False Positive Alert Among Microsoft Patches

Microsoft have released this week new patches that contain 9 bulletin and to fix four critical vulnerabilities. The four critical bugs are as follows:

  1. MS12-008 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2660465)  This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a website containing specially crafted content or if a specially crafted application is run locally. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website.
  2. MS12-010 Cumulative Security Update for Internet Explorer (2647516) This security update resolves four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  3. MS12-013 Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428)  This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted media file that is hosted on a website or sent as an email attachment. An attacker who successfully exploited the vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  4. MS12-016 Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026) This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted web page using a web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Beside critical patches we have also several important updates that are going to fix Microsoft windows, Microsoft Office and Microsoft Server Software. Most of these patches require system restart to complete the update.

Screenshot for the fake alert (click to enlarge)

On the other hand some users have found that after updating their systems a strange message displayed on the screen by visiting Google website alerting that website is infected by Exploit:JS/Blacole.BW .

This false positive alert comes due to Microsoft AV signature problem, Stephen Burn said that “Microsoft AV team is removing the detection from Signature. 1.119.1986.0 or higher will contain this change. Please check and let us know if the issue is still there with the latest signature. Thank you” New definitions are coming… “ Very good and fast reaction by Microsoft.

Source : http://krebsonsecurity.com/2012/02/microsoft-av-flags-google-com-as-malware/

Share