MVP Jubo Security Blog

The Blog

Recent Posts

Tags

News

  • Kim's Journal
    My wife's blog, the "alternative" truth...


    MVPs
    2003 - 2004 - 2005 - 2006 - 2007 - 2008 - 2009


    Jubo








    Locations of visitors to this page

Community

Email Notifications

MVP Sites

Microsoft Links

Blogs

Security Forums

Microsoft Blogs

Archives

Final version of IE9

Today Microsoft is releasing the final version or IE9. You can start downloading it later today. For more information check this website Windows Internet Explorer.

Posted: Mon, Mar 14 2011 10:43 by jubo | with no comments
Filed under: ,
Microsoft Security Bulletin Summary for March 2011

Yesterday Microsoft released three security bulletins addressing four vulnerabilities in Windows and Office. One bulletin is rated as “critical” and the other two as “important”.

Critical:

  • MS11-015 - Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)

Important:

  • MS11-017 - Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)
  • MS11-016 - Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)

A more technical version of the Security Bulletin can be found at Microsoft TechNet  and an end-user version is available at Microsoft's Security website.

See also the MSRC blog: March 2011 Security Bulletin Release

More information is available at the website of Microsoft Security Response Center.

Don’t forget, if you need anti-virus/antimalware software you can always download Microsoft Security Essentials.

Be safe and update your computer with the latest updates and/or patches. From a rainy, rainy, rainy Starbucks in Lakewood, WA. Have a wonderful, and hopefully sunny, day!

The IE6 Countdown

Moving the world off IE6. Microsoft launces new campaign to get users to upgrade from IE6. Here’s a website to watch Internet Explorer 6 usage drop to less than 1% worldwide.

It’s time to say goodbye to IE6! See: ie6countdown.com

Posted: Mon, Mar 7 2011 9:51 by jubo | with no comments
Filed under: ,
Microsoft Security Bulletin Summary for February 2011

Yesterday Microsoft released 12 security bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer and IIS (Internet Information Services). Three bulletins are rated as “critical” and 9 others are rated as “important”.

Critical:

  • MS11-003 - Cumulative Security Update for Internet Explorer (2482017)
  • MS11-006 - Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
  • MS11-007 - Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)

Important:

  • MS11-004 - Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)
  • MS11-005 - Vulnerability in Active Directory Could Allow Denial of Service (2478953)
  • MS11-008 - Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879)
  • MS11-009 - Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792)
  • MS11-010 - Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)
  • MS11-011 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)
  • MS11-012 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628)
  • MS11-013 - Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)
  • MS11-014 - Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)

A more technical version of the Security Bulletin can be found at Microsoft TechNet  and an end-user version is available at Microsoft's Security website.

See also the MSRC blog: February 2011 Security Bulletin Release

More information is available at the website of Microsoft Security Response Center.

Don’t forget, if you need anti-virus/antimalware software you can always download Microsoft Security Essentials. It’s a very good program and the best part is it is FREE!!

Be safe and update your computer with the latest patches and updates. From a very nice Starbucks in Lakewood, in a beautiful sunny state of Washington… have a wonderful day!!

Microsoft Security Bulletin Summary for January 2011

On Tuesday, January 11th, Microsoft released 2 security bulletins addressing three vulnerabilities in Microsoft Windows and Windows Server. One is rated as “critical”, the other is rated as “important”.

Critical:

  • MS11-002 - Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910)

Important:

  • MS11-001 - Vulnerability in Windows Backup Manager Could Allow Remote Code Execution (2478935)

A more technical version of the Security Bulletin can be found at Microsoft TechNet  and an end-user version is available at Microsoft's Security website.

See also MSRC blog: January 2011 Security Bulletin Release.

More information is available at the website of Microsoft Security Response Center.

This time not from an exotic place in Washington state or one of my favorite Starbucks store, but just from home. Think I’ve caught a cold… ;( 

Be safe out there. Update your Windows software and if you have to move that mouse pointer to Microsoft Update!

Posted: Thu, Jan 13 2011 9:33 by jubo | with no comments
Filed under:
Advanced Notification for January 2011 Security Bulletin

Microsoft is planning to release two bulletins addressing three vulnaribilities in Windows on Janaury 11th. The first bulletin is important for Windows Vista users. For more information see MSRC blog.

Posted: Thu, Jan 6 2011 10:22 by jubo | with no comments
Filed under:
Microsoft Security Advisory (2490606)

Microsoft released Security Advisory 2490606, which addresses a publicly disclosed vulnerability affecting Microsoft Windows Graphics Rendering Engine on Vista, Server 2003, and Windows XP.

