Operating systems that are not affected include Windows XP, Windows 7 final and Windows Server 2003. No patch is currently available to fix the vulnerability. Microsoft has published workarounds to protect the operating system from possible attacks.

Disable SMB v2

To modify the registry key, perform the following steps:

Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the “Changing Keys And Values” Help topic in Registry Editor (Regedit.exe) or view the “Add and Delete Information in the Registry” and “Edit Registry Data” Help topics in Regedt32.exe.

1. Click Start, click Run, type Regedit in the Open box, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
3. Click LanmanServer.
4. Click Parameters.
5. Right-click to add a new DWORD (32 bit) Value.
6. Enter smb2 in the Name data field, and change the Value data field to 0.
7. Exit.
8. Restart the “Server” service by performing one of the following:
- Open up the computer management MMC, navigate to Services and Applications, click Services, right-click the Server service name and click Restart. Answer Yes in the pop-up menu.
- From a command prompt and with administrator privileges, type net stop server and then net start server.

Impact of workaround. Host will not be able to communicate using SMB2.

Block TCP ports 139 and 445 at the firewall

These ports are used to initiate a connection with the affected component. Blocking TCP ports 139 and 445 at the firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. Microsoft recommends that you block all unsolicited inbound communication from the Internet to help prevent attacks that may use other ports. For more information about ports, see TCP and UDP Port Assignments.

Impact of Workaround: Several Windows services use the affected ports. Blocking connectivity to the ports may cause various applications or services to not function. Some of the applications or services that could be impacted are listed below:

• Applications that use SMB (CIFS)
• Applications that use mailslots or named pipes (RPC over SMB)
• Server (File and Print Sharing)
• Group Policy
• Net Logon
• Distributed File System (DFS)
• Terminal Server Licensing
• Print Spooler
• Computer Browser
• Remote Procedure Call Locator
• Fax Service
• Indexing Service
• Performance Logs and Alerts
• Systems Management Server
• License Logging Service

Users that are running one of the operating systems that are affected by the vulnerability are encouraged to use one of the workarounds to protect their computer systems. More information are available at the Microsoft Security Advisory page.

Related posts

• Windows Vista Editions – Do you know the differences ? (6)
• Windows 7 To Launch October 22 (5)
• Windows 7 Released (5)
• Windows 7 Price, Upgrades And Preorders (15)
• Windows 7 Features Video (4)

Critical ratings for Windows XP or Windows Server 2003 are usually important or moderate ratings for Windows Vista or Windows Server 2008 thanks to the increased security in those operating systems. Downloads are already available from various official sources including Automatic Updates, Windows Update or Microsoft Update.

• MS09-028 – Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) – This security update resolves two privately reported vulnerabilities in the Microsoft Windows component, Embedded OpenType (EOT) Font Engine. The vulnerabilities could allow remote code execution. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system remotely. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-029 – Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) – This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft DirectShow. The vulnerabilities could allow remote code execution if a user opened a specially crafted QuickTime media file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-030 – Cumulative Security Update of ActiveX Kill Bits (973346) – This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability in Microsoft Video ActiveX Control could allow remote code execution if a user views a specially crafted Web page with Internet Explorer, instantiating the ActiveX control. This ActiveX control was never intended to be instantiated in Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS09-031 – Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856) – This security update resolves a privately reported vulnerability in Microsoft Virtual PC and Microsoft Virtual Server. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected guest operating system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
• MS09-032 -Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) – This security update resolves a privately reported vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2006. The vulnerability could allow elevation of privilege if an attacker successfully impersonates an administrative user account for an ISA server that is configured for Radius One Time Password (OTP) authentication and authentication delegation with Kerberos Constrained Delegation.
• MS09-033 – Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) – This security update resolves a privately reported vulnerability in Microsoft Office Publisher that could allow remote code execution if a user opens a specially crafted Publisher file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

It is recommended to install the Microsoft Security Patches as soon as possible to close the security vulnerabilities.

