Duqu Worm Security Issue with Windows True Type Font Engine

Last week Microsoft revealed there is a serious security vulnerability with the true type fond rendering code built into the Windows kernel. By simply visiting an infected website the Duqu worm can get administrative level privileges to your system, thereby installing viruses / worms on  your system.  Malformed MS Word documents can also be an entry vector for Duqu.

While a more permanent patch is expected to be available within the next month, Microsoft has implemented a “Fix it” workaround you can access via this url:

http://support.microsoft.com/kb/2639658

To enable the fix, scroll down and click the fix it button under “Enable”.

Please note: There is one drawback to this fix, once you enable it you will no longer be able to do a “Save As…” to PDF format from any Office app. You can restore this capability by disabling the Fix It by clicking the appropriate button under the “Disable” option in the above url.

I have successfully tested the fix enable / disable and was able to restore the ability to save as to PDF. For the time being I will be running with the fix enabled. If I need to export to PDF I can visit the site, disable the fix, and save to pdf, then re-enable. While disabled I would not be going to any websites. 

This is a fairly serious issue that is already being exploited to infect machines. To protect yourself, along with your business and / or clients, you should consider using this fix until a permanent solution is provided by Microsoft.

Also note that this week’s “patch Tuesday” updates included some critical security fixes. If you do not have your box setup to automatically apply updates, you should go to Windows Update and get the latest patches.

A big thanks to Steve Gibson (@sggrc) and his Security Now podcast on the TWIT.TV network, where I heard about this. If you aren’t listening to the Security Now podcast, you should. I’ve long held it should be required listening for any IT Professional.

Podcast Junkie Week – THE Show

“So what is the one show I should listen to?”

“What show is the most important?”

“What is your favorite show?”

All great questions, and today I’ll answer all of the questions with one name:

Security Now

Yes, a podcast about security. I’m sure you are probably thinking “dull dull dull”. But my friend you’d be so mistaken.

First off, security is everyone’s business. Attacks come in all forms, and any good developer, DBA, or admin needs to know what forms they take and how best to protect yourself from them. Even if you are just a computer user, you need to know the basics of how to protect your system.

I also find the hosts very entertaining. Leo Laporte plays the role of the “every man”, asking the same questions you or I would. Steve Gibson is the security sage, the dispenser of internet safety and wisdom. I personally find his voice and style to be very relaxing, sometimes I feel like I’m right there in the coffee shop with him having a discussion.

Steve also has the ability to make complex subjects understandable. He draws on analogies to clarify the deep technical jargon and make it clear. I also appreciate the weekly security updates segment. Not only does Steve let you know about the latest security alerts, but tells us what they mean to us and how we can protect ourselves.

Finally I want to point out the incredible dedication Steve has. As of July 9th 2009 Security Now has been on the web for 204 weeks, and has published 204 episodes. In that time he has not missed one single week putting out an episode. I know that even during the December holiday season when so many other podcasts go into hiatus, each week an episode of Security Now will continue to appear on my Zune.

I hope you’ve enjoyed getting a glimpse into the life of a podcast junkie. If you want to help my addiction feel free to post your own suggestions in the comments for the day most appropriate to the subject. Now if you’ll excuse me, I need to go watch another podcast.

Arcane Stuff

Stepping away from WPF for a brief moment to pass along some interesting tidbits. First, there’s a new blog at Microsoft, the hackers blog. Should be interesting reading for those interested in security.

http://blogs.msdn.com/hackers/

Next, if you are one of the few people in the universe who has not yet heard, Scott Hanselman’s incredibly useful list of tools for 2007 is up.

http://www.hanselman.com/blog/ScottHanselmans2007UltimateDeveloperAndPowerUsersToolListForWindows.aspx

The Alabama Code Camp, which is scheduled for October 6th, has had it’s site updated. Note, it’s done in Silverlight, so you’ll need the latest Silverlight plug in to see it. (Don’t worry, the site will prompt you, quick and painless.)

