Security News Psychology and security (Tue 27, Oct 2009) Professor Ross Anderson of the Computing Laboratory at Cambridge University has put together an excellent web page on psychology and security. The page contains links to a wide range of on-line resour... Cookie Monster (Mon 26, Oct 2009) Cookies are a part of everyday web usage that most people take for granted (indeed many users are blissfully unaware of their existence). Cookies are used to provide a persistent record of your intera... MS09-059 - Important: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467) (Tue 13, Oct 2009) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sent a maliciously crafted packet during the NTLM authentication process. MS09-057 - Important: Vulnerability in Indexing Service Could Allow Remote Code Execution (969059) (Tue 13, Oct 2009) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker set up a malicious Web page that invokes the Indexing Service through a call to its ActiveX component. This call could include a malicious URL and exploit the vulnerability, granting the attacker access to the client system with the privileges of the user browsing the Web page. Users whose accounts are confi MS09-056 - Important: Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571) (Tue 13, Oct 2009) Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. MS09-058 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486) (Tue 13, Oct 2009) Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in the Windows kernel. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logged on to the system and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit any of these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. MS09-061 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in persuading a user to run a specially crafted Microsoft .NET application. Users whose accounts MS09-050 - Critical: Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate from outside the enterprise perimete MS09-052 - Critical: Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Windows Media Player. The vulnerability could allow remote code execution if a specially crafted ASF file is played using Microsoft Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with ad MS09-060 - Critical: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in ActiveX Controls for Microsoft Office that were compiled with a vulnerable version of Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user r MS09-054 - Critical: Cumulative Security Update for Internet Explorer (974455) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Firefox users who are running the Windows Presentat MS09-055 - Critical: Cumulative Security Update of ActiveX Kill Bits (973525) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update addresses a privately reported vulnerability that is common to multiple ActiveX controls and is currently being exploited. The vulnerability that affects ActiveX controls that were compiled using the vulnerable version of the Microsoft Active Template Library (ATL) could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. Users whose accounts are configured to MS09-051 - Critical: Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Windows Media Runtime. The vulnerabilities could allow remote code execution if a user opened a specially crafted media file or received specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have f MS09-062 - Critical: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) (Tue 13, Oct 2009) Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. MS09-053 - Important: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254) (Tue 13, Oct 2009) Bulletin Severity Rating:Important - This security update resolves two publicly disclosed vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. On IIS 7.0, only FTP Service 6.0 is affected. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of se Firefox Fends Off Paypal Fraudsters, Microsoft Browsers Still Bugged (Tue 06, Oct 2009) On Monday, a hacker published a counterfeit (null-prefix) SSL certificate for PayPal that exploits a hole in Microsoft browsers to appear legitimate to unsuspecting users of the online payment service... MS09-049 - Critical: Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710) (Tue 08, Sep 2009) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Wireless LAN AutoConfig Service. The vulnerability could allow remote code execution if a client or server with a wireless network interface enabled receives specially crafted wireless frames. Systems without a wireless card enabled are not at risk from this vulnerability. MS09-048 - Critical: Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) (Tue 08, Sep 2009) Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter MS09-047 - Critical: Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812) (Tue 08, Sep 2009) Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Windows Media Format. Either vulnerability could allow remote code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with fu MS09-045 - Critical: Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961) (Tue 08, Sep 2009) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the JScript scripting engine that could allow remote code execution if a user opened a specially crafted file or visited a specially crafted Web site and invoked a malformed script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, ch MS09-046 - Critical: Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) (Tue 08, Sep 2009) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights o Another Packed Patch Tuesday (Mon 07, Sep 2009) Microsoft is set to release five critical bulletins tomorrow - all of which affect both server and desktop Windows users. The bulletins may cause more disruption to networks than normal ... Coastal Council Silences Status Updates (Tue 01, Sep 2009) Portsmouth Council have this week moved to block all 4,500 staff from accessing Facebook. According to estimates, staff spent "on average" 400 hours per month on the popular social networking site. Qu... Police Suffer Paper Trail Fail (Fri 21, Aug 2009) Sensitive documents (on paper - how delightfully old fashioned!) containing details of background checks of around 60 people have been found dumped on a building site in Northern Ireland. As it relate... When Private Data Goes Walkies: Do Home Users Need Crypto? (Wed 19, Aug 2009) A recent burglary victim who lost a laptop, iPhone and various other gadgets, has been taunted by the thief posting messages on her Facebook account. Victoria Richardson lost the laptop when her ho... MS09-041 - Important: Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657) (Tue 11, Aug 2009) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or MS09-042 - Important: Vulnerability in Telnet Could Allow Remote Code Execution (960859) (Tue 11, Aug 2009) Bulletin Severity Rating:Important - This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerabilit MS09-038 - Critical: Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557) (Tue 11, Aug 2009) Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts MS09-044 - Critical: Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927) (Tue 11, Aug 2009) Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who o MS09-039 - Critical: Vulnerabilities in WINS Could Allow Remote Code Execution (969883) (Tue 11, Aug 2009) Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue. MS09-043 - Critical: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638) (Tue 11, Aug 2009) Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. MS09-040 - Important: Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032) (Tue 11, Aug 2009) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing Feline Scapegoat in Frame for Child Porn Downloads (Tue 11, Aug 2009) A Florida man has claimed that the child abuse images found on his computer were the result of his cat walking across the keyboard. He claims that over a thousand images were downloaded as a resul... More Certificate Woes (Tue 11, Aug 2009) At the recent BlackHat computer security conference, researcher Moxie Marlinspike revealed yet another attack on the SSL certificate management infrastructure that underpins much of the web's security... Nmap Revamped (Wed 29, Jul 2009) A major new version of Nmap, the "Swiss army knife" of network diagnostic tools, has been released. A long term favourite of security professionals, Nmap allows complex packet scans and is a valuable ...