Tuesday, September 21, 2010

Adobe patches Flash Player zero-day

The US-CERT article and the ZDNet article linked below both have more information.  I have patched my systems without problems.  If you watch online videos or don't have an adblocker, you should update ASAP as the vulnerability this fixes is being exploited as I type.

Adobe released Flash Player 10.1.85.3. Download it at http://www.adobe.com/support/flashplayer/downloads.html
Adobe released Flash Player 10.1.85.3. Download it at http://www.adobe.com/support/flashplayer/downloads.html
Adobe patches Flash Player zero-day | ZDNet

By Ryan Naraine | September 20, 2010, 10:29pm PDT

Adobe has shipped another Flash Player update to fix a critical vulnerability that was being exploited in live malware attacks.

The flaw, which surfaced last week as a zero-day attack against Windows systems, allows remote code execution via rigged Flash files.

According to Adobe, the vulnerability affects Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux and Solaris.   It also affects Flash Player 10.1.92.10 for Android.

The security hole also allows code execution on Adobe Reader but that product will not be patched until the week of October 4, 2010.

US-CERT Current Activity: Adobe Releases Security Advisory for Flash Player
added September 14, 2010 at 10:35 am | updated September 20, 2010 at 03:15 pm
Adobe has released a security advisory to alert users of a vulnerability affecting Adobe Flash Player. This vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

Update:

Adobe has released a security update to address this vulnerability.
Users and administrators are encouraged to review Adobe security
bulletin APSB10-22 and apply any necessary updates to help mitigate the risks.

Thursday, September 16, 2010

Patch Tuesday recap, QuickTime 7.6.8, Firefox 3.6.10

I have already patched all my computers without issue.  These stories all have more technical details and links for those who want to know more.

Patch Tuesday recap: Exploits expected for Windows security holes | ZDNet
Microsoft has shipped nine security bulletins with patches for at least 11 documented vulnerabilities in Windows and Microsoft office and is urging customers to pay special attention to two “critical” issues that can be remotely exploited to take complete control of an unpatched computer.

The two vulnerabilities, patched with MS10-061 and MS10-062, can be remotely attacked via booby-trapped print requests or maliciously rigged MPEG files.

Microsoft expects to see exploit code posted publicly for these vulnerabilities within the next 30 days, raising the likelihood that attacks will be seen in the wild very soon.

One of the flaws — in  the Windows Print Spooler Service — has already been exploited during the sophisticated Stuxnet zero-day worm attack.


Apple patches zero-day QuickTime flaw with 7.6.8 release - SC Magazine US
Apple on Wednesday released a new version of QuickTime to plug two vulnerabilities, including a zero-day flaw that is being actively exploited simply by tricking a victim into visiting a web page.

Version 7.6.8 closes the flaw, publicly revealed in late August by Spanish researcher Ruben Santamarta and affecting versions 6 and 7 of QuickTime. Santamarta, who works for Madrid-based security firm Wintercore, said the flaw is able to bypass two built-in Windows security features: Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). He successfully tested the exploit on Windows 7, Vista and XP machines.


US-CERT Current Activity: Apple Releases QuickTime 7.6.8
added September 16, 2010 at 12:00 am | updated September 16, 2010 at 09:09 am
Apple has released QuickTime 7.6.8 to address two vulnerabilities affecting earlier versions of QuickTime for Windows.

The first vulnerability is due to improper input validation in the QuickTime ActiveX control. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

The second vulnerability is due to a path searching issue related to insecure loading of dynamic link libraries (DLLs). Exploitation of this vulnerability may allow an attacker to execute arbitrary code. Additional information regarding this class of vulnerabilities can be found in the US-CERT Current Activity entry titled "Insecure Loading of Dynamic Link Libraries in Windows Applications" and in the US-CERT Vulnerability Note VU#707943.

US-CERT encourages users and administrators to review Apple article HT4339 and apply any necessary updates to help mitigate the risks.

Apple QuickTime flaws puts Windows users at risk | ZDNet
Apple has released a critical QuickTime media player update to fix a pair of gaping security holes that expose Windows users to code execution attacks.

The QuickTime 7.6.8 update, available for Windows 7, Windows Vista and Windows XP users, patches vulnerabilities that could be exploited in drive-by downloads (via rigged Web sites) and via booby-trapped image files.

US-CERT Current Activity: Mozilla Releases Firefox 3.5.13 and 3.6.10
added September 16, 2010 at 09:09 am
The Mozilla Foundation has released Firefox 3.5.13 and 3.6.10 to address a stability issue affecting some users.

US-CERT encourages users and administrators to review the release notes for Firefox 3.5.13 and Firefox 3.6.10 and apply any necessary updates to mitigate the issue.

Wednesday, September 15, 2010

It's Patch Tuesday! Security Links of the Week

I am going to start accumulating links for weekly posts.  Here's the first set:

  • "Patch Tuesday" includes two CRITICAL patches rated "PATCH NOW" by SANS
    SANS issued the unusual "PATCH NOW" recommendation for two of this month's "Patch Tuesday" patches.  One is rated "Critical" for Windows XP by Microsoft, and the other affects IIS (Microsoft's web-server software).  If you are running XP on a Windows network with "Administrator" rights, you should run Windows Update ASAP. See the SANS page here: September 2010 Microsoft Black Tuesday Summary

  • Microsoft Patch Tuesday – September 2010 | eEye IT Security Blog
    Well, our friends in Redmond have been busy these past few months. Not only did they release 15 security bulletins in August, but they followed up with an additional 9 bulletins this month.

    From this month’s bulletins, administrators should pay particular notice to MS10-061, MS10-063 and MS10-068.  Note that MS10-061 is being used in the wild as part of a variant of the Stuxnet worm currently targeting SCADA devices.  Take a look at this nifty flowchart to help understand configurations that are remotely vulnerable to MS10-061.
  • US-CERT Current Activity: Microsoft Releases September Security Bulletin
    added September 14, 2010 at 01:53 pm
    Microsoft has released updates to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for September 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.

    US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

  • McAfee Security Insights Blog » Blog Archive » The Usibility of Passwords
    I just came across a must read for everyone. (Cyber Son #1 came across this great article, BTW) It is called The Usability of Passwords. What I like is that it very thoroughly breaks down what people generally use for passwords, all of the ways in which passwords are stolen and then what the usual suggestions for a “safe “password might be.

  • CloudUSB - CloudUSB Computer
    Keep your data and your programs in your pocket; use them on every computer you find without worrying about letting around some unwanted logs and this without giving away your data security or privacy!

  • Adobe - Security Advisories: APSA10-02 - Security Advisory for Adobe Reader and Acrobat
    A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild.

    Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability.

  • US-CERT Current Activity: Google Releases Chrome 6.0.472.59
    added September 15, 2010 at 08:18 am
    Google has released Chrome 6.0.472.59 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.  US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.

Tuesday, September 14, 2010

Yet Again Another Adobe Vulnerability. Sigh.

I'm seeing reports of this everywhere.  Adobe Flash Player and Adobe Reader 9.3.4 and earlier versions are both subject to 0-day exploits which are "in the wild".  Supposedly the Flash flaw will be fixed in two weeks, the Adobe Reader flaw in four weeks.  That's a long time to go with active exploits.  No word on whether or not this affects other PDF readers.

Adobe Flash v10.1.82.76 and earlier vulnerability in-the-wild
Adobe has released an advisory for Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android, as well as Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. CVE-2010-2884 has been assigned to the issue, which has an impact of crashing Flash or arbitrary code execution on some affected platforms. There is currently no patch, Adobe has indicated that it should be released in late September and/or early October. There are indications that this previously unknown vulnerability is currently being exploited in the wild by malicious web sites attacking browsers. YYAAAV Yes, Yet Again Another Adobe Vulnerability. Sigh.

Keep an eye out for this one folks. It will take a bit for the anti-virus, IDS/IPS and other vendors to catch up and detect the malware that exploits the vulnerability. Although by that point the box affected may well be compromised as most detect after the exploit has already taken place. Since the vendor has released the advisory after being notified that exploits are already occurring against Windows boxes it is recommended to explore workarounds for mitigation, detection of already compromised hosts, and cleanup.

Adobe PSIRT blog: http://blogs.adobe.com/psirt/2010/09/security-advisory-for-adobe-flash-player-apsa10-03.html

Adobe advisory: http://www.adobe.com/support/security/advisories/apsa10-03.html


Adobe Warns of Attacks on New Flash Flaw — Krebs on Security
Adobe Systems Inc. warned Monday that attackers are exploiting a previously unknown security hole in its Flash Player, multimedia software that is installed on most computers.

Adobe said a critical vulnerability exists in Adobe Flash Player versions 10.1.82.76 and earlier, for Windows, Mac, Linux, Solaris, UNIX and Android operating systems. In a security advisory, Adobe warned that the flaw could cause Flash to crash and potentially allow an attacker to seize complete control over an affected system.

Worse still, there are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player. Adobe’s advisory states that while the latest versions of Adobe Acrobat and Reader also contain the vulnerable Flash components, the company is not aware of attacks against the Flash flaw in those programs.


