturbing new trend of viruses that can run on Windows, as well as other operating systems that have been largely ignored by hackers. IDG News Service, 04/07/06.

Troj/Delf-BPC — A Trojan that copies itself to “oobecsrss.exe” and registers as a Browser Helper Object. No word on what type of damage it may cause or access it could allow. (Sophos)

W32/Tilebot-EJ — A new Tilebot variant that allows backdoor access through IRC and spreads through network shares by exploiting known Windows flaws. It drops “services.exe” in the Windows folder. (Sophos)

Troj/Torpig-AP — A Trojan that can be used to steal information and drop more malware on the infected host. It drops a number of files in the Common Files folder, including “ibm00001.exe”. (Sophos)

Troj/Clagger-O — A virus that can impact Windows’ security mechanisms and be used to download/install additional malicious code. It is installed as “suhoy117.exe” in the Windows directory. (Sophos)

W32/Parparo-A — A nasty little bug that searches for files and folders on the infected host and copies itself to a file of the same name with an EXE extension. (Sophos)

Troj/Haxdoor-BO — A Trojan that can be used for multiple purposes, including stealing information and disabling security services on the infected host. Among the many files it installs on a host are “mmxF32.dll” and “mmxF64.sys”, both in the Windows System folder. (Sophos)

Troj/Danmec-G — A Trojan that turns the infected host into a proxy server for HTTP traffic. It can also be used to download and install additional malware. It drops a number of files on the infected host, including “checkreg.exe” and “iisload.dll” in the Windows System folder. It also displays a fake error message saying in part, “Application can not run because vbrun64.dll not found”. (Sophos)

Troj/RuinDl-K — This Trojan can be used to download additional code from remote servers. It is installed as randomly-named (5 letters) EXE in the Windows System directory. (Sophos)

W32/Rbot-DPM — A new Rbot variant that allows backdoor IRC access and disables anti-virus applications. It spreads by exploiting known Windows flaws and drops “snmoo.exe” in the System folder. (Sophos)

Troj/Agent-BEK — A Trojan that drops randomly named shortcuts in various folders and tries to change the registry to affect Internet security. (Sophos)

**********

From the interesting reading department:

Researcher: Web services security risks largely ignored

In their rush to implement Web services, some companies may be exposing themselves to new security risks that they may not fully understand, a security researcher said at the CanSecWest/core06 conference in Vancouver on Thursday. IDG News Service, 04/07/06.

Researchers seek to save VoIP from security threats

With VoIP starting to live up to some of the hype, university researchers are looking to ensure that the technology’s momentum in corporate and residential markets won’t be ruined by myriad security threats. NetworkWorld.com, 04/06/06.