One of the updates in the July 2012 Patch Tuesday collection was actually a ‘Fix-It’ that simply disables the ‘Sidebar’ and ‘Gadgets’ features of Windows Vista and Windows 7.
This drastic step was taken by Microsoft to address the general vulnerability of the Sidebar and Gadgets. Anyone who uses these features must choose between a) disabling them; and b) continuing to use them and risking the security of their computer.
The details are in Microsoft Security Advisory 2719662.
The latest SANS OUCH! newsletter (PDF) covers an increasingly-common scam in which the scammer calls their victim on the phone and talks their way into accessing the victim’s computer.
Here’s an except from the newsletter:
“You receive a phone call from a person claiming to be from a computer support company associated with Microsoft or another legitimate company. They claim to have detected your computer behaving abnormally, such as scanning the Internet, and believe it is infected with a virus. They explain they are investigating the issue and offer to help you secure your computer. They then use a variety of technical terms and take you through confusing steps to convince you that your computer is infected, scaring you into ultimately buying their product.”
SANS is a computer security company based in the USA. They publish several excellent newsletters, including OUCH! You can subscribe to any of these lists for free at http://www.sans.org/newsletters/.
Windows computers configured for auto update should receive these patches in the next 24 hours. If you are responsible for any Windows computers that don’t use auto update, you should run Microsoft Update on those computers as soon as possible. If you’d like to avoid using Internet Explorer (required for Microsoft Update), you can download the updates as a disc image. For the technical details, here are links to all eleven of this month’s bulletins:
MS12-044 – Critical : Cumulative Security Update for Internet Explorer (2719177) – Version: 1.0
Jeff Atwood raves about Windows 8 on his (awesome) blog, Coding Horror.
One rather surprising observation is that Windows 8 appears to start, shut down and generally run faster than Windows 7. Equally surprising is that the hardware requirements for Windows 8 are actually lower than for Windows 7.
I remain unconvinced, although to be fair I haven’t yet used it. The new Metro user interface alone is going to make Windows 8 a tough sell for me.
Windows 8 will be on store shelves in late October.
Google’s site blocking feature was announced on the official Google blog on March 10, 2011. It allows users logged into their Google account to avoid seeing search results from specific sites.
Most users began noticing a new link on their Google search results pages, offering to ‘Block all example.com results’ when the user returns to the results page immediately after clicking a result link. A site blocking management page allowed users to add and remove blocked sites directly.
Unfortunately, many users (including myself) are finding that these features are no longer working. In my case, the option to block results from a site on the search results page has stopped appearing, and although the existing blocked sites still appear to affect my search results, I can no longer add new blocks on the management page.
The problem may be related to Google’s push to switch over to secure HTTP for all of its services – at least for logged-in users. Other reports indicate that the new ‘Search Plus personalized results format’ may have broken this feature.
Some sites are reporting Google’s official stance on this issue as “we’re working on a fix but it may take a while.” I have been unable to verify this.
DNSChanger is a nasty piece of malware that – according to the FBI – still infects more than four million computers worldwide.
When the FBI arrested the people responsible for creating and controlling DNSChanger, they realized that taking down the servers controlling the malware would interrupt Internet access for computers still infected. So they left the DNSChanger servers up, but disabled the malware’s ability to spread further. They issued warnings to the general public, stating that they intended to shut down the DNSChanger servers on July 9, 2012. That day is approaching.
To avoid having your computer essentially cut off from the Internet on Monday, you should use one of the many available DNSChanger detection sites to determine whether your computer is infected. In the unlikely event that your computer is found to be infected, instructions and tools for removal of DNSChanger are available.
Microsoft has released its monthly “head’s up” for the Windows and Office updates scheduled to arrive on July 10, 2012.
There are nine bulletins/updates in total, ranging in impact from Important to Critical, affecting Windows (XP and newer) and Office (2003 and newer). One of the critical updates affects only Internet Explorer 9. Another addresses the Windows XML Core Services (MSXML) vulnerability that has been exploited increasingly in recent weeks. A total of 16 vulnerabilities will be addressed by these updates. An updated version of the Malicious Software Removal Tool is also included. A system restart will be required.
Windows computers configured for auto update should start seeing these patches in the early hours of July 10. If you are responsible for any Windows computers that don’t use auto update, you should run Microsoft Update on those computers as soon as possible after July 10. If you’d like to avoid using Internet Explorer (required for Microsoft Update), you can download the updates as a disc image. Microsoft no longer provides a web-based resource for system administrators to download offline updates.
VRT reports on a phishing campaign seen recently. This particular phishing attempt arrives as an unsolicited email that appears to be from UPS, about a delivery failure.
As with all phishing attempts, the goal is to trick the email recipient into thinking that this is a legitimate email from UPS. Once the user has been tricked into clicking one of the embedded links, software is installed surreptitiously. This software then attempts to steal usernames, passwords and banking information.
Other phishing attacks may use slightly different approaches, such as tricking the user into entering their banking information onto a malicious web page.
There are very few anti-malware packages that can prevent this sort of attack. The exceptions are typically expensive and geared toward corporate clients. Average users must rely on their own common sense to detect these attacks and simply delete the offending email.
boot13