CyTRAP Labs - Wincurity - smarter protection

The Mozilla Foundation has issued an important security patch for Mozilla Firefox and Seamonkey that fix several critical vulnerabilities (Please click on the link, choose Login as guest - click on this link again and voila free access)

If you have chosen the option that the program checks regularly with the Mozilla Foundation’s website for updates , the security update should have been downloaded BY NOW automatically or next time you log onto the internet (for more details see below)

This vulnerabilitiy exposes you to a risk that we rate as follows:

CyTRAP Labs security risk barometer - 3 = moderately critical
low	elevated	moderate- ly critical	critical	severe
1	2	3	4	5

For more information and explanations about the CyTRAP Labs risk barometer you can visit here:

CyTRAP Labs security risk barometer

WHAT CAN YOU DO?

CyTRAP Labs security risk barometer - 4 = critical
operating system affected	Windows XP and Vista,
affected software	Mozilla Firefox - all prior versions to 2.0.0.10 SeaMonkey - all prior versions to 1.1.7
risk	rating given for these vulnerabilities is a 3 (three)
where is the patch?	depending upon the program you run: Mozilla Firefox - download Version 2.0.0.10 for Windows SeaMonkey - download Version 1.1.7
what should one do?	The Software Update preference pane is set to automatically check by default if you have the latest version installed.Hence, once you go onto the internet, the latest version should be downloaded automatically, if you are not sure, read below we tell you how to check and download manually if need be - quick and easy.
how can I check that I do have the latest version installed	click About Firefox or SeaMonkey from the Help menu this shows which version runs on your machine
not patching the vulnerability could cause what kind of damage to my PC?	1 could be exploited by attackers to execute arbitrary code by tricking a user into opening a malicious file 2 bypass security restrictions, cause a denial of service or compromise an affected system. 3 being executed on your machine without your authorization.3 more nasty things…
where can one get more details from the vendor?	vendor has issued several security bulletins:a MFSA 2007-39 Referer-spoofing via window.location race conditionb MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10) c MFSA 2007-37 jar: URI scheme XSS hazard
where can you get more technical information about the vulnerabilities	CVE-2007-5959, CVE-2007-5960, CVE-2007-5947,
release date from vendor	2007-11-26
why is this a reminder and not an alert?	security alert or reminder - that’s the question
did CASEScontact.org release an advisory about this earlier?	no - neither exploit code was published nor any details before the vendor issued a patch
did CASEScontact.org release a zero-day advisory	nothing was necessary (see above) patched zero-day archive

60% OF OUR READERS SUBSCRIBE

For better risk management, compliance and protection - become a member of the 60% of our READERS THAT HAVE MADE SURE THEY GET A SUBSCRIPTION

- advisory, zero-day exploits and regulatory intell via alert, newsletter or RSS feed

or just make your choices at CyTRAP Labs subscription portal

affected software, CVE 2007 5947, CVE 2007 5959, CVE 2007 5960, CyTRAP Labs reminder, firefox browser, MFSA 2007 37, MFSA 2007 38, MFSA 2007 39, Mozilla Firefox, Mozilla SeaMonkey, security hotfix, security update, Vulnerabilities, Windows Vista, Windows XP

Read what we hear from our readers regarding the arrival of security fixes for Adobe Reader, Mozilla Firefox, Mozilla Thunderbird, iTunes, Quicktime, Microsoft, RealPlayer, ec.

I tried to update an existing version 7.2 but the updater said that I had the latest version (7.2). I had to manually download the 7.3 installer and run it to get to version 7.3

Quicktime automatic update offered me a security fix for version 7.2, but not a version 7.3.

2 days after it was available as a security fix on the vendor’s website did my automatic update finally manage to download it…. why is it faster to go to the website and download the update manually?

RealPlayer Security Update - it was available via their website hours before the internal update checker saw it. Standard procedure?

We tell you why this happens and how you can minimize the risks

The issues outlined above can always result in headaches for users. To make things a bit easier and less risky, it is critical that one makes sure that the latest update is installed on one’s PC.If one has a broadband connection, it is probably most convenient to set-up a program’s default in such a way that it checks regularly for updates. In turn, these are then downloaded and/or installed or else the user is asked to do the necessary work or reboot the PC to make sure that the changes have been activated.

