Bugs & Fixes: Patch Problem Uncovers Hidden Infection

The infamous Blue Screen of Death made a surprise appearance in February--as a malware herald.

Some Windows XP users who applied all of Microsoft's updates on its regular Patch Tuesday that month complained when their system continuously rebooted afterwards, perhaps with the dreaded BSOD. But the patches weren't to blame.

Instead, the reboots were caused by a rootkit, a type of stealth malware used to hide other malware. After digging into problem reports, Microsoft found that changes made to essential system files let the lurking Alureon rootkit cause infected systems to go haywire after installing the MS10-015 kernel patch.

Windows XP Suffers

Microsoft says the Alureon problem afflicted only 32-bit systems, and most of the problem reports involved Windows XP. The kernel patch addresses a vulnerability that attackers could use to run privileged commands on a PC, for Windows 2000, Server 2003, Vista, Server 2008, and Windows 7. If you have an XP system that's been affected since installing these patches, Microsoft is offering free help at 866/727-2338.

A separate, drama-free Windows patch closes a major security hole that could allow poisoned DirectShow AVI files to launch attacks on vulnerable systems. The patch is essential for all supported Windows versions (2000, XP, Server 2003, Vista, Server 2008, 7), except some Server 2003 and Server 2008 versions. Click for full details.

Block Web Attacks

To head off potential attacks from a malicious Web site, pick up a second critical patch for Windows 2000, XP, and Server 2003. It addresses a vulnerability in the Windows Shell Handler.

A Vista networking bug affects the way Windows handles TCP/IP, used for most network communications. The worst hole can be hit only if you have IPv6 enabled. Windows Server 2008 is also affected, but no other Windows versions.

New 'Kill Bits' for IE

Finally, an Internet Ex­­plorer "kill bits" update will block known vulnerable ActiveX controls from running in the browser. The extra kill bits are considered critical for Windows XP and 2000 and are rated important for Vista and Windows 7.

Fire up Windows Update to make sure you have these and all other essential Windows fixes. And don't let the potential for a malware-based reboot trap dissuade you: The only thing worse than a BSOD would be an unnoticed malware infection stealing your data.

More Adobe Attacks

A recent report from Web security company ScanSafe drives home the need to stay on top of the steady stream of essential fixes from Adobe. According to ScanSafe, four out of every five Web exploits found at the end of 2009 came from malicious PDF files that targeted Adobe flaws.

Adobe's latest patch for Reader and Acrobat updates the Windows, Macintosh, and Unix software versions to 9.3.1 (or 8.2.1 if you're using the version 8 product line). Click Help•Check for Updates to see if you have the latest fix.

Buggy Adobe Utility

Adobe also warned of a major security hole in the company's Download Manager, which runs when you pick up Reader or Flash Player for Windows from Adobe's site. While the download manager should automatically remove itself when you reboot a PC after installing Reader or Flash Player, an attacker could target an uninstalled Download Manager to install malicious software. To make sure it's not hanging around on your PC, look for a "C:\Program Files\NOS\" folder. If it's there, check Adobe's bulletin for removal instructions.

Finally, if you're still using Firefox 3.5--while waiting for your favorite add-ons to be compatible with the new 3.6 version, perhaps--make sure you've picked up the 3.5.8 update to close three critical flaws. The memory-handling bugs could allow an attacker to run any command on a vulnerable system. Click Help•Check for Updates to make sure you're up-to-date.

Subscribe to the The Advisor Newsletter

Comments