Patch Tuesday, a Heads Up. (Jul-2009)

Next scheduled release: July 14, 2009
The heads up for this month is; On Tuesday 14th July (US time; Wednesday 15th July AU time) Microsoft expect to release six (6) new security bulletins, affecting supported versions of Windows, Virtual PC / Virtual Server, ISA 2006, and Microsoft Office Publisher 2007.

Advance Notification for the July 2009 Security Bulletin Release [1]
Our Advance Notification was published today and indicates that next Tuesday, July 14 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 6 security bulletins consisting of:
* Three Critical updates affecting Windows.
* One Important update affecting Publisher.
* One Important update affecting Internet Security and Acceleration (ISA) Server.
* One Important update affecting Virtual PC and Virtual Server.

I want to provide some clarity on two of the pending Windows updates mentioned. First, we will be addressing the issue discussed in Security Advisory 971778 concerning a vulnerability in DirectShow. As noted in the advisory, we are aware of limited active attacks and we have been working aggressively to get a quality update shipped to customers.

Second, our engineering teams have been working around the clock to produce an update for the issue discussed in Security Advisory 972890 (vulnerability in the Microsoft Video ActiveX Control) and we believe that they will be able to release an update of appropriate quality for broad distribution that protects against the attacks we detailed in the advisory and in an MSRC blog post by Christopher Budd. In the mean time, we encourage customers to continue to enable the workaround by running the “Microsoft Fix it” solution in the associated knowledge base article (KB972890).

Good to see that an update for both DirectShow and the vulnerability in the Microsoft Video ActiveX Control should be released.

Microsoft Security Bulletin Advance Notification for July 2009 [2]
Microsoft Security Bulletin Advance Notification issued: July 9, 2009
Microsoft Security Bulletins to be issued: July 14, 2009
This is an advance notification of security bulletins that Microsoft is intending to release on July 14, 2009.
This bulletin advance notification will be replaced with the July bulletin summary on July 14, 2009.

LINKS:
[1] July 2009 Advance Notification (2009-Jul-08) [MSRC]
[2] Microsoft Security Bulletin Advance Notification for July 2009 (2009-Jul-09) [MS]

Winamp 5.56

Released last week (c. July 01, 2009)
Isn’t it about time that Winamp incorporated an internal upgrade system into their product? Downloading a full installer for every minor update is rather ‘old school’ and a rather poor option for ensuring clients are using up to date versions.

Winamp 5.56 (Latest)
* New: Winamp Orgler plugin – Let’s you track, chart & share your listening history
* Improved: [jnetlib] New SSL support for playback of https:// streams
* Improved: [ml_autotag] Fuzzy matches now unchecked by default & marked ‘Unsure’
* Improved: [ml_local] New background scanner
* Improved: [ml_online] Various tweaks, fixes & enhancements
* Improved: [ml_pmp] Added support for drag+drop from Explorer to device playlists
* Fixed: iexplore process not ending when browser closed after opened via Winamp
* Fixed: Save EQ preset name duplication bug
* Fixed: [Bento skin] SHOUTcast homepage url’s redirecting to Winamp search
* Fixed: [gen_jumpex] Up/down buttons reversed, ’stop after current’ & other issues
* Fixed: [in_mod] Crash on some .s3m modules (w.i.p.)
* Fixed: [in_mod] Playback glitch during background transcoding
* Fixed: [in_wm] Decimal point issues in Alt+3 format info
* Fixed: [in_wm] Embedded IE browser for DRM license acquisition
* Fixed: [in_wm] Loading of URLs in WPL playlist files
* Fixed: [in_mp4/libmp4v2] Integer overflow bug with MP4 sample size
* Fixed: [libsndfile] VOC buffer overflow vulnerability
* Fixed: [ml_impex] Read “has video” field from iTunes XML (and write on export)
* Fixed: [tagz.w5s] Hang with $right function in ATF when specified field is empty
* Fixed: [vis_avs] msvcp71.dll dependency
* Misc: Added front.jpg/gif/etc to album art criteria
* Misc: More miscellaneous general tweaks, improvements, fixes and optimizations
* Misc: New omBrowser.w5s shared component for ml_nowplaying, wire & online
* Misc: Removed dashboard (ml_dash) from distribution
* Misc: ml_orb now only installed as part of separate Winamp Remote package
* Updated: [gen_jumpex] JTFE v1.0.5
* Updated: libsndfile 1.0.20

– Winamp Media Player Version History

Safari 4.0.2

Apple have released Safari 4.0.2 for both OSX and Windows;

* Version: 4.0.2
* Post Date: July 08, 2009
* Download ID: DL846
* File Size: 40MB (Leopard), 26 MB (Tiger), 47MB (Windows)

This update is recommended for all Safari users and improves the stability of the Nitro JavaScript engine and includes the latest compatibility and security fixes.

