Microsoft Said: Stolen SSL Certificates May Be Dangerous While Updating Your Windows

Microsoft said Sunday that a digital certificate stolen from a Dutch company could not be used to force-feed customers malware through its Windows Update service. The company's assertion came after a massive theft of more than 500 SSL (secure socket layer) certificates, including several that could be used to impersonate Microsoft's update services, was revealed by Dutch authorities and several other affected developers.

"Attackers are not able to leverage a fraudulent Windows Update certificate to install malware via the Windows Update servers," said Jonathan Ness, an engineer with the Microsoft Security Response Center (MSRC), in a Sunday blog post. "The Windows Update client will only install binary payloads signed by the actual Microsoft root certificate, which is issued and secured by Microsoft."

Seven of the 531 certificates now known to have been fraudulently obtained by hackers in July were for the domains update.microsoft.com and windowsupdate.com, while another six were for *.microsoft.com. According to Microsoft, the certificates issued for windowsupdate.com couldn't be used by attackers because the company no longer uses that domain. (Windows Update is now at windowsupdate.microsoft.com..) However, those for update.microsoft.com -- the domain for Microsoft Update -- and the wildcard *.microsoft.com could be.

As Ness said, updates delivered via Microsoft's services are signed with a separate certificate that's closely held by the company. Without that code-signing certificate, attempts to deliver malware disguised as an update to a Windows PC would fail. Other vendors, including Apple, also sign software updates with a separate certificate. The certificates for the various Microsoft domains were issued by DigiNotar, a Dutch company that last week admitted its network had been hacked in mid-July. The company initially believed it had revoked all the fraudulent certificates, but later realized it had overlooked one that could be used to impersonate any Google service, including Gmail. DigiNotar went public only after users reported their findings to Google.
Criminals or governments could use the stolen certificates to conduct "man-in-the-middle" attacks, tricking users into thinking they were at a legitimate site when in fact their communications were being secretly intercepted. Microsoft has added its voice to the chorus from rival browser makers, notably Google and Mozilla, about the seriousness of the situation. Like its competitors, Microsoft will also permanently block all DigiNotar certificates.

"We are in the process of moving all DigiNotar owned or managed [certificate authorities] to the Untrusted Root Store, which will deny access to any website using DigiNotar certificates," said Dave Forstrom, a director in the Microsoft Trustworthy Computing group, in an emailed statement Sunday.

Forstrom did not set a date by when Microsoft would block all DigiNotar certificates, including those used by the Dutch government, which has been a major customer of the company. Google updated Chrome on Saturday to block all DigiNotar certificates, while Mozilla plans to do the same on Tuesday for Firefox.

However, Microsoft's partial ban of DigiNotar certificates -- which it instituted last week -- and the complete sanction now in the works only protects users running Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2. Customers still on Windows XP or Windows Server 2003 must wait for an update specific to those operating systems; Ness said only that that update would "be available soon."
Until that Windows XP update is available, users can protect themselves by manually deleting the DigiNotar root from the list of approved certificate-issuing authorities. 

For more information and to look at the Microsoft press release click Here 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Said: Stolen SSL Certificates May Be Dangerous While Updating Your Windows"https://www.voiceofgreyhat.com/2011/09/microsoft-said-stolen-ssl-certificates.html</a>

Why did Microsoft spend $8.5bn on Skype? (Detailed Report)

In a bold move, Microsoft acquires Nokia and catapults itself to the top of the smartphone world. The full integration of Windows Phone 7 software into Nokia hardware will result in a better user experience for customers, a zero-fragmentation platform for developers, easier deployment of a smaller number of SKUs for retailers, and more reliable update management for carriers.

It's worked before. Microsoft's hardware/software integrated devices, Xbox and Kinect, are enjoying strong revenue growth and great margins: $1.9bn revenue last quarter, 50% more than last year, with 10% operating profit.

In a prepared statement, Microsoft CEO Steve Ballmer says:

I welcome Stephen Elop back into my executive staff. His brief leave of absence has allowed us to more fully explore the possibilities of combining the best smartphone hardware, Nokia's, with the best OS, Windows Phone 7. Google's anticompetitive Android free and open licensing practices unfairly tilted the playing field against our better product; they made it impossible for us to sell Windows Phone 7 software. Instead, we're now ready to do battle with Apple from a superior position: a stronger product carrying the Windows Everywhere flag, wider carrier distribution around the world, and more retail partners in US, Europe, and BRIC nations. With our acquisition of Nokia, we're now a $100bn company, back where we belong: at the top of the high-tech industry.

When I woke up, I heard a different story: Microsoft bought Skype for $8.5bn.

We all know Skype: free voice and video calls from computer to computer, plus paid services if you need to dial a phone. As Skype prepared for its long-awaited IPO, we got financial data from their S-1filing with the SEC. S-1s are always instructive: This is usually the first time a private company opens the kimono – and the SEC watches closely as you prepare to sell shares to widows and orphans.

The Profit & Loss statement in Skype's S-1 looks like this:

With revenue of $860m in 2010, Skype's operating profit is a modest $20m, with a net loss of $69m due to interest expenses stemming from $686m in long-term debt. Except for in 2008, when they saw a $42m profit, Skype has racked up huge losses, including $1.4bn in 2007 and $370m in 2009.

