July 2009 - Posts
Microsoft released an advance notification of two out-of-band security bulletins that Microsoft is intending to release on July 28, 2009. One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications. The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical. Customers who are up to date on their security updates are protected from known attacks related to this out-of-band release.
This bulletin advance notification will be replaced with an update to the Microsoft Security Bulletin Summary for July 2009 on July 28, 2009.
Click for more information here.
See also: Microsoft Security Response Center (MSRC)
Today Microsoft has a new portal for the Malware Protection Center. Looks very good. Shows you were to get updates for several products like OneCare, Defender and the latest product Microsoft Security Essentials (MSE). You can submit a virus example. Information about the MMPC. And important, you can learn about malware too.
Just have a look and move your mouse to: Microsoft Malware Protection Center (MMPC)
See also MMPC's Threat Research & Response Blog
Kaspersky released a new Boot CD. If your computer is infected by a, or more virus(es) and you want to boot the computer from CD, then download the 120MB ISO-file from Kaspersky.
The Boot-CD is based on Gentoo Linux and will download the latest anti-virus updates.
You can download the rescue disk at the Kaspersky site.
A little late, but here it is. Microsoft released another couple of updates on the usual "Patch Tuesday", July 4th. There are three "critical" and three "important" updates to download and to install.
Critical:
- MS09-029 - Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
- MS09-028 - Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
- MS09-032 - Cumulative Security Update of ActiveX Kill Bits (973346)
Important:
- MS09-033 - Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
- MS09-031 - Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
- MS09-030 - Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
As usual, a more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security website.
See also the MSRC blog: Security Bulletin Webcast Video, Questions and Answers – July 2009
Have a wonderful day! From a Starbucks store in sunny Seattle.... 
Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
For more information see Microsoft TechNet
In case you're using Microsoft Office... the future is near... ;)
Check out the website: http://www.office2010themovie.com/
Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:
Affected software are versions of Windows server 2003 and Windows XP, incl. the XP Pro x64 Edition.
Today McAfee published its spam report for the month of July with the top 15 spam subject lines by domain. For instance for the .COM domain it gives you this:
- Hello
- Hi
- RE: DISCOUNT 80% 0FF on Pfizer !
- Replica Watches
- Undelivered Mail Returned to Sender
For more information and other Top 15 subject lines for each major domain (.ORG, .UK, .CN, etc.), as well as the rest of McAfee’s July Spam Report, see McAfee's Avert Labs Blog.