Fixed in Safari 4.0.2
* WebKit: CVE-ID: CVE-2009-1724
* WebKit: CVE-ID: CVE-2009-1725

LINKS:
[1] About the security content of Safari 4.0.2 (2009-Jul-08) [Apple]

CRP09-029

Microsoft Video ActiveX Control – Zero Day

… Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
We are aware of attacks attempting to exploit the vulnerability. …
Microsoft is currently working to develop a security update for Windows to address this vulnerability and will release the update when it has reached an appropriate level of quality for broad distribution. … [1]

We are aware of active attacks exploiting a remote code execution vulnerability in Microsoft’s MPEG2TuneRequest ActiveX Control Object. We have released advisory 972890 providing guidance to help our customers stay protected. In this blog post, we’d like to go into more detail to help you understand this issue. [3]

A browse-and-get-owned attack vector exists. A user needs to be lured to navigate to a malicious website or a compromised legitimate website to be affected. No further user interaction is needed. [3]

The 0-day exploit will be detected as Exploit-MSDirectShow.b by McAfee VirusScan from DAT 5668. [7]
Exploit-MSDirectShow.b (0-day) – trojans that exploits an unpatched vulnerability in Microsoft DirectShow ActiveX object, via Internet Explorer.

MEDIATION:
The code has been published in the public domain via a number of Chinese web sites [4]. Kill-bit MPEG2TuneRequest ActiveX Control Object (CLSID 0955AC62-BF2E-4CBA-A2B9-A63F772D46CF) is the recommended workaround [3]. The Microsoft Security Response Center (MSRC) has made a kill bit package available to close this and several other issues via MicrosoftFixit50287.msi.

LINKS:
[1] Microsoft Security Advisory (972890) Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution (2009-Jul-06) [MS: Technet]
[2] Microsoft Security Advisory 972890 Released (2009-Jul-06) [MS: MSRC]
[3] New vulnerability in MPEG2TuneRequest ActiveX Control Object in msvidctl.dll (2009-Jul-06) [MS: SRD]
[4] 0-day in Microsoft DirectShow (msvidctl.dll) used in drive-by attacks (2009-Jul-06) [SANS]
[5] 0-dags drive-by i praksis (2009-Jul-??) [CSIS] (EN via Google)
[6] IE 0day exploit domains (constantly updated) (2009-Jul-06) [SANS]
[7] New Attacks Against Internet Explorer (2009-Jul-06) [McAfee]
[8] Microsoft DirectShow MPEG2TuneRequest ActiveX Control Buffer Overflow (2009-Jul-06) [Secunia]

CRP09-028

This weeks links (2009-07-06)

Ultimate Travel Library
To compile our list of classic travel books, we asked dozens of travelers (writers, photographers, explorers, editors, and others) to name the books that have most enriched their senses of place and best informed their peregrinations.
Ultimate Travel Library—Around the World in 80+ Books [National Geographic]

ACMA – Click and connect
Click and connect – young Australians’ use of online social media, Posted 08 July 2009

Children and young people have a high level of awareness of cybersafety risks and the key messages for staying safe online.
This ACMA report found that 75 per cent of children surveyed claim they know not to give out their address or phone number online and remember key safety messages such as ‘people aren’t always who they say they are online’.
‘Australian children are telling us the internet is part of their everyday lives, and as they approach high school, it’s increasingly important to their social lives. Up to 97 per cent of 16 to 17 year olds claim to use at least one social networking service,’ said Chris Chapman, Chairman of the ACMA.
Most young people are using online technologies as a way to connect with their real world friends, with a small proportion—17 per cent of 12 to 17 year olds—using online social networking to build networks of new friends.
The report highlights an ongoing need for cybersafety material that resonates with young people, as well an improved flow of cybersafety information to parents.
– Australian Communications and Media Authority (ACMA)