(Technically, these figures straddle two different corporate structures because of Skype's complicated history. Started in 2003 as an independent European company, Skype was acquired by eBay in 2005 for a price pegged between $2.6bn and $3.1bn. After the acquisition, eBay discovered its ownership of Skype was "encumbered": A crucial piece of Skype's technology was owned by another company, Joltid, which was essentially in the hands of Niklas Zennström, one of Skype's founders. eBay settled with Joltid for about 14% of Skype. This caused wags to say the crafty Skype founders sold the company twice – and it certainly didn't make the ex-management consultants running eBay look so sharp. In 2009, eBay sold 70% of Skype to private equity and venture investors in a transaction that valued the company at $2.75bn.)

Why did Microsoft pay $8.5bn – 10 times the company's revenue – for a business that has changed hands so many times, never made money, and comes with substantial debt? (Admittedly, the $686m debt number is manageable – for Microsoft).

One eloquent answer comes from Brad Horowitz, a partner at the Andreessen Horowitz venture firm started by Netscape's founder. Horowitz invokes the network effect: A large number of users attracts more users and so on, in a kind of gravitation well:

500,000 new registered users per day – 170 million connected users – 30 million users communicating on the Skype platform concurrently – 209 billion voice and video minutes in 2010

And he concludes:

Today, I tip my hat to an old rival, Microsoft. By acquiring Skype, Microsoft becomes a much stronger player in mobile and the clear market leader in internet voice and video communications. More importantly, Microsoft gets a team, ably led by the exceptional Tony Bates, that can compete with anyone.

Well, this is a nice encomium to the guys who transformed the venture firm's $50m investment in Skype a few months ago into a $150m payday. My own venture investor hat is tipped to MM. Andreessen and Horowitz.

But not so much to Steve Ballmer.

Looking at Microsoft's recent quarterly numbers, we see the continuation of a now old and getting older tradition: losses in the Online Services Division. Only a few weeks ago, TechCrunch wondered: When Will Microsoft's Internet Bloodbath End? Business Insider provided a vivid illustration for the problem:

In just the past 12 months, Microsoft has lost $2.5bn in its online business. They spend $2 to make $1 in revenue. Buying and "integrating" Skype will make the picture even redder.

So, again, why spend $8.5bn on Skype?

The official explanation is that Skype will be targeted at professional users. For these, Microsoft already has a product called Lync, although not many have heard of it. And they have Messenger for consumers. (Actually, it's Windows Live Messenger for Windows and Microsoft Messenger for the Mac.) I don't think it's unfair to ask how, how well, and when Microsoft's Grand Unified Messaging platform will effectively exist, and how it will be monetised.

Given Microsoft's track record, there isn't much evidence of its ability to perform such integration, nor of its ability to move a big platform forward at a competitive pace, certainly not faster than what Google seems able to do with Google Voice, Talk and Google Video for Business.

The theory must be that every Windows PC will come with "Skype inside". But that isn't much progress: There are already 170 million connected Skype users, and 500,000 new registrations everyday. And imagine how carriers will react when they see a Skype client bundled with every Windows Phone 7 device, further pushing them towards their preordained destination: dumb pipes.

Today, Skype is joyfully used in both consumer and business environments. It's not perfect, but the price is right and Skype is now a verb. The next thing we know, Microsoft will take a good if imperfect service and "improve" it by integrating it with Office or SharePoint (a good product on its own). And, at some point, Microsoft will try to make us pay for it. In more ways than one.

But, again, the history isn't there. Microsoft's ability to successfully charge for a formerly free product is lacking.

Reactions to the Skype deal have been negative, if not downright derisive. Many see the Skype acquisition as more evidence that Microsoft can't innovate, or even effectively copy and out-implement any more. One local exec asked, rhetorically, how much it'd take to re-implement Skype. $100m? $1bn? It's not a question of money. Microsoft spends tons in R&D: 15% of sales, about $9bn per year. (Apple spends 2% of revenue, less than $2bn.) Think of iTunes: it's been out there for close to 10 years and there's no iTunes clone coming out of Redmond. Microsoft has to buy what it no longer has the people or the culture to create – or copy.

David Pogue, the NY Times' tech guru, thinks this acquisition will go where so many went before: to failure by mediocrity and to poisoning by matrix management.

Ben Brooks, a Microsoft shareholder – and not the disgruntled kind – comments on the Skype deal and concludes: The Ballmer Days Are Over. Perhaps, but who can tackle the job of turning Microsoft around?

In last year's 30 May Monday Note, I wrote Ballmer had opened the "Second Envelope". He was running out of explanations: first blame your predecessor, then fire a few subordinates. Next, you're out of excuses and out the door.

Since then, a few more subordinates have decided to "spend more time with their families": CTO Ray Ozzie, who wrote a long, long farewell memo (don't do that, it doesn't make you look good); tablet executive Bill Mitchell; Bob Muglia, president of the server and tools division. We'll exclude Stephen Elop, the president of the business division who went on to rescue Nokia, as he might have left of his own volition – or of his seeing Ballmer looking for the next excuse.

Last year, I noted Microsoft's stock had been stagnant for almost 10 years. Things haven't improved since then:

In the past 12 months, Microsoft's stock has fallen by 11% while the Nasdaq climbed 25%, Google 7%, and Apple 44%.

