System administrators can select a known computer name or enter an IP address and port during configuration of the analyzer. It is furthermore possible to select the multi-scan option which allows the admin to specify an IP range for the scan. Various options are provided in the configuration menu that basically configure the depth of the scan. It will by default check for Windows administrative vulnerabilities, weak passwords, IIS administrative vulnerabilities, SQL administrative vulnerability and security updated with addition options selectable for advanced usage.

The security assessment report will then display if security risks have been found during the scan. These risks will be displayed in an overview at the top of the report which gives an option to quickly look over the findings of the software program. Each section outlines what the program scanned, gives details about the results and offers solutions to correct the issues that were found.

To give one basic example. If the program finds that security updates are missing it will display those missing updates with options to download them right away. Microsoft Baseline Security Analyzer is a free download for all Microsoft operating systems since Windows 2000 including Windows XP, Windows Vista and Windows 7. The program is available for 32-bit and 64-bit editions.

Related posts

• Windows Process Blocker SPKiller (1)
• Windows Process Blocker (9)
• Security and Privacy Complete (2)
• Microsoft Security Essentials Leaks (8)
• Microsoft Security Essentials Final Announced (10)

Several updates of Microsoft Security Essentials were released since then and it was rumored that Microsoft aimed for a October 22 release to give Windows 7 users a chance to use the final version of the software program.

The announcement that Microsoft Security Essentials would be released in the coming weeks was spread to all beta participants who received an email that informed them of an upgrade and the projected release in the coming weeks.

The final version of Microsoft Security Essentials will be released to the public in the coming weeks. If you are running the older version of the beta (1.0.1407.0), we encourage you to upgrade to a newer version of the beta (1.0.1500.0).

The announcement does not explicitly mention the Windows 7 release date but it seems pretty obvious that Microsoft Security Essentials final will be released around the time of the Windows 7 release. Users who want to test Microsoft Security Essentials right now can do so by following the links posted above. The final version will be published at Microsoft’s Security Essentials website.

Related posts

• Microsoft Security Essentials Leaks (8)
• Microsoft Security Essentials Beta Now Available (11)
• Download Microsoft Security Essentials (10)
• Antivirus Software Microsoft Security Essentials Tested (18)
• Norton Security Scan (17)

Operating systems that are not affected include Windows XP, Windows 7 final and Windows Server 2003. No patch is currently available to fix the vulnerability. Microsoft has published workarounds to protect the operating system from possible attacks.

Disable SMB v2

To modify the registry key, perform the following steps:

Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the “Changing Keys And Values” Help topic in Registry Editor (Regedit.exe) or view the “Add and Delete Information in the Registry” and “Edit Registry Data” Help topics in Regedt32.exe.

1. Click Start, click Run, type Regedit in the Open box, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
3. Click LanmanServer.
4. Click Parameters.
5. Right-click to add a new DWORD (32 bit) Value.
6. Enter smb2 in the Name data field, and change the Value data field to 0.
7. Exit.
8. Restart the “Server” service by performing one of the following:
- Open up the computer management MMC, navigate to Services and Applications, click Services, right-click the Server service name and click Restart. Answer Yes in the pop-up menu.
- From a command prompt and with administrator privileges, type net stop server and then net start server.

Impact of workaround. Host will not be able to communicate using SMB2.

Block TCP ports 139 and 445 at the firewall

These ports are used to initiate a connection with the affected component. Blocking TCP ports 139 and 445 at the firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. Microsoft recommends that you block all unsolicited inbound communication from the Internet to help prevent attacks that may use other ports. For more information about ports, see TCP and UDP Port Assignments.