Google Chrome OS
Google enters the OS battle;

… We designed Google Chrome for people who live on the web — searching for information, checking email, catching up on the news, shopping or just staying in touch with friends. However, the operating systems that browsers run on were designed in an era where there was no web. So today, we’re announcing a new project that’s a natural extension of Google Chrome — the Google Chrome Operating System. It’s our attempt to re-think what operating systems should be.
Google Chrome OS is an open source, lightweight operating system that will initially be targeted at netbooks. Later this year we will open-source its code, and netbooks running Google Chrome OS will be available for consumers in the second half of 2010. Because we’re already talking to partners about the project, and we’ll soon be working with the open source community, we wanted to share our vision now so everyone understands what we are trying to achieve. …
– Introducing the Google Chrome OS (2009-Jul-07) [Official Google Blog]

VirusScan DAT 5664 issues

Based on anecdotes, the glitch appears to be caused when older VirusScan engines install DAT 5664, which McAfee seems to have pushed out in the past 24 hours. Affected systems then begin identifying a wide variety of legitimate – and frequently crucial – system files as malware. Files belonging to Microsoft Internet Explorer, drivers for Compaq computers, and even the McAfee-associated McScript.exe were being identified as a trojan called PWS!hv.aq, according to the posts and interviews.
– McAfee false-positive glitch fells PCs worldwide (2009-Jul-03) [The Register]

… Issue possible just on machnes with engine 5100 and dat 5664. …
… We have had it confirmed by McAfee support that this problem is due to the old engine and that the only solution is to upgrade …
… 5100 is not supported anymore since January 2008 …
… the issue *only* affected people on the 5100 engine. This has been out of support for a very long time. …

False positive after dat 5664 (2009-Jul-03) [McAfee: forums]

The McAfee Product and Technology Support Lifecycle says that the 5200 engine reached end of Engine Support in Jan-09. The biggest question here is why Enterprises were still running the 5100 engine?

If your company was affected, I’d be grilling your own IT staff and ask why they are using an engine that hasn’t been supported since 2008!

Made from beer…

Beer chemistry and Canadians’ beer preferences
G. A. Whitmore, Jane F. Gentleman
McGill University and Statistics Canada

Keywords
Beer chemistry • multiple regression • multivariate data • prediction • taste preference

Abstract
Beer companies want to understand the relationship between the chemical characteristics of beer and the preferences for beer exhibited by consumers. Two data sets were provided to the analysts in this case study. The first set consisted of chemical measurements on 91 beers and preference measurements on the same beers collected from beer consumers in blind taste tests. The analysts were asked to use these data to develop a statistical model relating beer chemistry and consumer preferences for beer. The second data set consisted of chemical measurements on a holdout sample of 37 beers. The analysts were asked to employ their statistical model to predict consumer preferences for the beers in the holdout sample. The case study assesses the success of their modelling efforts.

– Wiley InterScience :: JOURNALS :: Canadian Journal of Statistics (2008-Dec-18)

Tour de France 2009

Tour de France 2009 – JULY 4th to 26th

The Tour de France is an annual bicycle race that covers more than 3,500 kilometres (2,200 mi) throughout France and a bordering country. The race usually lasts 23 days and attracts cyclists from around the world. The race is broken down into day-long segments, called stages. Individual times to finish each stage are totaled to determine the overall winner for the race. The rider with the least elapsed time each day wears a yellow jersey. The course changes every year but it has always finished in Paris. [Wikipedia]

