Microsoft ‘Patch Tuesday’ coming

Today’s bug patches and security alerts:

Microsoft preps critical Windows, Exchange patches

Microsoft Tuesday plans to release three patches for several of its software products, including at least two critical updates for known vulnerabilities, according to the company’s monthly security update. IDG News Service, 05/04/06.

**********

MySQL releases security patch

MySQL this week issued a security patch for multiple vulnerabilities in its MySQL open source database. IDG News Service, 05/04/06.

MySQL advisory

**********

Trustix releases ‘multi’ update

A new update from Trustix fixes flaws in ClamAV, cyrus-sasl, kernel, libtiff, rsync and xorg-x11. The most serious of the vulnerabilities could be exploited to run malicious code on the affected machine.

**********

Mandriva, SuSE, Ubuntu patch xorg-x11

According to the SuSE advisory, “Miscalculation of a buffer size in the X Render extension of the X.Org X11 server could potentially be exploited by users to cause a buffer overflow and run code with elevated privileges.” For more, go to:

Mandriva

SuSE

Ubuntu

**********

Ubuntu releases updates kernel

A number of vulnerabilities have been found in the Ubuntu Linux kernel. Many of the flaws could be exploited to crash the kernel.

**********

Gentoo releases Firefox update

A buffer overflow in the JavaScript extension for Firefox could be exploited to run arbitrary code on the affected machine. A fix is available.

Gentoo issues patch for rsync

According to an alert from Gentoo, “An attacker having write access to an rsync module might be able to execute arbitrary code on an rsync server.”

**********

Today’s roundup of virus alerts:

W32/Feebs-AC — A Trojan that spreads through peer-to-peer file sharing networks by disguising itself as a popular application. It drops “ms??.exe” (?s are random characters) in the Windows System folder. (Sophos)

W32/Sdbot-BLW — This Trojan spreads through network shares by exploiting known Windows flaws. It drops “netbtd.exe” in the System folder. (Sophos)

W32/Rbot-DID — An IRC backdoor worm that spreads through network shares and AOL instant messages. The infected file will have a .exe attachment. It cna be used to launch DDoS attacks, setup a proxy server and log keystrokes. It drops “msclt.exe” in the Windows System folder. (Sophos)

Troj/Clicker-CO — A Trojan that communicates with a remote site via HTTP. It drops randonly named files in the Program Files directory. (Sophos)

Troj/Haxdoor-CA — This backdoor worm drops a number of files in the Windows System folder, including “klgcptini.dat”. It can also disable anti-virus software running on the infected host. (Sophos)

Troj/FakeVir-M — A virus that displays a number of error messages on the infected machine, including “Your computer is infected!” and “Critical System Error!”. When the message is clicked, the user is directed to a pre-defined Web site. (Sophos)

Troj/Spammit-B — A backdoor Trojan that turns the infected host into a Spam sender. It is installed as a randomly named executable. (Sophos)

W32/Brontok-M — This backdoor worm drops a dozen or so files on the infected host, including “cmd-bro-mkx.exe” in the Windows System folder. No word on what kind of permanent damage is caused by this worm. (Sophos)

Troj/Slogger-K — This Trojan can communicate with remote sites via HTTP, disable security applications, send Spam and download/execute additional malicious code. It drops a randomly named .exe and .dll in the Windows System folder. (Sophos)