Turns out you won’t be able to install Google Chrome, you’ll get a nifty litte error: google update installation failed with error 0x8004071c
Good news is that there’s a quick fix floating around, just erase the value in the ‘ImageState’ key in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State
And it will install like a charm
You’re welcome
Microsoft has confirmed reports of a new vulnerability that affects both Internet Explorer 6 and Internet Explorer 7, but not Internet Explorer 8.
Microsoft has issued Security Advisory 977981 in regard to public reports of a vulnerability that exists as an invalid pointer reference of Internet Explorer. Under certain conditions, it is possible for a CSS/Style object to be accessed after the object is deleted, and thus, if Internet Explorer attempts to access the supposedly freed object, it can end up running attacker-supplied code. IE6 SP1 on Windows 2000 SP4, as well as IE6 and IE7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected. Microsoft notes that IE 5.01 SP4 and IE8 on all supported versions of Windows are not affected, but of course IE6 and IE7 still account for over 40 percent of the browser market.
Exploit code for the flaw was first posted late last week on the BugTraq mailing list (see either securityfocus.com or seclists.org). Microsoft noted its concern that this new report of the vulnerability was not responsibly disclosed, potentially putting computer users at risk, but that it is not aware of any attacks that try to use the reported vulnerability against IE6 and IE7. Redmond says it is actively monitoring the situation and may provide a security update on an upcoming Patch Tuesday or an out-of-cycle patch once it is ready. The next Patch Tuesday is scheduled for December 8, 2009, but we’re not likely to see a patch out that soon.
In addition to the latest version being unaffected by this vulnerability, Microsoft offered four other mitigating factors:
Microsoft also offered three workarounds for the new IE flaw. The first one explains how to set the Internet and Local intranet security zone settings to “High” so that the browser prompts the user before running ActiveX Controls and Active Scripting in these zones. The second one details how to configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. Finally, the last one suggests enabling Data Execution Prevention (DEP) for IE6 SP2 or IE7. All three are explained with step-by-step instructions in the security advisory and can be done by simply changing settings in Internet Explorer.
In December 2008, Microsoft released an out-of-band security update for Internet Explorer and encouraged all users to run Windows Update or Microsoft Update to download the fix.
An interesting new vulnerability has popped up in Firefox browsers, leaving many users open to attack. The vulnerability is actually a plug in for Firefox browsers designed by……(drumroll, please)….. You guessed it.. Microsoft
The vulnerability can be exploited when users visit malicious Web pages that contain specially crafted XAML-Coded content.
On Tuesday, Microsoft sent out an Internet Explorer patch to fix the vulnerability, by way of Windows Automatic updates. Although the IE patch is said to fix the problem with both Firefox and Internet Explorer browsers, many Firefox users are still reporting unresolved issues.
In order to protect people who are not yet patched, Firefox has added Microsoft’s plugin to its add-on blocklist, causing it to be automatically disabled by the browser, until a Universal fix can resolve the vulnerabilities of the plugin.
Mike Shaver, Firefox’s vice president of engineering, described the security problem in a blog entry posted Friday in the official Firefox security blog.
“Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the plugin for all users via our blocklisting mechanism,” he wrote. “Microsoft agreed with the plan, and we put the blocklist entry live immediately.”
Plugin security vulnerabilities are a major problem for corporations, small businesses, and family users, due to their nature. These bugs are especially tempting to hackers because they often are a great way to affect multiple browsers and provide a larger audience of potential victims.
Our clients who are enjoying ongoing maintenance services are up to date, and as always clients on the Managed Protection plans were protected considerably before the vulnerability was ever publicly disclosed.
Some interesting new vulnerabilities have been released in the past few weeks, today’s post is regarding the most widespread issues effecting almost all users.
The news to typical users is the fact that you are in harms way in more ways than you thought.
Image Files can actually infect and make your machine susceptible
What does this mean to you?
That by not downloading the most current security updates for your Windows XP machine, you are putting your computer at risk for potentially huge Virus infections and system – leaving you and your system wide open.
Apply Patches ASAP – workarounds that limit GDIplus.dll could cause headaches, to say the least.
Fire up Internet Explorer and head over to: http://windowsupdate.microsoft.com/
Our clients who are enjoying ongoing maintenance services are up to date, and as always clients on the Managed Protection plans were protected considerably before the vulnerability was ever publicly disclosed.
Technobabble bellow – if you need to be sure you’re getting the right updates.