Related posts

• Microsoft Patch Tuesday November 08 (0)
• Microsoft Security Patches September 2009 (6)
• Microsoft Security Patches for June 2009 (12)
• Microsoft Security Patches April 2008 (0)
• Microsoft Patch Tuesday December 08 (3)

The easiest way to download and install the patches is by pointing the Internet Explorer web browser to Microsoft Update which will automatically detect and install the available patches for the computer system. Other possibilities include downloading the security patches from Microsoft Download Center from where they are available as well.

Six vulnerabilities have been rated as critical, three as important and one as moderate. Critical security vulnerabilities can usually be exploited for remote code execution meaning it is essential to fix these vulnerabilities quickly. You can follow the links below for additional information about each vulnerability.

• MS09-018 – Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
• MS09-019 – Cumulative Security Update for Internet Explorer (969897)
• MS09-020 – Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
• MS09-021 – Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
• MS09-022 – Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
• MS09-023 – Vulnerability in Windows Search Could Allow Information Disclosure (963093)
• MS09-024 – Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
• MS09-025 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
• MS09-026 – Vulnerability in RPC Could Allow Elevation of Privilege (970238)
• MS09-027 – Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)

Related posts

• Microsoft October 2008 Patch Day Patches 11 Security Vulnerabilities (0)
• Windows Vulnerability Scanner (4)
• Microsoft updates two critical security patches (5)
• Microsoft Security Patches September 2009 (6)
• Microsoft Security Patches April 2008 (0)

One security vulnerability has a critical rating for all affected operating systems while the other two are rated important by Microsoft’s security research team.

Details about the Security Bulletins can be found by following these links: Microsoft Security Bulletin MS09-006, MS09-007 or MS09-008. Another possibility is to access the Security Bulletin Summary at Microsoft Technet.

The vulnerabilities fix one remote code execution vulnerability and two spoofing vulnerabilities on the affected Windows operating systems:

• Vulnerabilities in Windows Kernel Could Allow Remote Code Execution
• Vulnerability in SChannel Could Allow Spoofing
• Vulnerabilities in DNS and WINS Server Could Allow Spoofing

Related posts

• New Security Vulnerability Affects Windows Operating Systems (2)
• Microsoft Security Updates August 2009 (2)
• Microsoft Security Updates April 2009 (2)
• Microsoft Security Patches July 2009 (5)
• Microsoft Security Patches for June 2009 (12)

The security update fixes the following two vulnerabilities: Uninitialized Memory Corruption Vulnerability and CSS Memory Corruption Vulnerability. Since it is a cumulative update it does apply all previous security updates for Internet Explorer on the computer system.

The easiest way to update affected systems is to use Microsoft Update which will download and apply the security updates automatically. The other possibility is to download the patch from Microsoft Download and apply it manually.

Microsoft has released three additional security bulletins:

• Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
• Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
• Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)

Related posts

• Use Multiple Internet Explorer Versions Simultaneously (10)
• Validation removed from Internet Explorer 7 (5)
• Uninstall Internet Explorer 8 (33)
• Microsoft’s Internet Explorer Comparison Chart (23)
• Microsoft Security Patches for June 2009 (12)

The vulnerability rated as critical could allow remote code execution in the in Microsoft XML Core Services while the vulnerability rated important could allow remote code execution in Microsoft Server Message Block (SMB) Protocol.

Both security vulnerabilities can be fixed by using Windows Update or by downloading the security updates directly from the Microsoft Download website by following the two links given above in this article.

Related posts

• Microsoft Security Patches April 2008 (0)
• Microsoft Security Patches July 2009 (5)
• Microsoft Security Patches for June 2009 (12)
• Microsoft Patch Tuesday December 08 (3)
• Microsoft releases two security patches for Windows (1)

After clicking Start Play the image of a women on the left side and a captcha on the right is displayed. The program asks the user to enter the captcha to see another picture of the woman with less clothes on. After entering the captcha correctly and clicking on enter the Trojan loads another picture and captcha asking the user again to type the correct code to see Melissa strip even more.

