Microsoft (NSDQ:MSFT) slapped away three bugs, one the software giant considered “critical,” with a pair of security bulletins this week with the first Patch Tuesday of 2011.

The critical bulletin, MS11-002, patched two Windows vulnerabilities that affect Microsoft Data Access Components (MDAC). One of the bugs was found in the way MDAC validates third party API usage, while the second was due to the way MDAC validates memory allocation. Both vulnerabilities could be exploited by maliciously crafted Web sites that let an attacker remotely execute code, Microsoft said.

Microsoft considered the MDAC vulnerability “critical” in XP, Vista and Windows 7, and important on Server 2003 and Server 2008. So far, Microsoft is unaware of any attacks leveraging the vulnerabilities or any proof of concept code to exploit them.

“The first vulnerability is rated Critical for Windows XP, Vista and Windows 7 and the second rated Important for all supported versions of Windows Server,” wrote Carlene Chmaj, Microsoft senior security response communications manager in a blog post detailing the two Patch Tuesday security bulletins. “It involves the Microsoft Data Access Components (MDAC). This has an Exploitability Index rating of 1, and because there is a Web based attack vector, this is at the top of our deployment priority list.”

The second bulletin, MS11-001, which Microsoft ranked as “important,” addresses a vulnerability in Windows Backup Manager.

“The vulnerability could allow remote code execution if a user opens a legitimate Windows Backup Manager file that is located in the same network directory as a specially crafted library file,” Microsoft wrote in the bulletin.

For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open the legitimate file from that location, which in turn could cause Windows Backup Manager to load the specially crafted library file.”

Chmaj wrote that the second security bulletin has an Exploitability Index rating of 1 and is a 2 on Microsoft’s deployment priority list.

Microsoft had issued an early warning of the two pending security bulletins last week. And despite one being considered critical, Microsoft’s first Patch Tuesday of 2011 was light compared to the December 2010 update, in which Microsoft issued 17 patches to fix 40 security flaws.

Microsoft also issued a workaround for an Internet Explorer bug Microsoft warned about in Disremember. That vulnerability occurs when an attacker creates a malicious CSS file that points to itself and provides it to IE. The action corrupts memory and could be exploited. Microsoft urged Internet Explorer users to review the workaround.

“This month we are revising Security Advisory 2488013 to include an additional workaround in the form of a FixIt package that uses the Windows Application Compatibility Toolkit to protect customers from this vulnerability,” Chmaj wrote. “This workaround only applies to systems that have the MS10-090 update for Internet Explorer installed.”

Joe Busuttil

joe@alphakor.com

The U.S. maintained its No. 1 position as the top country for relaying spam e-mail, according to Sophos’ most recent “Dirty Dozen” list examining from which geographies spam e-mail originates.

The U.S. again topped the list as the dirtiest by a significant amount and is responsible for nearly one in five junk e-mails, or 18.83 percent of all spam e-mails, Sophos found. The second highest offender was India, which clocked in with 6.88 percent of spam e-mails.

“The U.S.’s domination of the list underlines the continuing problem of computers being compromised by hackers in the country, allowing them to be remotely controlled for criminal purposes without the owners’ knowledge,” Sophos said.

“It’s a reflection of the unprotected PCs in this country,” said Sophos Senior Security Advisor Chester Wisniewski, noting that the U.S. has been the No. 1. spam culprit for the last five years running. “We’re doing a pretty bad job of protecting our PCs.”

U.S. topping the list of spam e-mail origins comes on the heels of a Symantec research report that notes that spam e-mail volumes dropped dramatically over the holiday season, reaching new lows between Christmas and New Year’s.

While the U.S. and India sit atop the list, the rest of the “Dirty Dozen” is: Brazil with 5.04 percent of spam, Russia with 4.64 percent, the U.K. with 4.54 percent, France with 3.45 percent, Italy with 3.17 percent, South Korea with 3.01 percent, Germany with 2.99 percent, Vietnam with 2.79 percent, Romania with 2.25 percent and Spain with 2.24 percent.

Wisniewski said also telling is India and Brazil coming in second and third, indicating that as Web use in those countries increases, the amount of spam generated through them also grows.