Below we provide you with links that help you step-by-step to make sure that you have the latest updates or get these with the least amount of work required on your part. Go ahead and check it out - it is worth your safer internet experience to do so.

Making sure that the latest security fixes are installed on your PC
Vendor	where to get help on how to fix it
Adobe and Apple - popular free software from vendors
Adobe Reader	CyTRAP Labs advisory - time to update your Adobe Reader to get security fix
Apple Quicktime (iTunes)	CyTRAP Labs reminder - update Quicktime (iTunes)
Mozilla Foundation - popular open source programs
Thunderbird	CyTRAP Labs’ guide - Thunderbird e-mail - updates - setting your options to get them automatically
Firefox	CyTRAP Labs quicktip - setting your Firefox options to get security updates automatically
Voic over Internet Protocal - VoIP - popular program
Skype	CyTRAP Labs quicktip - setting your Skype options to get security updates automatically
Windows Update - making sure it works properly on Patch Tuesday
Windows Update - what and how should you choose	CyTRAP Labs Tip - enabling or disabling Automatic Windows Update - what is the best solution for you?
Windows Update - do you know that it works right, we tell you how to check	CyTRAP Labs Tip - What to do if you are not sure if your Automatic Windows Update works properly?
Windows Update - it works incorrectly - how it can be fixed - step-by-step	CyTRAP Labs quicktip - Windows Automatic Update not working properly
Windows Update - making sure it works properly on Patch Tuesday
making sure that Java works properly and older versions are installed BEFORE the latest version is installed	CyTRAP Labs tip - how to re-install Java Runtime Environment if no key in Registry Editor relates to Java

So keep the above Table handy or link to it, so in case you do not remember what to do, one click away and help is here.

SUBSCRIPTION

To make it more convenient for you to get REMINDERS about the latest security patches, so you can check if your software has updated, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

- advisory, zero-day exploits and regulatory intell via alert, newsletter or RSS feed

or just make your choices at CyTRAP Labs subscription portal

Stay protected.

Adobe Reader, adobe reader, advisory, Apple, best solution, iTunes, Java Runtime, JAVA update, mail updates, manually, mozilla firefox, mozilla thunderbird, open source programs, Quicktime, RealPlayer, security fixes, security updates, Skype, version 7

Microsoft has released 1 security bulletin patching one critical vulnerability ((Please click on the link, choose the option Login as guest - click on this link again and voila free access)):

If you have Automatic Update activated for your PC, these patches will be downloaded automatically (for more details see below)

This vulnerabilitiy exposes you to a risk that we rate as follows:

CyTRAP Labs security risk barometer - 4 = critical
low	elevated	moderately critical	critical	severe
1	2	3	4	5

For more information and explanations about the CyTRAP Labs risk barometer you can visit here:
CyTRAP Labs security risk barometerWe reported about this vulnerability in our zero-day exploit proof of concept list

- CASEScontact.org advisory - Microsoft Internet Explorer (Mozilla Firefox) - zero-day exploit - input validation flaw and vulnerability - proof of concept code released

what Microsoft Patch Tuesday has in store for us this month
operating system affectedNOT AFFECTED IS Windows Vista,	Windows, Microsoft Windows XP Professional Service Pack 2, XP Professional x64 Edition Microsoft Windows Server 2003 - SP1, 2
affected software	Microsoft Internet Explorer 7 Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003.
risk	1 security bulletin rated critical was released … the risk rating given for these vulnerabilities is a 4 (four out of five levels) = CRITICAL - ORANGE
how long did this vulnerability remain unpatched since it was publicly disclosed ==> zero-day alert	we reported about this zero-day exploit and released a zero-day alert at the time outlining a workaround.It took Microsoft 126 days to issue a patch to fix this vulnerability
patch prioritization - client side impact	exploit code for this vulnerability has been released 126 days days ago and has been seen in mass exploitation attempts by organized groups - see CASEScontact.org advisory - Microsoft Internet Explorer (Mozilla Firefox) - zero-day exploit This means that users and administrators are urged to roll out this patch as soon as possible, once it has been verified that it does not break any internal applications.
where is the patch?	will be downloaded using Automatic Update, update is detected by the MBSA:CyTRAP Labs tip - using the Microsoft Baseline Security Analzyer called MBSA
what should one do?	If your Automatic Update is functioning properly, you are covered.If these updates have not been installed on your PC by 2007-11-15 morning you can check and fix this problem here: CyTRAP Labs tip - how to make sure the latest security patch is installed
how can I check that I do have the latest version installed	find out more information how cou can check that this update is installed as well on your PC or server here: CyTRAP Labs tip - how to make sure the latest security patch is installed
not patching the vulnerability could cause what kind of damage to my PC?	could be exploited by attackers to execute arbitrary code on the user’s machineSince the exploit code has been used in mass exploitation attempts by organized groups - BETTER patch NOW
where can one get a Microsoft security bulletin summary	This bulletin summary lists security bulletins released for November 2007
where can one get details about each of the patches released on this month’s Microsoft Patch Tuesday	Microsoft - security bulletin - critical one is:Vulnerability in Windows URI Handling Could Allow Remote Code Execution (943460)- Microsoft Security Bulletin MS07-061,
release date from vendor	2007-11-13
Common Vulnerabilities and Exposures (CVE) project has assigned the following numbers to these vulnerability	CVE-2007-3896also related to CVE-2007-3670

SUBSCRIPTION

To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

Your email:  
subscribe unsubscribe  

Please stay protected subscribe to our alerts - zero-day advisories

advisory, alert, CERT, cve, cve 2007, cve 2007 3670, cve 2007 3896, CyTRAP labs, CyTRAP Labs Early Warning System, CyTRAP Labs glossary, CyTRAP Labs risk barometer, Early Warning System, EWS, Microsoft Office, microsoft security bulletin summary, Microsoft Windows, microsoft security bulletin, patch Tuesday, security alert, security bulletin, security reminder, updates, Vulnerabilities, Windows Vista, windows vista x64, Windows XP, windows xp professional

Read what we hear from our readers regarding the arrival of security fixes for Microsoft

I am not sure if my Windows Update works properly

I tried to check if my system has all the latest Microsoft patches installed but I had difficulty doing it …

We tell you why this happens and how you can minimize the risks

Usually, Microsoft releases its patches once every month, the second Tuesday to be exact. This day is called Microsoft Patch Tuesday (Please click on the link, choose the option Login as guest - click on this link again and voila free access).

Here we show you how you can make sure that the latest versions have been installed on your PC. As importantly, checking how and if the Microsoft Update function s properly might be needed - as discussed below.

Making sure that the latest security fixes are installed on your PC
Windows Update - making sure it works properly on Patch Tuesday
Windows Update - what and how should you choose	CyTRAP Labs Tip - enabling or disabling Automatic Windows Update - what is the best solution for you?
Windows Update - do you know that it works right, we tell you how to check	CyTRAP Labs Tip - What to do if you are not sure if your Automatic Windows Update works properly?
Windows Update - it works incorrectly - how it can be fixed - step-by-step	CyTRAP Labs quicktip - Windows Automatic Update not working properly
How can one check if the latest critical (Please click on the link, choose the option Login as guest - click on this link again and voila free access) patches have been installed - step-by step instructions	The MBSA 2.0.1 Microsoft Baseline Security Analyzer called MBSA for short is a free tool from Microsoft that searches computers for known security vulnerabilities and suggests remedies.CyTRAP Labs tip - using the Microsoft Baseline Security Analzyer called MBSA

SUBSCRIPTIONTo make it more convenient for you to get REMINDERS about the latest security patches, so you can check if your software has updated, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

Your email:  
subscribe unsubscribe  

Stay protected.

advisory, baseline security analyzer, best solution, CyTRAP labs, CyTRAP Labs Early Warning System, CyTRAP Labs glossary, CyTRAP Labs risk barometer, Early Warning System, EWS, latest versions, mail updates, manually, MBSA, Microsoft, microsoft baseline security, microsoft baseline security analyzer, microsoft patches, microsoft releases, microsoft update, pc windows, security fixes, security updates, security vulnerabilities, windows update

Apple has issued an important security patch for Quicktime that fixes several critical vulnerabilities (Please click on the link, choose Login as guest - click on this link again and voila free access)

If you have default Update installed with the program, the latest version should be downloadd automatically next time you log onto the internet (for more details see below)

This vulnerabilitiy exposes you to a risk that we rate as follows:

CyTRAP Labs security risk barometer - 4 = critical
low	elevated	moderate- ly critical	critical	severe
1	2	3	4	5

For more information and explanations about the CyTRAP Labs risk barometer you can visit here: CyTRAP Labs security risk barometer

WHAT CAN YOU DO?

operating system affected	Windows XP and Vista, Apple Leopard, Tiger, Panther
affected software	Quicktime - all prior versions to 7.3 iTunes - Quicktime is part of iTunes Hence, since Quicktime is part of iTunes, you have to upgrade iTunes if you use that software
risk	rating given for these vulnerabilities is a 4 (four)
where is the patch?	depending upon the operating system you run: Quicktime - download Version 7.3 for Windows Quicktime - download Version 7.3 for Apple iTunes - download iTunes Version 7.5 for Windows - 45MB iTunes - choose the right iTunes Version 7.5 for your Apple computer
what should one do?	The Software Update preference pane is set to automatically check by default if you have the latest version installed.Hence, once you go onto the internet, the latest version should be downloaded automatically, if you are not sure, read below we tell you how to check and download manually if need be - quick and easy.
how can I check that I do have the latest version installed	click About Quicktime from the Help menu this shows which version runs on your machine
not patching the vulnerability could cause what kind of damage to my PC? DO NOT OPEN IMAGES, MOVIES, ETC. from untrusted sources	1 could be exploited by attackers to execute arbitrary code by tricking a user into opening a malicious movie2 can allow untrusted Java applets to obtain elevated privileges and disclose sensitive user information or result in arbitrary code being executed on your machine without your authorization. 3 more nasty things…
where can one get more details from the vendor?	vendor Apple has issued a security bulletin
where can you get more technical information about the vulnerabilities	CVE-2007-2395, CVE-2007-3750, CVE-2007-3751, CVE-2007-4672, CVE-2007-4675, CVE-2007-4676, CVE-2007-4677
release date from vendor	2007-11-05

SUBSCRIPTIONTo make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

Your email:  
subscribe unsubscribe  

affected software, apple computer, attackers, CASEScontact.org, computer virus, CVE 2007 2395, CVE 2007 3750, CVE 2007 3751, CVE 2007 4672, CVE 2007 4675, CVE 2007 4676, CVE 2007 4677, CyTRAP labs, cytrap labs analytica services, CyTRAP Labs Choice, cytrap labs compliance risk barometer, CyTRAP Labs Early Warning System EWS, cytrap labs infosec risk barometer, CyTRAP Labs quicktip, cytrap labs size of risk impact guide, CyTRAP Labs tip, data security, free tool, freeware, glossary, home computer security, home PC information security, identity theft, InfoSec, Infosys, internet security, iTunes, keylogger, latest version, malware, modularly designed malware, open images, operating system, panther, PC network protection, Privacy, quicktime vulnerabilities, quicktime download, security patch, security risk, software update, spam, spyware, tiger, trust, urs+nahums security checklist, Vulnerabilities, Windows Vista, Windows XP

how can one re-install Java Runtime Environment if no key in Registry Editor - HKLM/Software/Microsoft/Windows/Current Version/ Uninstall relates to Java?

For some programs one has to uninstall the old version as is the case with Java Runtime Environment (see CASEScontact.org advisory CT110115)

Here we explain what can be done, if no Registry Entry exists using some help from Microsoft.

Recently we addressed the issue about what needs to be done if one wants to remove a program from the PC. Unfortunately, when going to the Add/Remove Programs section of the Control Panel, the Change/Remove button that usually appears for each program that was installed is missing or at least, missing for some programs. We provided you with a fix here:CyTRAP Labs tip - What is causing missing change/remove program buttons in Windows?

However, if there is no no key in HKLM/Software/Microsoft/Windows/Current Version/ Uninstall that relates to Java, we need to proceed differently.

PROBLEM

A) User wants to remove old Java Runtime Environment version from the computer because a new release provides several hotfixes (e.g., CASEScontact.org advisory CT110115). Unfortunately, change/remove buttons have disappeared from Add Remove Program.

B) User wants to reinstall Java RE and is told that it is already installed and so cannot be reinstalled.

PROCEED

When clicking on Start, Control Panel and selecting the Add/Remove Programs link one is given a list of all the programs installed on the computer.

When one highlights a program, such as Java Runtime Environment, there should be a Change/Remove butto.

With the Remove button one can unistall the old version before one installs the new one as is required - see here for explanations:

- CyTRAP Labs - Removing Java Runtime Environment in Windows - uninstallation instructions - checking if several versions are running on a PC

If you have change/remove buttons on the PC, the above instructions will help and you are set to get the later version with the security fixes.

If the change/remove buttons have disappeared from Add Remove Programs for the Jave Runtime Environment program - proceed, below we explain how to fix the problem.

HOW CAN THIS BE FIXED?

This problem may occur if the uninstaller for a program incorrectly removes registry entries that are used by Windows and the Add/Remove Programs tool.

For this tip, you will be working in your Registry Editor, so before you begin, make sure you’re comfortable using it. The Registry Editor is not a tool to just play around with. However, following the steps below it will be fine. Moreover, first do it for one program only and check if it works, before doing it for many more - better safe than sorry.

how can one manualls remove previous version of Java Runtime Enviornment when add/remove button is missing in add/remove programs
1	Go to Start, Run and type regedit into the box.Click OK and the Registry Editor will open for you.
2	Then navigate to this location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Uninstall\ Now look for the program name you want to remove from your PC
3	If you find an entry for Java Runtime Environment, please go to point three in the post below and proceed - step-by-step to get it fixed: CyTRAP Labs tip - What is causing missing change/remove program buttons in Windows? If the above posting helps you find the entry in the Registry Edit than you are getting there, if there is NO entry to be found in the Registry Edit you must proceed.
4	If no entry in the Registry Entry can be found, please download this program from Microsoft and install on the PC: - Windows Installer Cleanup Utility
5	Once the program has been installed on your computer, please start the program, you will get the screen below: After you have removed the files and registry settings that make up the Windows Installer configuration information for Java Runtime Environment or any other programs that you select, you can still go into Windows Explorer and remove the directory or most of the files from the old version or the program you want removed.
6	After the Java Runtime Environment (JVR) entry has been removed with the Windows Registry Cleaner Utility - the add or Remove Program window will look like this. If you cannot see the above screen show, click here Java Runtime Environment was successfully removed from PCJVR is gone.
7	Thereafter get the latest version of the Java Runtime Enviornment here: - Java Runtime Environment latest Version and Update here and install it on your PC

We will continue bringing you tips so stay tuned

THINGS TO CONSIDER - MORE HELP

removing Java Runtime Environment from computer causes problems - how to check - KISS - keep it simple stupid

if add/remove button for Java in Control Panel’s Add/Remove Programs is missing - check here on how to get it back and FIXED - quick: - CyTRAP Labs tip - What is causing missing change/remove program buttons in Windows?

Remove old versions of Java Runtime Environment and get the Firefox plug in to protect yourself better - get it DONE quick: - CyTRAP Labs - Windows Java Runtime Environment uninstallation instructions - better protection with Firefox

SUBSCRIPTIONTo make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

Your email:  
subscribe unsubscribe  

Add/Remove Programs, CASEScontact.org, computer virus, CyTRAP labs, cytrap labs analytica services, CyTRAP Labs Choice, cytrap labs compliance risk barometer, CyTRAP Labs Early Warning System EWS, cytrap labs infosec risk barometer, CyTRAP Labs quicktip, cytrap labs size of risk impact guide, CyTRAP Labs tip, data security, error applying transforms, free tool, freeware, glossary, hklm software, home computer security, home PC information security, how do I manually remove JAVA RE, identity theft, InfoSec, Infosys, internet security, Java Runtime Environment, JAVA security hotfix, JAVA update, java runtime environment, keylogger, malware, modularly designed malware, old version, PC network protection, Privacy, programs section, program buttons, registry entries, spam, spyware, start control panel, Sun, trust, unnecessary programs, urs+nahums security checklist, verify that the specified transform paths are valid, Windows Java Runtime Environment uninstallation instructions