June 16, 2008
PC Manufacturers End Availabitily June 18th.
Microsoft Ends Partner Availablity June 30th.
Windows XP: The facts about its future
After careful consultation with our customers and industry partners, we’ve decided to proceed with our plan to stop selling Windows XP versions in packaged product (retail) on June 30, 2008. We plan to provide support for Windows XP to our customers under the mainstream support policy until April 14, 2009, and under the extended support policy until April 8, 2014. We recognize that your customers will look to you, their trusted advisors, for additional information and next steps. The facts:
CLICK HERE for Microsoft PDF with More Information
Leave a Comment » | 
Business Computer Support, Home Computer Support, Microsoft, Network Infrastructure, Non-Profit Technology, Student Computing, Windows Vista, Windows XP | Tagged: Microsoft, Microsoft Windows Vista, Vista, Windows XP, XP END OF AVAILABLE, XP END OF LIFE, XP END OF SALE | 
Permalink
Posted by bardissi
June 16, 2008
Fremont, CA, June 3, 2008 — AltiGen® Communications, Inc. (NASDAQ:ATGN), a leading provider of VoIP business phone systems and Unified Communications solutions for small-to-medium businesses (SMBs), including companies with multiple distributed locations, branch offices and call centers, named Jeff Kays as vice president of business development. Mr. Kays’ primary focus will be to accelerate growth of AltiGen’s strategic business initiatives through aggressive reseller recruiting and partner channel expansion. He will also be responsible for the company’s distribution, strategic alliance, product and marketing partners and programs.
“For the past year AltiGen has been aggressively pursuing a multi-faceted growth strategy,” said Jeremiah Fleming, AltiGen’s president and chief operating officer. “Jeff’s strong focus on new business development, extensive channel experience and demonstrated ability to drive business growth will play a key role in helping AltiGen achieve the goals we’ve established in our growth plan.”
Mike Plumer, AltiGen’s vice president of sales, said “Jeff brings years of experience directing successful channel sales programs to the team. Having him on board will enable us to have a concentrated focus on growing and improving the productivity of our reseller base, while I turn, my efforts to developing new business relationships. We believe this two-pronged approach will contribute to the further growth of the company.”
Jeff Kays stated, “AltiGen’s world class software-based communications platform positions us to uniquely address the high growth Unified Communications market. Given the number of quality resellers and distributors that have partnered with AltiGen during the course of the past year, the timing couldn’t be better to accelerate both partner recruiting and development programs in this area. This is an exciting time to join AltiGen and I look forward to significantly growing our business.”
Prior to joining AltiGen, Mr. Kays served as vice president of sales at Dallas-based Alliance Systems. Under his leadership, Alliance grew to over $100 million in annual revenues. In developing a channel sales model as Alliance’s primary growth strategy, Jeff built a global partner network supporting the enterprise telephony, call center, unified communications and carrier markets. Prior to joining Alliance Systems, he served as director of new business development at National Health Enhancement Systems, a publicly traded software company and vice president of sales for VS3, a Phoenix-based developer of enterprise voice messaging systems. He is a graduate of the University of Missouri.
AltiGen Communications
AltiGen Communications, Inc. (NASDAQ: ATGN) is a leading provider of VoIP business phone systems and Microsoft-based Unified Communications solutions for small-to-medium businesses (SMBs), including companies with multiple distributed locations, branch offices and call centers. AltiGen’s scalable, integrated, and easy to manage all-in-one unified communications solutions enable an array of applications like standards based SIP VoIP phones and servers, unified messaging, voicemail, call recording, conferencing, call activity reporting and mobility solutions that leverage both the Internet and the public telephone network to take advantage of the convergence of voice and data communications. AltiGen’s systems are designed with an open architecture and are built on an industry standard platform. This adherence to widely used standards allows products to integrate with and leverage the existing technology investment of partners and customers. For more information, call 1-888-ALTIGEN or visit the web site at www.altigen.com.
Safe Harbor Statement
This press release contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934, including, without limitation, statements regarding the continued market acceptance of our Voice over IP telephone systems, and a successful partnership with a leading distributor in the Untied Kingdom. These statements reflect management’s current expectation. However, actual results could differ materially as a result of unknown risks and uncertainties, including but not limited to, risks related to AltiGen’s limited operating history. For a more detailed description of these and other risks and uncertainties affecting AltiGen’s performance, please refer to AltiGen’s Annual Report on Form 10-K for the fiscal year ended September 30, 2007 and all subsequent current reports on Form 8-K and quarterly reports on Form 10-Q. All forward-looking statements in this press release are based on information available to AltiGen as of the date hereof and AltiGen assumes no obligation to update these forward-looking statements.
