Don’t be intimidated out of making changes to your computer that improve your security and reduce the risk to vulnerabilities. An interesting phenomenon of antivirus software is the real time scanning it provides. Recently my laptop hardware was upgraded and it required me to install a new video driver to support the enhanced graphics built into the onboard chipset. I was faithfully scanning my laptop for the latest patches and service pack support as well as checking that the drivers were current for the hardware. The video driver vendor insisted there was an available upgrade and I immediately tried to install it from the Internet per the online support. The driver was unsuccessful in loading so I decided to download it to my local hard drive and retry the install. It downloaded successfully and when I double clicked the file it presented the installer and uncompressed the files, but when the progress bar was presented it halted with no error message displayed. Once again, when it rebooted I was informed that video driver update was available. I examined my antivirus/malware quarantine folder and discovered the video driver software had been added. It was a simple task to add the name of the file to my “white list” of acceptable applications and when I attempted the install again it was successful.

While frustrating to install, I am glad my computer is well protected and that driver level modifications are not taken for granted. I wanted to pass this on to users that might think that they are unable to make modifications or updates to their computers because of insufficient access rights or equipment malfunction when in reality they were simply protecting themselves from themselves. Remember that a lot of solutions to computer problems are resolved with understanding PEBCAK (Problem Exists between Chair and Keyboard).

In reviewing the new known malware on the Internet in June 2011, following are two new vulnerabilities that could affect your security:

Adobe Flash Player CVE-2011-2107 Cross-Site Scripting Vulnerability Alert
The vulnerability, CVE-2011-2107, is a cross-site scripting vulnerability that can allow an attacker to make HTTP requests while masquerading as the affected user. This vulnerability is being exploited in the wild in targeted attacks.

Microsoft Internet Explorer CVE-2011-1255 Time Element Remote Code Execution Vulnerability
The vulnerability affects Microsoft Internet Explorer versions 6, 7, and 8. The issue is related to the time element handling and occurs due to memory corruption, allowing an attacker to execute arbitrary code in the context of the application. Failed attacks may result in denial-of-service conditions.

- Kim Fors