Listed below are the Critical Security Updates provided by Microsoft
Shoot us an email with any questions.
Some positive news from Adobe last night. Fixes for those nasty vulnerabilities are finally available.
Quick refresher the programs affected are:
The recommendations provided by adobe is that any users of prior versions upgrade them asap.
Linkies to the updates are as follows:
Update for AIR: http://get.adobe.com/air
Update for Reader: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
Reader will also allow you to update through its own updater
Update for Acrobat: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
Just keep in mind that its always a good idea to install updates – reason we’re paying special attention to this one is because it is a critical update which is receiving a lot of publicity. Popular vulnerabilities are more likely to be exploited.
Feel free to shoot us an email or comment with any issues/questions.
The US-CERT has published a very serious Adobe flash vulnerability that has been uncovered. The vulnerability affects Adobe Flash versions 9.0.159.0 and 10.0.22.87 and earlier 9.x and 10.x versions. Adobe Reader 9, Acrobat 9, and other Adobe products (including Photoshop CS3, PhotoShop Lightroom, Freehand MX, Fireworks) provide Flash support independent of Flash Player. As of 2009-07-22, Adobe Reader 9.1.2 includes Flash 9.0.155.0, which is likely vulnerable to issues addressed by Flash 9.0.159.0.
This is a very serious vulnerability for which there is currently no patch. It allows an attacker to run malicious code on an affected system. We are systematically disabling the flash component as the temporary fix as we don’t like the provided workaround of deleting, renaming, or removing access to the authplay.dll component which will crash the component.
Adobe is expected to publish a fix on July 30th, which we’ll post here.
Aside from applying patches yourself, we are able to protect you and your organization from 0-day exploits such as this one with our Managed Host Intrusion Prevention system. We’ve been monitoring the exploit for about 2 weeks as it was being stopped cold by the system. With the help of the system we are able to pick up malicious behavior and lock the exploits down before any patches or mentions show up. Shoot us an email for more info.
Stay tuned
Useful links:
http://www.kb.cert.org/vuls/id/259425
http://www.adobe.com/support/security/advisories/apsa09-03.html
Jul 23
A recent string of attacks around the globe have put computer hackers into the international spotlight once again. There have been speculations that the latest attacks were perpetrated by either North Korea itself, or its sympathizers, as the attack came from about a dozen IP addresses around the world. The type of attack employed by these hackers is known as a Denial-of-Service (DOS) attack. While this type of attack was used in this case to merely create a stir, it can be devastating if used against individuals or small businesses as well.
What is a DOS attack?
A DOS attack can come in a variety of forms, all with the purpose of causing the targeted system to become inoperable. This is done by sending vast amounts of traffic to the intended target, consuming a vast amount of its resources, thus causing it to no longer be able to respond to legitimate traffic, or respond so slowly that it become essentially inoperable.
Email and Text Bombs
Another variety of DOS attacks are those that either only target individual people, or use an individual as a means of attacking a larger entity as a whole. With Email Bombs, a single email address is sent multiple messages simultaneous from multiple senders, in hopes of overloading both the individuals email itself, halting productivity, as well as the server on which the email is hosted, thus halting productivity for an entire organization. Furthermore, text bombs are also employed as a means to render the target’s phone inoperable as multiple text messages are sent from several phones simultaneously, causing the phone to become inoperable as it attempts to receive all the messages.
Who is Safe?
To be honest, no one is safe. As you can see, these recent attacks were aimed at government websites in both The United States and South Korea, and have also been successfully used against large Internet sites such as The Pirate Bay as recent as June of this year. However, these attacks are not commonly used against individuals and small businesses.
Fox News recently published an article on a popular children’s website, Neopets and how it was being used to by identity thieves to send links to the children from which a program would be installed on the computer to steal sensitive information from the children’s parents. Such scams and attacks have been frequently used in sites such as Myspace, Twitter and Facebook, sites appealing to a slightly older age range. However, this new string of attacks shows a new angle that identity thieves are using in which rather than attacking the primary victim, they are using children to act as a gateway, installing malware onto the family computer, which the parents then later use to do their weekly online banking, shopping and bill paying.
What Can You Do to be Safe?
According to the Federal Trade Commission, the number of registered complaints for the year 2008 was the highest ever, with 1.2 million registered instances of identity theft. So, what should you do to help :
Welcome to the Tech Info Blog. Please check back often for new and interesting posts!