STAGES:
Stage 01 – Saturday, July 4 (15.5 km TT) Monaco (MC) → Monaco (MC)
Stage 02 – Sunday, July 5 (187 km) Monaco (MC) → Brignoles
Stage 03 – Monday, July 6 (196 km) Marseille → La Grande-Motte
Stage 04 – Tuesday, July 7 (39 km TTT) Montpellier → Montpellier
Stage 05 – Wednesday, July 8 (196 km) Le Cap d’Agde → Perpignan
Stage 06 – Thursday, July 9 (181 km) Girona (ES) → Barcelona (ES)
Stage 07 – Friday, July 10 (224 km) Barcelona (ES) → Arcalis (AD)
Stage 08 – Saturday, July 11 (176 km) Andorra-la-Vella (AD) → Saint-Girons
Stage 09 – Sunday, July 12 (160 km) Saint-Gaudens → Tarbes
Stage 10 – Tuesday, July 14 (194 km) Limoges → Issoudun
Stage 11 – Wednesday, July 15 (192 km) Vatan → Saint-Fargeau
Stage 12 – Thursday, July 16 (211 km) Tonnerre → Vittel
Stage 13 – Friday, July 17 (200 km) Vittel → Colmar
Stage 14 - Saturday, July 18 (199 km) Colmar → Besançon
Stage 15 – Sunday, July 19 (207 km) Pontarlier → Verbier (CH)
Stage 16 – Tuesday, July 21 (159 km) Martigny (CH) → Bourg-Saint-Maurice
Stage 17 – Wednesday, July 22 (169 km) Bourg-Saint-Maurice → Le Grand-Bornand
Stage 18 – Thursday, July 23 (40.5 km TT) Annecy → Annecy
Stage 19 – Friday, July 24 (178 km) Bourgoin-Jallieu → Aubenas
Stage 20 – Saturday, July 25 (167 km) Montélimar → Mont-Ventoux
Stage 21 – Sunday, July 26 (164 km) Montereau-Fault-Yonne → Paris

ROUTE:

TWEET:
Follow the Tour de France on Twitter using #tdf or follow on Tweet Grid – “#tdf”.

2009 Tour de France Twitter List (Danny Hsu)

The Aussies:
05 HAUSSLER Heinrich GER* (CTT) Hon.AUS
08 LANCASTER Brett AUS (CTT)
11 EVANS Cadel AUS (SIL)
14 LLOYD Matthew AUS (SIL)
35 O’GRADY Stuart AUS (SAX)
78 RENSHAW Mark AUS (THR)
79 ROGERS Michael AUS (THR)
153 DAVIS Allan AUS (QST)

LINKS:
[1] Tour de France 2009 (EN) [Tour de France]
[2] Tour de France 2009 Live Dashboard [steephill.tv]
[3] Tour de France, France, GT (Grand Tour) [Cycling News]

Digital Radio DAB+ goes live in AU

Three new ABC music channels are being launched today as ABC Radio goes digital in Sydney, Melbourne, Brisbane, Adelaide and Perth. [1]

These channels cannot be picked up using a digital TV receiver (like the ABC and SBS channels radio channels already on the set top boxes), a DAB+ receiver will be required.

DIGITAL RADIO BROADCASTING NOW ON THE AIR [3]
Commercial digital radio was launched recently in Sydney with much fan fair despite having been on the air in many other Australian capital cities for several months prior. In Melbourne we now have: 3AW, 3MP, Fox, Gold, Koffee, Magic, Mix, Nova, Novanation, Pink Radio, Radar, SEN, Sport Radio, MMM, and Vega. From 1 July, we’ll also have ABC (with all usual services like 774, News Radio, RN, Classic FM, Triple J, plus new music stations ABC Dig Music, ABC Country and ABC Jazz), and SBS services.
Australia has chosen the DAB+ standard for broadcast on spare VHF TV channels in Band III (currently using channel 9A). Because of its limited range (similar to FM) it will initially only be available in and around large cities. DAB+ is based on Eureka-147, rather than the DRM standards used on MF & HF overseas. Generally a single transmitter broadcasts a broadband signal containing a number of channels or “stations” and additional data services.
The broadband nature of the transmission is obvious in the spectrum analyser photo of current DAB+ transmissions in Melbourne (see front page). The two relatively rectangular peaks near the centre of the screen are the two commercial transmitters serving Melbourne from Mt. Dandenong. The
narrow peak to the left is channel 9 TV’s analog video carrier, and the peak on the right is channel 10’s video carrier.
…
DAB+ pros:
+ Tuned by station name – never need to look up a frequency.
+ Automatically selects the strongest transmitter – no retuning
necessary while mobile.
+ Noise free reception
+ Text information on current program, what’s on next, news,
weather, 1 week electronic program guide, etc.
+ Pause and interrupt programs for up to 15 minutes without
loss.
DAB+ CONS:
- Poorer audio quality than FM (if broadcaster opts for lower bit
rates, sacrificing quality for more stations).
- Expensive receivers
- Higher power consumption than AM/FM receivers

– page 2, NERG NEWS JUNE 2009 (PDF)

LINKS:
[1] ABC launches new digital radio stations (2009-Jul-01) [ABC News]
[2] Broadcast Australia Operates Australian DAB+ Services (2009-Jun-11) [Broadcast Australia]
[3] NERG NEWS JUNE 2009 (PDF) (2009-Jun) [North Eastern Radio Group]

Firefox 3.5 released

Mozilla has released the next major version of Firefox.

