February 2010 - Posts
Build a security awareness program in your organization today with the Microsoft Security Awareness Toolkit
"Information security awareness and training is critical to any organization’s information security strategy and operations. People are in many cases the last line of defense against threats such as malicious code, disgruntled employees, and malicious third parties. Microsoft offers the security awareness toolkit to help organizations plan, develop, and deliver a successful security awareness program. The kit includes a planning guide, templates, pointers to material can that can help speed the development of a security awareness program, a sample general security awareness presentation that can be modified and tailored to any organization, material to help articulate the value to peers and managers, and three example awareness campaigns from Microsoft Information Security."
Download and more information here: Microsoft Download Center
See also: Tools and Guidance for Managers
Tim Cranton, Microsoft's Associate General Counsel, posted this morning at the Official Microsoft Blog that Microsoft was successful in taking down the Waledac botnet.
"On February 22, in response to a complaint filed by Microsoft (“Microsoft Corporation v. John Does 1-27, et. al.”, Civil action number 1:10CV156) in the U.S. District Court of Eastern Virginia, a federal judge granted a temporary restraining order cutting off 277 Internet domains believed to be run by criminals as the Waledac bot."
For more information, see:
In short, when you think you are running Waledac botnet then visit the Microsoft Security website where you can find the Malicious Software Removal Tool, which removes the botnet. And make sure you have the latest Windows updates by visiting the Microsoft Update website.
It looks as if I've been away here for a long time... oh, wait... I have been. All because of housing problems and also a lot of computer problems. Strange things happen when you get a cup of apple juice over your keyboard...;) Now that we have a very nice new laptop thing could be better here again. So, it's almost three months later and in this time I hope you have updated your computer with the latest Windows updates and patches. To make sure here's the list of February, which was a bit big this month. For February Microsoft has 5 "critical", 7 "important" and 1 "moderate" patches.
- MS10-006 - Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
- MS10-007 - Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
- MS10-008 - Cumulative Security Update of ActiveX Kill Bits (978262)
- MS10-009 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)
- MS10-013 - Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
- MS10-003 - Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
- MS10-004 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
- MS10-010 - Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
- MS10-011 - Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
- MS10-012 - Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
- MS10-014 - Vulnerability in Kerberos Could Allow Denial of Service (977290)
- MS10-015 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
- MS10-005 - Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
A more technical version of the Security Bulletin can be found at Microsoft TechNet and an end-user version is available at Microsoft's Security website.
See also the MSRC blog: February 2010 Security Bulletin Release. And the Security Research and Defense blog for additional technical information on these updates.
Enjoying a Caffe Mocha at my favorite Starbucks in Seattle... Have a wonderful day!