Excel Consulting

Security Alerts

Comments on Internet Explorer Flash Player Vulnerability 2963983
There has been a lot of hype in the media about the Internet Explorer security vulnerability that affects the Flash Player add on used in all versions of IE from version 6 (which came with Windows XP) to the current Version 11.  Although this is a serious threat, the chances of being exploited by this vulnerability are quite low if you are vigilant and careful to not visit unfamiliar web sites and do not click on unsolicited links in SPAM messages that will take you to unsafe websites.

Microsoft is aware of limited, targeted attacks that attempt to exploit this vulnerability.  Due to the limited scope of this vulnerability, they plan to addressed this issue through the normal update process.  On completion of their investigation, Microsoft will take the appropriate action to protect their customers, which may include providing a solution through the monthly windows update security update release process. Since IE versions 10 and 11 are believed to be safer than older versions, and they recommend that everyone should upgrade to at least IE 10 as soon as possible. Note that IE 8 is the last release available for Windows XP.

The Facts

  1. This vulnerability has been around for over a decade and was only just discovered.
  2. This vulnerability affects the interface that launches the Adobe Flash Player in IE.
  3. You can disable the Flash Player in Internet Explorer to reduce chance of this threat.
  4. The latest versions of Internet Explorer 10 or 11 are safer, upgrade now from 9.
  5. It is OK to continue to use IE for safe, trusted websites like your Internet Banking.
  6. You may wish to use an alternate browser (Mozilla Firefox or Google Chrome, etc.).
  7. Before you click – always preview URL of a link (see lower left corner of browser page).
  8. IE with Enhanced Security on Servers are not vulnerable to this threat.


How to Disable Adobe Flash Player in IE

Open IE and then click Tools, then Manage Addons.  Next, click on Shockwave Flash Player to select the flash addon.  Now, look down towards the bottom of the window for Enable and Disable.  Unless it is already disabled, just click on disable and then click on OK to finish. Later, when you wish Flash items in IE, just follow these same steps and click enable to turn it back on.

How to Preview URL Links before you Click

Always read the details of all Internet web link URLs (Universal Resource Locator) before you click on one of those blue highlighted or underlined links in a web page or email.  When you point to a link on a web page or email, (hover the mouse pointer over the link) before you click, you should see the full text of the link in the bottom left corner of your browser or email page.  If you email does not show the (http://www.somewebsite.com) link when you point to it or hover over it, then try to right click on the page and say view in browser before you try to go to the link.

DO NOT CLICK if the URL in does not refer to a known or trusted website address (especially if it ends in .cn, .ru. .br – country codes for China, Russia, Brazil). In older versions of Internet Explorer you may need to turn on the status bar (Right Click on the Title Bar and make sure that Status Bar is checked)  Current versions of most browsers, including Firefox and Chrome will show this by default.

Refer to Microsoft Security Advisory 2963983 for more information.

More Technical Details

In order to exploit this security vulnerability, an attacker would have to host a specially crafted website that is designed to exploit the IE bug, and then invite the user to visit the website.  You would have to first be lured to the malicious website designed to take advantage of this bug by causing IE to corrupt its data in memory, and execute a malicious program designed to infect your computer with a virus, or provide remote access to your files.

This type of software flaw or vulnerability is nothing new.  Flaws are being identified and repaired by windows updates in all parts of windows on a regular basis. Microsoft is required to publish known security flaws once they are found, which makes it imperative to keep your software up to date.  Once know vulnerabilities are published, you can be sure that there are bad people out there writing software to take advantage of it.

There is no cause for alarm or panic.  If you maintain a vigilant eye, and cautiously practice safe computing, you won’t be fooled into clicking on web links in phishing attack email messages that don’t look quite right.  Remember, Social Network sites, asking you to click on a link to go and confirm your login credentials or your login will be disabled.

The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.

Older Alerts

Java Security Vulnerability Fixed

(Version 7 Update 7).
Users are encouraged to immediately apply the latest Java update to close the zero-day vulnerabilities in the Java Runtime Environment, Oracle said in its advisory on Thursday August 30, 2012. Oracle has release a statement that Java run time environment (JRE) version 7 update 7 which has been confirmed safe from this vulnerability. Everyone is advised to update to this edition or later.

Click Here to Check Java Version

Vulnerability Details

If exploited, these security holes allow attackers to download and execute arbitrary code on victim computers. Researchers have identified two flaws in JRE 1.7 which attackers were chaining together to push the Poison Ivy Remote Access Tool (RAT) onto victims.