Leave a Comment » | 
Altigen | Tagged: Altigen Communications, business telephone Allentown PA, business telephone DE, business telephone Delaware, business telephone Harrisburg PA, business telephone Lancaster PA, business telephone New Jersey, business telephone NJ, business telephone NYC, business telephone Philadelphia, business telephone York PA, call center phone system Allentown PA, call center phone system DE, call center phone system Delaware, call center phone system Harrisburg PA, call center phone system Lancaster PA, call center phone system New Jersey, call center phone system NJ, call center phone system NY, call center phone system NYC, call center phone system Philadelphia, call center phone system York PA, call recording Allentown PA, call recording DE, call recording Delaware, call recording Harrisburg PA, call recording Lancaster PA, call recording New Jersey, call recording NJ, call recording NY, call recording NYC, call recording Philadelphia, call recording York PA, call tracking phone system Allentown PA, call tracking phone system DE, call tracking phone system Delaware, call tracking phone system Harrisburg PA, call tracking phone system Lancaster PA, call tracking phone system New Jersey, call tracking phone system NJ, call tracking phone system NY, call tracking phone system NYC, call tracking phone system Philadelphia, call tracking phone system York PA, hosted phone system Allentown PA, hosted phone system DE, hosted phone system Delaware, hosted phone system Harrisburg PA, hosted phone system Lancaster PA, hosted phone system New Jersey, hosted phone system NJ, hosted phone system NYC, hosted phone system Philadelphia, hosted phone system York PA, hosted voip Allentown PA, hosted voip DE, hosted voip Delaware, hosted voip Harrisburg PA, hosted voip Lancaster PA, hosted voip New Jersey, hosted voip NJ, hosted voip NYC, hosted voip Philadelphia, hosted voip York PA, ip pbx Allentown PA, ip pbx DE, ip pbx Delaware, ip pbx Harrisburg PA, ip pbx Lancaster PA, ip pbx New Jersey, ip pbx NJ, ip pbx NYC, ip pbx Philadelphia, ip pbx York PA, Jeff Kays, Microsoft exchange phone system Allentown PA, Microsoft exchange phone system DE, Microsoft exchange phone system Delaware, Microsoft exchange phone system Harrisburg PA, Microsoft exchange phone system Lancaster PA, Microsoft exchange phone system New Jersey, Microsoft exchange phone system NJ, Microsoft exchange phone system NY, Microsoft exchange phone system NYC, Microsoft exchange phone system Philadelphia, Microsoft exchange phone system York PA, Microsoft phone system Allentown PA, Microsoft phone system DE, Microsoft phone system Delaware, Microsoft phone system Harrisburg PA, Microsoft phone system Lancaster PA, Microsoft phone system New Jersey, Microsoft phone system NJ, Microsoft phone system NY, Microsoft phone system NYC, Microsoft phone system Philadelphia, Microsoft phone system York PA, multi branch phone system Allentown PA, multi branch phone system DE, multi branch phone system Delaware, multi branch phone system Harrisburg PA, multi branch phone system Lancaster PA, multi branch phone system New Jersey, multi branch phone system NJ, multi branch phone system NY, multi branch phone system NYC, multi branch phone system Philadelphia, multi branch phone system York PA, pbx Allentown PA, pbx DE, pbx Delaware, pbx Harrisburg PA, pbx Lancaster PA, pbx New Jersey, pbx NJ, pbx NYC, pbx Philadelphia, pbx York PA, Phone System Allentown PA, phone system call monitoring Allentown PA, phone system call monitoring DE, phone system call monitoring Delaware, phone system call monitoring Harrisburg PA, phone system call monitoring Lancaster PA, phone system call monitoring New Jersey, phone system call monitoring NJ, phone system call monitoring NY, phone system call monitoring NYC, phone system call monitoring Philadelphia, phone system call monitoring York PA, phone system conference calls Allentown PA, phone system conference calls DE, phone system conference calls Delaware, phone system conference calls Harrisburg PA, phone system conference calls Lancaster PA, phone system conference calls New Jersey, phone system conference calls NJ, phone system conference calls NY, phone system conference calls NYC, phone