Microsoft Security Advisory: Vulnerability in Microsoft DirectShow could allow remote code execution

http://support.microsoft.com/kb/971778

The systems that are vulnerable are Windows 2000, Windows XP or Windows Server 2003.   I like this new way Microsoft is helping the less educated.   They now havea Fix it button on the site.  This fix it button is a registry change to there system.   It does all the work for the End user.   Although the corporate field will have to modify the registry there own way.

It looks like Microsoft is thinking of making this more user friendly.  Here is how to do a manual registry fix for your computer:

1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then click the following subkeys in the registry:
   • For 32-bit Windows systems:
     HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
   • For 64 bit Windows Systems:
     HKEY_CLASSES_ROOT\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
     HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D51BD5A0-7548-11CF-A520-0080C77EF58A}
3. On the File menu, click Export.
4. In the Export Registry File dialog box, type Quicktime_Parser_Backup.reg, and then click Save.

   Note By default, this will create a backup of this registry key in the My Documents folder.

5. Press DELETE on the keyboard to delete the registry key. When prompted to delete the registry key in the Confirm Key Delete dialog box, click Yes.
6. Exit Registry Editor.

This will fix the problem until Microsoft has come out with a patch.  If you are not comfortable doing it this way, you can always go hit the fix it button to have it do it automatically.  This will help prevent someone from using this exploit!!

©2010 . All Rights Reserved.

Netsky.Q is a worm that spreads through e-mail. It is distributed as a 28,008 byte Win32 executable, compressed with PEtite, which drops a 23,040 byte DLL file. It also distributes itself inside ZIP archives.

I saw this on on the net and through we should talk about and let people know how you could get that the worm off your computer. It seems to be a self-replicating worm, it will continue to send out fake messages to people with the subject lines Like:

• Delivery Error
• Delivery Failure
• Delivery
• Mail Delivery failure
• Mail Delivery System
• Mail System
• Delivery
• Delivered Message
• Error
• Status
• Failure
• Failed
• Unknown Exception
• Delivery Failed
• Deliver Mail
• Server Error
• Delivery Bot

And with each message there is the reciepts email address at the end.  This worm seems to be spreading like wildfire today.   It is because people have not install

Microsoft Security Bulletin (MS01-020)

Now how do you get rid of it.  It seems that most of Anti-Virus software would get it done.  All you would need to do is scan for this virus with the latest updated virus databases and will go away.   According E-Trust Anti-Virus they say they can remove it.   This is a really old virus, according to my sources this was first seen in 2004.   In order to prevent this in the future I’d suggest installing a free anti-virus and using it.    This is one smart little worm according to CA IT.

If you have quite a few Desktops in your Office and want to update all of them to the newest patch all in one swoop, I’d suggest downloading Clone of Autopatcher and making an ISO image so you can go around to each computer and install the patches quickly and easily.  Prevent yourself from getting that virus and some others in the future.   This is a friendly tip for all those hard working IT workers.

©2010 . All Rights Reserved.

In the Patch Tuesday update, Microsoft quietly released the patch to fix Windows Vista machine shut problems. This patch should of came sooner.

KB957388

Update for Windows Server 2008 and Windows Vista

Install this update to resolve a set of known application compatibility issues with Windows Server 2008. After you install this item, you may have to restart your computer.

This was not a critical update and it seems to resolve so many issues with compatibility.  One thing it seemed to fix on my system has been the shutdown time.  It is now quite fast, it would normally take me 2 to 3 mins to shutdown, now it does it in less than a Minute.   So if you’ve not installed this update please install it soon.   I would like to know if people are seeing the same thing I am.   I’ve found a great resource on fixing it if you are still having problem, it talks about how to check your system performance. Although this is been doing it lately with these programs not loaded or even running, they still seem to cause problems so now I get the feeling it has to do with legacy programs.  This should fix most of the problem with older programs.

©2010 . All Rights Reserved.

I wanted to get prepared for the updates for this Tuesday and I thought I’d go through them and list what Microsoft said about each.   These are what’s been said on Technet and I am sure there will be more.   Each one of these don’t look to serious but I will post Tuesday if there is anything I’ve missed on this post.   As you might know this is not set in stone but just the direction of Microsoft for this Months Release.

KB955839

Update for Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP

Install this update to resolve an issue that is caused by revised daylight saving time laws in many countries. This update enables your computer to automatically adjust the computer clock on the correct date in 2008. After you install this item, you may have to restart your computer. This update is provided to you and licensed under the Windows Server 2008 License Terms.

Update for Windows Server 2008 and Windows Vista

Install this update to resolve a set of known application compatibility issues with Windows Server 2008. After you install this item, you may have to restart your computer.

KB890830

Windows Malicious Software Removal Tool

Microsoft released the Microsoft Windows Malicious Software Removal Tool to help remove specific prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000. After you download the Microsoft Malicious Software Removal Tool, it runs one time to check your computer for inflection by specific prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps remove any infection it finds. Microsoft releases a new version of the tool every month.

KB905866

Update for Windows Mail Junk E-mail Filter [November 2008] (KB905866)

©2010 . All Rights Reserved.

Beginning Thursday Dec. 4^th, we will be making the Windows Vista and Windows Server 2008 Service Pack 2 Beta available to everyone through a Customer Preview Program (CPP). The CPP will launch on TechNet and be available to anyone interested in trying out this service pack. The CPP is intended for technology enthusiasts, developers, and IT Pros who would like to test Service Pack 2 in their environments and with their applications prior to final release. For most customers, our best advice would be to wait until the final release prior to installing this service pack.

[Via Technet]

Yes you heard right, you can get into the Beta of Vista SP2 and not have to wait till April.  Some things to remember:

• It is a Beta
• It will Have Bugs
• It is for people who want to test it out
• It should only be installed for people who need to test it out

Some of the changes that they are going to incorporate into Sp2 are support for new types of hardware and emerging standards that will grow in importance in the coming months.  The complete list of changes can be found here.   I will be testing this out sometime this weekend to give it a full thorough check out.   I will give a report later on this month possibly first part on January I would like to give it a complete test.   To test it out yourself, check out this link for directions on how to download it.

©2010 . All Rights Reserved.

Kb957321

An update rollup is available for the Microsoft Windows Imaging Component (WIC) in Windows Vista or in Windows Server 2008. This update rollup resolves the problems that are documented in the following articles in the Microsoft Knowledge Base:

954708 An update to add support for the serialization of complex Extensible Metadata Platform (XMP) data types in the Windows Imaging Component

945060 There may be inconsistencies in the Extensible Metadata Platform (XMP) and Exchangeable Image File (EXIF) values for an image file in Windows Vista and in Windows XP

KB959108

The Windows Portable Device (WPD) API collects and transfers Software Quality Metrics (SQM) data to Microsoft servers. The SQM data is collected only on an opt-in basis through the Microsoft Customer Experience Improvement Program. An update is available that disables the collection and transfer of SQL data to Microsoft servers.

This update affects Windows Vista-based computers, Windows Vista Service Pack 1 (SP1)-based computers, and Windows Server 2008-based computers that are in the Microsoft Windows Media Player Customer Experience Improvement Program.

KB959130

On a Windows Vista-based computer or on a Windows Server 2008-based computer, you install a third-party Web browser. You set the third-party Web browser as the default Web browser. Then, you run the Connect to the Internet Wizard. However, if you select the Browse the Internet now option, Windows Internet Explorer starts instead of the third-party Web browser that you set as the default Web browser.

This seems to be not so important.  All of these are not really security related but it does surprise me that Microsoft wanted to release these out of Cycle.   If your planning on using your Vista laptop during the holidays you might want to update your vista machine before you go.  I don’t think there is going to be any major issues with this but if there is, you can always remove these updates later.

©2010 . All Rights Reserved.