Impact of Workaround: Several Windows services use the affected ports. Blocking connectivity to the ports may cause various applications or services to not function. Some of the applications or services that could be impacted are listed below:

• Applications that use SMB (CIFS)
• Applications that use mailslots or named pipes (RPC over SMB)
• Server (File and Print Sharing)
• Group Policy
• Net Logon
• Distributed File System (DFS)
• Terminal Server Licensing
• Print Spooler
• Computer Browser
• Remote Procedure Call Locator
• Fax Service
• Indexing Service
• Performance Logs and Alerts
• Systems Management Server
• License Logging Service

Users that are running one of the operating systems that are affected by the vulnerability are encouraged to use one of the workarounds to protect their computer systems. More information are available at the Microsoft Security Advisory page.

Related posts

• Windows Vista Editions – Do you know the differences ? (6)
• Windows 7 To Launch October 22 (5)
• Windows 7 Released (5)
• Windows 7 Price, Upgrades And Preorders (15)
• Windows 7 Features Video (4)

Affected operating systems include Windows Vista, Windows XP, Windows Server 2003 and 2008, Windows 2000 but not Windows 7. Downloads are available from the usual locations including automatic updates, Windows Update, Microsoft Update or by following the links in the security bulletins below.

• MS09-043 Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)

  This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• MS09-044 Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)

  This security update resolves two privately reported vulnerabilities in Microsoft Remote Desktop Connection. The vulnerabilities could allow remote code execution if an attacker successfully convinced a user of Terminal Services to connect to a malicious RDP server or if a user visits a specially crafted Web site that exploits this vulnerability. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• MS09-039 Vulnerabilities in WINS Could Allow Remote Code Execution (969883)

  This security update resolves two privately reported vulnerabilities in the Windows Internet Name Service (WINS). Either vulnerability could allow remote code execution if a user received a specially crafted WINS replication packet on an affected system running the WINS service. By default, WINS is not installed on any affected operating system version. Only customers who manually install this component are affected by this issue.

• MS09-038 – Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)

  This security update resolves two privately reported vulnerabilities in Windows Media file processing. Either vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• MS09-037 Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)

  This security update resolves several privately reported vulnerabilities in Microsoft Active Template Library (ATL). The vulnerabilities could allow remote code execution if a user loaded a specially crafted component or control hosted on a malicious website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• MS09-041 Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)

  This security update resolves a privately reported vulnerability in the Windows Workstation Service. The vulnerability could allow elevation of privilege if an attacker created a specially crafted RPC message and sent the message to an affected system. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker must have valid logon credentials to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

• MS09-040 Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)

  This security update resolves a privately reported vulnerability in the Windows Message Queuing Service (MSMQ). The vulnerability could allow elevation of privilege if a user received a specially crafted request to an affected MSMQ service. By default, the Message Queuing component is not installed on any affected operating system edition and can only be enabled by a user with administrative privileges. Only customers who manually install the Message Queuing component are likely to be vulnerable to this issue.

• MS09-036 Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)

  This security update addresses a privately reported Denial of Service vulnerability in the Microsoft .NET Framework component of Microsoft Windows. This vulnerability can be exploited only when Internet Information Services (IIS) 7.0 is installed and ASP.NET is configured to use integrated mode on affected versions of Microsoft Windows. An attacker could create specially crafted anonymous HTTP requests that could cause the affected Web server to become non-responsive until the associated application pool is restarted. Customers who are running IIS 7.0 application pools in classic mode are not affected by this vulnerability.

• MS09-042 Vulnerability in Telnet Could Allow Remote Code Execution (960859)

  This security update resolves a publicly disclosed vulnerability in the Microsoft Telnet service. The vulnerability could allow an attacker to obtain credentials and then use them to log back into affected systems. The attacker would then acquire user rights on a system identical to the user rights of the logged-on user. This scenario could ultimately result in remote code execution on affected systems. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with

Related posts

• Stop Restart Now Restart Later Dialog After Windows Updates (8)
• Microsoft Security Updates October 2009 Online (3)
• Microsoft Security Updates April 2009 (2)
• Microsoft Patch Day March 2009 (4)
• Microsoft October 2008 Patch Day Patches 11 Security Vulnerabilities (0)

The security software requires a genuine Windows operating system which is checked during installation. The leak is available for 32-bit and 64-bit editions of Windows XP, Windows Vista and Windows 7 and can be downloaded from various P2P networks already.