system conference calls Philadelphia, phone system conference calls York PA, Phone System DE, Phone System Delaware, Phone System Harrisburg PA, Phone System Lancaster PA, Phone System New Jersey, Phone System NJ, Phone System NYC, Phone System Philadelphia, Phone System York PA, SIP phone system Allentown PA, SIP phone system DE, SIP phone system Delaware, SIP phone system Harrisburg PA, SIP phone system Lancaster PA, SIP phone system New Jersey, SIP phone system NJ, SIP phone system NY, SIP phone system NYC, SIP phone system Philadelphia, SIP phone system York PA, SIP Trunking Allentown PA, SIP Trunking DE, SIP Trunking Delaware, SIP Trunking Harrisburg PA, SIP Trunking Lancaster PA, SIP Trunking New Jersey, SIP Trunking NJ, SIP Trunking NY, SIP Trunking NYC, SIP Trunking Philadelphia, SIP Trunking York PA, supervise phone calls Allentown PA, supervise phone calls DE, supervise phone calls Delaware, supervise phone calls Harrisburg PA, supervise phone calls Lancaster PA, supervise phone calls New Jersey, supervise phone calls NJ, supervise phone calls NY, supervise phone calls NYC, supervise phone calls Philadelphia, supervise phone calls York PA, telephone system Allentown PA, telephone system DE, telephone system Delaware, telephone system Harrisburg PA, telephone system Lancaster PA, telephone system New Jersey, telephone system NJ, telephone system NYC, telephone system Philadelphia, telephone system York PA, Vice President of Business Development, voicemail to email phone system Allentown PA, voicemail to email phone system DE, voicemail to email phone system Delaware, voicemail to email phone system Harrisburg PA, voicemail to email phone system Lancaster PA, voicemail to email phone system New Jersey, voicemail to email phone system NJ, voicemail to email phone system NY, voicemail to email phone system NYC, voicemail to email phone system Philadelphia, voicemail to email phone system York PA, voip Allentown PA, voip DE, voip Delaware, voip Harrisburg PA, voip Lancaster PA, voip New Jersey, voip NJ, voip NYC, voip pbx Allentown PA, voip pbx DE, voip pbx Delaware, voip pbx Harrisburg PA, voip pbx LancasterPA, voip pbx New Jersey, voip pbx NJ, voip pbx NYC, voip pbx Philadelphia, voip pbx York PA, voip Philadelphia, voip York PA | 
Permalink
Posted by bardissi
June 10, 2008
Severity: High
10 June, 2008
Summary:
- These vulnerabilities affect: All current versions of Windows
- How an attacker exploits them: Multiple vectors of attack, including sending specially crafted packets or enticing your users into downloading and playing media files
- Impact: Various results; in the worst case, attacker can gain complete control of your Windows computer
- What to do: Install the appropriate Microsoft patches immediately
Exposure:
Today, Microsoft released six security bulletins describing vulnerabilities that affect Windows and components shipping with it. Each vulnerability affects different versions of Windows to a different extent. However, a remote attacker could exploit the worst of these flaws to gain complete control of your Windows PCs. The summary below lists the vulnerabilities in order from highest to lowest severity.
MS08-033: Two DirectX Remote Code Execution Vulnerabilities
DirectX is a collection of application programming interfaces (APIs) which ships with all versions of Windows; coders use it to create multimedia content. According to Microsoft, DirectX suffers from two security vulnerabilities involving the way it handles certain media content. Though they differ technically, both vulnerabilities share the same general characteristics: By luring one of your users into downloading and opening a maliciously crafted multimedia file, an attacker can exploit either of these vulnerabilities to execute code on that user’s computer, inheriting that user’s privileges. Typically, Windows users have local administrative privileges, in which case the attacker could gain complete control of the victim’s computer. The primary difference between these flaws involves which multimedia file the attacker can use to exploit them. The potentially dangerous files include Synchronized Accessible Media Interchange files (.sami) and MJPEF video files (.asf, .avi).
Microsoft rating: Critical.
