Pavlov Scope

As a wonderful Valentine’s day gift of work for people like me, Microsoft is releasing 7 new patches (updates) to a variety of software, addressing a variety of software flaws (some severe, others not so).

Being its usual tight-lipped self, the Redmond company doesn’t reveal much about the nature of the flaws, so more information will be forthcoming.

Sun’s Java libraries are having a rough time of it lately, but Sun is staying on top of the problems with quick fixes. Here is a link to the publicly available information from Sun on the vulnerabilities. This is written a little poorly and overly specifically, but the main thing to realize is that you probably need to update your runtime libraries accordingly. Additionally, simply having the old libraries available on your computer leaves it vulnerable, so please remove older versions of the JRE.

Most of the time, however, if you left the default install of the JRE, the scheduler will prompt you to download the new updates making this process a bit easier and less esoteric. However, you will still need to disable or remove the old versions as simply upgrading the existing versions won’t completely remove the vulnerability.

For a good rundown of how to handle this, check out Brian Krebs’s blog entry on the matter.

IE7 beta preview is out and you can install it and work with it to check it out.

—- However, I would stear clear of it for now. —- Just check out the screen shots and beta tester reports out on the Web instead of taking the plunge yourself.

• First and foremost, it can cause problems with some patches that come down from Microsoft which can cause you more headaches than it is worth.

• Second, come on.. it is IE - what a great track record it has had.

• Third, several flaws have already been found and remain to be patched – after all, it is BETA software and we cannot expect it to be free of errors yet.

• Fourth – uninstalling it can be a bear, so for the non-technical user, I would highly recommend avoiding any tinkering for now.

• Fifth – Browser add-ons, some virus software, some anti-spyware software, and some firewall software will interfere with IE7 beta or vice versa, causing you some weird behavior and error messages.

This is the browser that will be included by default in the next version of Windows (previously named Longhorn) – Vista. For the non-bleeding edge users out there, I suggest that you keep using what you are using for now. Besides, most of the benefits of the new IE have been in other browsers (notably Opera and Firefox) for years.

Wait and see…

There are also some server DoS-type bugs and other “unspecified” vulns as well, but all of the bugs are fixed by upgrading to 6.5.5 or 7.0.1 – so if you are running Notes or Domino, upgrade and be happy again.

Yesterday, Firefox released an update to bring the version up to 1.5.0.1. Some of you avid users were probably prompted already to upgrade. I suggest doing the upgrade to introduce additional stability and to install the security fixes that have been implemented in this release. Also included is improved Mac support for all you applesaucers out there…

There is an active exploit running around now that takes advantage of a security flaw in the older version, so please update if you haven’t already.

If you aren’t prompted to upgrade automatically, then you can do so manually by choosing Help-Check for Updates from the menu.

Here is a link to the geeky list of specifics.

Additionally, if you have installed some of the great Firefox extensions, you will need to update them as well.

Choose Tools-Extensions, then the Find Updates button on the bottom left of the resulting dialog box. After they are all downloaded, you will need to restart Firefox, but then you will be all up-to-date.

Hi again all;

As of today, yet another WMF vulnerability, complete with exploit code, has been discovered. In case any of you don’t read assembly programming code, thankfully, this one is less severe ;-)

The WMF vulnerability disclosed today subjects WMF-related programs (things like Internet Explorer, built-in image viewers, etc.) to crash. This is known as a Denial of Service (or, DoS) – meaning that when the exploit is accomplished it Denies you (crashes or prevents you from using) the Service (where, in this case, the service is Internet Explorer and related imaging programs).

This is clearly not a red alert since the code doesn’t appear to be able to infiltrate your computer, but it is important to stay vigilant as always. Follow this link for Microsoft’s official response to this vulnerability so far.

I’ll update when a patch has been released or if any more develops take place.

P.S. New (additional) Windows updates are due out tomorrow (Tues., 2005/Jan/10), which are unrelated to this and the previously WMF flaw.

FYI;

_____________________________________________________________

Hi all;

FYI and finally

UPDATE (19:50 EST): I have deployed the patch on a small set of test machines that had both unregistered the DLL and applied the v1.3 version of the workaround from Ilfak. The XP SP2 machine deployed and restarted without any problems. However, both Windows 2000 Pro machines hung on shutdown… not sure of the cause yet (whether it is directly related to the update or something else). But, when those Win2K machines were booted back up, they both had the updated GDI32.DLL file (time/date 2005/Dec/30 @ 11:15am EST and 233,744 bytes in size). Will be looking into the problem further with additional test machines and report back here…
The update works fine, but if you need to deploy this into a large environment, I would recommend doing a sampling of the Win2K machines first to prevent widespread TechSupport calls (just in case).

FYI - the XP GDI32.DLL appears to have been fixed a couple days prior (2005/Dec/28 @ 21:54 EST and it is 280,064 bytes in size).

UPDATE (20:45 EST): I tested another Windows 2000 Pro machine, which did NOT have the Ilfak v1.3 patch applied (no patch, and the DLL was still registered) and the update went without any glitch.. no hang, no reboot problems, and the GDI32.DLL is updated as expected.

Hi again all;

Steve Gibson’s (great security researcher and asset to the IT Security community) GRC site has reported that the fix for this problem has been leaked from Microsoft. He has tested it and it appears to work as expected, and thankfully, doesn’t appear to cause any problems with the previous, unofficial, Ilfak fix. So, you will not need to uninstall the Ilfak fix to update from Microsoft next Tuesday when the fix is deployed via Windows Update.

 But, I recommend to uninstall the Ilfak fix after you have verified that the Microsoft fix is stable (in other words, after you reboot post-update, make sure you can properly use your computer for a couple days, then uninstall the Ilfak fix). Once you have uninstalled the Ilfak fix, reboot, and test your computer using the Ilfak "checking" utility (mentioned in previous posts here) to verify that the computer is no longer vulnerable.

 Then, stay tuned for the inevitable next 0day software problem which I’ll do my best to keep you updated here.

Whoops! Ilfak’s site was slashdotted today by the inundation of impatient types (read:people like me) that would prefer to have their computers protected now instead of next week when Microsoft releases the official patch.

As stated in Update 4, you can download the checker and patches from this site (see links in Update4).