Possible Issue with Forefront Update KB2508823

Published: 2011-03-09
Last Updated: 2011-03-09 23:13:29 UTC
by Chris Mohan (Version: 1)
1 comment(s)

Included in this Patch Tuesday is a Forefront update KB2508823[1] (Client Version: 1.5.1996.0).


We have received a number of reports that the KB2508823 update fails during the install. Once the update fails, the existing Forefront client is also removed. This leaves the machine without any anti-malware protection.

We recommend you hold off deploying the update until confirmation from Microsoft.

Microsoft have posted a similar warning here:
http://blogs.technet.com/b/clientsecurity/archive/2011/03/08/fcs-v1-march-2011-update.aspx

[1] http://support.microsoft.com/kb/2508823

 

Chris Mohan

Keywords: Forefront Microsoft updates
1 comment(s)

AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B

Published: 2011-03-09
Last Updated: 2011-03-09 21:48:33 UTC
by Kevin Shortt (Version: 2)
4 comment(s)

Some readers from Montreal, Canada wrote in about a problem with AVG Anti-Virus 2011 Free Edition 10.0.1024.  The issue is with the all PDF's being quarantined and marked as infected by Luhe.Exploit.PDF.B.

 
It has been reported and noted on the above AVG Forum that an affected version is the following:
 
    AVG Anti-virus 2011 Free Edition 10.0.1204, virus database version 1497/3490 

 
The following url is a conversation on the issue:
 
    http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=151679where
 
This seems to be a bug in the definition for Luhe.Exploit.PDF.B.   This does not mean other versions of AVG aren't impacted as well.  Please check your version and verify with AVG.  The current version of the virus database as of writing this diary is 3494 and was released today.  I have no confirmed report that the problem has been resolved yet AVG was aware and working on it.
 
Please share what you're seeing and update the readers.
 
Thanks goes to Heber and Tomas for sending in the information to get it out there.
 
UPDATE:
  AVG has responded to the issue and a new virus database was released earlier today.

  http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=151987#post_151987

  "...a virus database update removing the Re: Luhe.Exploit.PDF.x false alarm (where x stands for BCDEH) has been released on 2011-03-08 21:16:44 CET."
 
 
--
Kevin Shortt
ISC Handler on Duty
 
Keywords: AntiVirus AV AVG False LuheExploitPDF Positives
4 comment(s)

Google Chrome Updates Available - just in time for Pwn2Own

Published: 2011-03-09
Last Updated: 2011-03-09 20:07:16 UTC
by Kevin Shortt (Version: 1)
2 comment(s)

The Pwn2Own contest by HP Tipping Point held at CanSecWest each year has a new sponsor this year. Google.

Google has offered up a bounty for breaking into Google Chrome.  As a seemingly direct defensive measure to prevent a big pay out, Google has published updates the day before the competition kicks off that fix numerous problems.

Yesterday, Google published 23 updates for the Chrome browser.  15 of them were rated high by Google.  So get those browers patched!

       http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html

The nice part is Credit and Cash go to the individuals that report and assist with patch development.

--
Kevin Shortt
ISC Handler on Duty

Keywords: Chrome
2 comment(s)

Apple updates Java

Published: 2011-03-09
Last Updated: 2011-03-09 00:28:47 UTC
by Jim Clausing (Version: 1)
0 comment(s)

Apple has also released a couple of updates today.  Apparently, they are catching up on some Java updates that Oracle released earlier.  The updates are for Mac OS X 10.5 update 9 and 10.6 update 4

References

http://support.apple.com/kb/HT4562

http://support.apple.com/kb/HT4563

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Keywords: apple java
0 comment(s)

Comments

What's this all about ..?

Anonymous

Dec 3rd 2022
10 months ago

password reveal .

Anonymous

Dec 3rd 2022
10 months ago

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission

Anonymous

Dec 26th 2022
9 months ago

https://thehomestore.com.pk/

Anonymous

Dec 26th 2022
9 months ago

<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>

Anonymous

Dec 26th 2022
9 months ago

<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>

Anonymous

Dec 26th 2022
9 months ago

https://defineprogramming.com/

Anonymous

Dec 26th 2022
9 months ago

https://defineprogramming.com/

https://defineprogramming.com/

Dec 26th 2022
9 months ago

Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/

https://defineprogramming.com/

Dec 26th 2022
9 months ago

Enter corthrthmment here...

rthrth

Jan 2nd 2023
9 months ago

Login here to join the discussion.


Diary Archives