July 2012 Patch Tuesday is here!

Windows computers configured for auto update should receive these patches in the next 24 hours. If you are responsible for any Windows computers that don’t use auto update, you should run Microsoft Update on those computers as soon as possible. If you’d like to avoid using Internet Explorer (required for Microsoft Update), you can download the updates as a disc image. For the technical details, here are links to all eleven of this month’s bulletins:

MS12-043 – Critical : Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479) – Version: 1.0

MS12-044 – Critical : Cumulative Security Update for Internet Explorer (2719177) – Version: 1.0

MS12-045 – Critical : Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365) – Version: 1.0

MS12-046 – Important : Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960) – Version: 1.0

MS12-047 – Important : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523) – Version: 1.0

MS12-048 – Important : Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442) – Version: 1.0

MS12-049 – Important : Vulnerability in TLS Could Allow Information Disclosure (2655992) – Version: 1.0

MS12-050 – Important : Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502) – Version: 1.1

MS12-051 – Important : Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015) – Version: 1.0

Microsoft Security Advisory (2719662): Vulnerabilities in Gadgets Could Allow Remote Code Execution – Version: 1.0

Microsoft Security Advisory (2728973): Unauthorized Digital Certificates Could Allow Spoofing – Version: 1.0

Atwood optimistic about Windows 8

Jeff Atwood raves about Windows 8 on his (awesome) blog, Coding Horror.

One rather surprising observation is that Windows 8 appears to start, shut down and generally run faster than Windows 7. Equally surprising is that the hardware requirements for Windows 8 are actually lower than for Windows 7.

I remain unconvinced, although to be fair I haven’t yet used it. The new Metro user interface alone is going to make Windows 8 a tough sell for me.

Windows 8 will be on store shelves in late October.

Google’s ‘Blocked Sites’ feature still not working

Google’s site blocking feature was announced on the official Google blog on March 10, 2011. It allows users logged into their Google account to avoid seeing search results from specific sites.

Most users began noticing a new link on their Google search results pages, offering to ‘Block all example.com results’ when the user returns to the results page immediately after clicking a result link. A site blocking management page allowed users to add and remove blocked sites directly.

Unfortunately, many users (including myself) are finding that these features are no longer working. In my case, the option to block results from a site on the search results page has stopped appearing, and although the existing blocked sites still appear to affect my search results, I can no longer add new blocks on the management page.

The problem may be related to Google’s push to switch over to secure HTTP for all of its services – at least for logged-in users. Other reports indicate that the new ‘Search Plus personalized results format’ may have broken this feature.

Some sites are reporting Google’s official stance on this issue as “we’re working on a fix but it may take a while.” I have been unable to verify this.

Computers infected with DNSChanger will lose Internet access on July 9, 2012

DNSChanger is a nasty piece of malware that – according to the FBI – still infects more than four million computers worldwide.

When the FBI arrested the people responsible for creating and controlling DNSChanger, they realized that taking down the servers controlling the malware would interrupt Internet access for computers still infected. So they left the DNSChanger servers up, but disabled the malware’s ability to spread further. They issued warnings to the general public, stating that they intended to shut down the DNSChanger servers on July 9, 2012. That day is approaching.

To avoid having your computer essentially cut off from the Internet on Monday, you should use one of the many available DNSChanger detection sites to determine whether your computer is infected. In the unlikely event that your computer is found to be infected, instructions and tools for removal of DNSChanger are available.

Advance notification of July 2012 updates from Microsoft

Microsoft has released its monthly “head’s up” for the Windows and Office updates scheduled to arrive on July 10, 2012.

There are nine bulletins/updates in total, ranging in impact from Important to Critical, affecting Windows (XP and newer) and Office (2003 and newer). One of the critical updates affects only Internet Explorer 9. Another addresses the Windows XML Core Services (MSXML) vulnerability that has been exploited increasingly in recent weeks. A total of 16 vulnerabilities will be addressed by these updates. An updated version of the Malicious Software Removal Tool is also included. A system restart will be required.

Windows computers configured for auto update should start seeing these patches in the early hours of July 10. If you are responsible for any Windows computers that don’t use auto update, you should run Microsoft Update on those computers as soon as possible after July 10. If you’d like to avoid using Internet Explorer (required for Microsoft Update), you can download the updates as a disc image. Microsoft no longer provides a web-based resource for system administrators to download offline updates.

Recent phishing emails

VRT reports on a phishing campaign seen recently. This particular phishing attempt arrives as an unsolicited email that appears to be from UPS, about a delivery failure.

As with all phishing attempts, the goal is to trick the email recipient into thinking that this is a legitimate email from UPS. Once the user has been tricked into clicking one of the embedded links, software is installed surreptitiously. This software then attempts to steal usernames, passwords and banking information.

Other phishing attacks may use slightly different approaches, such as tricking the user into entering their banking information onto a malicious web page.

There are very few anti-malware packages that can prevent this sort of attack. The exceptions are typically expensive and geared toward corporate clients. Average users must rely on their own common sense to detect these attacks and simply delete the offending email.

What the heck is boot13?

Why boot13?  It’s the first program I ever ran on a microcomputer.  The computer was an Apple II+, and the full command was BRUNBOOT13:

BRUNBOOT13

I was trying to run a game for the first time: The Dragon’s Eye.  It wouldn’t boot from the 5 ¼” floppy disk I had.  So I called Wally, the guy who provided the computer.

Wally realized that the game disk used a slightly older format, with 13 sectors per track, instead of the newer 16 sector format.  The solution was to boot from the Apple II+ System Disk, then enter the command above from the command line.

On the Apple II+, parsing of command lines was a bit strange, in that commands built into the operating system were reliably parsed even when not separated from arguments.  In this case, the built in command was BRUN, which loads a binary program from disk and runs it.  The program was BOOT13, which, when run, allowed booting from 13 sector disks.

It worked.  The Dragon’s Eye turned out to be one of my favourite games, and I ended up figuring out how to modify it, first removing the copy protection, converting it to a 16 sector disk format, then changing the game’s Applesoft BASIC code.  I added a few features, most notably a system for recording and displaying high scores.

I still have a heavily-customized, home-built Apple II+ and that hacked version of the game, but these days when I want to play it, I use an Apple II+ emulator like AppleWin.

So: first program run, first command entered, so that I could run the first game on my first microcomputer. BOOT13.

News for me, stuff that matters… to me. Windows, Linux, security, tools & miscellany.