Adobe Flash Player zero-day under attack | ZDNet
The zero-day hacker attacks against Adobe’s software products are coming fast and furious.

Less than a week after the discovery of a sophisticated malware attack against an unpatched security hole in Adobe Reader/Acrobat, the company has issued a new warning for in-the-wild attacks against a zero-day flaw in its ubiquitous Flash Player.

Adobe says the vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Android.

It also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac.
US-CERT Current Activity: Adobe Releases Security Advisory for Vulnerability in Reader and Acrobat
added September 13, 2010 at 08:30 am
Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The advisory indicates that this vulnerability is being actively exploited.

US-CERT encourages users and administrators to review Adobe security advisory APSA10-02
and consider implementing the suggested workaround of utilizing
Microsoft's Enhanced Mitigation Toolkit (EMET) to help prevent this
vulnerability from being exploited. Additional information on EMET can
be found on the Microsoft Security Research and Defense blog.

US-CERT will provide additional information as it becomes available.

Thursday, September 9, 2010

Quicktime 0-day drive-by exploit "in the wild"

Unless you absolutely have to have QuickTime (iTunes requires it), you're better off without it.  The VLC media player will play QuickTime media so you don't really need it.

Active exploits targeting Apple QuickTime 0-day - SC Magazine US
Attackers are now actively exploiting a recently published zero-day vulnerability in Apple QuickTime, security firm Websense disclosed Tuesday.

The flaw, details of which were revealed last week by Spanish researcher Ruben Santamarta, affects versions 6 and 7 of QuickTime and can be exploited simply by tricking a victim into visiting a malicious web page.

Santamarta, who works for Madrid-based security firm Wintercore, said in his post that the flaw is able to bypass two built-in Windows security features: Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR). He successfully tested the exploit on Windows 7, Vista and XP machines.

... A Websense spokesman told SCMagazineUS.com later Wednesday that exploits taking advantage of the flaw are not currently widespread but "definitely present."

An Apple spokesperson did not respond Wednesday to a request for comment.

More SysAdmin fun: patch Safari, Chrome, Firefox, Opera, and Thunderbird

If you use Safari, you should patch, although Windows users who don't use Safari but have had it installed by Apple without knowing they did should just uninstall it. Google has patched Chrome, Opera has been patched, and Mozilla has patched Firefox and Thunderbird to fix the Windows DLL-loading issue that has been made public recently. It's going to be a busy week for sysadmins ...

Apple plugs drive-by download flaws in Safari browser | ZDNet
Apple has shipped Safari 5.0.2 and Safari 4.1.2 with patches for three gaping holes that expose Web surfers to drive-by download attacks.

The browse-and-you’re-hacked vulnerabilities affect both Windows and Mac users, Apple warned in an advisory. One of the three vulnerabilities is the DLL load hijacking issue that haunts hundreds of Windows applications.

Two of the three vulnerabilities affect WebKit, the open-source rendering engine that powers Apple’s Safari and iTunes software products.

US-CERT Current Activity: Apple Releases Safari 5.0.2 and 4.1.2

added September 8, 2010 at 08:34 am
Apple has released Safari 5.0.2 and 4.1.2 to address multiple vulnerabilities in the Safari and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4333 and apply any necessary updates to help mitigate the risks.


Mozilla Firefox 3.6.9 Release Notes
What’s New in Firefox 3.6.9
Firefox 3.6.9 fixes the following issues found in previous versions of Firefox 3.6:
  • Introduced support for the X-FRAME-OPTIONS HTTP response header. Site owners can use this to mitigate clickjacking attacks by ensuring that their content is not embedded into other sites.
  • Fixed several security issues.
  • Fixed several stability issues.
Please see the complete list of changes  in this version. You may also be interested in the Firefox 3.6.8 release notes for a list of changes in the previous version.


US-CERT Current Activity: Mozilla Releases Firefox 3.6.9
added September 8, 2010 at 08:34 am
The Mozilla Foundation has released Firefox 3.6.9 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, leverage cross-site scripting attacks, or cause a denial-of-service condition. The Mozilla Foundation has also released Firefox 3.5.12 to address these same vulnerabilities. Some of these vulnerabilities also affect Thunderbird and SeaMonkey.

US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories released on September 7, 2010 and apply any necessary updates to help mitigate the risks.

Mozilla patches DLL load hijacking vulnerability | ZDNet
Mozilla has joined Apple in being among the first to fix the DLL load hijacking attack vector that continues to haunt hundreds of Windows applications. The open-source group released Firefox 3.6.9 with patches for a total of 15 vulnerabilities (11 rated critical), including the publicly known DLL load hijacking flaw that exposes Windows users to remote code execution attacks.

The majority of the 15 vulnerabilities in this Firefox patch batch could be exploited to launch drive-by download attacks from booby-trapped Web sites.

According to Firefox, the DLL load hijacking issue only affects Windows XP users:

Mozilla fixes Firefox's DLL load hijacking bug

By Gregg Keizer, Computerworld
September 08, 2010 07:30 AM ET
Mozilla on Tuesday patched 15 vulnerabilities in Firefox, 11 of them labeled critical.

One of yesterday's patches addressed a problem found in scores of Windows applications, making Firefox one of the first browsers to be patched against the DLL load hijacking bug that went public three weeks ago.

Nearly three-quarters of the vulnerabilities in Firefox 3.6 were rated "critical," Mozilla's highest threat ranking, representing bugs that hackers may be able to use to compromise a system running Firefox, then plant other malware on the machine.


SANS: Mozilla Thunderbird updated to version 3.1.3
Release Notes

iTunes and Chrome both patched

More fun for system administrators: patch your iTunes and Chrome installations.

Apple patches 13 iTunes security holes | ZDNet
By Ryan Naraine | September 2, 2010, 8:38am PDT

Apple has shipped a new version of its iTunes media player to fix 13 security flaws that cold be exploited to launch attacks against Windows machines.

The patches in the new iTunes 10 covers vulnerabilities in WebKit, the open-source web browser engine.The WebKit vulnerabilities, already patched in Safari, expose Windows users to remote code execution attacks via maliciously crafted Web sites.

The iTunes 10 update is available Windows 7, Windows Vista and Windows XP SP2 or later.


Google Chrome celebrates 2nd birthday with security patches | ZDNet
By Ryan Naraine | September 2, 2010, 10:22am PDT
Google’s Chrome browser is two years old today and the company celebrated the milestone with a new version chock-filled with feature enhancements and security fixes.

The Google Chrome 6.0, available in stable and beta channels for Windows, Mac, and Linux, patches a total of 15 documented security vunerabilities.

As part of its policy of paying researchers for details on serious security problems, Google shelled out more than $4,300 in bounties.

Here’s the skinny on the latest batch of Google Chrome patches: ....


Note: Originally posted Sept 2nd to a different blog in error

Adobe Reader 0-day PDF exploit in the wild

I've seen multiple reports of this, all referring to Adobe Reader 9.3.4 and Adobe Reader 8.2.4 (the latest versions).   I've seen no mention of whether or not this affects Foxit Reader or other PDF readers.  FWIW on my home machine, where I do most of my "surfing", I use Foxit Reader as my default PDF reader and SumatraPDF when opening PDFs directly from web links.

Computer Security Research - McAfee Labs Blog
Just after Adobe released their Out of Band patch for CVE-2010-2862, We discovered a malware exploiting a new 0-day vulnerability in the wild. Similar to the iOS PDF jailbreak vulnerability and CVE-2010-2862, this 0day vulnerability also occurs while Adobe Reader is parsing TrueType Fonts. We’ve analyzed and confirmed that the vulnerability affects the latest Adobe Reader (v9.3.4).
New Adobe PDF zero-day under attack | ZDNet

By Ryan Naraine | September 8, 2010, 10:28am PDT

Adobe today sounded an alarm for a new zero-day flaw in its PDF Reader/Acrobat software, warning that hackers are actively exploiting the vulnerability in-the-wild.

Details on the vulnerability are not yet public but the sudden warning from Adobe is a sure sign that rigged PDF documents are being used by malicious hackers to take complete control of machines with the latest versions of Adobe Reader/Acrobat installed.

Here’s Adobe’s warning:

A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system.There are reports that this vulnerability is being actively exploited in the wild.

Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability.

Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory
We just received word that there is a report of a 0-day exploit for Adobe Acrobat/Reader being exploited in the wild. Secunia has a brief write up and here is the link to the original advisory.  The exploit was discovered in a phishing attempt with the subject of "David Leadbetter's One Point Lesson".  Adobe has issued an advisory and references CVE-2010-2883 (which just shows as reserved at this point with no details).  It does effect the latest version of Acrobat/Reader and Adobe is investigation a patch. More to come on that.

The exploit in the wild I'm aware of causes a crash in Acrobat/Reader and then tries to open a decoy file. So the good news is that, as of right now, it's a "loud exploit". Early VirusTotal scans also had partial coverage under various forms of "Suspicious PDF" categories. At this point, standard precautions apply (don't open PDFs from strangers) and this can probably only really be used in a phishing style scenario. Will update this dairy as needed with developments.
Attackers Exploiting New Acrobat/Reader Flaw — Krebs on Security
Adobe warned today that hackers appear to be exploiting a previously unknown security hole in its PDF Reader and Acrobat programs.

