Categories
Uncategorized

Did you win £450,000 in a “Microsoft Lottery”? Think again: it’s a phishing attempt

MC910216371[1]I was asked today…

I received a message in my email on behalf of Microsoft from the National Lottery International [stating] "A certificate of winning and other certificates including your winning cheque of Four Hundred and Fifty Thousand Great Britain Pound Sterlings has been sent to us by the claims officer of overseas Winner of the Microsoft National Lottery."

Is this real?

Nope, sorry… See this post at http://spamemailgraveyard.com/2010/04/microsoft-notification.html.

As I noted in my prior post, "Did you win One Million Euros in a Microsoft Lottery? Think again: it’s a phishing attempt", a lottery scam is a common phishing scam known as advanced fee fraud. One of the most common forms of advanced fee fraud is a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part. The lottery scam often includes references to big companies, such as Microsoft.

In short: there is no Microsoft lottery.

For more information on how to protect yourself from fraudulent emails, please see Microsoft’s Anti-Phishing Site, and my posts on Phishing: Don’t get caught and FYI: new scams featuring the IRS logo to get your PII.

Other related links and resources…

*Tip from the Microsoft Anti-Phishing site: To see updated examples of popular phishing scams or to report a possible phishing scam, visit the Anti-Phishing Working Group Archive.

Tags: Microsoft, your questions, email, phishing, Security.

Delicious Bookmark this on Delicious Bookmark and Share

Also available at http://bit.ly/bAhewb

Categories
Uncategorized

Do you have strong passwords on your devices? Here’s what to consider

 

Internet securityA friend noted today that their online email account was compromised over the weekend. I thought about my post on creating strong passwords (and passphrases) in six easy steps, which is still relevant today…

There’s a good article that was recently posted on on the Microsoft Security At Home web site that outlines how to create strong passwords.

Why should you care? Because last year InformationWeek reported that simple passwords created using short, simple key sequences can be easily cracked:

"For example, a lowly P3 PC running a widely available cracking tool at just 500 MHz was able to guess the password "ChEcK12" in only 26 seconds; and today’s top-of-the-line PCs could perform the same crack almost instantly. (For more examples of just how quickly simple password techniques like this can be bypassed, see this page from McMaster University). It’s scary stuff."

You can find the article on creating strong passwords here and more info and suggestions here on TechNet which notes that a strong password…

  • Is at least seven characters long.
  • Does not contain your user name, real name, or company name.
  • Does not contain a complete dictionary word.
  • Is significantly different from previous passwords. Passwords that increment (Password1, Password2, Password3 …) are not strong.
  • Contains characters from each of the following four groups: Uppercase letters, Lowercase letters, Numerals and Symbols found on the keyboard.

When all else fails, you may also use an online service such as http://strongpasswordgenerator.com/ to suggest strong passwords.

 

Tags: Microsoft, passwords, password, passphrase, security.

Share this post: Bookmark and Share

Also available via http://bit.ly/9JLnhG

Categories
Uncategorized

Announcement: Advance notice for MS10-002 Internet Explorer out-of-band release MS10-002 with Q&A Webcast

Earlier this week, I posted a link to the Security Advisory 979352 Posted: Vulnerability in Internet Explorer Could Allow Remote Code Execution.

As noted on the MSRC blog, there’s an advance notification for an out-of-band release for MS10-002…

"Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing MS10-002 tomorrow, January 21, 2010. We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible.  This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical. It addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized. We recommend that customers install the update as soon as it is available.  For customers using automatic updates, this update will automatically be applied once it is released.

"Today we also updated Security Advisory 979352 to include technical details addressing additional customer questions.

"The updated Security Advisory includes guidance in relation to reports of proof of concept (POC) code that bypasses Data Execution Prevention (DEP) and additional information on the exploitability of, and mitigations and workarounds for, Microsoft products that use mshtml.dll.

"Based on our comprehensive monitoring of the threat landscape, we continue to see only limited attacks. To date, the only successful attacks that we are aware of have been against Internet Explorer 6.

"We continue to recommend that customers update to Internet Explorer 8 to benefit from the improved security protection it offers."

As Jerry noted, please join today (Thursday, January 21) at 1:00pm Pacific (UTC – 8) for a public webcast. We’ll provide more information on the bulletin and take your questions.

Date: Thursday Jan 21
Time: 1:00 p.m. PST (UTC -8)
Registration: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032440627

Tags: IE, Security, what I read, Internet Explorer, twitter, Microsoft, Windows 7.

