One more thing I should mention is this. Last week I found a very useful tool to keep your compter up-to-date with the latest patches and updates. Secunia has a free program which scans your computer for vulnerabilities in programs. It will tell you that you need to update a program. It's called: "PSI: Personal Software Inspector". It can be downloaded from the Secunia website.
There's also a version called CSI: Corporate Software Inspector for the corporate world. Or, if you want to do it the online way then you can use the OSI: Online Software Inspector. Unfortunately, for this you need Java installed.
For more detailed information visit the Secunia website.
Yesterday, November 10, was once again patch-tuesday. Microsoft released another 6 security bulletins, addressing a total of 15 vulnerabilities. Three of them rated as "Critical" and three as "Important". Here's the list:
Critical:
- MS09-063 - Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
- MS09-064 - Vulnerability in License Logging Server Could Allow Remote Code Execution (974783)
- MS09-065 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (969947)
Important:
- MS09-066 - Vulnerability in Active Directory Could Allow Denial of Service (973309)
- MS09-067 - Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (972652)
- MS09-068 - Vulnerability in Microsoft Office Word Could Allow Remote Code Execution (976307)
A more technical version of the Security Bulletin can be found at Microsoft TechNet and an end-user version is available at Microsoft's Security website.
See also the MSRC blog: November 2009 Security Bulletin Release. And the Security Research and Defense blog for additional technical information on these updates.
If your computer has not updated itself yet, then it's now time to move yor mouse to the Microsoft Update website to start downloading the patches.
Have a wonderful day! The sun was out here today in Washington after days and days of rain...
The old McAfee forums have been changed into the Online Support Community. This new community has areas for Enterprise users, home and home office users as well as Security Awarness and Community Help. Discussions, blogs, wikis, profiles and polls.
And best thing... you can now even talk with real McAfee professionals! Come and join us at: McAfee Online Communities
Yes, it has been a while but have been on a trip to Europe and visited family. In the meantime Microsoft released a big security update for patch Tuesday earlier this month. There are 8 "critical" and 5 rated as "Important". There can be more when you check for them depending on the configuration of your computer. Here's the list:
Critical:
- MS09-050 - Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
- MS09-051 - Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
- MS09-052 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
- MS09-054 - Cumulative Security Update for Internet Explorer (974455)
- MS09-055 - Cumulative Security Update of ActiveX Kill Bits (973525)
- MS09-060 - Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
- MS09-061 - Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
- MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
Important:
- MS09-053 - Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
- MS09-056 - Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
- MS09-057 - Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)
- MS09-058 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
- MS09-059 - Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)
A more technical version of the Security Bulletin can be found at Microsoft TechNet and an end-user version is available at Microsoft's Security Updates website.
See also the MSRC blog: October 2009 Security Bulletin Release. And the Security Research and Defense blog for additional technical information on these updates.
Even though this is a bit late, and I really hope you already have updated your computer(s). But if not then you know the drill! Point your mouse to the Microsoft Update website and start updating.
Have a wonderful day... From a Barnes & Noble Starbucks Cafe in the Evergreen State...
Today it's there: Microsoft Security Essentials. The free antivirus program of Microsoft. You can download it from this website: Microsoft Security Essentials.
As always, you have to uninstll any other antivirus program first before installing MSE.
Have a wonderful day!
Today Microsoft released 5 critical updates. If you have not updated your computer(s) yet, then check with Microsoft Update website.
Critical:
- MS09-045 - Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
- MS09-049 - Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710)
- MS09-047 - Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)
- MS09-048 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
- MS09-046 - Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844)
A more technical version of the Security Bulletin can be found at Microsoft TechNet and an end-user version is available at Microsoft's Security Updates website.
See also the MSRC blog: September 2009 Bulletin Release. And the Security Research and Defense blog for additional technical information on these updates.
Well, you know the drill... point your mouse to the Microsoft Update website and start updating.
Have a wonderful day!
Keep up to date with the latest safety information from Microsoft. Watch videos or get information from others through online communities. Protect yourself from fraud, secure the data and, if you think it's helpful, share it with others on Facebook, Twitter or elsewhere. Check out Microsoft Online Safety website.
Today, August 11th, Microsoft released 5 "critical" updates and 4 "important" updates.
Critical:
- MS09-043 - Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
- MS09-044 - Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
- MS09-039 - Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
- MS09-038 - Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)
- MS09-037 - Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)
Important:
- MS09-041 - Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)
- MS09-040 - Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)
- MS09-036 - Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
- MS09-042 - Vulnerability in Telnet Could Allow Remote Code Execution (960859)
A more technical version of the Security Bulletin can be found at Microsoft TechNet and an end-user version is available at Microsoft's Security Updates website.
See also the MSRC blog: August 2009 Bulletin Release. And the Security Research and Defense blog for additional technical information on these updates.
Well, you know the drill... point your mouse to the Microsoft Update website and start updating. And I'll see you next time from a Starbucks store somewhere in this beautiful Washington state where we had the first rain after several weeks of beautiful sunshine...
Microsoft released an advance notification of two out-of-band security bulletins that Microsoft is intending to release on July 28, 2009. One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications. The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical. Customers who are up to date on their security updates are protected from known attacks related to this out-of-band release.
This bulletin advance notification will be replaced with an update to the Microsoft Security Bulletin Summary for July 2009 on July 28, 2009.
Click for more information here.
See also: Microsoft Security Response Center (MSRC)
Today Microsoft has a new portal for the Malware Protection Center. Looks very good. Shows you were to get updates for several products like OneCare, Defender and the latest product Microsoft Security Essentials (MSE). You can submit a virus example. Information about the MMPC. And important, you can learn about malware too.
Just have a look and move your mouse to: Microsoft Malware Protection Center (MMPC)
See also MMPC's Threat Research & Response Blog
Kaspersky released a new Boot CD. If your computer is infected by a, or more virus(es) and you want to boot the computer from CD, then download the 120MB ISO-file from Kaspersky.
The Boot-CD is based on Gentoo Linux and will download the latest anti-virus updates.
You can download the rescue disk at the Kaspersky site.
A little late, but here it is. Microsoft released another couple of updates on the usual "Patch Tuesday", July 4th. There are three "critical" and three "important" updates to download and to install.
Critical:
- MS09-029 - Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
- MS09-028 - Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
- MS09-032 - Cumulative Security Update of ActiveX Kill Bits (973346)
Important:
- MS09-033 - Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
- MS09-031 - Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
- MS09-030 - Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
As usual, a more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security website.
See also the MSRC blog: Security Bulletin Webcast Video, Questions and Answers – July 2009
Have a wonderful day! From a Starbucks store in sunny Seattle.... 
Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
For more information see Microsoft TechNet
In case you're using Microsoft Office... the future is near... ;)
Check out the website: http://www.office2010themovie.com/
Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:
Affected software are versions of Windows server 2003 and Windows XP, incl. the XP Pro x64 Edition.
Today McAfee published its spam report for the month of July with the top 15 spam subject lines by domain. For instance for the .COM domain it gives you this:
- Hello
- Hi
- RE: DISCOUNT 80% 0FF on Pfizer !
- Replica Watches
- Undelivered Mail Returned to Sender
For more information and other Top 15 subject lines for each major domain (.ORG, .UK, .CN, etc.), as well as the rest of McAfee’s July Spam Report, see McAfee's Avert Labs Blog.
If you’re interested in the Beta of Microsoft Security Essentials and you want to download it, then go to their web site MSE Beta. Better hurry because it seems it’s topped at 75,000 downloads.
If you have any questions then you’ll find the answers at: Microsoft Answers.
Currently available for USA, Israel, People’s Republic of China, and Brazil.
Mary-Jo Foley had a chat with Alan Parker, General Manager of Microsoft’s Anti-Malware team, and based on that conversation it seems that MSE/Morro will be released as Beta on June 23rd. WGA validation seems to be required.
For more detailed information check Mary-Jo Foley’s blog at ZDNet
In between al the housework and painting Microsoft released 10, but could be more for your configuration, updates and patches for the month of June. There are six “critical”, three “important” and one “moderate” patches.
Critical:
- MS09-018 - Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
- MS09-022 - Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
- MS09-019 - Cumulative Security Update for Internet Explorer (969897)
- MS09-027 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)
- MS09-021 - Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
- MS09-024 - Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
Important:
- MS09-026 - Vulnerability in RPC Could Allow Elevation of Privilege (970238)
- MS09-025 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
- MS09-020 - Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
Moderate:
- MS09-023 - Vulnerability in Windows Search Could Allow Information Disclosure (963093)
As usual, a more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.
See also the MSRC blog: June 2009 Bulletin Release
Hope you have already updated your machine. If not then you know where to find Microsoft Update.
Have a wonderful day! It’s the 29th day, and counting…, without rain in the Seattle area… I love it.. ;)
Because of all that moving around, from one continent to the other, and all the reconstruction of the house, I’ve not been able to post the monthly updates here. But if you haven’t done it already then you know the drill: just go to Microsoft Update to check for updates and patches. When I checked a few days ago, I also found out that there’s Service Pack 2 for Microsoft Office 2007. So, if you don’t have it yet, then go and get it.
In the meanwhile, for the month of May there are some critical updates for Microsoft Office PowerPoint:
- MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)
A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.
See also the MSRC blog: May 2009 Bulletin Release
Have a great day!
More Posts
Next page »