The out-of-band Security Alert CVE-2012-4681 includes fixes for “three distinct but related vulnerabilities and one security-in-depth issue” affecting Java running within the browser, said Eric Maurice, director of Oracle software security assurance, in a blog post on Thursday.

CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, and CVE-2012-0547 don’t affect standalone Java desktop applications or Java running on servers. They only affect applications accessed through the browser using plugins.

“Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible,” Maurice wrote.

Oracle Security Alert for CVE-2012-4681

JRE Update Release Notes

Clarification – the exploit only works buy luring you to go to malicious web site with the bad Java code on it, and causing the malicious Java exploit code to run in your web browser (Internet Explorer, Firefox, or Chrome or Safari).
You are only at risk while running your browser and click on a link in a phishing email message, or following an unsafe link for something that you searched for in Bing, Google, or Yahoo. Just be extra careful until you either uninstall Java or disable it in your browser as instructed below.

line

The other important thing to do to reduce your risk of getting hit by this or any other nasty virus is to make sure that your windows security updates are up to date.  Click on Start, All Programs, then run Windows Update and install all critical security updates that it finds.  To check if you have a specific patch, once released, on Windows 2000 or XP, you can go to the Control Panel, and run Add/Remove Programs. On Vista or Windows 7, go to Control Panel, and run Programs and Features.Make sure the option to display updates is checked at the top, and then scroll down to the bottom and look for Security Update for Windows expected any day now.Check back here or Search the web for more information on the planned Microsoft Knowledge Base article on the patch to fix the Windows bug that will prevent the Duqu virus infections.

If I Have Virus Protection, Why Is This Such A Big Deal?
Even though the risk of infection is minimal for computers that have installed the latest Microsoft security updates, experts predict that there are potentially millions of computers around the globe that, are not protected, and many of these are quite likely infected.  A network of this magnitude creates an army of computing power that can be used for any number of malicious purposes, from harvesting personal and financial information to performing online attacks such as a denial of service on large corporations.

Duqu is classed as a virus because of how it spreads.  It exploits a yet to be published Windows vulnerability which allows it to load directly into an non-patched computer by taking advantage of a design flaw in the Windows networking software, when and infected Word document is opened.  Once it gets in, it will disable your antivirus, and block access to security update sites.  It will then allow a remote attacker to take over remote control of your computer and search for .  Additionally, it can spreads through network shares and removable drives like [USB Flash Drives].

Conflicker.C, the third variant of a self spreading family of worms, was first detected on December 31, 2008.  The first version, Conficker.A was first discovered in October 2008.  It affects all versions windows from Win98, through Server 2008.  It waits patiently on infected systems until certain dates pass before it begins to initiate malicious actions.  After January 1, 2009, this virus began to download reinforcements from a website to the affected computer.  There were estimates of  millions of infected systems worldwide that experienced major havoc on April 1, 2009.  Hopefully, you weren’t one of them!

What You Can Do to Reduce Risks

You can greatly reduce your risk of getting this type of infection.  Do these next six steps on all computers in your home or office.  Remember that you are only as safe as the weakest link in your network, so check all of your systems.
1) Make sure that you have Windows XP Critical Updates installed on your system.

2) Verify the three main settings in Windows Security Center: (Control Panel)

2.1) Windows Firewall is turned on and working.

2.2) Windows Automatic Updates are turned on.

2.3) Anti-Virus Protection is installed, working and up-to-date.
[normal full colour AVG Icon in System Tray].

Practice Safe Surfing Techniques – Don’t trust any unknown websites, even if they appear to be legitimate.

3.1) Never open any unknown or unexpected email attachments, even from someone that you know.

3.2) Never download free software games, screen savers, tools, or software of any kind unless you are certain that they are from well known, well established, websites from reputable companies.

3.3)   Never click anywhere on any pop-up windows that offer to speed-up your Internet or scan for and remove unwanted software.  Those pop-ups are often the virus themselves, with the whole window acting as one big button that says take me I’m yours — if you click anywhere on them, even the [X] or Cancel Button, you give it permission to download and install into your PC.  Instead, press Ctrl-Alt-Del [at the same time] and then use the Windows Task Manager to terminate the pop-up window.

4.0)  Always use strong passwords for all of your system, network, and email accounts.  Strong passwords are more difficult to guess, and have at least 8 characters, and some from at least three of the following four categories: [Upper Case, Lower Case, Numeric Digits, and Punctuation]  For example: “My-Top.40


Computer Worm vs. Virus
Wikipedia Worm Definition

A computer worm is a self-replicating computer program.  It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.