MVP Jubo Security Blog

The Blog

Recent Posts

Tags

News

  • Kim's Journal
    My wife's blog, the "alternative" truth...


    MVPs
    2003 - 2004 - 2005 - 2006 - 2007 - 2008 - 2009


    Jubo








    Locations of visitors to this page

Community

Email Notifications

MVP Sites

Microsoft Links

Blogs

Security Forums

Microsoft Blogs

Archives

August 2005 - Posts

ZOTOB detection added to Malicious Software Removal Tool
Microsoft has updated the Malicious Software Removal Tool. Has added detection and cleaning capabilities for the following malicious software:

See the complete list of malicious software cleaned by this tool.

You can run the Malicious Software Removal Tool online or downloaded from the Microsoft Download Center.

Source: Microsoft Security.


Posted: Thu, Aug 18 2005 8:32 by jubo | with no comments
Filed under:
New Microsoft Security Advisories
The Microsoft Security Advisory Homepage has been updated with two more options to receive advisories. There's now a Security Advisory RSS Feed as well as a Instant Message Alert, in addition to the existing Comprehensive Email Notification service.

Available Notifications:

Source: TechNet Microsoft Security Advisories
Posted: Thu, Aug 18 2005 7:50 by jubo | with no comments
Filed under:
Microsoft Security Advisory (899588)
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
Published: August 11, 2005

Microsoft is aware that detailed exploit code has been published on the Internet for the vulnerability that is addressed by Microsoft security bulletin MS05-039: Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588). Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. However, Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

Our investigation of this exploit code has verified that it does not affect customers who have installed the updates detailed in MS05-039 on their computers. Microsoft continues to recommend that customers apply the updates to the affected products by enabling the Automatic Updates feature in Windows.


References
CVE Reference CAN-2005-1983
Security Bulletin MS05-039

Source: TechNet


Wireless!!
WIRELESS!!


Yes! I finally have my own wireless network. There were always two network cables on the floor to the two laptops. Now we have this configuration:
  • Dell desktop
  • Dell notebook
  • Toshiba Notebook
Now there's this Wireless-G Broadband Router Linksys Wireless-G Broadband Router
and two Wireless-G Notebook AdapterWireless-G Notebook Adapter from Linksys for both the notebooks.


Because of this I got very interested in the security of a wireless network. Didn't know anything about it but found some very interesting articles written by Barb Bowman, Microsoft MVP Networking. Articles Barb Bowman recently published was: How to Secure Your Wireless Home Network with Windows XP, Set up a secure wireless network using Windows Connect Now.

Two other articles I want to mention here are: WPA Wireless Security for Home Networks and an Expert Zone Support Webcast: How to set up WPA-based wireless security on a home network, where you can download the webcast and the the PowerPoint presentation and for this you'll need at least a PowerPoint Viewer.

This, and RTFM of the Linksys Wireless-G Broadband Router will make it easy to set up your first wireless network.

For more articles written by Barb Bowman see: Previous Columns by Barb Bowman.

 

Posted: Wed, Aug 10 2005 11:36 by jubo | with no comments
Filed under:
A virus for Windows Vista?
Stephen Toulouse, (Stepto) of the Microsoft Security Response Center gives his reaction regarding a potential virus for Windows Vista:

A virus for Windows Vista? Wrong.
Hi everyone, Stephen Toulouse here. There’s been some commentary the past couple of days regarding a potential Windows Vista virus and we wanted to weigh in with some details. First of all, in examining the details of the reports, there is no Windows Vista virus described in them. Instead, the reports are regarding potential proof of concept viruses in the form of malicious scripts that are developed to affect a new interactive shell codenamed "Monad", which is currently in early phase of beta testing.

Full article: Microsoft Security Response Center Blog!


Posted: Sun, Aug 7 2005 15:39 by jubo | with no comments
Filed under:
Update Rollup 1 for Windows 2000 SP4 and known issues
Last Review : August 4, 2005
Revision : 10.0

INTRODUCTION
Update Rollup 1 for Windows 2000 SP4 makes it easier for customers to enhance and maintain the security and stability of their Windows 2000-based computers.

For more information about the problems that are fixed in Update Rollup 1 for Windows 2000 SP4, click the following article number to view the article in the Microsoft Knowledge Base:
  • 900345 Problems that are fixed in the Update Rollup 1 for Microsoft Windows 2000 Service Pack 4 that is dated June 28, 2005
Known issues
After the release of Update Rollup 1 for Windows 2000 SP4, we identified several issues that may occur when you install this update rollup. These issues are isolated, and affect few customers. These issues are described in this article. This article also explains how to resolve these issues. If you are affected by these issues, we suggest that you do not install Update Rollup 1 for Windows 2000 SP4 until the corresponding hotfix is available. We plan to reissue Update Rollup 1 for Windows 2000 SP4 soon. Several hotfixes will be integrated into the new version of Update Rollup 1 for Windows 2000 SP4.

Error messages
You may receive one of the following error messages when you visit the Windows Update Web site:
  • MSXML3.DLL File Not Found
  • Error 0x80244001
  • Error 0x800700C1

More information: Microsoft's Knowledge Base KB891861


Posted: Sat, Aug 6 2005 12:40 by jubo | with no comments
Filed under:
Microsoft Security Bulletin Advance Notification
Microsoft Security Bulletin Advance Notification
August 4, 2005

As part of the monthly security bulletin release cycle, Microsoft provides advance notification to our customers on the number of new security updates being released, the products affected, the aggregate maximum severity and information about detection tools relevant to the update. This is intended to help our customers plan for the deployment of these security updates more effectively.

On 9 August 2005 Microsoft is planning to release:

Security Updates
  • 6 Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer (MBSA).

Microsoft Windows Malicious Software Removal Tool

  • Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

Non-security High Priority updates on MU, WU, WSUS and SUS

  • Microsoft will release one NON-SECURITY High-Priority Update for Microsoft Windows on Windows Update (WU), Microsoft Update (MU), Software Update Services (SUS), and Windows Server Update Services (WSUS).


Related Links

Source: TechNet - Security
Posted: Fri, Aug 5 2005 11:57 by jubo | with no comments
Filed under:
Help Protect Your PC with Security Essentials
Here's what you can do to enhance the security on your PC
Each of the following tasks addresses a different security concern. You can strengthen your PC's defenses by completing both tasks.

Use Microsoft Windows Security Center
The Windows Security Center, which is already installed on your computer, monitors and enables you to manage important security settings on your computer, including a firewall, automatic updates, and the status of your antivirus software. See how to use it and why it's important.

Click here to learn more

Get Anti-spyware Software
Anti-spyware software helps to protect your computer from known programs that can track your Web browsing habits or make changes to your computer settings without your consent or control. See if you already have it, why it's important, and how to get it.

Click here to get Anti-Spyware software
Posted: Fri, Aug 5 2005 11:34 by jubo | with no comments
Filed under:
Office 2003 Add-in: Word Redaction
Redaction is the careful editing of a document to remove confidential information.

The Microsoft Office Word 2003 Redaction Add-in makes it easy for you to mark sections of a document for redaction. You can then redact the document so that the sections you specified are blacked out. You can either print the redacted document or use it electronically.

Sensitive government documents, confidential legal documents, insurance contracts, and other sensitive documents are often redacted before being made available to the public. With the Word 2003 Redaction Add-in, users of Microsoft Office Word 2003 now have an effective, user-friendly tool to help them redact confidential text in Word documents.

Download: Word Redaction


Posted: Fri, Aug 5 2005 10:30 by jubo | with no comments
Filed under: