Updates

A compilation of the latest information about Virus, Security and Patches which could be vital for your system

Patch for Windows XP SP2 firewall

If you use a dial-up Internet connection and the Windows firewall application on a Microsoft Windows XP Service Pack 2 system, the software has a bug that could let anybody on the Internet access resources on your computer. If you create an exception in Windows firewall for File and Printer Sharing, you may discover that anyone can access shared files and printers. Windows firewall automatically selects the ‘My network (subnet) only scope option’ when you create an exception for File and Printer Sharing. Microsoft states that some dialling software can configure routing tables in a manner that the firewall in Windows XP SP2 interprets the entire Internet to be a local subnet. A patch is available at www.microsoft.com/downloads/details.aspx?familyid=da66a0ac-55ca-4591-b3e6-d78695899141

Google desktop search at risk

A potentially serious security flaw in Google’s desktop search tool, Google Desktop, has been reported. It could let an attacker secretly search the contents of your PC over your Internet connection. The beta of Google Desktop was released in mid October 2004. It indexes files on your hard disk and lets you search your hard drive much as you search the Net with Google.com. Google Desktop transmits your search queries over the Internet for the purpose of placing AdWords text advertisements beside the search results. Google has responded by distributing a patched version of the software that takes care of this potential security hole. As the software scans traffic that seems to be going to google.com and inserts results from your hard drive for a particular search it becomes possible to trick it into inserting the same results into other Web pages where an attacker can read them. For such an attack to work, you would need to visit the attacker’s Web site. No such attacks have been reported. The researchers who discovered the bug have said that Google responded quickly and it has begun releasing a corrected version from December 10. Google Desktop has an update feature that lets Google automatically install new versions without user intervention. To tell if your version has been patched, researchers advise you to scan the About Google Desktop page. If the version number is above 121004; you have an updated version of the software.

desktop.google.com

Veritas BackupExec Agent vulnerable

A serious remote vulnerability exists in Veritas BackupExec Agent that does not require authentication before the service can be exploited. As backup servers tend to be reachable by, and have access to, a large number of systems within an organisation, security experts recommend that patches be applied immediately.

For BackupExec 8.6.x
seer.support.veritas.com/docs/273422.htm
For BackupExec 9.1.x
seer.support.veritas.com/docs/273420.htm

Acrobat Reader patch

If like the rest of the world you end up opening a PDF document every other day, it’s time to head for Adobe.com and patch your copy of Acrobat Reader. Get the Adobe Reader 6.0.3 update that addresses several potential vulnerabilities in Adobe Reader versions 6.0.0 to 6.0.2.

www.adobe.com/support/downloads/detail.jsp?ftpID=269