MS08-030: Bluetooth Stack Code Execution Vulnerability
Windows ships with its own Bluetooth stack to support the Bluetooth wireless connectivity standard. According to Microsoft’s bulletin, the Windows Bluetooth stack suffers from a remote code execution vulnerability due to its inability to handle a large number of service description requests correctly. By sending a large number of such requests to one of your users, an attacker could exploit this flaw to execute code on that user’s computer, with that user’s privileges. If your users have local administrative privileges, an attacker could then leverage this vulnerability to gain complete control of their PCs. (Of course, only Windows devices that have Bluetooth suffer from this vulnerability.)
Microsoft rating: Critical.
MS08-034: WINS Elevation of Privilege Vulnerability
Windows Internet Name Service (WINS) is a Windows service that translates NetBIOS names into addresses on a TCP/IP network. WINS suffers from an elevation of privilege vulnerability in which it is unable to correctly validate the data structures within specifically crafted WINS network packets. By sending specially crafted packets to one of your Windows computers, an attacker could exploit this vulnerability to execute code on that computer with the full system privileges. In other words, the attacker would gain complete control of that machine.
Microsoft rating: Important.
MS08-035: Active Directory Denial of Service Vulnerability
Active Directory is the Windows component that provides central authentication and authorization services for Windows computers. Active Directory runs on Windows servers, but it is also found on Windows clients as the Active Directory Application Mode (ADAM) service. Microsoft’s security bulletin warns of an unspecified Denial of Service (DoS) vulnerability involving the way Active Directory handles specially crafted LDAP packets. By sending a malicious LDAP request, a remote attacker could exploit this vulnerability to cause your Windows computer to lock up or to reboot. The attacker could repeatedly exploit this vulnerability to keep your Windows machines offline for as long as he could sustain this attack. However, most administrators don’t allow LDAP traffic (TCP ports 389 and 3268) through their perimeter firewall; therefore, this vulnerability primarily poses an internal threat. This vulnerability is nearly identical to MS08-003, which we reported in our February Windows alert, except that the new flaw affects Windows Server 2008 as well.
Microsoft rating: Important.
MS08-036: Pragmatic General Multicast (PGM) Denial of Service Vulnerabilities
According to Microsoft, Pragmatic General Multicast (PGM) is a reliable and scalable multicast protocol. According to a Wikipedia article though, PGM is an IETF experimental protocol and is not yet a standard. Microsoft’s bulletin describes two DoS vulnerabilities in Microsoft’s implementation of PGM. By sending specially crafted PGM packets, a remote attacker could exploit either of these vulnerabilities to cause your Windows computer to lock up or reboot. The attacker could repeatedly exploit this vulnerability to keep your Windows machines offline for as long as he could sustain this attack. By default, however, PGM is not enabled on many Windows computers.
Microsoft rating: Important.
MS08-032: Speech Recognition Code Execution Vulnerability
Windows ships with a Speech Recognition component which allows you to issue voice commands to your Windows computer through a microphone. Researchers have pointed out that by enticing a user into playing back an audio file, an attacker could exploit the Speech Recognition feature to execute commands on that user’s computer, with that user’s privileges. Since you can embed audio into web pages, attackers could exploit this flaw simply by luring one of your users to a malicious web site. However, many mitigating factors greatly limit the severity of this flaw; one is that Speech Recognition is not enabled by default in Windows.
Microsoft rating: Moderate.
Solution Path:
Microsoft has released patches for Windows which correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.
Note: Microsoft no longer officially supports Windows NT 4.0, 98, ME or XP with SP1. If you manage any of these operating systems, Microsoft suggests you migrate to supported versions in order to prevent potential exposure to vulnerabilities. You can learn more about Microsoft’s extended security update support at its Product Support Services Web site.
MS08-033:
MS08-030:
Doesn’t affect Windows 2000, Server 2003, or Server 2008
MS08-034:
Doesn’t affect the non-server versions of Windows, or Server 2008
MS08-035:
MS08-036:
Doesn’t affect Windows 2000
MS08-032:
For All WatchGuard Users:
WatchGuard Fireboxes, by default, reduce the risks presented by some of these vulnerabilities. However, attackers could exploit many of them locally, without passing traffic through your firewall. For that reason, we urge you to apply the patches above.
Status:
Microsoft has released patches correcting these issues.