In an advisory published Wednesday, Adobe said a critical vulnerability exists in Acrobat and Reader versions 9.3.4 and earlier, and that there are reports that this critical
vulnerability is being actively exploited in the wild. The company says
its in the process of evaluating the schedule for an update to plug the
security hole.

Meanwhile, an evil PDF file going around that leverages the new
exploit currently is detected only by about 25 percent of the anti-virus
programs out there (the Virustotal scan results from today are here, and yes it’s a safe PDF).

Adobe’s
advisory doesn’t discuss possible mitigating factors, although turning
off Javascript in Reader is always a good first step. Acrobat JavaScript
can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript and un-check Enable Acrobat JavaScript).


Wednesday, September 1, 2010

RealPlayer haunted by 'critical' security holes

If you have Real Player (AOL often installs it), you need to patch it.  The ZDNet article below has the best explanation I have seen.

US-CERT Current Activity: RealNetworks Releases Update to Address Vulnerabilities in RealPlayer
added August 31, 2010 at 08:23 am
RealNetworks, Inc. has released an update for RealPlayer to address multiple vulnerabilities. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review the RealNetworks, Inc. security advisory for these vulnerabilities and apply any necessary updates to help mitigate the risks.


RealPlayer haunted by 'critical' security holes | ZDNet

By Ryan Naraine | September 1, 2010, 11:47am PDT

If you still have the RealPlayer software on your machine, now might be a good time to uninstall it. If you really need to keep it (why?), it’s definitely time to apply the latest update to avoid malicious hacker attacks.

RealNetworks has shipped a critical update to address multiple vulnerabilities, some serious enough to allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information.

Microsoft DLL Path vulnerability "in the wild"

This has been getting a lot of play in the trade press over the past week or so.  It's a complicated issue, and there is no simple patch.  The Microsoft "Fixit" isn't just a one-click fix like most of their "Fixits", either.  The Krebs on Security article below has a good but technical discussion of the problem.

FWIW I haven't patched any of my personal computers, but I never browse the Internet with "Administrator" rights and I never execute files directly from remote servers.  If you are a home user and do not work using a "Limited User" account, you should read the Krebs article and decide if you should patch.  Several applications that I use, including the VLC media player, have already patched themselves to fix this.

US-CERT Current Activity: Insecure Loading of Dynamic Link Libraries in Windows Applications
added August 25, 2010 at 12:01 pm | updated September 1, 2010 at 10:27 am
US-CERT is aware of a class of vulnerabilities related to how some Windows applications may load external dynamic link libraries (DLLs). When an application loads a DLL without specifying a fully qualified path name, Windows will attempt to locate the DLL by searching a defined set of directories. If an application does not securely load DLL files, an attacker may be able to cause the affected application to load an arbitrary library.

By convincing a user to open a file from a location that is under an attacker's control, such as a USB drive or network share, a remote attacker may be able to exploit this vulnerability. Exploitation of this vulnerability may result in the execution of arbitrary code.

Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#707943. US-CERT encourages users and administrators to review the vulnerability note and consider implementing the following workarounds until fixes are released by affected vendors
  • disable loading libraries from WebDAV and remote network shares
  • disable the WebClient service
  • block outgoing SMB traffic
Update: Microsoft has released Fix it tool 50522 to assist users in setting the registry key value introduced with Microsoft support article 2264107 to help reduce the risks posed by the DLL loading behavior described in VU#707943. Users and administrators are encouraged to review Microsoft support article 2264107, the Microsoft Security Research & Defense TechNet blog entry, and to consider using the Fix it tool to help reduce the risks. Users should be aware that setting the registry key value as described in the support article or via the Fix it tool may reduce the functionality of some third-party applications.


MS Fix Shores Up Security for Windows Users — Krebs on Security
Microsoft has released a point-and-click tool to help protect Windows users from a broad category of security threats that stem from a mix of insecure default behaviors in Windows and poorly written third-party applications.

My explanation of the reason that this is a big deal may seem a bit geeky and esoteric, but it’s a good idea for people to have a basic understanding of the threat because a number of examples of how to exploit the situation have already been posted online.  Readers who’d prefer to skip the diagnosis and go straight to the treatment can click here.

... vulnerable apps include Windows Live Mail, Windows Movie Maker, Microsoft Office Powerpoint 2007, Skype, Opera, Mediaplayer Classic and uTorrent, to name just a few.