MVP Jubo Security Blog

New: McAfee Online Support Community

jubo — Sat, 07 Nov 2009 21:01:00 GMT

The old McAfee forums have been changed into the Online Support Community. This new community has areas for Enterprise users, home and home office users as well as Security Awarness and Community Help. Discussions, blogs, wikis, profiles and polls.

And best thing... you can now even talk with real McAfee professionals! Come and join us at: McAfee Online Communities

Microsoft Security Bulletin Summary for October 2009

jubo — Thu, 22 Oct 2009 17:11:00 GMT

Yes, it has been a while but have been on a trip to Europe and visited family. In the meantime Microsoft released a big security update for patch Tuesday earlier this month. There are 8 "critical" and 5 rated as "Important". There can be more when you check for them depending on the configuration of your computer. Here's the list:

Critical:

MS09-050 - Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
MS09-051 - Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
MS09-052 - Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
MS09-054 - Cumulative Security Update for Internet Explorer (974455)
MS09-055 - Cumulative Security Update of ActiveX Kill Bits (973525)
MS09-060 - Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
MS09-061 - Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)

Important:

MS09-053 - Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
MS09-056 - Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
MS09-057 - Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)
MS09-058 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
MS09-059 - Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)

A more technical version of the Security Bulletin can be found at Microsoft TechNet and an end-user version is available at Microsoft's Security Updates website.

See also the MSRC blog: October 2009 Security Bulletin Release. And the Security Research and Defense blog for additional technical information on these updates.

Even though this is a bit late, and I really hope you already have updated your computer(s). But if not then you know the drill! Point your mouse to the Microsoft Update website and start updating.

Have a wonderful day... From a Barnes & Noble Starbucks Cafe in the Evergreen State...

Microsoft Security Essentials is out!

jubo — Wed, 30 Sep 2009 09:49:00 GMT

Today it's there: Microsoft Security Essentials. The free antivirus program of Microsoft. You can download it from this website: Microsoft Security Essentials.

As always, you have to uninstll any other antivirus program first before installing MSE.

Have a wonderful day!

Microsoft Security Bulletin Summary for September 2009

jubo — Wed, 09 Sep 2009 04:26:00 GMT

Today Microsoft released 5 critical updates. If you have not updated your computer(s) yet, then check with Microsoft Update website.

Critical:

MS09-045 - Vulnerability in JScript Scripting Engine Could Allow Remote Code Execution (971961)
MS09-049 - Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710)
MS09-047 - Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)
MS09-048 - Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)
MS09-046 - Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844)

A more technical version of the Security Bulletin can be found at Microsoft TechNet and an end-user version is available at Microsoft's Security Updates website.

See also the MSRC blog: September 2009 Bulletin Release. And the Security Research and Defense blog for additional technical information on these updates.

Well, you know the drill... point your mouse to the Microsoft Update website and start updating.

Have a wonderful day!

New Microsoft site with latest online safety information

jubo — Wed, 09 Sep 2009 04:12:00 GMT

Keep up to date with the latest safety information from Microsoft. Watch videos or get information from others through online communities. Protect yourself from fraud, secure the data and, if you think it's helpful, share it with others on Facebook, Twitter or elsewhere. Check out Microsoft Online Safety website.

Microsoft Security Bulletin Summary for August 2009

jubo — Tue, 11 Aug 2009 17:54:00 GMT

Today, August 11th, Microsoft released 5 "critical" updates and 4 "important" updates.

Critical:

MS09-043 - Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
MS09-044 - Vulnerabilities in Remote Desktop Connection Could Allow Remote Code Execution (970927)
MS09-039 - Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
MS09-038 - Vulnerabilities in Windows Media File Processing Could Allow Remote Code Execution (971557)
MS09-037 - Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution (973908)

Important:

MS09-041 - Vulnerability in Workstation Service Could Allow Elevation of Privilege (971657)
MS09-040 - Vulnerability in Message Queuing Could Allow Elevation of Privilege (971032)
MS09-036 - Vulnerability in ASP.NET in Microsoft Windows Could Allow Denial of Service (970957)
MS09-042 - Vulnerability in Telnet Could Allow Remote Code Execution (960859)

A more technical version of the Security Bulletin can be found at Microsoft TechNet and an end-user version is available at Microsoft's Security Updates website.

See also the MSRC blog: August 2009 Bulletin Release. And the Security Research and Defense blog for additional technical information on these updates.

Well, you know the drill... point your mouse to the Microsoft Update website and start updating. And I'll see you next time from a Starbucks store somewhere in this beautiful Washington state where we had the first rain after several weeks of beautiful sunshine...

Microsoft Security Bulletin Advance Notification for July 2009

jubo — Sun, 26 Jul 2009 03:09:00 GMT

Microsoft released an advance notification of two out-of-band security bulletins that Microsoft is intending to release on July 28, 2009. One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications. The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical. Customers who are up to date on their security updates are protected from known attacks related to this out-of-band release.

This bulletin advance notification will be replaced with an update to the Microsoft Security Bulletin Summary for July 2009 on July 28, 2009.

Click for more information here.

New portal for Microsoft Malware Protection Center

jubo — Wed, 22 Jul 2009 05:39:00 GMT

Today Microsoft has a new portal for the Malware Protection Center. Looks very good. Shows you were to get updates for several products like OneCare, Defender and the latest product Microsoft Security Essentials (MSE). You can submit a virus example. Information about the MMPC. And important, you can learn about malware too.

Just have a look and move your mouse to: Microsoft Malware Protection Center (MMPC)

See also MMPC's Threat Research & Response Blog

Kaspersky Anti-virus boot CD

jubo — Sun, 19 Jul 2009 22:33:00 GMT

Kaspersky released a new Boot CD. If your computer is infected by a, or more virus(es) and you want to boot the computer from CD, then download the 120MB ISO-file from Kaspersky.
The Boot-CD is based on Gentoo Linux and will download the latest anti-virus updates.

You can download the rescue disk at the Kaspersky site.

Microsoft Security Bulletin Summary for July 2009

jubo — Thu, 16 Jul 2009 18:22:00 GMT

A little late, but here it is. Microsoft released another couple of updates on the usual "Patch Tuesday", July 4th. There are three "critical" and three "important" updates to download and to install.

Critical:

MS09-029 - Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
MS09-028 - Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
MS09-032 - Cumulative Security Update of ActiveX Kill Bits (973346)

Important:

MS09-033 - Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)
MS09-031 - Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
MS09-030 - Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)

As usual, a more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security website.

Have a wonderful day! From a Starbucks store in sunny Seattle....

Microsoft Security Advisory (973472)

jubo — Mon, 13 Jul 2009 16:00:00 GMT

Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

For more information see Microsoft TechNet

Microsoft Office 2010: The Movie

jubo — Sun, 12 Jul 2009 05:46:00 GMT

In case you're using Microsoft Office... the future is near... ;)

(Please visit the site to view this media)

Check out the website: http://www.office2010themovie.com/

Microsoft Security Advisory: Video ActiveX control could allow remote code execution

jubo — Thu, 09 Jul 2009 18:15:00 GMT

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/advisory/972890.mspx

A workaround is available in Microsoft Knowledge Base Article 972890.

Affected software are versions of Windows server 2003 and Windows XP, incl. the XP Pro x64 Edition.

McAfee's spam report for July

jubo — Tue, 07 Jul 2009 00:56:00 GMT

Today McAfee published its spam report for the month of July with the top 15 spam subject lines by domain. For instance for the .COM domain it gives you this:

Hello
Hi
RE: DISCOUNT 80% 0FF on Pfizer !
Replica Watches
Undelivered Mail Returned to Sender

For more information and other Top 15 subject lines for each major domain (.ORG, .UK, .CN, etc.), as well as the rest of McAfee’s July Spam Report, see McAfee's Avert Labs Blog.

Microsoft Security Essentials Beta available for download

jubo — Wed, 24 Jun 2009 01:43:25 GMT

If you’re interested in the Beta of Microsoft Security Essentials and you want to download it, then go to their web site MSE Beta. Better hurry because it seems it’s topped at 75,000 downloads.

If you have any questions then you’ll find the answers at: Microsoft Answers.

Currently available for USA, Israel, People’s Republic of China, and Brazil.

Microsoft Security Essentials/MORRO Beta released June 23rd

jubo — Fri, 19 Jun 2009 23:57:53 GMT

Mary-Jo Foley had a chat with Alan Parker, General Manager of Microsoft’s Anti-Malware team, and based on that conversation it seems that MSE/Morro will be released as Beta on June 23rd. WGA validation seems to be required.

For more detailed information check Mary-Jo Foley’s blog at ZDNet

Microsoft Security Bulletin Summary for June 2009

jubo — Thu, 18 Jun 2009 22:06:53 GMT

In between al the housework and painting Microsoft released 10, but could be more for your configuration, updates and patches for the month of June. There are six “critical”, three “important” and one “moderate” patches.

Critical:

MS09-018 - Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
MS09-022 - Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
MS09-019 - Cumulative Security Update for Internet Explorer (969897)
MS09-027 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)
MS09-021 - Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
MS09-024 - Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)

Important:

MS09-026 - Vulnerability in RPC Could Allow Elevation of Privilege (970238)
MS09-025 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
MS09-020 - Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)

Moderate:

MS09-023 - Vulnerability in Windows Search Could Allow Information Disclosure (963093)

As usual, a more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

See also the MSRC blog: June 2009 Bulletin Release

Hope you have already updated your machine. If not then you know where to find Microsoft Update.

Have a wonderful day! It’s the 29th day, and counting…, without rain in the Seattle area… I love it.. ;)

Microsoft Security Bulletin Summary for May 2009

jubo — Mon, 18 May 2009 17:04:43 GMT

Because of all that moving around, from one continent to the other, and all the reconstruction of the house, I’ve not been able to post the monthly updates here. But if you haven’t done it already then you know the drill: just go to Microsoft Update to check for updates and patches. When I checked a few days ago, I also found out that there’s Service Pack 2 for Microsoft Office 2007. So, if you don’t have it yet, then go and get it.

In the meanwhile, for the month of May there are some critical updates for Microsoft Office PowerPoint:

MS09-017 - Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340)

A more technical version of the Security Bulletin can be found at TechNet and an end-user version is available at Microsoft's Security At Home site.

See also the MSRC blog: May 2009 Bulletin Release

Have a great day!

Microsoft Security Intelligence Report Vol. 6

jubo — Fri, 10 Apr 2009 23:23:34 GMT

The Microsoft Security Intelligence Report (SIR), vol. 6, provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software.

More at: Microsoft Malware Protection Center

Get your copy at the Microsoft Download Center.

New portal for Microsoft's Malware Protection Center

jubo — Mon, 02 Mar 2009 22:08:00 GMT

Today, during the 2nd day of the MVP Meeting at Microsoft campus, the team of MMPC, Monilee Atkinson, Tareq Saade, showed us the new web portal for their blog. You really have to check out this website: http://www.microsoft.com/security/portal/beta. Tell them what you think about it. Not only the content or bugs, but also how the site looks like. The link for the feedback is at the bottom of the page.

Thanks to Monilee and Tareq for today's very informative session!

PS: you can find the "old" blog here.