MS warns of vulnerabilities

Yet more critical security patches were released by Microsoft this week as part of its monthly Patch Tuesday schedule, says Brett Myroff, CEO of Netxactics.

"Microsoft issued seven new bulletins, three of which are `critical`, about security vulnerabilities in its software, including Windows Media Format Runtime and Internet Explorer," he says.

"A number of different versions of Microsoft`s operating system are affected by these security holes, including Vista."

Myroff warns that users should patch against these vulnerabilities as a matter of urgency. "All three critical patches address remote code execution vulnerabilities - if exploited, a hacker would be able to take complete control of a system running, with administrative privileges, whether that be viewing and deleting data, or installing new malicious or unwanted programs."

Also affecting Windows users this week is the W32/Atax-A worm, which is spreading via removable storage devices and network shares, explains Myroff.

Its side-effects include turning off anti-virus applications, reducing system security, and installing itself in the registry.

It attempts to print out VenoM.txt, an ascii file that says: "El juego a terminado. Tu has sido derrotado por VenoM [e-mail address deleted]". This translates roughly to: "The game is over. You have been defeated by VenoM."

The Troj/Tanto-G Trojan has also been detected. It is affecting the Windows OS and allows others to access the computer and installs itself in the registry

"Troj/Tanto-G is a backdoor Trojan, which allows a remote intruder to gain access and control over the computer," says Myroff.

The W32/SillyFD-TT worm is also spreading via removable storage devices. Once installed, it spreads to storage devices such as floppy drives and USB keys. The worm attempts to create the hidden file autorun.inf on the removable drive and copy itself to the removable drive with the hidden filename <Root>autorun.exe.

The W32/SillyFD-TL worm also spreads via removable storage devices, again affecting Windows users and behaving much like W32/SillyFD-TT.

Also making the rounds this week is the W32/Mypis-Fam virus. It spreads via infected files and is dropped by malware. Its aliases include W32/Noia.a, TrojanDownloader:Win32/Ganran.A!inf and PE_LIJI.A.

"This virus is a family of infected executable files that has been patched to download and execute malware from a remote location," explains Myroff.

Members of W32/Mypis-Fam usually attempt to download a file to <System>system.bak, and to copy it to <System>system.log. They then decrypt this file and use it to download another file to <System>dllcachesvchost.exe.

Some members of W32/Mypis-Fam have been seen infecting other malware, in which case the disinfected file may also be malicious.

Myroff adds that both home and business Windows users should keep up-to-date with the latest security patches, or risk being hacked, particularly in light of Microsoft`s latest announcements.

"Although patching can be difficult to monitor and enforce, the process can be made much easier with a NAC solution. Ensuring only compliant machines are allowed on the network means exploited vulnerabilities on one machine remain quarantined from the remainder of the networked computers."

IT managers responsible for security are advised to consider subscribing to vulnerability mailing lists such as that operated by Microsoft.