References:
Leave a Comment » | 
Business Computer Support, Computer Security, Home Computer Support, Microsoft, Network Infrastructure, Non-Profit Technology, Student Computing, Watchguard, Windows NT, Windows Server 2003, Windows Vista, Windows XP | Tagged: Active Directory Denial of Service Vulnerability, Bluetooth Stack Code Execution Vulnerability, DirectX Remote Code Execution Vulnerabilities, Microsoft, MS08-032: Speech Recognition Code Execution Vulnerabili, MS08-036: Pragmatic General Multicast (PGM) Denial of S, WINS Elevation of Privilege Vulnerability | 
Permalink
Posted by bardissi
June 10, 2008
Critical Internet Explorer Cumulative Patch Fixes Two Vulnerabilities
Severity: High
10 June, 2008
Summary:
- This vulnerability affects: Internet Explorer 7 and earlier versions
- How an attacker exploits it: By enticing one of your users to visit a malicious Web page
- Impact: In the worst case, the attacker can execute code on your user’s computer, gaining complete control of it
- What to do: Deploy the appropriate Internet Explorer patches immediately
Exposure:
In a security bulletin released today as part of its monthly patch update, Microsoft describes two vulnerabilities in Internet Explorer (IE) versions 5.01, 6.0, and 7.0. The worst of the two vulnerabilities involves IE’s inability to handle certain HTML objects properly, which causes a memory corruption. By luring one of your users into visiting a maliciously crafted Web page, an attacker can exploit this memory corruption vulnerability to execute code on that user’s computer, inheriting that user’s privileges. Typically, Windows users have local administrative privileges; in that case, the attacker could gain complete control of the victim’s computer.
Microsoft describes the second vulnerability as a “cross-domain information disclosure” vulnerability. Most web browsers impose a security measure called the same origin policy to help prevent one web site from accessing the contents of another web site. This security measure should protect you from an entire range of cross-site or cross-domain attacks, such as a cross-site scripting (XSS) attack. Unfortunately, IE suffers from a flaw that allows attackers to bypass the same origin policy. Similar to a typical XSS attack, an attacker needs to entice one of your users into following a specially crafted link in order to exploit this cross-domain information disclosure vulnerability. However, rather than executing scripts under the context of a legitimate site, the attacker can only leverage this vulnerability to read data from a legitimate site. Even so, if your users visit secure web sites which store sensitive data, it is possible that an attacker could leverage this flaw to steal that data.
In addition to fixing these two newly announced flaws, today’s Internet Explorer patch also fixes all previously known flaws.
Solution Path:
These patches fix serious issues. You should download, test, and deploy the appropriate IE patches as soon as possible.
For All WatchGuard Users:
These attacks travel as normal-looking HTTP traffic, which you must allow if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.
Status:
Microsoft has released patches to fix these vulnerabilities.
References:
Leave a Comment » | Business Computer Support, Computer Security, Home Computer Support, Internet Explorer, Microsoft, Network Infrastructure, Non-Profit Technology, Student Computing, Watchguard, Windows 2000, Windows NT, Windows Server 2003, Windows Vista, Windows XP | Tagged: Internet Explorer Cumulative Patch, LiveSecurity, Microsoft, Watchguard | Permalink
Posted by bardissi
June 10, 2008
Severity: High
10 June, 2008
Summary:
- This vulnerability affects: Quicktime 7.4.5 for Mac and PC (and possibly earlier versions)
- How an attacker exploits it: By enticing your users to download and play a malicious multimedia file in Quicktime
- Impact: Attacker executes code on your user’s computer, potentially gaining complete control of it
- What to do: If you allow Quicktime (or iTunes), upgrade to version 7.5; otherwise, remove these applications from your company’s computers
Exposure:
Today, Apple released an alert fixing five vulnerabilities in its popular media player application, Quicktime. (Current versions of iTunes ship with the program as well; if your users have iTunes, they most likely have Quicktime.) These applications run on Windows and Macintosh computers, and both platforms are susceptible to exploitation of these security flaws. Apple’s alert specifies Vista and XP SP2 as the vulnerable versions of Windows.
The vulnerabilities relate to different processes in Quicktime (for example, how it opens picture files, how it displays movie files, how it handles audio files, and so on); but the flaws share a similar result if successfully exploited. If an attacker can get one of your users to open a specially crafted multimedia file, or to click a URL that links to malicious QuickTime content, he could trigger any of these flaws to execute code on your user’s computer, with the same privileges and permissions your user has. If your users have local administrative privileges, the attacker could gain complete control of their machines.
