Goto Blog Home PageRevell Research Systems: The Consultancy Blog
On this page....
<January 2020>

RSS 2.0     Atom 1.0     CDF

Blog Roll
About The Editor
Fiona Burgess is the Business Development Manager of Revell Research Systems, a Management and Technology Consulting Practice based at Exeter in the United Kingdom.
Contact Fiona Burgess
 EMail Revell Research Systems Limited Email Me
Legal & Other Notices
Sign In
The material published in this web log is for general purposes only. It does not constitute nor is it intended to represent professional advice. You should always seek specific professional advice in relation to particular issues. The information in this web log is provided "as is" with no warranties and confers no rights. The opinions expressed herein are the personal opinions of the authors.

Web Log Home | Welcome to this Web Log | Using this Web Log | New to Blogs? | About Revell Research Systems | Contact Details

Review Entries for Day Thursday, March 15, 2012

We strongly advise anyone using Remote Desktop Services to apply Microsoft Patch KB2621440 at the earliest opportunity. This patch fixes two privately reported vulnerabilities within the Remote Desktop Services frequently used by administrators to control servers and end-users using Remote Desktops.

It affects ALL versions of Windows.

The more serious of the two vulnerabilities could allow an unauthenticated hacker to run code on a vulnerable machine, which potentially could result in a very serious security breach.

We believe that this vulnerability will be exploited in the very nearing future.

Posted by Revell Research Systems
Thursday, March 15, 2012 12:20:08 AM (GMT Standard Time, UTC+00:00)  #
Comments [0] Alerts | General | Trackback

Review Entries for Day Wednesday, April 21, 2010

McAfee have posted help on how to resolve issues on computers that have been affected by the DAT5958 problem that has caused problems world-wide on 21st April 2010.

The McAfee KnowledgeBase article is at:-

DAT5959 is now available from McAfee.

More information about the issues are on this blog.

Readers may also be interested in our Managing Consultant's take on this incident, which will be syndicated to IT Director tomorrow.

Posted by Revell Research Systems
Wednesday, April 21, 2010 9:16:12 PM (GMT Standard Time, UTC+00:00)  #
Comments [0] Alerts | Trackback

As an update to our earlier posts:-

McAfee DAT 5959
Major Issues with McAfee AntiVirus DAT5958
McAfee VirusScan Enterprise with DAT 5958 on Windows XP SP3 Machines

McAfee have now released DAT5959 to their web site at

We advise caution in apply this update, suggesting that it  should be trialled first on test machines before generally being rolled out.

Posted by Revell Research Systems
Wednesday, April 21, 2010 7:49:00 PM (GMT Standard Time, UTC+00:00)  #
Comments [0] Alerts | Trackback

We understand that McAfee has released DAT5959, which is identical to DAT 5958 that is causing machines world-wide to crash, except is does not contain the "problem".

We believe this DAT was released at 10:15 PDT (GMT-7), although is does not appear to have been posted to the McAfee/NAI web sites as at the time of this post. We presume that this is initially being rolled out to the McAfee update network.

Posted by Revell Research Systems
Wednesday, April 21, 2010 7:07:31 PM (GMT Standard Time, UTC+00:00)  #
Comments [0] Alerts | Trackback

Further to our earlier advisory this afternoon, we now understand that McAfee have suspended DAT 5958 from their update network.

In a circular email, McAfee have stated:-

The 5958 DAT has been removed from McAfee download servers, preventing any further impact to corporate customers. McAfee teams are working with the highest priority to support impacted customers and plan to provide an update virus definition file shortly.

McAfee have provided more details on their web site and on the McAfee Community Web Site. These sites are currently running slowly because of the huge demands being placed on them at present.

Anecdotal reports being picked up by us show huge number of sites being affected world-wide, some with thousands of machines being affected.

Our current understanding is that this only affects Windows XP SP3 machines.

Posted by Revell Research Systems
Wednesday, April 21, 2010 6:19:57 PM (GMT Standard Time, UTC+00:00)  #
Comments [1] Alerts | Trackback

We are receiving reports that McAfee's AntiVirus DAT5958 is causing Windows XP SP3 machines to fail.

