The Computer Clarity Blog

* Microsoft addresses record 49 flaws in its software

* Affects Windows, Internet Explorer, Office

* Fixes vulnerability exploited by Stuxnet virus (Adds details on Stuxnet virus, comments from researcher)

By Jim Finkle

BOSTON, Oct 12 (Reuters) – Microsoft Corp (MSFT.O) issued its biggest-ever security fix on Tuesday, including repairs to its ubiquitous Windows operating system and Internet browser for flaws that could let hackers take control of a PC.

The new patches aim to fix a number of vulnerabilities including the notorious Stuxnet virus that attacked an Iranian nuclear power plant and other industrial control systems around the world.

Microsoft said four of the new patches — software updates that write over glitches — were of the highest priority and should be deployed immediately to protect users from potential criminal attacks on the Windows operating systems.

Microsoft said it also repaired other less serious security weaknesses in Windows, along with security problems in its widely used Office software for PCs and Microsoft Server software for business computers.

Microsoft released 16 security patches to address 49 problems in its products, many of which were discovered by outside researchers who seek out such vulnerabilities to win cash bounties as well as notoriety for their technical prowess.

“This is a huge jump,” said Amol Sarwate, a research manager with computer security provider Qualys Inc. “I think the reason for it is that more and more people are out there looking for vulnerabilities.”

The geeks who report such vulnerabilities to software makers are known as “white hat” hackers. Sarwate warned that there are also plenty of “black hats,” or criminal hackers who look for vulnerabilities in software that they can exploit to launch attacks on computer systems.

Indeed, the world’s biggest software maker said that the patches released on Tuesday include software to fix a vulnerability exploited by the Stuxnet virus — a malicious program that attacks PCs used to run power plants and other infrastructure running Siemens (SIEGn.DE) industrial control systems.

The virus, which infected computers at Iran’s Bushehr nuclear power plant, was discovered over the summer. Security research Symantec said that it detected the highest concentration of the virus on computer systems in Iran, though it was also spotted in Indonesia, India, the United States, Australia, Britain, Malaysia and Pakistan.

So far Microsoft has patched three of the four vulnerabilities exploited by Stuxnet’s unknown creators.

The total of 49 vulnerabilities exceeds the previous record of 34, which was set in October 2009 and matched in June and August of this year.

The constant patching of PCs is a time-consuming process for corporate users, who need to test the fixes before they deploy them to make sure they do not cause machines to crash because of compatibility problems with existing software. (Reporting by Jim Finkle. Editing by Robert MacMillan, Gary Hill)

http://www.reuters.com/article/idUSN1220677620101012

Computer Clarity

A brief, general overview of the Microsoft Windows Vista Operating System from the new users point of view.

Computer Clarity

How Our Technicians Secure Your Computer with our Clarity Shield Services
In this video, I will demonstrate how our technicians protect your computers security
with our Clarity Shield Services.

Computer Clarity

I ran into one of the most common infection techniques several times on different computers today.  It goes something like this:

An average person goes surfing sites, often regular sites, and in the middle of this average normal internet cruise…WHAMMO…some popup gets in your face telling you about 48 infections, viruses, spyware, Trojans, and worms are all up in your computer and you must click here to remove.  Many at this point click the window and the real virus infection begins.  Others are wary and try to close the window with the red “x” in the top right corner.  Unfortunately, many of these trick warnings are designed to launch the virus if you touch any part of the window.

Average computer users have two obvious problems.  First, how can a user tell the difference between a legitimate warning and one of these tricks?  Second, how do you close one of these damned fake warning windows without getting the virus?

To answer the first question, look in the top bar of the warning window.  This bar, usually blue, is designed by windows to display the name of the software that is running in that window.  If a warning is from any software other than Windows or your installed antivirus software, it is probably a trick!  Don’t Touch It!  If you see the name and you’re not sure what software it is, Google it.  If it is good, you’ll see some websites that describe it.  If the software is bad, you will see ten thousand websites talking about how bad it is and giving suggestions for removing it.  In a heartbeat, you can know for sure if the warning is real or the beginning of your nightmare.

To answer the second question, “How do you close that damned window without touching it?”  There are three ways to get out of this.  Try them in order.  First, look at the bar at the bottom of the whole screen.  This is the bar with the start button on the left and the clock on the right.  In the middle section there are wide buttons that represent the windows that are currently open.  Find the one that represents the warning window, right click it, and choose “Close” from the menu.  If you are not sure which one to right click, close them all.  The second thing to try is to hold down the “ctrl” and “alt” keys and tap “del” once.  This will give you access to the task manager where you can forcibly kill programs and processes.

The third option that you have to avoid the impending doom looming over your computer in the form of this fake warning is a simple, effective, and full proof method.  However it is drastic.  You will lose anything you haven’t saved and you may have to endure an hour long Windows scan disc routine but you will avoid hours or days dealing with the other mess.  If you can’t find a way out of this window without touching it and you can’t locate the button, program, or process to kill, kill the computer.  Press and hold the power button for about five seconds or until the computer shuts off.  Then reboot as normal.  If the virus was not launched, your computer will be fine.  If the virus was launched, it’s too late already.  I am so sorry, but look for my post on virus removal.  I will tell you what to do after an infection.

Computer Clarity