Microsoft Security Essentials comes with a basic interface that can be used to scan the computer system for malicious software. Options are available to run a scheduled scan and exclude files, filetypes and processes from the scan. It is yet unclear as to how effective the security software is. It will probably take some time until the first comparisons are published.

Microsoft Security Essentials is loading two processes into computer memory after execution. The first is called msseces.exe and uses roughly 8 Megabytes of computer memory, the second on the other hand – called MsMpEng.exe – uses 40 Megabytes by default which can rise to 60 when it becomes active.

Related posts

• Antivirus Software Microsoft Security Essentials Tested (18)
• Microsoft Security Essentials Final Announced (10)
• Microsoft Security Essentials Beta Now Available (11)
• Download Microsoft Security Essentials (10)
• How To Download Microsoft Security Essentials (5)

The easiest way to download and install the patches is by pointing the Internet Explorer web browser to Microsoft Update which will automatically detect and install the available patches for the computer system. Other possibilities include downloading the security patches from Microsoft Download Center from where they are available as well.

Six vulnerabilities have been rated as critical, three as important and one as moderate. Critical security vulnerabilities can usually be exploited for remote code execution meaning it is essential to fix these vulnerabilities quickly. You can follow the links below for additional information about each vulnerability.

• MS09-018 – Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
• MS09-019 – Cumulative Security Update for Internet Explorer (969897)
• MS09-020 – Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
• MS09-021 – Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
• MS09-022 – Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
• MS09-023 – Vulnerability in Windows Search Could Allow Information Disclosure (963093)
• MS09-024 – Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
• MS09-025 – Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
• MS09-026 – Vulnerability in RPC Could Allow Elevation of Privilege (970238)
• MS09-027 – Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)

Related posts

• Microsoft October 2008 Patch Day Patches 11 Security Vulnerabilities (0)
• Windows Vulnerability Scanner (4)
• Microsoft updates two critical security patches (5)
• Microsoft Security Patches September 2009 (6)
• Microsoft Security Patches April 2008 (0)

• Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)
• Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
• Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)
• Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
• Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)
• Cumulative Security Update for Internet Explorer (963027)
• Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
• Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)

The easiest way to update is by visiting Windows Update or Microsoft Update. Please read our Windows Update Fix article if Windows Update is not working properly on your computer system. Alternatives are so called offline updates like Offline Update, Autopatcher or Update Windows Without Microsoft.

It is recommended to update the computer system as soon as possible to close the vulnerabilities.

Related posts

• Windows Security Updates September 2008 (0)
• Microsoft October 2008 Patch Day Patches 11 Security Vulnerabilities (0)
• Microsoft August 2008 Security Updates (0)
• January 2009 Microsoft Security Bulletin (1)
• Windows Vista Service Pack 2 RC Download (6)

Conficker C will initiate a number of processes on infected host systems including opening a random port which is being used in the distribution process of the worm. The worm will then patch the security hole on the computer system that allowed it to attack the system in first place. This prevents other viruses from exploiting the vulnerability while keeping a backdoor open for newer variants of the Conficker worm. The worm will block certain strings from being accessed on the Internet. Domain names making use of those strings cannot be accessed unless the IP is used to do so. Among the strings are various security companies like microsoft, panda or symantec but also generic strings like defender, conficker or anti-. This is to prevent users from accessing websites that contain information and removal instructions about the worm.

While this is surely a nuisance for the user it does mean that the worm itself is not harming the user system in any way other than the methods described above. The real danger comes from the updating mechanism of Conficker C. The worm will try to retrieve new instructions on April 1, 2009. A very sophisticated updating mechanism has been implemented by the author. The worm will generate a list of 50K domain names and append a list of 116 top level domains to them. It will then select 500 randomly from the list and try to connect to them. If new instructions are found on one of the urls it will download them and execute them on the computer system. This process will be repeated every 24 hours.