Clubhouse Tags: Clubhouse, how-to, Windows 7, Security, IE, Internet Explorer (IE)

MSRC references: Security Advisory, Internet Explorer (IE), Workarounds, Defense-in-depth, Exploitability, Zero-Day Exploit

Delicious Bookmark this on Delicious Bookmark and Share

Also available via http://bit.ly/7wNUpp

Categories
Uncategorized

Announcement: Security Advisory 979682 Released for Elevation of Privilege (EoP) vulnerability in the Windows kernel

Yesterday, Jerry Bryant announced here on the MSRC blog that Security Advisory 979682 Released. Click on the link for the details: essentially Security Advisory 979682 addresses an Elevation of Privilege (EoP) vulnerability in the Windows kernel, affecting all currently supported versions of 32-bit Windows. Please note that 64-bit versions of Windows, including Windows Server 2008 R2, are not affected.

As noted, we’re not currently aware of any active attacks against this vulnerability and as Jerry noted…

"… [we] believe risk to customers, at this time, is limited. We continue to recommend customers review the mitigations and workarounds detailed in the Security Advisory.

"We are also working with our Microsoft Active Protections Program (MAPP) partners to help provide broader protections for customers.

"Our teams are continuing to work on an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing the update out-of-band."

For more details on the Security Advisory you can subscribe to our comprehensive alerts here to receive email when there’s new information. The team will also post updates on the MSRC Blog.

 

Tags: IE, Security, what I read, Internet Explorer, twitter, Microsoft, Windows 7.

Clubhouse Tags: Clubhouse, how-to, Windows 7, Security, IE, Internet Explorer (IE)

MSRC references: Security Advisory, Internet Explorer (IE), Workarounds, Defense-in-depth, Exploitability, Zero-Day Exploit

Delicious Bookmark this on Delicious Bookmark and Share

Also available via http://bit.ly/5TO6wk

Categories
Uncategorized

Security Advisory 979352 Posted: Vulnerability in Internet Explorer Could Allow Remote Code Execution

As noted in Mike Reavey’s posts on The Microsoft blog and The Microsoft Security Response Center (MSRC) blog today, we have just released Security Advisory 979352. Here’s the detail from Mike Reavey’s post

Based upon our investigations, we have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks. Today, Microsoft issued guidance to help customers mitigate a Remote Code Execution (RCE) vulnerability in Internet Explorer. Additionally, we are cooperating with Google and other companies, as well as authorities and other industry partners.

Microsoft remains committed to taking the appropriate action to help protect our customers. We released Security Advisory 979352 to provide customers with actionable guidance and tools to help with protections against exploit of this vulnerability. Microsoft has not seen widespread customer impact, rather only targeted and limited attacks exploiting IE 6 at this time. Our teams are currently working to develop an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing the update out of band.

It is important to note that complex attacks targeting specific corporate networks are becoming more prevalent in the threat landscape, therefore organizations should follow defense-in-depth best practices, and deploy multiple layers of protection to improve their security posture. In addition, Protected Mode in IE 7 on Windows Vista and later significantly reduces the ability of an attacker to impact data on a user’s machine. Customers should also enable Data Execution Prevention (DEP) which helps mitigate online attacks. DEP is enabled by default in IE 8 but must be manually enabled in prior versions.

Customers can also set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones or configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. You can find details on implementing these settings in the advisory.

Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-727-2338 (PCSAFETY). Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov. Customers should follow the guidance in the advisory and our Protect Your PC guidance of enabling a firewall, getting software updates, and installing antivirus software (learn more by visiting the Protect Your PC web site). International customers can find their Regional Customer Service Representative http://support.microsoft.com/common/international.aspx.

We are also working with our Microsoft Active Protections Program (MAPP), the Microsoft Security Response Alliance (MSRA), authorities and other industry partners to help provide broader protections for customers. Together with our partners, we will continue to monitor the threat landscape and will take action against any web sites that seek to exploit this vulnerability.

The Security Advisory will be updated with any new developments so if you are not already subscribed to our comprehensive alerts, please do so in order to be alerted by email when new information is added.

-Mike Reavey

This from our Security Advisories page on TechNet…

Microsoft Security Advisory (979352) – Vulnerability in Internet Explorer Could Allow Remote Code Execution, Published: January 14, 2010

Executive Summary

Microsoft is investigating a report of a publicly exploited vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.

The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

At this time, we are aware of limited, active attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other affected versions of Internet Explorer. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we’re actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability.

Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home.

Mitigating Factors:

  • Protected Mode in Internet Explorer on Windows Vista and later Windows operating systems limits the impact of the vulnerability.
  • In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.
  • An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
  • By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone.
  • By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone. The Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.

Tags: IE, Security, what I read, Internet Explorer, twitter, Microsoft, Windows 7.

Clubhouse Tags: Clubhouse, how-to, Windows 7, Security, IE, Internet Explorer (IE) 

MSRC references: Security Advisory, Internet Explorer (IE), Workarounds, Defense-in-depth, Exploitability, Zero-Day Exploit

Delicious Bookmark this on Delicious Bookmark and Share

Also available via http://bit.ly/4F3tgX