What’s New in Firefox 3.5 [2]
Firefox 3.5 is based on the Gecko 1.9.1 rendering platform, which has been under development for the past year. Firefox 3.5 offers many changes over the previous version, supporting new web technologies, improving performance and ease of use. Some of the notable features are:
* Available in more than 70 languages. (Get your local version!)
* Support for the HTML5 <video> and <audio> elements including native support for Ogg Theora encoded video and Vorbis encoded audio.
* Improved tools for controlling your private data, including a Private Browsing Mode.
* Better web application performance using the new TraceMonkey JavaScript engine.
* The ability to share your location with websites using Location Aware Browsing.
* Support for native JSON, and web worker threads.
* Improvements to the Gecko layout engine, including speculative parsing for faster content rendering.
* Support for new web technologies such as: downloadable fonts, CSS media queries, new transformations and properties, JavaScript query selectors, HTML5 local storage and offline application storage, <canvas> text, ICC profiles, and SVG transforms.

LINKS:
[1] Firefox Updated: Firefox 3.5 (2009-Jun-30) [Mozilla]
[2] Mozilla Firefox 3.5 Release Notes (2009-Jun-30) [Mozilla]
[3] Firefox 3.5 for developers [Mozilla]
[4] Firefox 3.5 is available (2009-Jun-30) [SANS]

This weeks links (2009-06-29)

When too much Fail is not enough …
There, I Fixed It.

Patching problems for home users
Time to update updating on PCs for 3rd party apps (2009-Jul-02) [SANS]
Unpatched Bloatware on new PCs (2009-Jul-02) [SANS]

Another list of crap to read?

If you make Twitter into another list of crap to read, you will be sad. The sooner you realize that Twitter is just a list of crap, the happier you’ll be.
– Twitter: Let the Information Wash Over You
(2009-Jun-29) [Scott Hanselman's ComputerZen.com]

July, The Month of Twitter Bugs
The Month of Twitter Bugs (MoTB) has kicked off.

… July 2009 will be Month of Twitter Bugs.
This blog will be used for posting the vulnerabilities. …
– Month of Twitter Bugs (2009-Jun-15) [twitpwn]

… Today, three years after the “Month of Browser Bugs”, I’ve decided to declare July 2009 as “Month of Twitter Bugs” (MoTB). I’m doing so in order to raise the awareness of the Twitter API issue I recently blogged about. MoTB could have been easily converted to any other “Month of Web2.0 service bugs”, and I hope that Twitter and other Web2.0 API providers will work closely with their API consumers to develop more secure products. …
– Month of Twitter Bugs (2009-Jun-15) [aviv.raffon.net]

Free Music Giveaway

@MSWindows How about 1,000 + songs for #musicmonday – http://bit.ly/1IyS7 ^JT

… Click to download new music, completely free, brought to you by your music loving friends at Windows. You’ll see (but not hear) some ads on your screen in addition to the album’s cover art, which is how we keep your new tunes from costing you a cent. … — http://www.reverbnation.com/windows

Firefox 3.5
Mozilla will release the next major version of Firefox on Tuesday, June 30, Webmonkey has learned. Mozilla confirmed the news Friday afternoon. …
Firefox 3.5 Will Arrive June 30 (2009-Jun-26) [WebMonkey]

June 2009 Web Server Survey
In the June 2009 survey we received responses from 238,027,855 sites, an increase of 2,137,329 on last month. A reduction in activity at Microsoft Live Spaces was responsible for the large drop in the number of Microsoft-IIS sites detected. Apache retains the dominant market share of 47.12%, approximately 112.2 million sites in total, and saw a modest increase in market share of 0.63 percentage points this month. …
June 2009 Web Server Survey (2009-Jun-17) [Netcraft]

gecko’s tails

Biomutalism and interdisciplinary connections

Robert Full: Learning from the gecko’s tail
(from TED)
Biologist Robert Full studies the amazing gecko, with its supersticky feet and tenacious climbing skill. But high-speed footage reveals that the gecko’s tail harbors perhaps the most surprising talents of all.