The primary difference between these flaws involves which multimedia file the attacker can use to exploit them. The potentially dangerous files that could trigger these flaws are:
- PICT images (.pict)
- AAC audio files (.aac)
- Indeo video files (.mov, .avi, etc…)
Solution Path:
Apple has released Quicktime version 7.5 to correct these flaws. If you allow (or suspect that your users have installed) Quicktime or iTunes in your network, we recommend that you have your users either remove the applications or install version 7.5.
The latest versions of Quicktime and iTunes for Windows ship with Apple Software Update. Apple Software Update automatically detects updates such as this one for Quicktime and then informs you, so that you can install it as soon as possible. If you choose to allow Quicktime or iTunes in your network, we recommend you set Apple Software Update to check for new updates daily and allow it to assist you in keeping your Apple software current.
Note: By default, Apple ships Quicktime combined with iTunes. If you do not want iTunes, download the standalone version of Quicktime.
For All Users:
These attacks rely on one of your users downloading and opening any of several different Quicktime movie, image, or audio file types. Many of these multimedia formats have legitimate business uses and should not be blocked in their entirety at your firewall. Unless you want to block all the media types that Quicktime supports, you should insist that users either remove Quicktime and iTunes, or install Apple’s Quicktime update as soon as possible.
Status:
Apple released Quicktime 7.5, which fixes this issue.
References:
Leave a Comment » | Apple, Business Computer Support, Computer Security, Watchguard | Tagged: LiveSecurity, Malicious Multimedia Menaces Quicktime, Watchguard | Permalink
Posted by bardissi
June 10, 2008
WatchGuard is pleased to announce the availability of version 10.2 of WatchGuard System Manager, Edge e-Series, Fireware, and Fireware Pro. This update is a maintenance release and contains a number of enhancements and fixes for critical issues as reported by WatchGuard customers.
New in this release are enhancements to our DHCP server, which can now be used with both the High Availability option and while using drop-in mode; as well as a new Authentication Detail report showing both failed and successful authentication attempts to the Firebox.
Also contained in this release are a number of significant improvements to Fireware’s memory management, which result in more reliable configuration file “save” operations to the Firebox; as well as numerous improvements to logging and the log server, resulting in greater ease of installation, management, and reliability.
Issues resolved for the Edge platform include improved handling of netmask settings in 1-to-1 NAT; session idle timeouts for the Edge e-Series authentication service; and improved IPSec aggressive mode negotiation while using fully qualified domain names.
For full details on these and other resolved issues, as well as a list of known issues with this release, please consult the Release Notes posted on the Software Downloads page for your Firebox.
Does This Release Pertain To Me?
10.2 is a maintenance release. If you are impacted by any of the issues listed above or those contained in the Release Notes, you should consider upgrading to version 10.2. Please read the Release Notes before you upgrade, to understand what’s involved.
How Do I Get the Release?
Firebox X Edge e-Series, Peak and Core owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading the applicable packages from the Software Downloads web page, which also includes clear installation instructions. As always, if you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)
Leave a Comment » | Business Computer Support, Computer Security, Microsoft, Network Infrastructure, Non-Profit Technology, Watchguard | Tagged: Firebox X Edge e-Series, LiveSecurity Service subscription, WatchGuard System Manager, WatchGuard Version 10.2 | Permalink
Posted by bardissi
June 8, 2008
Severity: High
5 June, 2008
Summary:
- This vulnerability affects: Hewlett-Packard desktop and laptop computers running Windows
- How an attacker exploits it: By luring one of your users to a maliciously crafted website, where a drive-by download occurs
- Impact: The attacker can take complete control of your user’s computer
- What to do: Either set the kill bit for the vulnerable ActiveX control, or update your HP Instant Support software to version 1.0.0.24
Exposure:
Hewlett-Packard (HP) is the world’s largest PC dealer. HP has sold millions of desktop and laptop computers, and according to industry observers, accounts for as much as 20 percent of the PC market. Somewhere among your users, it is probable that an HP computer regularly connects to your network. If you have no HP computers on your network, this security alert does not pertain to you.
