December 2010 - Posts

Microsoft Security Advisory Notification - December 31, 2010

Issued: December 31, 2010

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2488013)
- Title: Vulnerability in Internet Explorer Could
Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2488013.mspx
- Revision Note: V1.1 (December 31, 2010): Revised Executive
Summary to reflect investigation of targeted attacks.

Posted Fri, Dec 31 2010 18:58 by Don
Filed under:

Microsoft Security Advisory Notification - December 22, 2010

Issued: December 22, 2010

Security Advisories Updated or Released Today

* Microsoft Security Advisory (2488013)
- Title: Vulnerability in Internet Explorer Could
Allow Remote Code Execution
- http://www.microsoft.com/technet/security/advisory/2488013.mspx
- Revision Note: V1.0 (December 22, 2010): Advisory published.

Posted Thu, Dec 23 2010 3:37 by Don
Filed under:

Microsoft Security Advisory Notification - December 17, 2010

Issued: December 17, 2010

Security Advisories Updated or Released Today

* Microsoft Security Advisory (973811)
- Title: Extended Protection for Authentication
- http://www.microsoft.com/technet/security/advisory/973811.mspx
- Revision Note: V1.9 (December 17, 2010): Removed the FAQ
entry, originally added December 14, 2010, about a
non-security update enabling Microsoft Outlook to opt in to
Extended Protection for Authentication.

Posted Fri, Dec 17 2010 18:52 by Don
Filed under:

Microsoft Security Bulletin Re-Releases - December 14, 2010

Issued: December 14, 2010

Summary

The following bulletins have undergone a major revision increment.
Please see the appropriate bulletin for more details.

* MS10-083 - Important
* MS10-077 - Critical
* MS10-070 - Important

Bulletin Information:

* MS10-083 - Important

- http://www.microsoft.com/technet/security/bulletin/ms10-083.mspx
- Reason for Revision: V2.0 (December 14, 2010): Added an update
FAQ to announce an additional update for Windows Vista
Service Pack 2 (KB979688) and Windows Server 2008 Service
Pack 2 (KB979688) for users who have installed Windows Search
4.0 on Windows Vista Service Pack 1 or Windows Server 2008,
then installed the security update offered in KB2405882, and
then migrated to Windows Vista Service Pack 2 or Windows
Server 2008 Service Pack 2. Customers in this scenario will
need to install the new update offered in KB2405882 to be
protected against the vulnerability described in this bulletin.
- Originally posted: October 12, 2010
- Updated: December 14, 2010
- Bulletin Severity Rating: Important
- Version: 2.0

* MS10-077 - Critical

- http://www.microsoft.com/technet/security/bulletin/ms10-077.mspx
- Reason for Revision: V2.0 (December 14, 2010): Added an update
FAQ to announce that new update packages are available for
.NET Framework 4.0 to correct an issue in the setup that
could interfere with the successful installation of other
updates and/or products. Customers who have already
successfully updated their systems do not need to take any action.
- Originally posted: October 12, 2010
- Updated: December 14, 2010
- Bulletin Severity Rating: Critical
- Version: 2.0

* MS10-070 - Important

- http://www.microsoft.com/technet/security/bulletin/ms10-070.mspx
- Reason for Revision: V3.0 (December 14, 2010): Added an update
FAQ to announce that new update packages are available for
.NET Framework 4.0 (KB2416472) to correct an issue in the
setup that could interfere with the successful installation
of other updates and/or products. Customers who have already
successfully updated their systems do not need to take any action.
- Originally posted: September 28, 2010
- Updated: December 14, 2010
- Bulletin Severity Rating: Important
- Version: 3.0

Posted Wed, Dec 15 2010 3:07 by Don
Filed under:

TechNet Webcast: Information About Microsoft December Security Bulletins (Level 200)

Event ID: 1032454444

Language(s): English.
Product(s): Other.
Audience(s): IT Generalist.

Event Overview

Join us for a brief overview of the technical details of the December security bulletins. We intend to address your concerns in this webcast, therefore, most of the webcast is devoted to attendees asking questions about the bulletins and getting answers from Microsoft security experts.

Presenters: Jerry Bryant, Group Manager, Response Communications, Microsoft Corporation and Jonathan Ness, Principal Security SDE Lead, MSRC, Microsoft Corporation

Register Online

Posted Tue, Dec 14 2010 13:15 by Don
Filed under:

Microsoft Security Bulletin(s) for Dec. 14, 2010

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: »www.microsoft.com/technet/security and »www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

»www.microsoft.com/technet/securi···dec.mspx

Critical (2)

Microsoft Security Bulletin MS10-090
Cumulative Security Update for Internet Explorer (2416400)
»www.microsoft.com/technet/securi···090.mspx

Microsoft Security Bulletin MS10-091
Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)
»www.microsoft.com/technet/securi···091.mspx

Important (14)

Microsoft Security Bulletin MS10-092
Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420)
»www.microsoft.com/technet/securi···092.mspx

Microsoft Security Bulletin MS10-093
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434)
»www.microsoft.com/technet/securi···093.mspx

Microsoft Security Bulletin MS10-094
Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961)
»www.microsoft.com/technet/securi···094.mspx

Microsoft Security Bulletin MS10-095
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678)
»www.microsoft.com/technet/securi···095.mspx

Microsoft Security Bulletin MS10-096
Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089)
»www.microsoft.com/technet/securi···096.mspx

Microsoft Security Bulletin MS10-097
Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105)
»www.microsoft.com/technet/securi···097.mspx

Microsoft Security Bulletin MS10-098
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673)
»www.microsoft.com/technet/securi···098.mspx

Microsoft Security Bulletin MS10-099
Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591)
»www.microsoft.com/technet/securi···099.mspx

Microsoft Security Bulletin MS10-100
Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962)
»www.microsoft.com/technet/securi···100.mspx

Microsoft Security Bulletin MS10-101
Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559)
»www.microsoft.com/technet/securi···101.mspx

Microsoft Security Bulletin MS10-102
Vulnerability in Hyper-V Could Allow Denial of Service (2345316)
»www.microsoft.com/technet/securi···102.mspx

Microsoft Security Bulletin MS10-103
Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)
»www.microsoft.com/technet/securi···103.mspx

Microsoft Security Bulletin MS10-104
Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005)
»www.microsoft.com/technet/securi···104.mspx

Microsoft Security Bulletin MS10-105
Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)
»www.microsoft.com/technet/securi···105.mspx

Moderate (1)

Microsoft Security Bulletin MS10-106
Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132)
»www.microsoft.com/technet/securi···106.mspx

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website - visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA

Posted Tue, Dec 14 2010 12:56 by Don
Filed under:

Mozilla Releases Firefox 3.6.13

What’s New in Firefox 3.6.13

Firefox 3.6.13 fixes the following issues found in previous versions of Firefox 3.6:

Please see the complete list of changes in this version.

Posted Thu, Dec 9 2010 16:22 by Don
Filed under:

Microsoft Security Bulletin Advance Notification for Dec 2010

Microsoft Security Bulletin Advance Notification issued: December 9, 2010

Microsoft Security Bulletins to be issued: December 14, 2010

This is an advance notification of 17 security bulletins that Microsoft is intending to release on December 14, 2010

2 Rated as Critical
14 Rated as Important
1 Rated as Moderate

http://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx

Posted Thu, Dec 9 2010 12:56 by Don
Filed under: