Adobe Security Bulletins

Tweet This

To complete the triumvirate, Adobe issued the following Security Bulletins:

• APSA09-04 Security Advisory for Adobe Flash Player
• APSB09-11 Security Update available for Shockwave Player

For a better understanding of the updates, see the ESET Blog post at More Adobe Update Information.







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Java SE Runtime Environment 6u15 Update

Tweet This

Update:

Java SE 6u15 was pulled from the download site. According to the Advance notification of Security Updates for Java SE published by Sun yesterday, the release has been rescheduled for Tuesday, August 4.

Sun Microsystems has released update Java SE 6u15, which addresses US-CERT Vulnerability Note VU#466161 describing a security vulnerability with "verifying HMAC-based XML digital signatures."

In the event you have any old Java updates prior to 6u11, it is strongly advised that you go to Add/Remove programs and uninstall those versions as the "update mechanism" did not remove those vulnerable versions. Following the uninstall, run JavaRa. Merely unzip JavaRa to your desktop and do the following:

• Double-click on JavaRa.exe to start the program. (Windows Vista users right-click JavaRa.exe > Select Run as Administrator)
  
• Click on Remove Older Versions to remove older versions of Java.
  

At last check, the site has not been updated but the download link is live here: Java SE Runtime Environment 6u15. (Note: uncheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.)

References:

• Java SE 6 Update 15 Release Notes
• Sun Java Security Vulnerability

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Out of Band Critical Microsoft Security Bulletin Release 28Jul09

Tweet This

Microsoft has released two new security bulletins and one security advisory. Full details can be found at the following Web pages:

• MS09-034
• MS09-035
• Security Advisory 973882

Additionally, to provide general guidance around ATL (Active Template Library), Microsoft has published the following Web page: http://www.microsoft.com/atl/ . What this means to readers of Security Garden is get the security update from Microsoft Update.

If you have automatic updating turned on, you will receive the security update related to this issue, and you do not need to take further action. If you do not have it turned on, go to Microsoft Update to download and install the latest security update for Internet Explorer that was released on July 28, 2009.

Consider upgrading to Internet Explorer 8 to benefit from enhanced security and protections.

For additional information, see the MSRC blog post: Microsoft Security Advisory 973882, Microsoft Security Bulletins MS09-034 and MS09-035 Released




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Webhelper is Back!

Tweet This

"I am the Watcher, I am the SpywareHunter. I am the Webhelper, Keeper of the histories of all who work to profit from the use of other's personal information through the use of adware, trackware, or controlware. If you are one who does this, I will know!"

Wächter der Geschichten, Keeper of the Histories


Although still very busy in his position as Senior Malware Researcher at Sunbelt Software, our long-time friend and associate, Patrick Jordan, a.k.a. the renown Webhelper, has resumed providing Webhelper Alerts! for members of LandzDown Forum.

As Webhelper tells us:

"One must know the past in order to understand the present
if one is to change the future!"

Welcome home, old friend!



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Are You Planning on Upgrading to Windows 7?

Tweet This

A major tech news story this week was that Windows 7 Has Been Released to Manufacturing. With that in mind, you may be planning on upgrading your current operating system to Windows 7.

The first determination is whether your operating system is eligible for upgrade. In Blake Handler's blog post, he provides an easy-to-follow documented list of both the supported as well as unsupported upgrade paths for editions of the Windows 7 operating system. Note that if you have Windows XP, it will be necessary to do a clean install.

An absolute "must read" is Ed Bott’s article, "Windows 7 Upgrade FAQ", at Microsoft Report, ZDNet.com. Included in the FAQ is a nice explanation of the difference between an OEM license, an upgrade license, a full license, and a volume license.

References:

• Blake Handler: Microsoft Documents "Windows 7 Upgrade Paths"
• Ed Bott: The Ultimate Windows 7 Upgrade FAQ

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Two Out-of-Band Microsoft Security Bulletins

Tweet This

Microsoft has released advance notification of two Out-of-Band security bulletins they are intending to release on July 28, 2009.

One bulletin will be for the Microsoft Visual Studio and the other provides chanes to Internet Explorer. As reported in the MSRC Blog:

"While we can’t go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported."

Bulletin ID: Visual Studio

Maximum Severity Rating: Moderate
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Visual Studio .NET 2003, Microsoft Visual Studio 2005, Microsoft Visual Studio 2008, Microsoft Visual C++ 2005, and Microsoft Visual C++ 2008

Bulletin ID: Internet Explorer

Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008

References:

• MSRC Blog: Advance Notification for July 2009 Out-of-Band Releases
• TechNet: Microsoft Security Bulletin Advance Notification for July 2009

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Comodo On Rerun

Tweet This

It is the same old, same old from Comodo, yet again.

"Yet again we find the same group "ISystem Inc" scamming the public with their bogus products ... with a little more help from Comodo. Now I ask you ... how many times do I have to report the same group being issued a certificate from Comodo, before they take the necessary steps to prevent the general public from being ripped-off by these bad actors?"

See the complete report at Hosts News, Comodo continues to ignore Malware warnings.

Note: Written by Corrine, not Donna or "MVP Mike".