Yesterday, researcher Dennis Rand of the Danish security firm, CSIS, announced several major security flaws in the version of ActiveX that HP pre-installs on its computers. HP’s version of ActiveX is unique in that it contains a plug-in which causes the user’s computer to automatically connect to HP’s Instant Support service for updates of HP software, BIOS, and other Windows drivers. The ActiveX plug-in also installs itself if a user visits HP’s web page to access software updates for a wide range of HP products. This means that any well-maintained HP computer is likely to contain the vulnerable software. Note that the vulnerabilities can be exploited even if Instant Support is not in use.
Rand’s write-up (PDF) details eight ways in which an attacker could exploit flaws in HP’s ActiveX to take control of a user’s computer. Most of these flaws are severe enough that a successful attack requires very little interaction on the part of the victim. If the attacker can lure the victim to a maliciously crafted web page, the vulnerabilities can be exploited the moment the victim arrives, even if the victim doesn’t click anything on the page itself (an attack known as a drive-by download). The specific functions in HP’s ActiveX which are vulnerable are:
- AppendStringToFile
- ExtractCab
- GetFileTime
- MoveFile
- RegistryString
- DownloadFile
- StartApp
- DeleteSingleFile
The various vulnerabilities include buffer overflows, the ability to execute code of the attacker’s choosing, and the ability for the attacker to write a file to anywhere the user can. On a severity scale of 1 to 10, with 10 being worst, many of these vulnerabilities rate at least 9. It is also possible for an attacker to exploit these vulnerabilities through SQL injection or HTML injection techniques.
Incidentally, this is not the first time HP has installed dangerous flaws onto their own products. Very late in 2007, we wrote about vulnerabilities in their Quick Launch Button software, installed on 82 different HP laptop models.
Solution Path:
The very software that is the problem could also be part of the answer. HP recommends updating your Instant Support software, especially if you have version 1.0.0.22 or earlier. To install HP Instant Support version 1.0.0.24 or later, visit the Instant Support Professional edition web site and choose to launch an online diagnostic session.” According to our correspondence with Dennis Rand, you must manually request the update — it will not patch itself automatically.
Alternatively, if you don’t use Instant Support and don’t expect to use it, you can modify the vulnerable HP software so that it cannot execute. Doing so involves setting the kill bit for the ActiveX control which has the Class Identifier (CLSID) of 14C1B87C-3342-445F-9B5E-365FF330A3AC. For more details, see HP’s Support Document and cross-reference it with the Microsoft Knowledge Base article, “How to stop an ActiveX control from running in Internet Explorer.”
For All Users:
Because of the severity of the flaws in HP’s ActiveX, and the nature of web sessions (attack code from a malicous web site is technically data that your user requested, which can allow the data to pass checkpoints that would resist an attack initiated externally), your safest response is to take either of the actions listed under “Solution Path.” These are severe security holes and proof of concept code has been publicly posted. An attacker does not need much sophistication to “weaponize” the provided code, and we expect to see these flaws exploited in the wild almost immediately. We urge you to address these flaws at your earliest opportunity.
Status:
Hewlett-Packard released Instant Support 1.0.0.24, fixing this issue.
References:
Leave a Comment » | Business Computer Support, Computer Security, HP, Hewlett-Packard, Network Infrastructure, Non-Profit Technology, Watchguard | Tagged: ActiveX Flaws, Attackers Control HP Computers, Hewlett-Packard, HP, Watchguard | Permalink
Posted by bardissi
June 4, 2008
Don’t miss out on this once a year opportunity at TechSoup! Request up to your full allotment of valuable software, hardware, and online services from some of our most popular donors before your eligibility resets on June 30. On July 1, you’ll again become eligible to place requests. Note that any unused allotment from this fiscal year cannot be carried over.
To help you make the most of this opportunity, we’ve highlighted some of the donors whose programs are affected by the fiscal year end — to maximize your benefits, place a request before June 30 so that you can request again starting July 1. Or click this link to view all affected programs.
Keep in mind your organization is likely eligible to request from not just one but multiple donation programs. The deadline is June 30, though, so place your request today.
Important: Microsoft product requests are not affected by the June 30 deadline.