Early indications are that this latest update detects svchost.exe as Win32/wecorl.a causing affected machines to crash.

We are aware of whole sites being taken down. Our advice is not to update to DAT5958 and to switch off the autoupdate feature in McAfee VirusScan Enterprise.

Posted by Revell Research Systems
Wednesday, April 21, 2010 5:37:51 PM (GMT Standard Time, UTC+00:00)  #
Comments [0] Alerts | Trackback

Review Entries for Day Thursday, January 21, 2010

Microsoft released MS10-002 at 18:00 GMT today, which patches the exploit that saw Google hacked. Code that exploits the flaw that this patch fixes is already in circulation, so it is important that this patch is applied quickly.

Microsoft are also suggesting that users should upgrade to Internet Explorer 8, which they consider to be significantly more secure.

We would also advise Vista machine owners to apply all the latest patches for their operating system in light of the recent virus problems at the University of Exeter, which Alastair Revell blogged about recently.

Posted by Revell Research Systems
Thursday, January 21, 2010 7:50:31 PM (GMT Standard Time, UTC+00:00)  #
Comments [1] Alerts | Trackback

Review Entries for Day Tuesday, October 13, 2009

Microsoft released today its largest batch of patches ever, addressing some 34 vulnerabilities.

The batch comprises of some thirteen bulletins, eight of which are deemed critical by Microsoft - the most serious category in its classification scheme.

Worryingly, the FTP vulnerability in Microsoft Internet Information Server (IIS) is already allegedly being exploited.

Posted by Revell Research Systems
Tuesday, October 13, 2009 9:11:56 AM (GMT Standard Time, UTC+00:00)  #
Comments [0] Alerts | Trackback

Review Entries for Day Thursday, July 02, 2009

We have recently seen a slight twist in the usual phishing emails that are designed to lure the unwary to web sites with malicious content. These emails, usually informing the recipient that they need to confirm their bank details or other credentials, have become common place and most users are probably sufficiently aware not to be tricked.

However, we have seen a number of emails recently that inform the user that they have a message in their secure inbox on their bank's web site and that they need to urgently log in to read it. Needless to say, the actual link in the email goes nowhere near a reputable bank!

The twist is that several banks and social networking sites do actually use the concept of a secure inbox on their web site to ensure confidential communication with their customers (remember email is far from confidential) and frequently send a normal email to alert the user that they have items needing their attention.

Such emails would be easy to spot if the recipient didn't use the bank that is purported to have sent the email. However, we think some of the emails are sufficiently similar to the branding of existing banks to potentially trick the unsuspecting, who may be customers of the impersonated bank.

We expect this scam to also target social networking sites, such as Facebook, in the near future.

These new phishing emails are, then, very plausible if you use banks or social networking sites that have this facility and use the same branding...

Our advice is NOT to click on links in suspicious or unexpected emails.

You can easily assess the danger of many links by simply hovering the mouse over them. Most newer email programs, such as Microsoft Outlook, will show a popup tooltip displaying the real target for the link. You must examine the link details very carefully to ascertain whether they are safe.

 a screenshot of a phishing email showing a tooltip displaying the real target address for the link

A screen-shot showing a typical tooltip that is displayed when a link is hovered over in Microsoft Outlook. Note that although the link purports to take the reader to their secure inbox, the link actually targets a Russian web site (ie: a .ru domain).

The trend is to embed the name of a well-known bank into the links to trick even the wary. A typical link might look like, etc.

If in doubt, don't!

Posted by Revell Research Systems
Thursday, July 02, 2009 12:01:01 PM (GMT Standard Time, UTC+00:00)  #
Comments [0] Alerts | Trackback

RSS 2.0 Feed If you enjoyed reading an article on this blog, why not subscribe to the RSS 2.0 feed to receive future articles?
Revell Research Systems Logo Visit the Revell Research Systems Web Site if you want to learn more about this management and technology consulting practice.