Todd's Tech Blog : Security

todd — Mon, 08 Aug 2005 02:04:00 GMT

There is no virus for Windows Vista!!!!! This is one piece of news that really got me riled up. What happened is someone determined some commands in Monad (Microsoft's Unix-like command line console - although calling it Unix-like doesn't really give it enough credit) could create havoc and published a report about them on the web. Somehow this translated to there being a virus affecting Windows Vista beta 1 running crazy on the internet. Just to make this clear, WINDOWS VISTA WILL NOT INCLUDE MONAD. Also, Microsoft didn't pull Monad from Windows Vista because of this. Monad will be in development for quite a bit longer than Windows Vista. It may show up in Windows Longhorn R2 release scheduled for a 2009 release but it may not even be done then. So anyway, enough of my rant...:)

Three new security bulletins

todd — Thu, 14 Jul 2005 00:44:00 GMT

I know, I'm a day late :-)

Vulnerability in JView Profiler Could Allow Remote Code Execution (MS05-037)
Severity Rating: Critical
Affects:

Windows 2000 SP4
Windows XP SP1, SP2, x64 Edition
Windows Server 2003, SP1, Itanium-based systems, SP1 for Itanium-based systems, x64 Edition
Windows 98, 98 SE, and Windows ME

Click here for more info, download links

-----

Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (MS05-036)
Severity Rating: Critical
Affects:

Windows 2000 SP4
Windows XP SP1, SP2, x64 Edition
Windows Server 2003, SP1, Itanium-based systems, SP1 for Itanium-based systems, x64 Edition
Windows 98, 98 SE, and Windows ME

Click here for more info, download links

-----

Vulnerability in Microsoft Word Could Allow Remote Code Execution (MS05-035)
Severity Rating: Critical
Affects:

Office 2000 SP3 (Word 2000)
Office XP SP3 (Word 2002)
Microsoft Works Suite 2000-2004

Not Affected:

Office 2003
Office Word 2003 Viewer

Click here for more info, download links

MBSA 2.0 Released!

todd — Sat, 02 Jul 2005 00:05:00 GMT

Susan Bradley notes that Microsoft has released MBSA 2.0 today! Woo hoo! I thought this wouldn't be out till the middle of this month, but it's here today. Here is more information on MBSA in general, and here's more info on MBSA 2.0. And here's the download.

A new Microsoft Security Advisory

todd — Fri, 01 Jul 2005 14:33:00 GMT

I guess this one was released last night. This latest affects all systems running IE 6 and could result in an attacker obtaining full control of an affected system. Says Microsoft, “A COM object, javaprxy.dll, when instantiated in Internet Explorer can cause Internet Explorer to unexpectedly exit. We are investigating a potentially exploitable condition.“ Between now and when a fix is released, Microsoft recommends running a firewall, anti-virus software, making sure your system is up-to-date as far as patches go, and to turn your Internet and local intranet security zone to high. Buying a Mac wouldn't be a bad idea either :-p