TA11-102A: Microsoft Updates for Multiple Vulnerabilities

Original release date: April 12, 2011
Last revised: --
Source: US-CERT

Systems Affected

  • Microsoft Windows
  • Microsoft Office
  • Microsoft Internet Explorer
  • Microsoft Visual Studio

Overview

There are multiple vulnerabilities in Microsoft Windows, Office, Internet Explorer, and Visual Studio. Microsoft has released updates to address these vulnerabilities.


I. Description

The Microsoft Security Bulletin Summary for April 2011 describes multiple vulnerabilities in Microsoft Windows, Office, Internet Explorer, and Visual Studio. Microsoft has released updates to address the vulnerabilities.


II. Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.


III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2011. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).


IV. References



Feedback can be directed to US-CERT.


Produced 2011 by US-CERT, a government organization. Terms of use


Revision History

April 12, 2011: Initial release

Commodore 64 viruses – time for a comeback?

Commodore 64I can’t be the only nostalgic nerd to feel a flutter of excitement at the news that a home computer from yesteryear is making a comeback.

The Commodore 64, the classic retro home computer which was initially released in 1982, is reportedly making something of a return as the company is squeezing a Windows PC inside the original shell.

The new computer will ship with Ubuntu, but an emulator capable of playing classic games from the 1980s is also promised.

How neat is that!?

So, to all intents and purposes – it looks just like an old Commodore 64 computer…

Commodore 64 - with a Windows PC inside!

..well, until you have a look around the back at least. The USB slots and HD TV connections are a bit of a giveaway in my opinion..

The new Commodore 64 includes USB slots

And memories of the Commodore 64 got me thinking. What about computer viruses?

Although viruses were largely a PC and Mac issue in the latter half of the 1980s, there was also malware written for other types of computers. And the Commodore 64 is no exception.

For instance, the C64/BHP-A virus appeared in 1986. It wasn’t just a virus capable of infecting files on Commodore 64s, it was also fully stealth – effectively exploiting the Commodore 64’s memory structure to “act invisible”.

These were the days before financially-motivated malware, of course, and the BHP virus’s payload was to display a message on the screen surrounded by a colourful border:

Commodore 64 virus, BHP

I’m loathe to suggest that anyone deliberately run a virus on their shiny new computer, but it would be fascinating to know if the emulator being used on the revamped Commodore 64 is capable of running C64/BHP-A.

So, can we expect a revival of Commodore 64 viruses? I seriously doubt it. But it is quite fun to remember the early days of computer viruses, when everything seemed so much more innocent.

If you want to read more about this Commodore 64 virus, I can highly recommend a technical article by security researcher Peter Ferrie, published in Virus Bulletin in January 2005.

And if you want to learn more about the “new” Commodore 64, make sure to visit Commodore’s website.

Auckland earthquake email hoax debunked by New Zealand media

New ZealandInternet users in New Zealand have reportedly received emails, spreading a sick hoax that claims an earthquake is predicted to hit the city of Auckland on Sunday, April 17th.

A typical email reads:

Next earthquake announced April 17 will hit Auckland

There is about 88% chance within the next days Auckland will be hit by an earthquake according to National Earthquake Information Center from New Zealand. This news was released today after more predictions related to the Christchurch earthquake. Read more here or on www.nzherald.co.nz

However, the email has been debunked by the NZ Herald newspaper, which has confirmed that it is a hoax.


 

Received an email claiming an earthquake prediction for Auckland and pointing to our site? It's a hoax: http://t.co/qU7Zq7Z

Residents of New Zealand would obviously be highly alarmed by such a warning, as the country is recovering from a devastating earthquake which hit the South Island city of Christchurch in February.

Internet users are advised to be suspicious of unsolicited messages, making predictions of natural disasters. If you receive such an email, do not click on any of its links (as they may be malicious) and instead turn to legitimate news outlets for information.

Remember that email hoaxes are not harmless, and can have serious consequences. You can learn more about the many internet hoaxes and chain letters on Sophos’s security hub.

BBC News/Dad walks in on daughter Facebook scams

Criminals and scammers on Facebook aren’t resting on their laurels… in fact, they are branching out and using multiple techniques all rolled into one scam.

Facebook wall post Dad walked inTonight’s blockbuster spam is taking on several guises. One version is a likejacking attack that spams your wall with the message “Dad walks in on daughter… EMBARRASING!!!” and “This really has to be an awkward moment.”

They seem to be quickly rotating through a long list of Google (goo.gl) short URLs to evade detection.

Strangely, it appears that the likejacking protection Facebook introduced last month is not working. At the moment the page has over 49,000 likes and is growing.

A variation of the same scam seemingly aimed at a more international audience pretends to be from BBC News. It is an application using variations of the word news or newz.

BBC News Facebook scam

It posts messages to your wall saying “Everyone do check what she did on cam ….” and seems to also play on the recent spate of photo tagging scams.

All of this ultimately leads to an obviously faked video on YouTube, covered by a survey scam. The video on YouTube has over 77,000 views, implying that many people are filling out the surveys that generate cash for the scammers.

YouTube video views

As with all of these different Facebook lures, try to resist the temptation to click them, and be sure to click the report spam button to alert the Facebook security team.

Sophos has a guide for configuring your Facebook profile to maintain your privacy and continue to be social. Why not give it a look and check your settings against our advice?

To stay up to date on the latest scams, spams and other security and privacy advice join our Facebook page.