March 2010 - Posts
Microsoft just published an out-of-band security bulletin that Microsoft is intending to release on March 30, 2010. The bulletin is being released to address attacks against customers of Internet Explorer 6 and Internet Explorer 7. Users of Internet Explorer 8 and Windows 7 are not vulnerable to these attacks. The vulnerability used in these attacks, along with workarounds, is described in Microsoft Security Advisory 981374. The out-of-band security bulletin is a cumulative security update for Internet Explorer and will also contain fixes for privately reported vulnerabilities rated Critical on all versions of Internet Explorer that are not related to this attack.
More information:
Pete LePage works as a PM on the Internet Explorer team working with developer security. He stopped by the Channel 9 studio to give some tips as surfers as well as a few tips for developers on some of the things that can help prevent security threats.
Watch the video at: Channel 9
In two blog postings McAfee warns you of 'scareware"; fake antivirus or security software. Read how these scammers invite you to click on popups which downloads a virus and try to steal your credit card information and other things. Read about the dangers and how to protect your computer. Read the tips on how to avoid become a security software scam victim:
If you want to receive free email alerts from McAfee about the latest Consumer Threat then sign up at www.mcafee.com/consumer-threats-signup.
Today Microsoft released two security updates. One addresses a vulnerability in Windows and the other one in Microsoft Office. Both are classified as "important". Here are the details:
Important:
- MS10-016 - Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)
- MS10-017 - Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
A more technical version of the Security Bulletin can be found at Microsoft TechNet and an end-user version is available at Microsoft's Security website.
See also the MSRC blog: March 2010 Security Bulletin Release.
If you do not have automatic updating turned on, or to check whether you need the update, go to Microsoft Update. Microsoft Update is an online tool that will scan your computer and provide you a report about what updates your computer needs.
A new rogue "antivirus" program is circulating and it looks like Microsoft Security Essentials. It calls itself: "Security Essentials 2010" or "Internet Security 2010". The MMPC (Microsoft Malware Protection Center) calls it: "Trojan:Win32/Fakeinit"; for screen shots check the MMPC Threat Research & Response blog.
For a more technical description see the Malware Protection Center on Trojan:Win32/Fakeinit.
And remember, the only web site to get the Microsoft Security Essentials program is here: http://www.microsoft.com/security_essentials/
Have a good weekend!
"This article introduces a Fix it solution that users can run to determine whether a computer is compatible with security update 977165. This security update is described in security bulletin MS10-015. Additionally, administrators can use this solution to determine whether the computers in an enterprise environment are compatible with security update 977165."
See: Microsoft Knowledge Base Article 980966
Or: Get help with Microsoft Security Bulletin MS10-015 incompatibility message
MSRC: Update: MS10-015 security update re-released with new detection logic