 

Posted: Tue, Jan 4 2011 15:29 by jubo | with no comments
Filed under:
Microsoft Security Bulletin Summary for December 2010

Have been away here for too long! In the meantime Microsoft published their November and December security bulletins. Last one has 2 rated as "critical", 14 as "important" and 1 as "moderate. So, it's time to visit the Microsoft Update Center if you have the automatic downloads turned off. In short:

Critical:

  • MS10-090 - Cumulative Security Update for Internet Explorer (2416400)
  • MS10-091 - Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)

Important:

  • MS10-092 - Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420)
  • MS10-093 - Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434)
  • MS10-094 - Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961)
  • MS10-095 - Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678)
  • MS10-096 - Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089)
  • MS10-097 - Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105)
  • MS10-098 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673)
  • MS10-099 - Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591)
  • MS10-100 - Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962)
  • MS10-101 - Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559)
  • MS10-102 - Vulnerability in Hyper-V Could Allow Denial of Service (2345316)
  • MS10-103 - Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)
  • MS10-104 - Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005)
  • MS10-105 - Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)

Moderate:

  • MS10-106 - Vulnerability in Microsoft Exchange Server Could Allow Denial of Service (2407132)

A more technical version of the Security Bulletin can be found at Microsoft TechNet  and an end-user version is available at Microsoft's Security website.

See also the MSRC blog: December 2010 Security Bulletin Release

More information is available at the website of Microsoft Security Response Center.

This time not from my favorite Starbucks in Seattle, but one from Lakewood in a wet Washington state. You know the drill: be safe and update your computer with the latest security updates!

 

Posted: Wed, Dec 22 2010 9:26 by jubo | with no comments
Filed under:
Microsoft Security Bulletin Summary for October 2010

Microsoft just released the Security bulletin for October with a list of 16 comprehensive updates addressing 49 vulnerabilities affecting Windows, Internet Explorer (IE), Microsoft Office, and the .NET Framework.

Critical:

  • MS10-071 - Cumulative Security Update for Internet Explorer (2360131)
  • MS10-075 - Vulnerability in Media Player Network Sharing Service Could Allow Remote Code Execution (2281679)
  • MS10-076 - Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (982132)
  • MS10-077 - Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841)

Important:

  • MS10-072 - Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)
  • MS10-073 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (981957)
  • MS10-078 - Vulnerabilities in the OpenType Font (OTF) Format Driver Could Allow Elevation of Privilege (2279986)
  • MS10-079 - Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194)
  • MS10-080 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2293211)
  • MS10-081 - Vulnerability in Windows Common Control Library Could Allow Remote Code Execution (2296011)
  • MS10-082 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111)
  • MS10-083 - Vulnerability in COM Validation in Windows Shell and WordPad Could Allow Remote Code Execution (2405882)
  • MS10-084 - Vulnerability in Windows Local Procedure Call Could Cause Elevation of Privilege (2360937)
  • MS10-085 - Vulnerability in SChannel Could Allow Denial of Service (2207566)

Moderate:

  • MS10-074 - Vulnerability in Microsoft Foundation Classes Could Allow Remote Code Execution (2387149)
  • MS10-086 - Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255)

A more technical version of the Security Bulletin can be found at Microsoft TechNet  and an end-user version is available at Microsoft's Security  website.

See also the MSRC blog: October 2010 Security Bulletin Release

If you do not have automatic updating turned on, or to check whether you need the update, go to Microsoft Update. Microsoft Update is an online tool that will scan your computer and provide you a report about what updates your computer needs.

More information is available at the website of Microsoft Security Response Center.

You know the drill: get your computer updated with these new patches. and yes, this time again from my favorite Starbucks in a surprisingly sunny Seattle. Have a wonderful day!

 

Advanced Notification for October 2010 Security Bulletin

On October 12th, Microsoft plans to release their security update with 16 comprehensive bulletins addressing 49 vulnerabilities. These vulnerabilities cover Windows, Internet Explorer, Microsoft Office, and the .NET Framework. Four of the bulletins carry a Critical rating, ten are Important and two are Moderate.

See Microsoft Security Response Center's blog and the Advanced Notification for October 2010.

 

Out-of-band security release to address ASP.NET vulnerability MS10-070

Microsoft just released a security bulletin to address the vulnerability in ASP.NET. For more information see Security Advisory 2416728. For additional information check the Microsoft Research & Defense blog article: Additional Information about the ASP.NET Vulnerability and the Microsoft Security Response Center's blog: MS10-070 Released Out-of-Band Today.

Update your Windows software either through the Control Panel or visit the Microsoft Update website.

 

Microsoft Security Bulletin Summary for September 2010

Last Tuesday Microsoft released a total of 9 security patches. There are 4 listed as "critical" and 5 as "important".

