Malware

Security news roundup: Spybot Search & Destroy scans for rootkits, multiple patches from Apple

Here’s a collection of recent security vulnerabilities and alerts, which covers news that Spybot Search & Destroy now comes with the ability to detect rootkits, a re-release of a patch that affects Microsoft Office Excel 2003 SP2 and SP3, a slew of patches from Apple, and a warning from Microsoft that Word is a possible vector of a new vulnerability.

Here’s a collection of recent security vulnerabilities and alerts, which covers news that Spybot Search & Destroy now comes with the ability to detect rootkits, a re-release of a patch that affects Microsoft Office Excel 2003 SP2 and SP3, a slew of patches from Apple, and a warning from Microsoft that Word is a possible vector of a new vulnerability.

  • Spybot Search & Destroy scans for rootkits

The folks over at Spybot Search & Destroy (S&D) have announced last week about a new anti rootkit plugin for the popular software. A new RootAlyzer tool has also been made available.

You can access the new rootkit-related plugins by doing an update of Spybot S&D. The RootAlyzer tool, on the other hand, serves to reveal anything that uses certain rootkit technologies, even if they are not in the S&Ds detection database.

Excerpt from the announcement:

The RootAlyzer is a single tool which goes through the file system, the registry and process related lists. When you start RootAlyzer, it performs a very quick scan of a few important places, taking about a second on modern machines. To check the full system, you have the possibility of choosing a Deep Scan.

Currently, the RootAlyzer is a work in progress (with a new project tools category in our forum to track bugs and feature requests), but it's already helping to easily locate most of the current malware rootkits.

I reckoned that TechRepublic members would be interested to know about this new feature as my Right Tools write-up on the Spybot Search & Destroy attracted just below 300 comments earlier on.

RootAlyzer is compatible with Windows NT, 2000, XP, 2003 as well as Vista. You can download it here (zip) or read more about it over at the S&D forums. Spybot Search & Destroy is free for personal use.

  • Microsoft fixes Excel a second time

Microsoft has re-released a patch meant for Microsoft Office Excel 2003 SP2 and SP3. The original version of MS08-014 that was released on March 11, 2008 resulted in a calculation error under certain circumstances.

Specifically, users of the above-mentioned setup who utilize real-time data sources in custom-written VBA functions will experience miscalculations in tables. You can read more about this issue under Microsoft's Knowledge Base KB950340.

Users who are affected will be offered the revised patch via automatic Windows Update. Alternatively, you can do a manual Windows Update, or download the patch directly from Microsoft here.

  • Apple releases second mega-pack of patches and other fixes

Apple has released security update 2008-002 which fixes 46 vulnerabilities in Mac OS X as well as various third party programs included in the operating system.

The update resolves issues with the following components: AFP client and server, Apache, the Application Firewall, AppKit, CFNetwork, CoreFoundation, CoreServices, curl, CUPS, ClamAV, Emacs, the file command, Foundation, the Help Viewer, handling of Raw images, Kerberos, libc, mDNSResponder, notifyd, OpenSSH, pax archive utility, PHP, Podcast Producer, Preview, printing, System Configuration, UDF, Wiki Server, X11.

You can check out the details of Apple's 2008-002 security update here or obtain the fixes from Software Update. Alternatively, you can download it directly from Apple downloads.

Apple has also released patches that fixes multiple problems with the Safari Web browser. You can read up more on it here.

On the hardware end of things, if you happen to own an AirPort Extreme with 802.11n, you might want to know that Apple has released yet another firmware update for it. Additional details are scant, except that it fixes a denial of service vulnerability that can result from a maliciously crafted AFP request. You can read up more on it here, or download the firmware from here.

  • Microsoft warns of new Word vulnerability

Microsoft issued a warning on Friday of an unpatched flaw that originates in the Windows operating system. The company says that this vulnerability can be exploited to install unauthorized software on a victim's PC by means of a maliciously crafted Word document. The issue appears to be with the Jet Database Engine used by a number of other products - including Microsoft Access.

Users of various versions of Word from Word 2000 onwards are at risk, unless they happen to be running under Windows Vista or Windows Server 2003 SP2. The bug affects any version of the Jet Database Engine (Msjet40.dll) with a version number equals to or higher than 4.0.9505.0.

You can read Security Advisory 950627 for additional information. A recommended workaround can be found there.

As usual, Microsoft did not say if and when they plan to patch the bug, though it did not rule out the possibility of an emergency patch.

Feel free to discuss about the various security updates here.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

3 comments
BALTHOR
BALTHOR

The crooks even stole the lug nuts.I removed one nut from each tire and used the spare.

paulmah
paulmah

Feel free to discuss about the various security updates here.

Editor's Picks