You might have already guessed that the captcha is actually the captcha of another website, Yahoo for instance, and the Trojan uses the help of users to enter those captchas correctly on those websites. Captchas are used to tell human users from bots apart and make it more difficulty to create automatic process to signup or submit data.

The Trojan does not seem to cause harm on the users system. It simply uses him to create correct responses to captcha codes that are used to create accounts on websites like Yahoo Mail.

Trend Micro reports that the Trojan most likely arrives as a file downloaded by other malware on the system. It could also be send as an email attachement.

Related posts

• What You Should Do After Buying A New Computer System (18)
• Test Avira AntiVir PersonalEdition Premium for 6 months (10)
• Say no to Drugs Virus (0)
• Recover Computer System After Malware Infection (7)
• Overview of Online Virus Scanners (5)

There is however a discrepancy among users on how to enable automatic logons in Windows XP. If you search for this on the Internet you will find the advice to configure it directly in the Registry. This works fine but has the disadvantage that the password of the user is stored in clear text.

While this is not really that problematic if you are the single user of the computer it still poses a greater security risk than storing the auto logon password unencrypted. Since it is not difficulty to store the encrypted password you should always use this way to store it.

Tweak UI for Windows XP offers an auto logon function that makes it possible to enable auto logon in Windows XP and store the password that has to be saved in encrypted form.

Another way would be to simply change the password of that user account to one that does not reveal any information about the user and that also is not similar to passwords normally used by the user. I do prefer the Tweak UI solution though.

Related posts

• Disable the Windows XP Guest account correctly (2)
• XdN Tweaker for Windows (3)
• Windows XP Run Count List and Editor (3)
• Windows XP prompts to activate every time (6)
• Windows Xp Diagnostic Guide (0)

Disabling the account in the User Accounts menu of the Control Panel does not disable it but simply removes the icon from the login screen. Users who connect to the computer in Peer to Peer networks still authenticate as guests.

To fully disable the Windows XP guest account you need to use the following command in the command line. Open the command line by pressing Windows R, entering cmd and return afterwards.

Use the command net user guest /active:no to disable the guest account with the consequences outlined above. Windows XP Pro users can alternatively disable the guest account in Computer Management. Navigate to Local users and groups in Computer Management and click on the Users menu.

The right pane displays all current user accounts. Right-click the guest account and select Properties from the menu. Check Account is disabled to fully disable the account.

Related posts

• Auto logon into Windows (6)
• XdN Tweaker for Windows (3)
• Windows XP Run Count List and Editor (3)
• Windows XP prompts to activate every time (6)
• Windows Xp Diagnostic Guide (0)

The size of the Iso image is usually around 450 Megabytes and it contains sometimes only two or three patches in total. That means, end users are better off using Windows Updates to get their updates while administrators should definitely evaluate the possibility of using the Security Release Iso Images.

This DVD5 ISO image is intended for administrators that need to download multiple individual language versions of each security update and that do not use an automated solution such as Windows Server Update Services (WSUS). You can use this ISO image to download multiple updates in all languages at the same time.

November 2007 Security Releases ISO Image
October 2007 Security Releases ISO Image
September 2007 Security Releases ISO Image

Related posts

• Windows XP Service Pack 3 Release Candidate 2 Refresh (2)
• Windows Updates Downloader (6)
• Windows Update Fix (3)
• Windows Update Error services not running (16)
• Stop Restart Now Restart Later Dialog After Windows Updates (8)

My advise would be to switch from Internet Explorer and Outlook to applications that do not have that many serious flaws and are less of a security risk to the user. Those would be Firefox or Opera instead of Internet Explorer and Opera Mail or TheBat mail client instead of Outlook Express. Just search in google for the above terms and you will find the manufacturers website.

Related posts

• Microsoft Security Patches for June 2009 (12)
• Microsoft February Security Updates (4)
• Zune does not allow to share all songs (3)
• Zoom It (4)
• Yuck new Windows Vista Ultimate Extras (20)