March 30, 2007
Windows Animated Cursor Attack
On Wednesday, March 28, Microsoft announced a new vulnerability that targets the "animated cursor" function in Internet Explorer 6 and 7.
Animated cursors are used on different websites for legitimate reasons. However, this latest vulnerability uses the animated cursor function to install and execute a trojan file on the victim computer. Infected computers may be controlled by a remote attacker, who may install a keylogging tool or other malicious files
The attack does not require any user interaction. Computers can be compromised simply by visiting a website that contains the malicious code. The infection happens in the background and the user may not be aware that the computer is compromised.
This vulnerability affects the following operating systems:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Microsoft Windows Server 2003
- Microsoft Windows Vista
- (See link below for more Operating Systems)
Vista's IE 7 in protected mode shields the computer against drive-by installations.
There are no patches for the vulnerability at this time. Microsoft suggests that customers avoid visiting unknown websites or open email from unknown, untrusted addresses. It is also suggested that users open emails in plain text format since it will reduce the risk of malicious code executing.
Read more about this alert on Microsoft's Security Bulletin website:
Microsoft Security Advisory (935423)
Posted by cp493 at 11:43 AM
February 14, 2007
Download Windows Updates: 02/14
Microsoft released several critical Windows patches on Feb. 12 that resolve multiple vulnerabilities. The patches address, amongst other issues, vulnerabilities in Microsoft Office, Word, Visual Studio, and Windows 2000 workstations.
This update affects multiple versions of Windows including, but not limited to, Windows XP Professional SP2. It is very important that you update your Windows operating system as soon as possible.
Download the latest updates here:
Posted by cp493 at 02:25 PM
December 06, 2006
New "Zero-Day" Attack for Microsoft Word -( 12/06/06 )
Microsoft issued a security bulletin regarding a recently discovered vulnerability in Microsoft Word. The attack involves a specially crafted Microsoft Word document that contains malicious code.
Once the Word Doc is opened, the code is executed and corrupts the computer's memory. This can lead to an attacker taking control of a user account on the compromised computer.
This attack affects many varieties of Microsoft Word, including those available for the Apple Macintosh platform.
- Word 2000
- Word 2002
- Word 2003
- Word Viewer 2003
- Word 2004 for Mac
- Word 2004 v. X for Mac
- Works 2004, 2005, and 2006
There is no patch or fix for this issue as of yet. Microsoft is working on a solution.
It is recommended that you do NOT open any Word Doc's from un-trusted sources. If you do receive Word Doc's from trusted sources, verify that the document was intentionally sent.
We will update this alert as information becomes available
You can read more information regarding this latest vulnerability here;
Microsoft Security Bulletin : Microsoft Word
Posted by cp493 at 03:17 PM
December 04, 2006
Phishing Scam: "Nyu Abuse Department" email not legitimate - ( 12/04/06 )
There is a phishing email that is being sent to NYU users requesting that the recipient click on a link or else face the risk of an account suspension.
The message appears as the following:
---"Dear Valued Member,
According to our terms of services, you will have to confirm your e-mail by the following link, or your account will be suspended for security reasons.
http://www.nyu.edu/confirm.php?account=(Your NetID)@nyu.edu
After following the instructions in the sheet, your account will not be interrupted and will continue as normal.
Thanks for your attention to this request. We apologize for any inconvenience.
Sincerely, Nyu Abuse Department"
---This message is NOT legitimate. DO NOT click on any link in that message. The link may trigger a download of malicious software and compromise your PC.
It is recommended that you forward this phishing message, and any message like it, to is.spam@nyu.edu .
Posted by cp493 at 11:27 AM
November 30, 2006
Apple releases 31 updates for Mac OS X 10.4.8 - ( 11/30/06 )
On November 28th, Apple began distributing 31 updates for Mac OS X 10.4.8. These updates address a mulititude of issues in OS X, including a severe vulnerability regarding the Airport Wireless Card in PowerPC Macintosh models.
It is important that you update your computer as soon as possible. To learn how to update your Mac, click on the link below:
http://www.nyu.edu/its/security/getsecure/#step2
Posted by cp493 at 10:53 AM
November 16, 2006
Download Critical Microsoft Windows Update - ( 11/16/06 )
Microsoft has released several critical Windows patches on Nov. 14 that resolve multiple vulnerabilities. The patches address, amongst other issues, vulnerabilities in Adobe Flash Player 6+, Remote Code Execution, and ActiveX scripting.
This update affects multiple versions of Windows including, but not limited to, Windows XP Professional SP2. It is very important that you update your Windows operating system as soon as possible.
Download the latest updates here:
Posted by cp493 at 02:42 PM
October 10, 2006
Download Windows Updates - ( 10/10/06 )
Microsoft has released 10 updates for October's "Patch Tuesday" monthly cycle. These updates are the largest amount of grouped updates for the year so-far. The updates will fix 26 known vulnerabilities being actively exploited on the Internet.
Due to a software glitch, MS is not able to push out the updates to their users automatically at this time (10/10/06 @ 5PM EDT). It is suggested that you visit their website below to manually download & install the latest updates:
Posted by cp493 at 04:50 PM