MS Internet Explorer Vulnerability - July 2009

Posted from Yahoo Tech

Microsoft Corp. has taken the rare step of warning about a serious computer security

vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

The so-called "zero day" vulnerability disclosed by Microsoft affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" — or software fix — for the problem.

Microsoft rarely departs from its practice of issuing security updates the second Tuesday of each month. When the Redmond, Wash.-based company does issue security reminders at other times, it's because the vulnerabilities are very serious.

A recent example was the emergency patch Microsoft issued in October for a vulnerability that criminals exploited to infect millions of PCs with the Conficker worm. While initially feared as an all-powerful doomsday device, that network of infected machines was eventually used for mundane moneymaking schemes like sending spam and pushing fake antivirus software.

Solution

http://www.microsoft.com/technet/security/advisory/972890.mspx
http://support.microsoft.com/kb/972890#FixItForMe

Five Free Security Hacks

Five Free Security Hacks

Shared via AddThis

Problem on Upgrading Trend Micro OfficeScan

After upgrading our current Trend Micro OfficeScan 7.3 to the newer version 10.0 release, the problem started there.Computers with client OfficeScan installed has these symptoms:

1. CPU utilization increases to 100%

2. When using Network monitoring tools as such as Ethereal, you can see error on TCP packets like this "STATUS_NO_SUCH_FILE"

3. When try to unplug its LAN cable CPU utilization decreases like crazy.

So what's the solution dude?

ok, best solution is to get hotfix from trend micro if possible. This is what i am talking about.Here is the steps:

1. Go to your master server or TM server master console.You can connect thru your browser usually "https://servername:4343/officescan/console/...." and login your admin account

2. Go to this link >> networked computers, global client settings

3. Uncheck "Show the alert icon on the windows taskbar if the virus pattern file is not updated after x days" shown image below.

4. Go back to you server which was just upgraded version with Officescan client and update it as shown below to replicate the new settings done from TM server.

Then, thats it.I know that doesnt make sense but it worked for me.

Actually that features once enabled, the clients searches for an update continually to your TM server.Sounds eating all you bandwidth making your network congested.This is a big problem especially on file servers domain controllers where there are a lot TCP accesses.You can see srv.sys used more CPU resources when you use process explorer tool.