When spam e-mail output is measured by continent, Europe tops the list with 32.11 percent of relayed spam, followed by Asia with 31.89 percent, North America with 22.38 percent, South America with 10.25 percent and Africa with 2.12 percent.

Sophos also noted that the nature of the spam that is being distributed is becoming increasingly more malicious. Traditional subject matter spam, like advertisements for prescription drugs, continues to be a concern, with 36 million Americans reported to have bought drugs from unlicensed online sellers. But Sophos noted that more messages are spreading malware and attempting to phish user names, passwords and other personal data and information.

“We used to see a lot of the fake Rolexes and Viagra spam trying to sell you something directly,” Wisniewski said. “Now they’re tending to move their spam into social networks. The percentage of spam used to be direct to market, now you’re being led to a Web site and to fake Facebook apps and Twitter spam feeds.”

Additionally, there has been a jump in focused, targeted e-mail attacks known as “spearphising” and Sophos is also receiving an increased number of reports of malicious apps, compromised profiles and unwanted messages spreading across social networks like Facebook and Twitter.

Sophos’ findings indicate that despite Symantec (NSDQ:SYMC)’s earlier report that spam levels have dropped; spam shows no sign of disappearing altogether.

“Spam is certainly here to stay, however, the motivations and the methods are continuing to change in order to reap the greatest rewards for the spammers,” said Graham Cluley, senior technology consultant at Sophos, in a statement. “What’s becoming even more prevalent is the mailing of links to poisoned Web pages — victims are tricked into clicking a link in an e-mail, and then led to a site that attacks their computer with exploits or attempts to implant fake anti-virus software.”

Cluley continued: “Regardless of what methods spammers use, Internet users should never be tempted to open a spam message out of curiosity, or click on an unknown link, just because it appears on a Facebook friend’s profile. Internet users need to become aware of these new approaches to cybercrime as the spamming techniques become more and more sophisticated. As long as spammers continue to make money from these schemes, Internet users can be sure that they’ll continue to receive unsolicited emails and social networking scams. To combat this, it’s essential that computer users remain wary of clicking on unknown links, regardless of whether they appear to be on a trusted contact’s social networking page.”

Joe Busuttil

joe@alphakor.com

Apple (NSDQ:AAPL)’s Mac App Store officially launched on Thursday, and in less than 24 hours it was already the apple of hackers’ and pirates’ eyes, according to several reports.

Steve Jobs and Co. raised the curtain on the Apple Mac App Store this week. The Mac App Store is Apple’s new marketplace for applications for Mac computers. The Mac App Store is similar to Apple’s App Store for the iPhone and iPad and lets users download free and paid applications and games to their Macs from iTunes.

But with the launch of the Mac App Store, the storefront immediately became a target for pirates and hackers looking to take down the store, bootleg applications or get paid applications for free.

According to AppleInsider, crackers crafted a cut-and-paste workaround in the Apple Mac App Store that illegally cracks some paid apps. Crackers, or bootleggers, can replace the receipt and signature files in some paid apps, which can be downloaded from third-party sites, with a receipt from a free app that allows the app to run on a Mac unscathed.

Meanwhile, hackers claimed to have built software called Kickback that will let users pirate any applications in the Mac App Store, but hacker group Dissident said that the hack will lay in wait until next month when the hackers feel the Apple Mac App Store will be overloaded with apps it deems “crap.”

“It’ll probably take months for the App Store to actually have a bunch of crappy applications and when we feel that it has a lot of crap in it, we’ll probably release Kickback,” Dissident wrote, according to a report from Gizmodo. “We’re not going to release Kickback until well after the store’s been established, well after developers have gotten their applications up. We don’t want to devalue applications and frustrate developers.”

The Apple Mac App Store is seen as a game-changer and is expected to help Apple maintain its stranglehold on application marketplaces.

The Cupertino, Calif., computer giant opened the Mac App Store on Thursday with 1,000 free and paid apps including education, games, graphics and design, lifestyle, productivity, utility and others. The store also offers stand-alone applications from Apple’s iWorks and iLife suites and new apps from vendors like Autodesk and Ancestry.com. Currently, the Mac App Store is available to Snow Leopard users through a software update as part of Mac OS X v10.6.6.

Joe Busuttil

joe@alphakor.com