Software & Online Services
Symantec: Protect What Matters to You
Protect all the computers in your organization with Norton AntiVirus, Norton Internet Security, and the new version of Norton 360. Also, enterprise security software is available for larger organizations
Flickr: Tell Your Story
Request a package of Pro accounts to showcase your organization’s work through your own photography
Crystal Reports: Turn Data into Action
Create highly formatted and useful reports from your data using Crystal Reports Standard Edition XI and share them online with Crystalreports.com
Atlas Business Solutions: Tools for Human Resources
Organize your human resource recordkeeping with Staff Manager and easily schedule volunteers or employees with ScheduleAnywhere
Financial Management
Intuit: Better Accounting, Better Decisions
Request Quicken or QuickBooks Customer Manager to track your financial and customer information
MYOB: Manage Your Finances Better
Perfect for your small nonprofit, MYOB offers BusinessBasics and Premier Accounting software (Mac software also available)
Hardware
Cisco: Do More With Your Network
Grow your network with Cisco’s available products for wireless networking plus switches and routers, security appliances, and network accessories
RCI: Quality, Low-Cost Refurbished Computers
Request refurbished desktop and notebook computers, now with better specs and lower admin fees
Fundraising
NOZA: Search 30 Million Records for Your Next Donor
NOZA’s powerful online database can help boost your fundraising efforts by showing who made charitable contributions to organizations like yours in the past
GiftWorks: Make Your Fundraising Easier
The new GiftWorks 2008 will help your small nonprofit get organized and take your fundraising to the next level
Network for Good: Boost Your Fundraising
Drive contributions by accepting credit cards on your website with a service bundle from Network for Good
Telosa: Organize Critical Donor Information
Is managing your donors and contacts in spreadsheets overwhelming? Streamline and automate many time-consuming tasks with Telosa Exceed! Basic
Browse all donation programs on a fiscal year end schedule or review eligibility details for each program.
How To Check Your Order History
Not sure what products your organization has already received through TechSoup during the current fiscal year? Check your order history and click an order number to view details. To see all requests since 7/1/2007 (the beginning of our current fiscal year), type that date in the “From Date” field and click Go.
Best wishes,
Rebecca Masisak
Co-CEO, TechSoup
http://www.techsoup.org/stock
Leave a Comment » | CompuMentor, Non-Profit Technology, Non-Profits, TechSoup | Tagged: CompuMentor, TechSoup | Permalink
Posted by bardissi
June 2, 2008
Symantec retracts claim that attack exploit is “zero day”
Severity: Medium
2 June, 2008
Update:
On Wednesday 28 May, we published an alert about attackers exploiting a zero day vulnerability in Adobe Flash Player. By enticing one of your users to a malicious Web site, an attacker can exploit this vulnerability to execute code on your user’s computer, with your user’s privileges. In the worst case scenario, the attacker could gain total control of the victim’s PC.
In our May alert, we reported that this Flash Player vulnerability may not be as new as Symantec originally thought. According to Symantec’s research, the flaw appeared similar to one Adobe has already patched. Nonetheless, Symantec claimed they had observed this new exploit affecting fully patched versions of Adobe Flash Player. So they labeled the threat a zero day vulnerability.
One day after our alert, Symantec updated their Threatcon information, recanting their original claim, and saying the exploit they found in the wild was not a zero day vulnerability. Adobe, the creator of Flash Player, has also confirmed that the exploit found in the wild leverages a vulnerability that was patched in Flash Player 9.0.124.0.
However, despite both Adobe and Symantec’s position on this particular exploit, some researchers still worry that a zero day Flash exploit may exist in the wild. McAfee claims to have observed a Flash exploit with the filename, “WIN 9,0,124,0i.swf,” which could suggest it targets the patched version of Flash. A day after reporting that, however, McAfee could no longer find that particularly named exploit in the wild.
So what does this mean to you? As it stands today, researchers have not found unarguable proof of a zero day Flash exploit in the wild. However, they have observed attackers exploiting a Flash Player vulnerability in the wild even though Adobe has released a patch for it. Our alert from 28 May says that Adobe’s patch from April was not sufficient to protect you from attacks. Now all information we have says that if you deployed the Flash Player patch we described in our 9 April alert, these current attacks shouldn’t affect you. Nonetheless, if you don’t need Flash content in your network, you might still consider using your Firebox to block SWF files until this attack recedes. You can find directions on how to block SWF files in our original alert from April, which you can find in the Latest Broadcasts page of our website.
References:
Leave a Comment » | Adobe Flash Player, Business Computer Support, Computer Security, Home Computer Support, Network Infrastructure, Non-Profit Technology, Student Computing, Symantec, Watchguard | Tagged: Adobe Flash Player, Symantec | Permalink
Posted by bardissi