The easiest way of detection is by accessing a site like microsoft.com or symantec.com and comparing the results with accessing the site using the IP addresses (207.46.197.32 and 206.204.52.31). While this usually gives a good indication it is better to check the computer system with tools that have been specifically designed to detect and remove the Conficker variants.

A few tools that can be used to detect and remove Conficker variants are ESET Conficker Removal Tool, Downadup from F-Secure or KidoKiller by Kaspersky.

Excellent information about Conficker detection and removal instructions are available at Sans.org.

Related posts

• Windows Process Blocker SPKiller (1)
• Windows Process Blocker (9)
• Test Possible Conficker Infection In Your Web Browser (5)
• Security and Privacy Complete (2)
• Microsoft Security Essentials Leaks (8)

SPKiller is a similar application that can block processes and services in the Windows operating system. The installation itself requires more work than the usual double-click on a setup file. The installation will simply place the files of the program in a directory on the computer’s hard drive. The user has to click on InstallService.bat to install the Windows Service. After that the Service needs to be started in the Windows Services Overview.

The Windows Process and Services blocker is configured with a simply XML file that is located in the program’s installation directory. The configuration is not more complicated than editing a text document. It is made up of three sections that are of importance to the user. The first is called CycleTime and defines the interval in milliseconds that the running services and processes are checked. ServiceNames contains a list of Windows Services that should be blocked if running while ProcessNames does the same for Windows processes.

The configuration file contains a few example services and processes mainly from McAfee but also Radia in the ServiceNames configuration and annoying processes like GoogleToolbarNotifier or AppleMobileDeviceService in the ProcessNames listing.

SPKiller works well as a process blocker in Windows especially since it blocks both processes and services on the computer system.

Related posts

• Windows Process Blocker (9)
• Process Lasso a Process Manager (3)
• Security and Privacy Complete (2)
• Microsoft Security Essentials Leaks (8)
• Microsoft Security Essentials Final Announced (10)

Monitored Windows processes get killed at the moment after they are started instead of being blocked outright so that even a start is not possible anymore. A few small scripts can slip through at the moment because of this behavior as it takes some time to recognize a newly launched application and send the kill command to the computer system.

Process Blocker uses a simple text file that is placed in the same installation directory as the main application. This text file contains names of executables that are not allowed to be launched on a computer system. The program itself is added as a Windows Service to the system which has to be restarted after making changes to the text file.

Process Blocker will display a user notification in the Windows System Tray whenever a process has been blocked by the service. A similar application that provides a better user experience is the process manager Process Lasso. The developers of Process Blocker on the other hand are not even halfway through their roadmap. The next step will move the management of processes from the text file to a Group Policy administrative template. Other planned features are killing processes and applications using its crc (in case they get renamed) or full path, recording process errors and information in Windows Event log, allowing users to only run applications from specified folders (e.g. program files and Windows) and changing process killing to process execution prevention.

Related posts

• Windows Process Blocker SPKiller (1)
• Process Lasso a Process Manager (3)
• Windows Services Manager (3)
• Vista Services Optimizer (5)
• Security and Privacy Complete (2)

One security vulnerability has a critical rating for all affected operating systems while the other two are rated important by Microsoft’s security research team.

Details about the Security Bulletins can be found by following these links: Microsoft Security Bulletin MS09-006, MS09-007 or MS09-008. Another possibility is to access the Security Bulletin Summary at Microsoft Technet.

The vulnerabilities fix one remote code execution vulnerability and two spoofing vulnerabilities on the affected Windows operating systems:

• Vulnerabilities in Windows Kernel Could Allow Remote Code Execution
• Vulnerability in SChannel Could Allow Spoofing
• Vulnerabilities in DNS and WINS Server Could Allow Spoofing

Related posts

• New Security Vulnerability Affects Windows Operating Systems (2)
• Microsoft Security Updates August 2009 (2)
• Microsoft Security Updates April 2009 (2)
• Microsoft Security Patches July 2009 (5)
• Microsoft Security Patches for June 2009 (12)

The software has been designed to discover communication patterns that are typical for malware infected computers. While Bothunter has been designed as a network security software that can analyze the traffic of the network it can also be used to analyze a single computer or basic home network.

Bothunter is supplied as a Linux or Windows version. The Linux version comes as a installation but also in form of a live CD that can be used from any computer that is capable of booting from CD and compatible with Ubuntu Linux.

Bothunter needs some configuration in the beginning. Most home users will only need to enter the local network IP which they can discover this way:

Click the Windows desktop Start Menu, Control Panel, Network Connections. Find the local area connection that is “Connected”. Double click the connected network icon. Click the Support Tab. Your IP address will be listed.

Optional data like the IP address of SMTP servers or DNS servers can be entered if they are used in the computer network. Home users usually leave these information blank. The only other information needed is the network adapter that should be used to scan and analyse the computer network.

Once that is done the network security software will scan the computer network in two minute intervals and display any potential bot infection in the interface.

Related posts

• Computer Security Software ESET SysInspector (3)
• Windows Vulnerability Scanner (4)
• Windows Process Blocker SPKiller (1)
• Windows Process Blocker (9)
• Use Wireshark to track your network behavior (3)

The easiest way to install the patches is by downloading and installing the security patches at Windows Update which provides access to all security updates even for users who run a non legit version of Windows.

Microsoft did also release a new version of the Windows Malicious Software Removal Tool which is now able to detect two new families of malware (Win32/FakeXPA and Win32/Yektel)

• MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) which is rated “Critical”
• MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution (956802) which is rated “Critical”
• MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) which is rated “Critical”
• MS08-073: Cumulative Security Update for Internet Explorer (958215) which is rated “Critical”
• MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) which is rated “Critical”
• MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) which is rated “Critical”
• MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) which is rated “Important”
• MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) which is rated “Important”

Windows users should install the updates as soon as possible to secure their computer system.

Related posts

• Microsoft Security Patches for June 2009 (12)
• Microsoft Security Patches April 2008 (0)
• Microsoft Patch Tuesday November 08 (0)
• Microsoft Security Updates April 2009 (2)
• Microsoft Security Patches September 2009 (6)

The software developer is providing access to a free version of Sandboxie on his website which has a few limitations compared to the commercial version.

As the name suggests Sandboxie makes use of the concept of so called sandboxes (also called virtual environments by some). The main advantage of running applications in a sandbox is that everything that happens in there stays in there. If you land on a website that uses a 0-day browser exploit to download and launch malicious code on your computer you can rest assured that the rest of the system – that is the part outside of the sandbox – will not be affected by the virus. And the sandbox itself can simply be cleared so that the malicious software has no means of affecting the computer system.

To make it even more visual: Sandboxie acts as a border that is impenetrable for applications that get started inside. Many of these applications usually interact with other system components, say a web browser that is storing cache on the hard drive or storing new bookmarks on the computer. Every attempt to interact with the computer system will be intercepted by Sandboxie and emulated so that the application “thinks” that everything is ok.

These changes on the other hand are not permanently and once the application or the sandbox have been terminated they are gone. But don’t worry: Sandboxie is still providing the means to save data that has been created or downloaded into the sandbox. Think of a document that you are downloading from a website, you might want to keep it even after the browser session closes.

It is possible to configure resource access rights for files running in the sandbox. These are left blank on purpose by default but it would be possible to allow the web browser Firefox to access its bookmarks file directly so that bookmarks get stored permanently. (There is an option in Sandboxie’s settings that allows direct access to the bookmarks of Opera, Firefox and Internet Explorer and another setting for email clients.

The installation runs through without problems or user interaction. The system is ready to run applications in the sandbox right after installation. Sandboxie integrates itself in the right-click context menu (Run Sandboxed) and it is also possible to drag and drop applications into the program interface to run them sandboxed.

