Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Possible Issue with Forefront Update KB2508823

Published: 2011-03-09
Last Updated: 2011-03-09 23:13:29 UTC
by Chris Mohan (Version: 1)
1 comment(s)

Included in this Patch Tuesday is a Forefront update KB2508823[1] (Client Version: 1.5.1996.0).


We have received a number of reports that the KB2508823 update fails during the install. Once the update fails, the existing Forefront client is also removed. This leaves the machine without any anti-malware protection.

We recommend you hold off deploying the update until confirmation from Microsoft.

Microsoft have posted a similar warning here:
http://blogs.technet.com/b/clientsecurity/archive/2011/03/08/fcs-v1-march-2011-update.aspx

[1] http://support.microsoft.com/kb/2508823

 

Chris Mohan

1 comment(s)

AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B

Published: 2011-03-09
Last Updated: 2011-03-09 21:48:33 UTC
by Kevin Shortt (Version: 2)
4 comment(s)

Some readers from Montreal, Canada wrote in about a problem with AVG Anti-Virus 2011 Free Edition 10.0.1024.  The issue is with the all PDF's being quarantined and marked as infected by Luhe.Exploit.PDF.B.

 
It has been reported and noted on the above AVG Forum that an affected version is the following:
 
    AVG Anti-virus 2011 Free Edition 10.0.1204, virus database version 1497/3490 

 
The following url is a conversation on the issue:
 
    http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=151679where
 
This seems to be a bug in the definition for Luhe.Exploit.PDF.B.   This does not mean other versions of AVG aren't impacted as well.  Please check your version and verify with AVG.  The current version of the virus database as of writing this diary is 3494 and was released today.  I have no confirmed report that the problem has been resolved yet AVG was aware and working on it.
 
Please share what you're seeing and update the readers.
 
Thanks goes to Heber and Tomas for sending in the information to get it out there.
 
UPDATE:
  AVG has responded to the issue and a new virus database was released earlier today.

  http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=151987#post_151987

  "...a virus database update removing the Re: Luhe.Exploit.PDF.x false alarm (where x stands for BCDEH) has been released on 2011-03-08 21:16:44 CET."
 
 
--
Kevin Shortt
ISC Handler on Duty
 
4 comment(s)

Google Chrome Updates Available - just in time for Pwn2Own

Published: 2011-03-09
Last Updated: 2011-03-09 20:07:16 UTC
by Kevin Shortt (Version: 1)
2 comment(s)

The Pwn2Own contest by HP Tipping Point held at CanSecWest each year has a new sponsor this year. Google.

Google has offered up a bounty for breaking into Google Chrome.  As a seemingly direct defensive measure to prevent a big pay out, Google has published updates the day before the competition kicks off that fix numerous problems.

Yesterday, Google published 23 updates for the Chrome browser.  15 of them were rated high by Google.  So get those browers patched!

       http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html

The nice part is Credit and Cash go to the individuals that report and assist with patch development.

--
Kevin Shortt
ISC Handler on Duty

Keywords: Chrome
2 comment(s)

Apple updates Java

Published: 2011-03-09
Last Updated: 2011-03-09 00:28:47 UTC
by Jim Clausing (Version: 1)
0 comment(s)

Apple has also released a couple of updates today.  Apparently, they are catching up on some Java updates that Oracle released earlier.  The updates are for Mac OS X 10.5 update 9 and 10.6 update 4

References

http://support.apple.com/kb/HT4562

http://support.apple.com/kb/HT4563

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Keywords: apple java
0 comment(s)
Diary Archives