Having run out of ideas and envelopes, is Ballmer spending $8.5bn of Microsoft's $50bn cash, its biggest acquisition so far, as a desperate tentative to keep the company, or himself, in the game?

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Why did Microsoft spend $8.5bn on Skype? (Detailed Report)"https://www.voiceofgreyhat.com/2011/05/why-did-microsoft-spend-85bn-on-skype.html</a>

Microsoft, Skype Deal Could Exploit Synergies with Nokia, Enterprise

Microsoft CEO Steve Ballmer is known for his public exuberance, punctuating keynote addresses with the sort of high-decibel verbal fireworks commonly associated with high-school coaches trying to goad a touchdown.
“Developers! Developers! Developers!” is one of his more famous refrains.
As Microsoft headed into the final stages of its acquisition negotiations with VOIP (voice over IP) and video-conferencing provider Skype, Ballmer’s shout to any Microsoft executives reluctant to embrace the deal might have been: “Synergy! Synergy! Synergy!”
Microsoft is paying a lot for Skype: $8.5 billion. In return for that hefty chunk of change, it will become a business division within Microsoft, headed by Skype’s current CEO Tony Bates. Skype in its new form will support Microsoft products, such as Windows Phone and Xbox Kinect, and integrate across the breadth of Microsoft’s already-extensive portfolio—including the Lync unified-communications platform. 
But that’s not necessarily enough to justify the biggest-ever payout in Microsoft’s history. According to some analysts, the secret sauce of the Skype deal—so to speak—is its potential to bolster Microsoft’s recent partnerships with other companies, as well as its relationship to the enterprise.
“Of [Skype’s] 633 million users, fewer than 8 million are paying users. No matter. What is important is that many of these users would love to make free calls on a mobile phone,” Mike Gualtieri, an analyst with Forrester, wrote in a May 11 corporate blog posting. “Microsoft’s plan to acquire Skype fits in perfectly with its recent partnership with Nokia because both offer incredible reach.”
In other words, Skype could allow Microsoft to boost its competitiveness in the mobile realm against both Apple’s iPhone and the growing family of Google Android devices. “There is no stopping Apple when it comes to mobile and cultural dominance,” he wrote. “But Microsoft could displace Google as the alternative based on the great UX provided by Windows Phone 7, the Nokia partnership and the Skype deal.” 
Whether or not that takes place—despite some analyst assertions that Windows Phone will increasingly dominate the market, Microsoft’s share of smartphones reportedly remains low—the Skype deal could allow Microsoft to maintain its grip on a segment very near and dear to its heart, or at least its bottom line: the enterprise.
That is, if Microsoft manages to swallow Skype without too much indigestion, according to a May 11 blog post by Yankee Group analyst Emily Green: “Two of the many reasons these things fail after the photo-op: a) they buy something sizzling hot, hoping to reinvigorate their own less dynamic offerings and culture—but end up suffocating the entrepreneurial spirit in the acquired firm that made it sexy in the first place. Or, b) they buy something that’s only available because it’s on the ropes.”
That being said, Green views the Skype-Microsoft deal as capable of sidestepping those pitfalls, if only because supple, lightweight VOIP and video-conferencing assets can serve Microsoft’s designs on the enterprise.
Specifically, as those enterprises shed physical infrastructure, “their leaders have to ask some very tough questions about investing in conventional hard-wired telecommunications infrastructure.” That, in combination with employees’ seemingly unstoppable desire to bring consumer software into the enterprise, could create an opportunity for Microsoft to “tightly weave Skype’s functionality into its corporate offerings” in ways that meet the approval of executives and IT administrators. In turn, that could give Redmond the opening it needs to “maintain relevance with the new breed of enterprises being born in this century.”
However, Green concedes that earning back the enormous costs associated with the acquisition “is another story.”
Skype found itself an acquisition target in 2005, when eBay agreed to pay $2.6 billion in cash and stock for the then two-year-old company. Four years later, a team of private investors—including Silver Lake Partners and Andreessen Horowitz—took it off the auction Website’s hands for $1.9 billion in cash. Skype had reportedly been raising money for an IPO, but that offering was delayed after the company appointed Bates to the CEO role in October.
For that substantial bump-up in cash, Microsoft is purchasing one of the Web’s most recognizable consumer brands—albeit one that’s faced increased competition from Google and others in recent quarters.
But one of Skype’s private investors took to the blogosphere to discount that competition as a threat. In a May 10 posting on his personal blog, Andreessen Horowitz co-founder and partner Ben Horowitz suggested that Google’s attempt to market a similar VOIP offering had failed to stop Skype’s momentum: “What was the result of this effort? … Skype new users and usage growth has accelerated since Google’s launch.”
Apple’s Facetime, he added, also failed to blunt Skype’s momentum: “How did that impact Skype’s use on the iPhone? 50 million users have downloaded Skype’s iPhone product since the release of Apple’s FaceTime.”
If you believe Horowitz’s assertions, then Microsoft managed to sidestep the potential acquisition dangers outlined by Green. But how well the company will integrate its newest property—and create synergy with its partners—remains the question of the hour. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft, Skype Deal Could Exploit Synergies with Nokia, Enterprise"https://www.voiceofgreyhat.com/2011/05/microsoft-skype-deal-could-exploit.html</a>

Microsoft shows class in disclosing Google zero-day

Back in June of last year, Tavis Ormandy, a Google engineer in Switzerland, caused quite a stir. As Gregg Keizer reported at the time, Ormandy told Microsoft about a previously unknown security hole in Windows on June 5, and on June 9 he published a full description of the vulnerability, including proof-of-concept code, on the Full Disclosure mailing list.

Microsoft blew a corporate gasket. Mike Reavey, the director of the Microsoft Security Response Center, blogged the following day, "Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk."

Omandy responded that he was acting on his own behalf, not as a Google employee, but Reavy didn't buy it. The relationship between Microsoft and Google turned from frosty to frigid.

Last week, Microsoft showed its mettle by publicly issuing a new policy and two new "Microsoft Vulnerability Research Advisories" -- a completely new breed of Microsoft malware-fighting animal.

The policy is a nine-page document saying, basically, that when Microsoft discovers a zero-day flaw in some other vendor's product, Microsoft will work with the vendor to fix the vulnerability -- and make sure it's fixed before telling the world: "If attacks are underway in the wild, and the vendor is still working on the update, then both the finder and vendor work together as closely as possible to provide early public vulnerability disclosure to protect customers."

There are exceptions to the private reporting restriction. The policy allows Microsoft to divulge details if the vulnerability becomes known to the public at large, when there's evidence that the vulnerability is being used, or when the vendor doesn't respond.

That last point has become a bone of contention with several security researchers who claim that Microsoft hasn't responded quickly enough -- or, indeed, hasn't responded at all -- to their reports of Microsoft vulnerabilities. To be fair, no one has yet determined precisely how long it takes for a lack of response to result in a vendor being classified as "unresponsive."

Microsoft accompanied the new procedure with two new MSVR advisories, dubbed MSVR11-001and MSVR11-002. It comes as no surprise that both of them describe previously undocumented security holes in Google products that had been patched by Google. (MSVR11-002 describes a problem in both Google Chrome and Opera.)

Neither vulnerability is particularly interesting. The first one, a buffer overflow, allows arbitrary code to run, but only in the confines of the Chrome sandbox. It was fixed in Chrome Version 6.0.472.59, which was released seven months ago. The second requires advance knowledge of a specific local IP address. It was fixed in Chrome 8.0.552.215, which was released four months ago. Apparently, Microsoft held onto both reports, pending final publication of their new policy.

If you or someone in your organization ever stumbles on a zero-day vulnerability in a software product, take a few minutes to look over Microsoft's policy. I won't get sucked into debating the virtues of Full Disclosure versus Coordinated Disclosure, but it would certainly be instructive to see how Microsoft says it would treat you and your organization if the shoe were on the other foot.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft shows class in disclosing Google zero-day"https://www.voiceofgreyhat.com/2011/04/microsoft-shows-class-in-disclosing.html</a>

Microsoft pays $US8.5b for Skype

Microsoft Corp plans to buy Internet phone service Skype for $U8.5 billion ($7.9 billion) in its biggest-ever acquisition, placing a rich bet on mobile and the Internet to try to best rivals such as Google.

In a deal that took a month from offer to signing, the software company outbid Google and Facebook, which sources said offered to partner or buy Skype for $US3 billion to $US4 billion.

Microsoft's interest in the money-losing, but popular service highlights a need to gain new customers for its Windows and Office software. Skype has 145 million users on average each month and has gained favor among small business users.

But investors expressed skepticism over the deal, sending Microsoft shares down 1.4 per cent to $US25.46. If those losses hold, the software giant's market value - already exceeded by Apple last year - will slip behind General Electric's and begin to approach IBM's.

Led by private equity firm Silver Lake, eBay Inc and other investors including the Canada Pension Plan Investment Board and Andreessen Horowitz, would make $US5 billion, or three times their investment, a source familiar with the deal said.

Microsoft is putting more energy and resources into mobile and the Internet as the personal computer business underpinning its Windows and Office franchise appears to be under threat.

The Luxembourg-based company, which allows people to make calls at no charge, but has also developed premium services, would give Microsoft a foothold in the video-conferencing market as businesses shift to cheaper ways of communicating.

Skype delayed plans for an IPO that was expected to value the company at more than $US3 billion. It looked tie-ups with Facebook and Google. Such a deal was expected to value Skype at $US3 billion to $US4 billion.

"It doesn't make sense at all as a financial investment," said Forrester Research analyst Andrew Bartels. "There's no way Microsoft is going to generate enough revenue and profit from Skype to compensate."

A mobile presence

Skype could be combined with Microsoft software such as Outlook to appeal to corporate users, while the voice and video communications could link to Microsoft's Xbox live gaming.

Skype also would offer Microsoft another route to develop its mobile presence, an area it has already put more energy and resources into as PC usage comes under threat.
Skype would become a new business division within Microsoft with Skype CEO Tony Bates in charge and reporting to Ballmer.

"Tony didn't look for it. The ownership group, led by Silver Lake, didn't look for it. We just decided (it was) something that we thought made sense for us," a jubilant Ballmer told reporters.

The sum would not stretch Microsoft. It would bankroll the deal with cash sitting overseas, which would be taxed if Microsoft brought it home. But others said the price was high.

"In this atmosphere of Internet Bubble 2.0, picking up an unprofitable online company for roughly 10 times sales probably seems downright cheap," said Shanghai-based Michael Clendenin, managing director of consulting firm RedTech Advisors.

"But if you consider (it) was just valued at about $US2.5 billion 18 months ago when a chunk was sold off, then $US8.5 billion seems generous and means Microsoft has a high wall to climb to prove to investors that Skype is a necessary linchpin for the company's online and mobile strategy," he said.

Skype, which was formed in 2003. EBay Inc bought it in 2005 for $US3.1 billion. Last year, it lost $7 million, according to data in its initial public offering filing.

In 2009, eBay sold a majority stake in Skype for $US1.9 billion in cash and a $US125 million note. EBay retained about a third.

Ballmer said his company did not use Wall Street advisers on the deal, approaching the owners directly. Goldman Sachs and JPMorgan advised Skype.

The deal, the biggest in technology so far in 2011, capped the strongest start to deal-making since 2000, according to Thomson Reuters data.

"I wish they had not done it," said Whitney Tilson, founder and a managing partner of T2 Partners LLC, which owns Microsoft shares. "Everybody I know uses it and I am glad Microsoft owns it. They just probably paid too much for it."

"We aren't big enough to have a big say. But I am sure that everybody else -- the bigger shareholders -- are going to be asking Microsoft, 'why did you this?'" 

Biggest deal

The acquisition is Microsoft's largest, surpassing the purchase of AQuantive Inc for about $US6 billion in 2007.

"This could give Microsoft a much-needed kick-start" in telecommunications, Paolo Pescatore, an analyst at CCS Insight in London, said. In voice services, "Skype has certainly set the benchmark and gained a lot of traction".

The purchase is likely to divert Skype from a plan that it announced last year - to sell $US100 million of shares in an initial public offering. The company has struggled to convert users of its free PC-to-PC phone services into paying customers.

Skype reported about $US775 million in debt, along with a revolving credit line of $US30 million, in a filing in April.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft pays $US8.5b for Skype"https://www.voiceofgreyhat.com/2011/05/microsoft-pays-us85b-for-skype.html</a>

Microsoft Along With FBI & EC3 Shattered The Notorious ZeroAccess Botnet

Microsoft Along With FBI & EC3 Shattered The Notorious ZeroAccess Botnet Responsible For Infecting More Than 2 Million Computers

Redmond based software giant Microsoft yet again got a huge success against a big racket of cyber criminals while shattering one of the world's largest and most rampant botnets named 'ZeroAccess'. The Sirefef botnet, also known as ZeroAccess, is responsible for infecting more than 2 million computers, specifically targeting search results on Google, Bing and Yahoo search engines, and is estimated to cost online advertisers $2.7 million each month. Tech giant Microsoft working alongside the Federal Bureau of Investigation (FBI), Europol's European Cybercrime Centre (EC3) have successfully disrupted this notorious botnet. This is Microsoft’s first botnet action since the Nov. 14 unveiling of its new Cybercrime Center — a center of excellence for advancing the global fight against cyber crime — and marks the company’s eighth botnet operation in the past three years.

“This operation marks an important step in coordinated actions that are initiated by private companies and, at the same time, enable law enforcement agencies around Europe to identify and investigate the criminal organizations and networks behind these dangerous botnets that use malicious software to gain illicit profits,” said Troels Oerting, head of the EC3. “EC3 added its expertise, information communications technology infrastructure and analytic capability, as well as provided the platform for high-level cooperation between cyber crime units in five European countries and Microsoft.”

Due to its botnet architecture, ZeroAccess is one of the most robust and durable botnets in operation today and was built to be resilient to disruption efforts, relying on a peer-to-peer infrastructure that allows cyber criminals to remotely control the botnet from tens of thousands of different computers. ZeroAccess is used to commit a slew of crimes, including search hijacking, which “hijacks” people’s search results and redirects people to sites they had not intended or requested to go to in order to steal the money generated by their ad clicks. ZeroAccess also commits click fraud, which occurs when advertisers pay for clicks that are not the result of legitimate, interested human users’ clicks, but are the result of automated Web traffic and other criminal activity. Research by the University of California, San Diego shows that as of October 2013, 1.9 million computers were infected with ZeroAccess, and Microsoft determined there were more than 800,000 ZeroAccess-infected computers active on the Internet on any given day.

How It Happened:- 

Last week, Microsoft filed a civil suit against the cyber criminals operating the ZeroAccess botnet and received authorization from the U.S. District Court for the Western District of Texas to simultaneously block incoming and outgoing communications between computers located in the U.S. and the 18 identified Internet Protocol (IP) addresses being used to commit the fraudulent schemes. In addition, Microsoft took over control of 49 domains associated with the ZeroAccess botnet. A10 Networks provided Microsoft with advanced technology to support the disruptive action.

As Microsoft executed the order filed in its civil case, Europol coordinated a multijurisdictional criminal action targeting the 18 IP addresses located in Europe. Specifically, Europol worked with Latvia, Luxembourg, Switzerland, the Netherlands and Germany to execute search warrants and seizures on computer servers associated with the fraudulent IP addresses located in Europe. This is the second time in six months that Microsoft and law enforcement have worked together to successfully disrupt a prevalent botnet. It demonstrates the value coordinated operations have against cyber criminal enterprises. For more information about this botnet operation click here

ZeroAccess is counted as a very sophisticated malware, blocking attempts to remove it, therefore recommended for every Microsoft user to click Here for detailed instructions on how to remove this threat. As Microsoft found that the ZeroAccess malware disables security features on infected computers, leaving the computer susceptible to secondary infections, it is critical that victims rid their computers of ZeroAccess by using malware removal or antivirus software as quickly as possible. 

In conversation with press David Finn, executive director and associate general counsel of the Microsoft Digital Crimes Unit said -“Microsoft is committed to working collaboratively — with our customers, partners, academic experts and law enforcement — to combat cybercrime. And we’ll do everything we can to protect computer users from the sinister activities and criminal networks that victimize innocent people and businesses around the world.” 

While talking about ZeroAccess botnet take down, I would like to remind you that in Match, last year Microsoft has successfully shutdown two command and control (C&C) server of world's of the most dangerous banking trojan Zeus.

-Source (Microsoft Official Blog)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Along With FBI & EC3 Shattered The Notorious ZeroAccess Botnet"https://www.voiceofgreyhat.com/2013/12/microsoft-shattered-zerozccess-botnet.html</a>

Microsoft Patches Serious 34 Vulnerabilities

In today's Patch Tuesday, Microsoft released 16 bulletins addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studio, Silverlight, VML and ISA. Nine of the bulletins are rated Critical, with seven rated as Important. Wolfgang Kandek, Qualys CTO, comments: "The only bulletin with a known expoit in the wild is MS11-046, a local privilege escalation flaw in the "afd.sys" driver. IT admins can check with their end-point security providers for coverage, but should include this bulletin high on their to-do lists in any case, as it is only a matter of time until we see more attackers use malware taking advantage of this exploit to gain control of your workstations."

Here are the bulletins:-

Vulnerability in OLE Automation 
This security update resolves a privately reported vulnerability in Microsoft Windows Object Linking and Embedding (OLE) Automation. The vulnerability could allow remote code execution if a user visits a Web site containing a specially crafted Windows Metafile (WMF) image. In all cases, however, an attacker would have no way to force users to visit such a Web site. Instead, an attacker would have to convince users to visit a malicious Web site, typically by getting them to click a link in an e-mail message or Instant Messenger request.

Vulnerability in .NET Framework and Microsoft Silverlight
This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Vulnerability in Threat Management Gateway Firewall Client 
This security update resolves a privately reported vulnerability in the Microsoft Forefront Threat Management Gateway (TMG) 2010 Client, formerly named the Microsoft Forefront Threat Management Gateway Firewall Client. The vulnerability could allow remote code execution if an attacker leveraged a client computer to make specific requests on a system where the TMG firewall client is used.

Vulnerability in Windows Kernel-Mode Drivers
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a network share (or visits a web site that points to a network share) containing a specially crafted OpenType font (OTF). In all cases, however, an attacker would have no way to force a user to visit such a web site or network share. Instead, an attacker would have to convince a user to visit the web site or network share, typically by getting them to click a link in an e-mail message or Instant Messenger message.

Vulnerabilities in Distributed File System
This security update resolves two privately reported vulnerabilities in the Microsoft Distributed File System (DFS). The more severe of these vulnerabilities could allow remote code execution when an attacker sends a specially crafted DFS response to a client-initiated DFS request. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

Vulnerability in SMB Client
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request. To exploit the vulnerability, an attacker must convince the user to initiate an SMB connection to a specially crafted SMB server.

Vulnerability in .NET Framework
This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could be the case in a Web hosting scenario. This vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

Cumulative Security Update for Internet Explorer
This security update resolves eleven privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerability in Vector Markup Language
This security update resolves a privately reported vulnerability in the Microsoft implementation of Vector Markup Language (VML). This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers. Internet Explorer 9 is not affected by the vulnerability.

The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Vulnerability in MHTML
This security update resolves a publicly disclosed vulnerability in the MHTML protocol handler in Microsoft Windows. The vulnerability could allow information disclosure if a user opens a specially crafted URL from an attacker's Web site. An attacker would have to convince the user to visit the Web site, typically by getting them to follow a link in an e-mail message or Instant Messenger message.

Vulnerabilities in Microsoft Excel
This security update resolves eight privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Installing and configuring Office File Validation (OFV) to prevent the opening of suspicious files blocks the attack vectors for exploiting the vulnerabilities described in CVE-2011-1272, CVE-2011-1273, and CVE-2011-1279. Microsoft Excel 2010 is only affected by CVE-2011-1273 described in this bulletin. The automated Microsoft Fix it solution, "Disable Edit in Protected View for Excel 2010," available in Microsoft Knowledge Base Article 2501584, blocks the attack vectors for exploiting CVE-2011-1273.

Vulnerability in Ancillary Function Driver
This security update resolves a publicly disclosed vulnerability in the Microsoft Windows Ancillary Function Driver (AFD). The vulnerability could allow elevation of privilege if an attacker logs on to a user's system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit the vulnerability.

Vulnerability in Hyper-V Could
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

Vulnerability in SMB Server
This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit this vulnerability.

Vulnerability in the Microsoft XML Editor
This security update resolves a privately reported vulnerability in Microsoft XML Editor. The vulnerability could allow information disclosure if a user opened a specially crafted Web Service Discovery (.disco) file with one of the affected software listed in this bulletin. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.

