Archive for the ‘security’ Category

Adobe puts out workaround for Acrobat exploit

Saturday, October 13th, 2007

The exploit we’ve previously mentioned here only affects you if your setup matches the following:

Platform: Windows XP (Vista users are not affected) with Internet Explorer 7 installed

Affected Software Versions:

  • Adobe Reader 8.1 and earlier versions
  • Adobe Acrobat Standard, Professional and Elements 8.1 and earlier versions
  • Adobe Acrobat 3D

Adobe has finally provided a workaround, though it’s not terribly straightforward if you’re uncomfortable mucking about in the registry:

http://www.adobe.com/support/security/advisories/apsa07-04.html

They plan to eventually provide a more user-friendly solution. Until then, the exploit–while not known to be out in the wild yet–has the potential to be extremely damaging; applying Adobe’s workaround is strongly recommended while we wait for them to provide a proper, more-polished patch.

If you're new here, we'd love it if you subscribed to our RSS feed. Thanks for visiting!

Posted in Acrobat, Adobe, IE7, Windows XP, exploit, registry, security, software, workarounds | No Comments »

Internet Explorer 7 now WGA-free (finally…)

Thursday, October 4th, 2007

Microsoft has issued an updated Internet Explorer (IE) 7 release that no longer requires Windows Genuine Advantage (WGA) validation in order to download. The company has refreshed versions of IE 7 for Windows XP Service Pack (SP)2, Windows 64 client/server, and Windows Server 2003 SP1/SP2. It also posted an update to IE 7 for Windows XP that resolves a phishing-filter problem with the browser.

(Snippet from ZDNet)

Posted in IE, IE7, Internet Explorer, Microsoft, WGA, Windows, Windows Genuine Advantage, Windows Server 2003, Windows XP, XPSP2, downloads, security, software, updates | No Comments »

Office 2003 Service Pack 3 released

Friday, September 21st, 2007

We still have a few machines running Office 2003 around here. If you do too, then by all means, get updated!

It’s quite possible the Microsoft Update service has already pushed these updates out to you earlier this week. Otherwise, you’ll need to go through Office Update or hit the Microsoft website and grab the update directly yourself (as linked below). Regular Windows Update does not check for updates to Microsoft Office; we recommend you upgrade to the more advanced and inclusive (and still free) Microsoft Update service.

Customers that retain us for software updates and security audits should have received these updates already, automatically.

[…] The Microsoft Office division has just released Service Pack 3 for 2003, and it is available for download through Office Update or directly from Microsoft’s web site.

imageThe update includes a number of hotfixes that were released post-SP2, as well as some new tweaks. New fixes in Excel include performance improvements for loading files over slow networks and updates to the error-reporting service. Word gets fixes for many formatting errors, as well as for the problem some users had copying and pasting text from web pages. Powerpoint gets attention for problems with the “Package for CD” feature. In addition to bug fixes, SP3 contains numerous security patches to close recently-discovered holes.

[…]

(Snippet from ArsTechnica. Image from Microsoft.)

Posted in Microsoft, Office, SP3, downloads, security, software, updates | No Comments »

PDFs can also be bad for you

Friday, September 21st, 2007

Be careful out there.

A zero-day PDF vulnerability in Adobe’s Acrobat Reader has come to light that can lead to Windows boxes getting taken over completely and invisibly, according to a security researcher.

“All it takes is to open a [maliciously rigged] PDF document or stumble across a page which embeds one,” said researcher Petko D. Petkov, aka pdp, in a blog posting on Sept. 20.

[…]

Paul Henry, vice president of technology and evangelism at Secure Computing, based in San Jose, Calif., said in an interview with eWEEK that PDF vulnerabilities have a strong advantage when it comes to users being tempted into opening them, giving this vulnerability the potential to become a “huge” attack vector. “From a social engineering standpoint, it’s easier to attach a PDF to e-mail and assume [the target will] open it. If you’ve got a request to launch a video conversation from someone you never heard of, chances are you won’t do it. Or you won’t click on a video online if you don’t know where it’s from. But from a social engineering point of view, this is deeper.”

[…]

The scenario is that an attacker rigs a PDF file designed to exploit the flaw. He or she distributes it via e-mail or through other means, or hosts it on a Web page. When a user opens the rigged PDF file with a vulnerable application, the user’s machine can be loaded with malware that makes it open to a takeover.

[…]

“The ability to use PDFs to install malware and steal personal information from remote PCs is here,” he said in a statement. “Readers should be cautioned to only open PDF files from senders they explicitly trust.”

(Snippets from eWeek. Image from Adobe.)

Posted in Acrobat, Adobe, PDF, exploit, malware, security, software, zero-day | 1 Comment »