REVISED:

Mike Smith in his last Podcast talked about this subject and why he is really unhappy with Ustream.tv.  He says that the ads could possible violate his TOS with Techpodcast Network.  He also would like to share the revenue because he was one of the founding podcasters that started to use Ustream.tv.   He’s worried that there will be adult theme ads showing on his video stream and that He wants this to be family friendly.  He’s said before the show if he has to he’ll go to other networks.   Some of the networks that might help him out:

• Mogulus
• Stickam
• Ustream.tv
• Blogtv

Ustream.tv is the one Mike is having problems with but I tell you this in case someone is looking for streaming media platform.   These others I’ve checked out are decent and have there own look and feel.  Each one has its own personality and server capabilities.   So it will be a test on the next platform that Mike decides on!  I provide these to better help people make the right choice and also let people know about Ustream.tv Not telling you about the ads. If you think they shouldn’t be doing this, talk about it and Blog about.

©2010 . All Rights Reserved.

We came across a rogue today called Antivirus Professional 2008 that uses GeoIP Lookup as part of its scare tactics. This site uses Flash and script to create the effect of an online scan, that then attempts to push an installer at the visitor. The NoScript extension for Mozilla Firefox is an excellent way to mitigate against this kind of garbage.

[Via F-secure]

It seems that there is a site out there, that seems to be trying to scare you into downloading there software. If you have any questions about this site please feel free to check out what I’ve found out:

Registration Service Provided By: ESTDOMAINS INC
Contact: 1.3027224217
Website: http://www.estdomains.com
Domain Name: ANTIVIRUS-ONLINE-SCANNER.COM
Registrant:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732
Creation Date: 07-Jun-2008
Expiration Date: 07-Jun-2009
Domain servers in listed order:
ns2.antivirus-online-scanner.com
ns1.antivirus-online-scanner.com
Administrative Contact:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732
Technical Contact:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732
Billing Contact:
N/A
Serento faloimitator@list.ru

Minskay str. 27-14
Kiev
Kiev 237293
UA
Tel. 044.2901732

Now as you can see this site is located in Russia, and if that’s the case it is probably some virus itself to take control of your system to do what they want with it. So you best advice is if you think you have a virus then check out my recommendations these are all free to download and try. Unlike this site, they are legitimate and actually do what they promise.  If you want to email them you can but It don’t think it will help.

*UPDATE on that Website*

According to F-secure that site is now Suspended.  Great job guys.  We are now fighting these people even better than I’d thought.

©2010 . All Rights Reserved.

Just found this great way to get an aerial view of Los Angeles, Although the photos are old photos they still give you a sense of the area.   For example this one:

Corpus Christi, Texas, United States 1/15/1995

As you can see you can get a good look around the US.   If you want to check out your local area or maybe you know you Latitude and Longitude of where you live.  You can also enter that too and see it in the past.  It at least brings back memories for me.  For example, the Twin Towers, they still have that photo. You could also look at the White House before 9/11 also. Go check out the Micrsoft Terraserver and go have some fun looking at old pictures.

©2010 . All Rights Reserved.

Windows Azure is part of a set of new and existing technologies behind the Azure Services Platform, a development and execution platform that runs end-user and corporate software on Microsoft‘s own servers, accessible over the web. It joins Google’s App Engine and Amazon’s EC2 in an increasingly competitive market.

[Via ZDnet]

Although,  There isn’t much more they have said I am quite curious how they will interegrate this into the cloud computing.  According to Microsoft, it won’t run on the company server but  Microsoft Datacenter.  Now this I can see is a big security problem.   Because most companies use what they call an Intranet and not the internet.  So that leaves questions on if companies are going to use this system or not.   Are you ready to let your information float somewhere over the inernet tht is SENSITIVE and CONFIDENTIAL?   These are the questions that Microsoft will have to Answer, before any company will use this on there systems.

©2010 . All Rights Reserved.

I was searching for a program to help boot up my system a lot quicker.   I came across this little program call Startup Delayer.  In a nutshell, it allows you to pick which programs to start up first and then lets you decide how many minutes between each program that is asking to load.