Vulnerability in Active Directory Certificate Services Web Enrollment
This security update resolves a privately reported vulnerability in Active Directory Certificate Services Web Enrollment. The vulnerability is a cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. An attacker who successfully exploited this vulnerability would need to send a specially crafted link and convince a user to click the link. In all cases, however, an attacker would have no way to force a user to visit the Web site. Instead, an attacker would have to persuade a user to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes the user to the vulnerable Web site.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Patches Serious 34 Vulnerabilities"https://www.voiceofgreyhat.com/2011/06/microsoft-patches-serious-34.html</a>

Microsoft Started "BlueHat" Contest for Better Security

As any Jedi knight knows, the temptation to turn to the Dark Side is difficult to resist. The same can be true for White Hat hackers--malware fighters who discover vulnerabilities in software.

The black market prices for those kinds of security flaws are as tantalizing to ethical hackers as the malevolent side of The Force was to Luke Skywalker. Microsoft wants to temper those temptations, though, and has announced a contest that offers more than $250,000 in prizes for developing better solutions to counter security threats.

Microsoft's "BlueHat Prize," announced by the company at the Black Hat security conference in Las Vegas Wednesday, offers a grand prize of $200,000, a runner-up purse of $50,000, and a third-place award of a one-year subscription to MSDN Universal--a developer's platform for Microsoft products--worth $10,000--to security researchers who design the most effective ways to prevent the use of memory safety vulnerabilities. Those kinds of vulnerabilities can create problems like buffer overflows that can be exploited by Net miscreants to compromise computers.

“As the risk of criminal attacks on private and government computer systems continues to increase, Microsoft recognizes the need to stimulate research in the area of defensive computer security technology," Matt Thomlinson, Microsoft’s General Manager of Trustworthy Computing Group, said.

“Our interest is to promote a focus on developing innovative solutions rather than discovering individual issues," Thomlinson continued. "We believe the BlueHat Prize can catalyze defensive efforts to help mitigate entire classes of attacks."

Top Experts Needed:-

In offering the prize, Microsoft hopes to attract the world's top experts to focus their "little gray cells" on a major security problem. “Microsoft wants to encourage more security experts to think about ways to reduce threats to computing devices," observed Katie Moussouris, senior security strategist lead for the Microsoft Security Response Center.

“We’re looking to collaborate with others to build solutions to tough industry problems," she added. "We believe the BlueHat Prize will encourage the world’s most talented researchers and academics to tackle key security challenges and offer them a chance to impact the world."

The Origin of the Concept:-

According to Microsoft, it got the idea for the BlueHat prize from a previously launched security information-sharing program. That initiative, the Microsoft Active Protections Program (MAPP), allows Microsoft to share information with security vendors around the world so they can release protection technologies to their customers much faster. The success of that program got Microsoft thinking about mounting a similar effort for the security research community.

One vendor with praise for BlueHat was Adobe, a company that's no stranger to software with vulnerabilities. “The Microsoft BlueHat Prize announced at Black Hat [on August 3] is an exciting new initiative and a great example of encouraging community collaboration in the defense against those with malicious intent," observed Adobe's Senior Director for Product Security and Privacy Brad Arkin.

“This call for entries promises to stimulate research activity within the broader security community on how to mitigate entire classes of attacks, rather than thinking about software security as a challenge best addressed one bug at a time," he continued. "This research has the potential to lower costs for third-party developers and increase the level of security assurance for end users."

Here are the official rules and guidelines for the competition. Contest submissions will be accepted until Sunday, April 1, 2012, Microsoft said. A panel of Microsoft security engineers will judge submissions based on the following criteria: Practicality and functionality (30 percent); robustness--how easy it would be to bypass the proposed solution (30 percent); and impact (40 percent). The winners will be announced at Black Hat USA conference in 2012.

-News Source (PC World)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Started "BlueHat" Contest for Better Security"https://www.voiceofgreyhat.com/2011/08/microsoft-started-bluehat-contest-for.html</a>

"April Patch" By Microsoft & Adobe Closed Critical Security Holes

"April Patch" By Microsoft & Adobe Closed Critical Security Holes

As per schedule two software giants Microsoft and Adobe today each issued security bulletin to plug security holes in their vulnerable products. The patch batch from Microsoft fixes at least 11 flaws in Windows, Internet Explorer (IE), Office and several other products, including one bug that attackers are already exploiting. The company also issued the first patch for Windows 8 Consumer Preview, the beta-like build Microsoft released at the end of February. Adobe’s update tackles four vulnerabilities that are present in current versions of Adobe Acrobat and Reader. 

Seven of the 11 bugs Microsoft fixed with today’s release earned its most serious “critical” rating, which Microsoft assigns to flaws that it believes attackers or malware could leverage to break into systems without any help from users. In its security bulletin summary for April 2012. Among those is an interesting weakness (MS12-024) in the way that Windows handles signed portable executable (PE) files. According to Symantec, this flaw is interesting because it lets attackers modify signed PE files undetected. Microsoft said that this patch the highest priority security update this month. “What makes this bulletin stand out is that Microsoft is aware of attacks in the wild against it and it affects an unsually wide-range of Microsoft products, including Office 2003 through 2010 on Windows, SQL Server 2000 through 2008 R2, BizTalk Server 2002, Commerce Server 2002 through 2009 R2, Visual FoxPro 8 and Visual Basic 6 Runtime,” Kandek said. “Attackers have been embedding the exploit for the underlying vulnerability (CVE-2012-0158) into an RTF document and enticing the target into opening the file, most commonly by attaching it to an e-mail. Another possible vector is through web browsing, but the component can potentially be attacked through any of the mentioned applications.” Other notable fixes from Microsoft this month include a .NETupdate, and a patch for at least five Internet Explorer flaws. Patches are available for all supported versions of Windows, and available through Windows Update. In March 2012 Security bulletins Microsoft closed a total of seven security holes in its products. Among them one Critical-class, four Important and one Moderate – addressing seven issues in Microsoft Windows, Visual Studio, and Expression Design. According to Microsoft (MS12-020) remote code execution vulnerability has been found in RDP (Remote Desktop Protocol).

After Microsoft here comes the turn for Adobe &  they updates fix critical problems in Acrobat and Reader on all supported platforms, including Windows, Mac OS X, and Linux. Users on Windows and Mac can use each products’ built-in update mechanism. The newest, patched version of both Acrobat and Reader is v. 10.1.3 for Windows and Mac systems. The default configuration is set to run automatic update checks on a regular schedule, but update checks can be manually activated by choosing Help > Check for Updates. Reader users who prefer direct links to the latest version can find them by clicking the appropriate OS, Windows, Mac or Linux (v. 9.5.1).

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">"April Patch" By Microsoft & Adobe Closed Critical Security Holes"https://www.voiceofgreyhat.com/2012/04/april-patch-by-microsoft-adobe-closed.html</a>

Microsoft Releases Patch Fixes for Windows Server and PowerPoint

Microsoft fixed bugs in the WINS name server resolution protocol and a file format vulnerability in PowerPoint for its May Patch Tuesday.

 Microsoft addressed two security bulletins in May’s Patch Tuesday release. Security experts said administrators should apply the fixes immediately—because, despite their small size, they address significant threats.

Microsoft fixed a critical vulnerability affecting Windows Server and an important bug in Microsoft Office PowerPoint, according to the Patch Tuesday advisory released May 10. Microsoft also assigned separate “exploitability” scores for newer versions of the software under the “improved” exploitability index ratings.

The team fixed a critical vulnerability (MS11-035) in the WINS component in Windows Server 2003 and 2008. WINS is a name-resolution service that resolves names in the NetBIOS namespace and does not require authentication to use. While usually not available by default in Windows Server, it is commonly used in the enterprise for internal network servers. Administrators who have enabled WINS in Windows Server should apply the patch immediately as attackers could remotely cause a denial of service, according to Wolfgang Kandek, the CTO of Qualys.

“What might make the WINS vulnerability appealing to attackers is that it is a server-side issue,” Joshua Talbot, security intelligence manager, Symantec Security Response, told eWEEK.

Unlike other threats, attackers don’t have to trick a user into doing anything since it’s just a matter of finding a vulnerable server and feeding the machine “a malicious string of data,” according to Talbot. It is also a more serious issue on Windows Server 2003 than on 2008 because Windows Server 2008 has built-in protections such as DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization). However, attackers can still create exploit code to get past those security features, Talbot said.

The other “important” bulletin (MS11-036) addressed a security flaw in all versions of Microsoft Office Power Point except Office 2010. The bug would allow attackers to take full control of the target machine as soon as the user opens a malicious PPT file.

Both WINS and PowerPoint vulnerabilities are fairly significant, according to Tyler Reguly, technical manager of security research and development at nCircle. File-format vulnerabilities are “popular exploits” but WINS is remote code execution, so it was “difficult” to decide which was the “biggest risk today.”

Microsoft listed both vulnerabilities using the new exploitability ratings. The PowerPoint bulletin was rated a “1” for a consistent exploit code likely for older software releases, but 0 for latest software because Office 2010 is not affected. The WINS patch was rated a “2” on both the latest and older versions because it affected all versions.

The updated rating system is intended to make it easier for IT administrators to determine their risk level, according to Microsoft.

“With massive updates such as we had in April, it’s easy to get overwhelmed. Microsoft’s new index simplifies the process, which will help IT administrators to prioritize which patches they tackle first,” said Dave Marcus, director of security research and communications at McAfee Labs.

The small release means administrators should “brace themselves for a larger update” in June, according to Kandek.

To complicate things for IT administrators, a fake Patch Tuesday update is making the rounds, according to security researchers at Websense Security Labs ThreatSeeker network. The malware is spread via a link inside an email message supposedly from “Microsoft Canada Co.” which informs users that Microsoft has issued a “Security Update for Microsoft Windows OS,” wrote Amon Sanniez, associate security researcher at Websense. Clicking on the link downloads the fake patch to the computer and infects the system with a Zeus Trojan variant, according to Sanniez.

It “ties in almost perfectly” with the real Patch Tuesday updates from Microsoft, Sanniez said.

The email looks quite legitimate and shows “some effort” went into the creation, as the message is presented in both English and French, and the display names within the headers actually say the mail originated from Microsoft Canada.

The malicious executable is currently not being detected by most major antivirus products tracked on VirusTotal, so IT managers should be careful that none of their staff members or users click on the link to get the security update. Websense said it is a low-volume threat, possibly aimed at a handful of companies. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Releases Patch Fixes for Windows Server and PowerPoint"https://www.voiceofgreyhat.com/2011/05/microsoft-releases-patch-fixes-for.html</a>