MVP Jubo Security Blog

Adobe Reader 8.1.2 Security Update

While you're busy updating your software, or maybe you just see this message, then it's a good idea to move your mouse to Adobe dot com too. They just released a security update for Adobe Reader.

For more information check the advisory: Adobe Reader 8.1.2 Security Update 1 - multiple languages and/or the release notes.

Microsoft Security Bulletin Summary for June 2008

It's a bit late, Microsoft already posted their patches for this month. So, if you haven't done that yet then it's a good idea to point your mouse to Windows Update and start getting those updates.

On June 10th, Microsoft released the  following updates:

Critical:

• MS08-030 - Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
• MS08-031 - Cumulative Security Update for Internet Explorer (950759)
• MS08-033 - Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)

Important:

• MS08-034 - Vulnerability in WINS Could Allow Elevation of Privilege (948745)
• MS08-035 - Vulnerability in Active Directory Could Allow Denial of Service (953235)
• MS08-036 - Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)

Moderate:

• MS08-032 - Cumulative Security Update of ActiveX Kill Bits (950760)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

You can obtain the security updates offered this month on Windows Update, from Download Center on Security and Critical Releases ISO CD Image files. For more information, see Microsoft Knowledge Base Article 913086.

Support:

• Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. International customers can receive support from their local Microsoft subsidiaries. Visit the International Help and Support.

See also: Microsoft Security Response Center (MSRC) blog

Apple's Safari on Windows Platform Threat

Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory.

More information: Microsoft Security Advisory (953818) and MSRC's blog: Security Advisory 953818 Posted.

Update your Flash!

Because of an Adobe Flash Player issue you need to update this software to the latest version, which is 9.0.124.0. For more detailed information see the Adobe Product Security Incident Response Team (PSIRT) blog web site.

To check which version you have installed go to the About Flash Player page. If it's not the most current, 9.0.124.0 version then install the latest version from the Install Flash Player page.

See also Harry Waldron's blog about: Adobe Flash Player Flaw - Massive Exploitation reported and Adobe Flash - How to disable and enable in IE 7 or IE 8.