Cyber threats to Windows XP and guidance for Small Businesses and Individual Consumers

March 25, 2014 – 6:24 PM

It’s been well publicized that on April 8th, 2014 Microsoft discontinues product support for Windows XP.  Released in 2001, the support policy for the life of Windows XP soon followed in October 2002.  In September 2007, we announced that support for Windows XP would be extended an additional two years to April 8 2014.  We are very clear about the lifecycle of our products, deliberately communicating this information years in advance, because we know customers need time to plan for changes to their technology investments and manage upgrades to newer systems and services.

We’ve also focused on communicating regularly, such as an article posted in August of last year.  That piece focused on the fact that supported versions get security updates that address any newly discovered vulnerabilities, which Windows XP won’t receive after April 8, 2014.  This means that running Windows XP when the product is obsolete (after support ends), will increase the risk of technology being affected by cybercriminals attempting to do harm.  This blog post continues on from that article, and also provides guidance to consider as people look ahead.

Many of the enterprise customers I’ve talked to recently have finished, or are in the process of finishing, technology projects that move their desktop computing environments from Windows XP to Windows 7 or Windows 8.  However, I’ve also talked to some small businesses and individuals that don’t plan to replace their Windows XP systems even after support for these systems ends in April.  In light of this, I want to share some of the specific threats to Windows XP-based systems that attackers may attempt after support ends, so that these customers can understand the risks and hopefully decide to immediately upgrade to a more secure version of Windows, or accelerate existing plans to do so.

The cyber threats discussed here are based on data and insights from recent volumes of theMicrosoft Security Intelligence Report.  This report includes aggregate data on the threats that hundreds of millions of systems around the world encounter – many of which are successfully blocked by Microsoft antivirus software and the security features built into Windows, Internet Explorer, Bing, and other Microsoft products and services. This data gives us a good picture of the tactics that attackers have been using to try to compromise computer systems, including which attacks are used most often on Windows XP systems.  The information then helps Microsoft and antivirus security companies develop ways to combat those attacks.  From the year that Windows XP was built, cyber attacks have increased in sophistication.  Systems receiving regular updates get the protections they need based on the latest cyber threats.  But at some point an older model of any product will lack the capability to keep up and becomes antiquated.  Obsolescence for Windows XP is just around the corner.

Source:
https://blogs.technet.com/b/security/archive/2014/03/24/cyber-threats-to-windows-xp-and-guidance-for-small-businesses-and-individual-consumers.aspx

Zero-day vulnerability in Microsoft Word under active attack

March 24, 2014 – 5:56 PM

Attackers are exploiting a newly discovered vulnerability in Microsoft Word that makes it possible to remotely seize control of computers, the company warned.

The in-the-wild attacks work by creating booby-trapped documents in the Rich Text Format (RTF) that exploit a vulnerability in the 2010 version of Microsoft Word, Microsoft warned in an advisory published Monday. Similar attacks work against other versions of Word, including 2003, 2007, and 2013 for Windows, Microsoft Office for Mac 2011, and multiple versions of Microsoft SharePoint Server. E-mails that are viewed or previewed using a default setting in Outlook allow the attacker to gain the same system privileges as the user who is currently logged in.

“Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word,” Monday’s advisory stated. “At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word or previews or opens a specially crafted RTF e-mail message in Microsoft Outlook while using Microsoft Word as the e-mail viewer.”

The advisory credited Drew Hintz, Shane Huntley, and Matty Pellegrino of the Google security team with discovery of the RTF memory corruption bug, which is formally cataloged as CVE-2014-1761. Microsoft has issued a temporary fix that configures Microsoft Office to prevent the opening of RTF files in supported versions of Microsoft Word. Users can also protect themselves against exploits by viewing e-mails in plain text. Monday’s advisory said Microsoft may issue a permanent patch once an investigation into the vulnerability is completed.

Source:
http://arstechnica.com/security/2014/03/zero-day-vulnerability-in-microsoft-word-under-active-attack/

The WhiteHat Aviator Web Browser Is Now Available For Windows

March 23, 2014 – 9:46 AM

With every website you visit, you’re vulnerable to malicious hackers out to steal your surfing history, passwords, email access, bank account numbers, medical info, and more. And the “big browsers” don’t do enough to stop it.

But now you can protect yourself before you go on the Web – with WhiteHat Aviator, the Web’s most secure and private browser. With WhiteHat Aviator, you get the industry’s best and tightest security and privacy safeguards – all built-in, all activated, all ready-to-go.

  • Go with a more complete solution. Make the most of a fully featured, modern, standards-compliant Web browser with complete private browsing. It also supports tens of thousands of extensions.
  • Use proven, open-source Chromium code. This is the same stable code base that Google uses—so you can add in any Chrome extension to WhiteHat Aviator.
  • Take off with pre-set security. Just open WhiteHat Aviator for the best privacy and security safeguards—already preconfigured and active. Security is enabled by default.
  • Eliminate hidden tracking. Block privacy-destroying tracking from advertisers and social media companies using the Disconnect extension. No advertiser cookies, no caches, no problem.
  • Say goodbye to advertising . Unlike the big corporate browsers, we’re not partnering with advertisers or selling your click data.
  • Prevent unwanted access. Block internal address space to prevent malicious Web pages from hitting your websites, routers, and firewalls.

Download for MAC OS X:
https://updates.aviatorbrowser.com/Aviator.dmg

Download for Windows:
https://updates.aviatorbrowser.com/Win/Aviator.msi

More information:
https://www.whitehatsec.com/aviator/

WPA2 wireless security cracked

March 21, 2014 – 5:29 AM

There are various ways to protect a wireless network. Some are generally considered to be more secure than others. Some, such as WEP (Wired Equivalent Privacy), were broken several years ago and are not recommended as a way to keep intruders away from private networks. Now, a new study published in the International Journal of Information and Computer Security, reveals that one of the previously strongest wireless security systems, Wi-Fi protected access 2 (WPA2) can also be easily broken into on wireless local area networks (WLANs).

Achilleas Tsitroulis of Brunel University, UK, Dimitris Lampoudis of the University of Macedonia, Greece and Emmanuel Tsekleves of Lancaster University, UK, have investigated the vulnerabilities in WPA2 and present its weakness. They say that this wireless security system might now be breached with relative ease by a malicious attack on a network. They suggest that it is now a matter of urgency that security experts and programmers work together to remove the vulnerabilities in WPA2 in order to bolster its security or to develop alternative protocols to keep our wireless networks safe from hackers and malware.

The convenience of wireless network connectivity of mobile communications devices, such as smart phones, tablet PCs and laptops, televisions, personal computers and other equipment, is offset by the inherent security vulnerability. The potential for a third party to eavesdrop on the broadcast signals between devices is ever present. By contrast a wired network is intrinsically more secure because it requires a physical connection to the system in order to intercept packets of data. For the sake of convenience, however, many people are prepared to compromise on security. Until now, the assumption was that the risk of an intruder breaching a wireless network secured by the WPA2 system was adequately protected. Tsitroulis and colleagues have now shown this not to be the case.

If setup correctly, WPA2 using pre-shared key (PSK) encryption keys can be very secure. Depending on which version is present on the wireless device it also has the advantage of using strong encryption based on either the temporal key integrity protocol (TKIP) or the more secure counter mode with cipher block chaining message authentication code protocol (CCMP). 256-bit encryption is available and a password can be an alphanumeric string with special characters up to 63 characters long.

Source:
http://phys.org/news/2014-03-wpa2-wireless.html

Researchers discover credential-stealing Unix-based server botnet

March 19, 2014 – 4:34 AM

Dubbed Operation Windigo, the attack has been ongoing for more than two and a half years and has compromised as many as 25,000 servers at one time, anti-virus vendor ESET said Tuesday. Systems infected with the backdoor Trojan are used in stealing credentials, redirecting Web traffic to malicious content and sending as many as 35 million spam messages a day.

ESET has investigated the criminal operation in collaboration with CERT-Bund and the Swedish National Infrastructure for Computing. Compromised servers have been found throughout the U.S., Germany, France, and the United Kingdom.

Operating systems affected by the spam component of the operation include Linux, FreeBSD, OpenBSD, OS X and Windows. With more than 60 percent of the world’s Web sites running on Linux servers, ESET researchers are warning Web masters and system administrators to check their systems for infection.

ESET found that all the compromised servers have been infected with the Ebury OpenSSH backdoor. The network is particular virulent because each of the systems have significant bandwidth, storage, computing power and memory.

Linux/Ebury is a particularly stealthy malware, ESET said. Its creators are careful to deploy the backdoor while avoiding landing files on the file system. They also leave no trace in log files when using the backdoor.

In addition, the malware configurations loaded onto systems are stored in memory, so if the system is rebooted the configurations go away. This makes it difficult for forensics experts to determine what the creators were able to do in the system.

Source:
http://www.csoonline.com/article/749950/researchers-discover-credential-stealing-unix-based-server-botnet