The problems for OS X seem to stem from user privileges.  While Windows 7 isn’t perfect, OS X seems to have more “soft spots” according to a report by Network World.  “OS X networks are significantly more vulnerable to network privilege escalation” according to the researchers, who went on to say that “almost every OS X server service offers weak or broken authentication mechanisms.”

This news will come as a shock to some and a surprise to many.  While Apple still maintain that there is no malware threat on their desktop platform, despite the recent proliferation of the Mac Defender malware, OS X is still generally considered to be more secure than Windows 7 because of it’s Unix origins.

The fact that it’s user privileges and authentication, which is one of Unix’s strongest suits, will cause many great concern.

The researchers say that the latest version of OS X has gone some way to rectifying the problems with new sandboxing, that keeps programs isolated.

The research also looked at the vulnerability count for the two operating systems over the past few years.  In that time OS X has seen 1,151 vulnerabilities with Windows being not much higher, at 1,325.  While this is higher than the count for OS X it’s not significantly so.

On the upside, they also pointed out that Apple’s mobile operating system, iOS, is better at sandboxing applications.  It has a dynamic signing feature which the device has to approve before an application can run.  This is opposed to OS X which will accept certificates that it is given.

Whatever the outcome of this it is further proof that Apple have let their game slip in recent years by being complacent about security in their operating systems, especially OS X.  The line that it’s just secure by design is no longer true as malware these days works on the user rather than the OS itself.  It will be interesting to see how, or even if, Apple respond.

The first vulnerability affects Internet Explorer 6 to Internet Explorer 8 on all versions of the Windows operating system starting with Windows XP and ending at Windows 7 and Windows Server 2008 R2. Carlene Chmaj confirms that Microsoft has “started to see targeted attacks” and that customers should check the mitigating factors outlined in the security advisory.

The mitigating factors however describe that it is possible to reduce the impact of a successful exploit on the system but that it is not possible to block exploits completely which means that Internet Explorer users, with the exception of Internet Explorer 9 users, are vulnerable to this attack whenever they use the browser on the Internet. The Internet Explorer user needs to visit a specifically crafted web page to trigger the vulnerability which means that it is recommended to stay away from untrustworthy websites.

The second vulnerability that Chmaj mentioned in the announcement affects the graphics rendering engine which could allow remote code execution as well. The issue affects only some Microsoft operating systems, namely Windows XP, Windows Vista and their server variants Windows Server 2003 and Windows Server 2008. The latest operating systems Windows 7 and Windows Server 2008 R2 are not affected.

Microsoft at this time is not aware of attacks exploiting the vulnerability. The issue can only be exploited on a specifically prepared website or with email attachments that need to be opened by the user. A workaround was posted on the security advisory page that requires an administrator to issue commands on the command line (a Fix It solution is also available)

Modify the Access Control List (ACL) on shimgvw.dll

Note See Microsoft Knowledge Base Article 2490606 to use the automated Microsoft Fix it solution to enable or disable this workaround.

To modify the ACL on shimgvw.dll to be more restrictive, run the following commands from a command prompt as an administrator:

For 32-bit editions of Windows XP and Windows Server 2003:

Echo y| cacls %WINDIR%\SYSTEM32\shimgvw.dll /E /P everyone:N

For 64-bit editions of Windows XP and Windows Server 2003:

Echo y| cacls %WINDIR%\SYSTEM32\shimgvw.dll /E /P everyone:N
Echo y| cacls %WINDIR%\SYSWOW64\shimgvw.dll /E /P everyone:N

For 32-bit editions of Windows Vista and Windows Server 2008:

takeown /f %WINDIR%\SYSTEM32\SHIMGVW.DLL
icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /save %TEMP%\SHIMGVW_ACL.TXT
icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /deny everyone:(F)

For 64-bit editions of Windows Vista and Windows Server 2008:

takeown /f %WINDIR%\SYSTEM32\SHIMGVW.DLL
takeown /f %WINDIR%\SYSWOW64\SHIMGVW.DLL
icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /save %TEMP%\SHIMGVW_ACL32.TXT
icacls %WINDIR%\SYSWOW64\SHIMGVW.DLL /save %TEMP%\SHIMGVW_ACL64.TXT
icacls %WINDIR%\SYSTEM32\SHIMGVW.DLL /deny everyone:(F)
icacls %WINDIR%\SYSWOW64\SHIMGVW.DLL /deny everyone:(F)

Impact of Workaround: Media files typically handled by the Graphics Rendering Engine will not be displayed properly.

How to undo the workaround:

Run the following commands from a command prompt as an administrator:

For 32-bit editions of Windows XP and Windows Server 2003:

cacls %WINDIR%\SYSTEM32\shimgvw.dll /E /R everyone

For 64-bit editions of Windows XP and Windows Server 2003:
cacls %WINDIR%\SYSTEM32\shimgvw.dll /E /R everyone
cacls %WINDIR%\SYSWOW64\shimgvw.dll /E /R everyone

For 32-bit editions of Windows Vista and Windows Server 2008:

icacls %WINDIR%\SYSTEM32 /restore %TEMP%\SHIMGVW_ACL.TXT

For 64-bit editions of Windows Vista and Windows Server 2008:

icacls %WINDIR%\SYSTEM32 /restore %TEMP%\SHIMGVW_ACL32.TXT
icacls %WINDIR%\SYSWOW64 /restore %TEMP%\SHIMGVW_ACL64.TXT

The last vulnerability, or set of, was discovered by Michal Zalewski. Browser vendors were contacted in July 2010 and as of now all have not completely managed to resolve the issues reported to them.

The programme, launched in October 2008 allows sharing of information about security vulnerabilities with security software vendors.  So far 65 companies have signed up to the scheme.

In a statement, Microsoft said…

“Adobe products are relied on by individuals and organizations worldwide. Given the relative ubiquity and cross-platform reach of many of our products, as well as the continued shifts in the threat landscape, Adobe has attracted increasing attention from attackers,” said Brad Arkin, senior director of product security and privacy at Adobe. “We are committed to our customers’ security at every level and are excited to leverage MAPP as an important part of our overall product security initiative. MAPP is a great example of a tried and proven model giving an upper hand to a network of global defenders who all rally behind a shared purpose — protecting our mutual customers.”

“Microsoft acknowledges that the constantly changing threat landscape requires a new approach to security — collaboration and shared responsibility are key as past individual efforts are no longer enough,” said Mike Reavey, director of the Microsoft Security Response Center at Microsoft. “We’re excited about extending the benefits of MAPP to Adobe users as we’ve seen clear evidence of its impact in advancing customer protections. We continue to encourage the collective industry — from security researchers and vendors to customers— to recognize the responsibility we all share in fortifying the broader computing ecosystem against online crime.”

The PC ecosystem is so complex these days that closer co-operation between software and security vendors is essential to help maintain stability and consumer confidence.  While many people will directly blame Microsoft for having insecure software, most trained observers will point out that it’s just not that simple, as the recent security scares for Adobe’s Flash and Acrobat software proved.

Microsoft took the opportunity to call on the “broader community” from security researchers to vendors, to all move more towards a co-ordinated disclosure.

With luck, this move will also finally allow third-party vendors to release their patches through Windows Update with the forthcoming Windows 8 in 2012.

The chance is however relatively high that some programs are not updated at all or not early enough which might make the computer system vulnerable to attacks that target vulnerabilities in outdated versions of the programs.

Secunia Online Software Inspector is a cross-browser online scanner for the Windows operating system that can perform a quick scan of the computer system. It is a lightweight version of the security vulnerability checker Secunia Software Inspector that is offered by the same developer.

The only prerequisite is that Java is installed on the PC that the user wants to scan. A click on the Start button will perform a quick system scan. The vulnerability scanner will update the statistics during the scan displaying the total number of programs discovered. This figure is broken down into vulnerable and up to date programs.

It is possible to perform a deeper scan of the PC by checking the Enable thorough system inspection option before starting the scan. Vulnerable applications will be listed by the vulnerability scanner making it very easy to identify programs that need updating. Windows users who want more control over the scanning options can download the desktop software of the client instead. (via Techie Buzz)

The easiest way to install the patches is by downloading and installing the security patches at Windows Update which provides access to all security updates even for users who run a non legit version of Windows.

Microsoft did also release a new version of the Windows Malicious Software Removal Tool which is now able to detect two new families of malware (Win32/FakeXPA and Win32/Yektel)

• MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) which is rated “Critical”
• MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution (956802) which is rated “Critical”
• MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) which is rated “Critical”
• MS08-073: Cumulative Security Update for Internet Explorer (958215) which is rated “Critical”
• MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) which is rated “Critical”
• MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) which is rated “Critical”
• MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) which is rated “Important”
• MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) which is rated “Important”

Windows users should install the updates as soon as possible to secure their computer system.

1. Remote code execution
2. SQL injection
3. Format string vulnerabilities
4. Cross Site Scripting (XSS)
5. Username enumeration

Another great feature of this article is the reference section beneath each attack form which provides you with more indepth information about the subject. Again, a great way to get started.

This is great for everyone who works with more than one of those sites, get ready to save some time. It´s also a great way for website owners to stay up to date and secure their websites by knowing and fixing the latest publically known vulnerabilities.