In the best way possible you can download this program and use it for yourself.   Although they seem to be having a little server problem right now.   Go download Startup Delayer, and decide for yourself.

Windows XP/ME/Vista and 2000 compatible

©2010 . All Rights Reserved.

A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to take complete control of an affected system. This issue is caused by an error in the Server service that does not properly handle specially crafted RPC requests, which could be exploited by attackers to crash an affected system or execute arbitrary code via a specially crafted request.

On Windows Vista and Windows Server 2008, the vulnerability is only exploitable by authenticated users.

Note: This vulnerability is being exploited in targeted attacks.

[via FrSirt]

This was just discovered and needs to let people know. I will do more research on it and maybe come up with a way to fix the problem. According to my sources there is a patch that will fix the problem!!

*UPDATE*
According to Microsoft:

©2010 . All Rights Reserved.

As we go further into the economic death, we are faced with the most undesirable aspect of the human culture.  That is to say, scammers are going to use the chance to find people to scam.  I don’t say this lightly because scammers have become more cunning and dubious through the years.  They are actually using the internet as well as most companies.  They are going to sites like Monster.com, Careerbuilder.com, and other hiring sites to get people to apply for jobs.

<<See Previous Post – Nationwide Marketing Scam

Having said that, I recently had a problem with being tried to be scammed.  I applied to a job posted on Careerbuilder and that is how they got a hold of my home address.  I did not think about the security problems associated with applying for jobs on line, until recently.

As you can see that is how they got a hold of my information and have made myself vulnerable to scams and also, other potential problems.  I am talking about Theft ID and also spam.  Although spam is to be expected with anything we do online.  I’ve come to the conclusion that we will always have to deal with spam.   I wanted to talk about how to be careful when you apply for online jobs and  put your information out on the internet.  I’ve started taking some steps to prevent this from happening again.

• No Longer am I going to apply for any more private companies – if I can’t see who they are then they have something to hide.
  
• To prevent spam – I am going to make an email address just for my resume.  That way I don’t have to worry about spam on my main account.
• If it’s too good to be true, it is probably not –  I am going to start using that philosophy when I’m about to apply for a job.  See picture above, advertising way to much money for a Customer Service rep.
• Don’t ever put your Social on your Resume –  That is the most crucial part, if you want your identity stolen that is one sure way to get it stolen.  Even though that should be painfully obvious it is sometimes overlooked.
  

I am sure there are more but that is the basic idea of the whole thing.  I will probably come up with even more ideas later on but this was one thing that I have been thinking about all day.    I also think we have to starting asking the questions before the seriousness of the scammers come to bear.   They will never go away but until we get serious, they will always be there to taunt us and laugh us.   I am not sure how to do it,  Do you?   Are we  just supposed to sit here and take it or do we fight back and how?   These are importantquestions  for anyone to consider when you are faced with the possiblity of fraud or being scammed?  How do we deal with it in the future? Should scammers be punished serverely or moderately?

©2010 . All Rights Reserved.

I having successfully installed Spaz and use it with the Twit Army. I’d figure I would talk about how to get Spaz to work like Twirl. It’s a very simple way but some people seem to having trouble. This will only work with Vista or XP and I am not sure about Linux or Mac. I’ve been successful doing this with a Vista Premium Machine. It seems to be really easy to use and not take up to much of your desk space.

• Download and Install Adobe Air — (You will need this to installed first.)

• Download and Install Spaz — (This is the main program)

• Once install you will need to go to:

1. Go to the [ Preferences ]





2. Go to [ Other Services ]

3. Put this in exactly as shown (see example)

   
   

   

4. Go to [ Networking ] (optional)
5. Put this in exactly as sown (see example)

   
   >

   

Doing this should get you connected to the Twit Army. I am not sure why it says “ERROR : Server returned invalid data” When you first start the program but if you wait a couple seconds you will see that it will eventually loads up. If you have any suggestions or comments please feel free to leave a comment.

©2010 . All Rights Reserved.