The control interface is listing the programs that are running in the sandbox. This is helpful because there is virtually no way of telling if it is running in a Sandbox by looking at the program window.

The commercial version of Sandboxie introduces several interesting and helpful features. It makes it possible to run multiple sandboxes on a computer system. This can be useful to launch set of tools in different sandboxes which is great to isolate programs further.

The Forced Folders and Forced Programs options become available after registration.

Forced Folders:

This options allows you to select folders (this can also be a drive letter) and force all applications starting from there to run in sandboxed mode. Some useful applications for this are CD / DVD drives or a downloads folder for Internet downloads.

Forced Programs:

Allows the user to select files that should always be run in sandboxed mode. This is very useful to make sure that an application is always running in the sandbox without having to launch it that way at every program start.

The developer of Sandboxie was nice enough to give us six licenses of his security software program. You should know the drill by know. Just leave a comment letting us know what you think / like about the program and you are eligible to win a copy of it.

Related posts

• Computer Security Software ESET SysInspector (3)
• Windows Registry Watcher (5)
• Windows Process Blocker SPKiller (1)
• Windows Process Blocker (9)
• Windows Defender (11)

ESET SysInspector does that by scanning the computer’s hard drive and Registry. It assigns a risk level to every item that has been analyzed which ranges from fine (1) to risky (9) with three always bundled together. Risk levels 1 to 3 are assigned to files that have passed the check, 4-6 for unknown files and 7-9 for files that have been identified as being risky. The different levels are also colored differently (from green to red) to make identification as quickly as possible.

The computer security software will build a report that provides access to eight different categories including Running Processes, Network Connections or Important Registry Files. Each category is displayed in the color of the item with the highest risk level that it contains. That’s excellent for identifying the highest risks with one glance without having to look at the actual items at that time.

Opening a category can reveal subcategories or items. Each item is (again) listed in a color that depicts its risk level. Some categories can contain dozens of items and the risk level slider at the top helps reducing the amount of items displayed by selecting a minimum risk level to be displayed. Every item with a lower risk level will be hidden from the display so that the system administrator can concentrate on the higher risk items.

A higher risk level does not necessarily mean that an item is dangerous. That would be subject to further analysis. ESET SysInspector is providing some tools and shortcuts for this. A right-click on an item will open a context menu with options to open the path in the Windows Registry or to open the file’s location on the computer’s hard drive. There is also the possibility to perform an online search using the default web browser and the Google search engine.

A set of reports can be created that contain various level of information. One interesting feature is the ability to compare logs which can give additional clues on system changes in a time period.

Related posts

• Secure Windows Services Configuration (2)
• Ghacks Christmas Giveaway: Sandboxie (123)
• Windows Registry Watcher (5)
• Windows Process Blocker SPKiller (1)
• Windows Process Blocker (9)

Microsoft released a batch of eleven security patches for various operating systems and products yesterday which are available by visiting Windows Update or Microsoft Technet which contains in depths information about the affected products and the security vulnerabilities.

The patches fix four critical, six important and 1 moderate security vulnerability:

• Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
• Cumulative Security Update for Internet Explorer (956390)
• Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
• Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)

• Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
• Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
• Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
• Vulnerability in SMB Could Allow Remote Code Execution (957095)
• Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
• Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)

• Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)

It is highly recommended to update the products as soon as possible to protect the system from this attacks.

Related posts

• Microsoft Security Patches for June 2009 (12)
• Windows Vulnerability Scanner (4)
• Watch three webcasts get vista and office for free (1)
• Microsoft Security Updates April 2009 (2)
• Microsoft Security Patches April 2008 (0)

An access denied window pops up when the user or system tries to delete or modify a protected system file. This popup notification can be removed in the options as well.

Besides protecting important system files System Protect can also protect custom files and folders that have been selected by the user. This is done by adding those files and folders to the Custom Protection tab in the software program’s settings.