Critical:

  • MS10-061 - Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
  • MS10-062 - Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558)
  • MS10-063 - Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113)
  • MS10-064 - Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011)

Important:

  • MS10-065 - Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960)
  • MS10-066 - Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802)
  • MS10-067 - Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922)
  • MS10-068 - Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)
  • MS10-069 - Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546)

A more technical version of the Security Bulletin can be found at Microsoft TechNet  and an end-user version is available at Microsoft's Security  website.

See also the MSRC  blog: September 2010 Security Bulletin Release.

If you do not have automatic updating turned on, or to check whether you need the update, go to Microsoft Update. Microsoft Update is an online tool that will scan your computer and provide you a report about what updates your computer needs.

More information is available at the website of Microsoft Security Response Center.

This time not from my default Starbucks, but from a rainy Tacoma. Visit the Tacoma Art Museum, admission is free between 5:00PM - 8:00PM today (the 3rd Thursday of each month)!

 

 

IE9 Beta

The new IE9 Beta is out. It looks great and it is fast. So far the best browser I've seen. At installation you can also disable any add-ons. If you want to try it then visit this webpage: The Beauty of the Web.

 

Posted: Thu, Sep 16 2010 10:06 by jubo | with 1 comment(s)
Filed under: ,
Sysinternals Suite

The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.

You can download it from the Microsoft Technet website.

 

Posted: Fri, Sep 10 2010 19:06 by jubo | with no comments
Filed under:
Intel to aquire McAfee

Big news today! Intel announced that it would aquire McAfee. For the details check the McAfee for the Announcement. Or hear directly about the deal from Intel Senior VP Renee James and McAfee president and CEO Dave DeWalt on the YouTube video.

 

 

Posted: Thu, Aug 19 2010 17:41 by jubo | with no comments
Filed under:
Windows Live Essentials Beta refresh available

Since yesterday you can download a refresh of the Beta version of Windows Live Essentials. And really, it's getting better and better. Especially Live Photo Gallery looks great. For more information, system requirements and to download, see Windows Live Essentials Beta website.

 

Posted: Wed, Aug 18 2010 8:34 by jubo | with no comments
Filed under:
Microsoft Security Bulletin Summary for August 2010

Yesterday was patch-Tuesday and Microsoft posted their Security bulletins. This time it's really a busy month; there are 15 bulletins addressing 34 vulnerabilities. There are 9 bulletins rated as "critical" and 6 of them are rated as "Important".

Critical:

  • MS10-046 - Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)
  • MS10-049 - Vulnerabilities in SChannel Could Allow Remote Code Execution (980436)
  • MS10-051 - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)
  • MS10-052 - Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)
  • MS10-053 - Cumulative Security Update for Internet Explorer (2183461)
  • MS10-054 - Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)
  • MS10-055 - Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)
  • MS10-056 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
  • MS10-060 - Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)

Important:

  • MS10-047 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)
  • MS10-048 - Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329)
  • MS10-050 - Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)
  • MS10-057 - Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)
  • MS10-058 - Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)
  • MS10-059 - Vulnerabilities in the Tracing Feature for Services Could Allow an Elevation of Privilege (982799)

A more technical version of the Security Bulletin can be found at Microsoft TechNet and an end-user version is available at Microsoft's Security website.

See also the MSRC blog: August 2010 Security Bulletin Release.

If you do not have automatic updating turned on, or to check whether you need the update, go to Microsoft Update. Microsoft Update is an online tool that will scan your computer and provide you a report about what updates your computer needs.

From another great Starbucks store somewhere in the Olympia, WA area... Have a great day!

 

Posted: Wed, Aug 11 2010 9:35 by jubo | with no comments
Filed under:
August 2010 Advanced Notification

Today Microsoft released their August Security Bulletin Advanced Notification. Will be a busy day next week as there are 14 bulletins, of which 8 are rated as "critical", addressing 34 Vulnerabilities. This is the most ever in one month.

Posted: Thu, Aug 5 2010 13:20 by jubo | with no comments
Filed under: ,
Out of Band Release to address Microsoft Security Advisory 2286198

On July 29th Microsoft released an out of band patch to address security advisory 2286198. For more details see Microsoft Security Response Center blog. More technical details can be found at the Microsoft Malware Protection Center post: Stuxnet, malicious .LNKs, ...and then there was Sality.

Of course you can always point your mouse to the Microsoft Update.Or launch Windows Update from your Windows 7 Start Menu.

 

Posted: Tue, Aug 3 2010 7:08 by jubo | with no comments
Filed under: ,
Beta for Next Version of Microsoft Security Essentials Now Available

If you want to give the Beta version a try of the new Microsoft Security Essentials then see and download it from this post at Blogging Windows. It's a great program and besides... it's free...;)

 

Posted: Thu, Jul 29 2010 14:39 by jubo | with no comments
Filed under:
More Posts Next page »