You should also note there’s going to be a Silverlight Game contest. Design your own Silverlight game and you could win a Zune! See the site for details.

http://www.alabamacodecamp.com/

Finally, there’s an interesting looking conference going on in Nashville on October 12th and 13th called DevLink. They have some really big name speakers, with a really low admission. I’m planning on going, so maybe I’ll see you there!

http://www.devlink.net/

VirtualBox – Communicating to the Host OS via Networking

This evening I installed my old copy of XP (I’m now running Vista) into VirtualBox. The install was pretty easy and straight forward, so much so that it’s not even worth doing step by step instructions. A simple wizard setup my base machine, and XP installed just like it would as a “real” machine.

Using the default of NAT for networking (Networking Address Translation) seemed OK for getting to the internet, but I spent most of my evening trying to make the guest OS, in this case XP, talk to the hard disks of my host OS, Vista.

To save you a lot of grief and manual digging, here’s what I finally had to do. First, I setup a single folder on my host OS, right clicked on it to bring up properties. I then picked the Sharing tab and told the OS to share it with others on the network. (Yes, I’m firewalled, both hardware at the router and within the OS as well. I haven’t been listening to all those security now episodes for nothing! )

The folder I created was named “Z”, for no better reason than it’d be easy to find. I also named the share Z, for consistency. Once I had it shared, I went back into the guest OS of XP, which was running inside VirtualBox. I opened an explorer (aka My Computer) window, and picked Tools, Map Network Drive. OK, here comes the tricky part:

After picking the drive letter, for the Folder I had to use the IP address of the guest OS, followed by the name of the share, as in \\192.168.1.1\Z . I could not browse my local network, I couldn’t enter the machine name, only using the combo of IP address followed by share name would work.

Digging in the documentation it said that running VirtualBox’s network emulation in NAT mode caused the issue, and gave the solution, but I wish they had mentioned it a bit more prominently in the software, since using a lot of common techniques was not working.

A few notes, yes I could have chosen to share my entire drive. However, being security conscious I prefer to setup a single folder and share it. That allows me a comfortable level of isolation, and allows my to quickly and easily scan the contents with antivirus / spyware applications before using the files. And, if anyone should “break in” my exposure via shared networking will be limited to that single folder, which will be empty 99.9% of the time.

To find your machine’s IP, in the host box (outside VirtualBox) open a command window and type in IPCONFIG and hit enter. In the list of wireless adapters should be your hard wired network card, just grab it’s IP address.

Also, the share name of “Z” was because I was testing, for longer term I’ll probably setup something more meaningful like “VirtualBox Shared Folder”.

Be aware that the moment you share a folder between your VirtualBox (or any Virutal Machine) and the host OS, you have a security vulnerability. That may be fine, and will be one of the better solutions for transferring data and application installs between the host and guest OS.

Many people though use virtual machines to test new software (especially “free”applications) for viruses / spyware / malware. If that’s your goal, make sure to disconnect your mapped network drive before testing these potentially harmful applications.

Hopefully I’ve saved you a bit of effort in establishing a connection between your guest and host OS’s hard disks when running VirtualBox.

Arcane Security: IRS E-mail Scam

No, it’s not the IRS trying to get you this time, but scammers trying to take over your computer. In a brand new threat, scum sucking scammers are sending out e-mails that claim to be from the IRS. The e-mail tells the reader they are the target of a criminal investigation, and tells them to click on a link to find out more.

Now first of all, the IRS does not notify people of criminal infractions via e-mail. Usually it’s through a group of gray suited men in dark sunglasses knocking on your door, or through certified mail in a letter that says “you pay us…”

Second you should always be wary of any mail that insists you to click on a link to find out more. That’s always a key there’s something wrong. That’s one reason I always type out URLs in this blog, so that those who are mistrusting types can simply read it and type it in, or highlight and cut/paste.

If you get one of these, forward it to phishing@irs.gov, then DELETE IT! Yes, you could just delete it and be safe, but let’s do what we can to help the IRS catch these scumbags.

This story is all over the web, but you can read more at the Consumer Affairs site on http://www.consumeraffairs.com/news04/2007/05/irs_phishing.html or http://shrinkster.com/pmj . It’s so insideous though I decided to add my own warning to try and get the word out.

Follow

Get every new post delivered to your Inbox.

Join 102 other followers