Information about files and folders that are protected are stored in a database that gets regularly updated just like the virus definition file of a antivirus software. That’s a good way of keeping up with system changes initiated by Microsoft and other software vendors.

System Protect is compatible with Windows XP 32-bit and 64-bit editions as well as Windows Vista 32-bit editions.

Related posts

• Windows Registry Watcher (5)
• Which Programs Should I Run To Scan A Computer For Malicious Software? (13)
• Password Protect Applications (9)
• Ghacks Christmas Giveaway: Sandboxie (123)
• Computer Security Software ESET SysInspector (3)

The easiest way to obtain those updates would be to head over to Windows Updates and install them directly from there. This option is only valid if Internet Explorer is used to open the website.

Users who prefer to download the patches manually can head over to the Microsoft Download Center and download the patches from there for their operating system. The following is a list of the security updates that have been made available:

• Microsoft Security Bulletin MS08-041 – Critical – Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
• Microsoft Security Bulletin MS08-042 – Important – Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)
• Microsoft Security Bulletin MS08-043 – Critical – Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
• Microsoft Security Bulletin MS08-044 – Critical – Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
• Microsoft Security Bulletin MS08-045 – Critical – Cumulative Security Update for Internet Explorer (953838)
• Microsoft Security Bulletin MS08-046 – Critical – Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
• Microsoft Security Bulletin MS08-047 – Important – Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733)
• Microsoft Security Bulletin MS08-048 – Important – Security Update for Outlook Express and Windows Mail (951066)
• Microsoft Security Bulletin MS08-049 – Important – Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
• Microsoft Security Bulletin MS08-050 – Important – Vulnerability in Windows Messenger Could Allow Information Disclosure (955702)
• Microsoft Security Bulletin MS08-051 – Critical – Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)

As you can see a wide variety of Microsoft software programs and operating systems is affected.

Related posts

• Microsoft Security Updates for June 2008 (0)
• February 2008 Security Releases ISO Image (2)
• Windows XP Service Pack 3 Release Candidate 2 Refresh (2)
• Windows Update Error services not running (16)
• Windows Security Updates September 2008 (0)

I discovered a software Windows Vulnerability Scanner at Tech Malaya which scans a Windows NT system, that is Windows 2000, Windows XP, Windows 2003 Server or Windows Vista for security vulnerabilities. It seems to use information from the Microsoft Knowledgebase exclusively and one would assume that a system that downloaded all Windows Updates recently reveal no vulnerabilities. I let the software scan my system and it did find six critical and one important security vulnerability that had not been patched yet.

I’m not sure how this can be but was glad that the application revealed the information to me. It lists the vulnerabilities and provides links to the Microsoft website that contains information about it.

The Knowledgebase article at Microsoft contains a link to the download of the security patch and I did install all the patches one after the other. An improvement would have been if the software would automatically download the patches and install them on the system, or at least those that the user selects. If you have not been to Windows Update for a while I suggest you start there and scan the system again afterwards which should fix most of the security vulnerabilities found during the first scan.

Related posts

• Microsoft Security Updates May 2008 (0)
• Microsoft Security Patches for June 2009 (12)
• Microsoft Security Patches April 2008 (0)
• Microsoft October 2008 Patch Day Patches 11 Security Vulnerabilities (0)
• XP SP3 and Vista SP 1 available through Windows Update (6)

It is however still accessible through Google Cache and the article indeed contains a paragraph entitled The “blank password” option. The blank password is only more secure than a weak password like 1234 which can be easily guessed by a brute force attack. The article recommends this only if the location is physically secure.

While this might be a sound advice for some it is in my opinion way better to choose a secure password instead of none. It could be an option for the forgetful.

Related posts

• Windows Vulnerability Scanner (4)
• Yahoo Widget Position Restorer (1)
• XP SP3 and Vista SP 1 available through Windows Update (6)
• WPF Performance Fix for Windows Vista and XP (1)
• Windows XP: Default Internet Browser Per User Profile (0)