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Vulnerabilities Continue

Tweet This

A number of vulnerabilities ago, I replaced Adobe Reader with an open source reader from http://pdfreaders.org/. I continue to be pleased with the results of the open source reader, particularly considering that although Adobe Reader was recently updated to version 9.1.2 due to vulnerabilities in the previous version, problems continue. As described at ISC,

". . . when tested with Internet Explorer and the latest Flash player (version 10), the exploit silently drops a Trojan and works "as advertised". Another interesting thing I noticed is that the Trojan, which is downloaded in the second stage, is partially XOR-ed – the attackers probably did this to evade IDSes or AV programs scanning HTTP traffic. At the moment, the detection for both the exploit and the Trojan is pretty bad (only 7/41 for the Trojan, according to VirusTotal).

It appears that even when JavaScript support is disabled in Adobe Reader that the exploit still works, so at the moment there are no reliable protection mechanisms (except not using Adobe Reader?). Regarding Flash, NoScript is your best help here, of course."

References:

• APSA09-03 - Security Advisory for Adobe Reader, Acrobat and Flash Player
• NoScript
• YA0D (Yet Another 0-Day) in Adobe Flash player

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Its Official: Windows 7 Released to Manufacture

Tweet This

There has been a lot of speculation about when Windows 7 will be Released to Manufacture (RTM). That can end now as today is the day!

Brandon LeBlanc has a blog post on the Windows 7 Team Blog about RTM, linked below. What I think you will enjoy even more is the actual Windows 7 RTM Sign-Off at the Engineering 7 blog.

"The final few minutes before RTM are a sign-off process where each and every team that contributed to Windows formally commits to having successfully executed the work necessary for the product to be in the release process. We gather one last time (for Windows 7) in the “Ship Room” and a representative from each team signs (literally) and signifies their team’s readiness for manufacturing. We thought we’d share this moment with you here today."

"Next stop, October 22, 2009!"

References:

• Engineering Windows 7: Our Next Engineering Milestone: RTM
• Press Pass: Microsoft Releases Windows 7 and Windows Server 2008 R2: Industry partners are finalizing new products in time for the worldwide launch.
  
• Windows 7 Team Blog: Windows 7 Has Been Released to Manufacturing

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

New WinPatrol Even More Windows 7 Friendly

Tweet This

Today Bill Pytlovany released a new update to WinPatrol, adding additional Windows 7 compatibility.

16.1.2009.0

• Detects if other programs are monitoring HOSTs and some other system files to prevent conflicts.
  
• Fixed rare bug where Scotty barked a few times for no reason.
  
• Support for Accessibility Sound Sentry in Vista or greater.
  
• Scotty icon used in new Windows 7 Taskbar.
• Better handling of events that are blocked by User Account Control.

When you visit WinPatrol.com, check out the new web site design. Be sure to stop over at Bits from Bill, New WinPatrol Even More Windows 7 Friendly, and let Bill know how much you like (or not) the redesign.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

MMPC Portal V2 is Live

Tweet This

The Microsoft Malware Protection Center (MMPC) was been revamped, tested and is now live. As described at the MMPC Blog:

"This new portal contains several new features including stream-lined sample submission and tracking, which is made possible by creating an MMPC profile. When you log in, the information saved in your MMPC profile auto-populates the sample submission form, thereby expediting the submission process. You can then monitor the status of your submission online – if you are logged in (using your MMPC profile) while submitting a sample, we will allow you to view details for all samples you have submitted in the past. In effect we now have ‘one stop shopping’ for sample submission and tracking."

RSS feeds are now available for the MMPC encyclopedia entries, active malware lists, and the change log. In addition, the new security blog aggregator page on the Trustworthy Computing Microsoft web site is planned to be live tomorrow.

Full story: We're Excited to Announce the Release of the MMPC Portal V2!





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Rogue or Real A-Squared Marketeer?

Tweet This

It was reported at Malwarebytes Forum that someone claiming to be a representative of A-Squared Anti-Malware has been sending messages to helpers on forums requesting that they drop Malwarebytes' Anti-Malware (MBAM) and use A-Squared instead.

Although the review, "a-squared Anti-Malware 4.0 - Alarming False Positives" by PC Magazine is for version 4.0 and not the current 4.5, perhaps the person thinks what s/he is doing will help overcome the negative aspects presented in that review. After reading what this person is spreading, it is difficult not to think that the false/positive detection of MBAM was intentional. (See this July 3, 2009, report at WOT, Todays ASquared F/P's.)

The truth of the matter is that on the forums we recommend the software program that does the necessary work to remove malware. It is for that precise reason that so many of the forum security experts recommend MBAM. I certainly have seen successful results in logs when recommending MBAM and will continue recommending Malwarebytes' Anti-Malware.

I sincerely hope that this is a "rogue marketeer" and not a true representative of A-Squared and that A-Squared representatives extend an appropriate public apology.

Update posted by Fabian Wosar, (Technical Support) at a-squared forum:

"Mike Christenson, the person responsible for the PM you quoted, is no longer part of Emsi Software GmbH. He was fired today (actually yesterday) as soon as we became aware of the mails and PMs he was sending out.

I can't say anything more official yet as all people who could give a more official statement right now are not available. You will have to wait until it's day in Austria/Germany (it's 02:40 AM right now)."

and confirmed by Marcin Kleczynski (Malwarebytes President and CEO):

"I spoke with the CEO of Emsisoft regarding this situation. Christian confirmed it was an employee of Emsisoft and he has dealt with him properly. I thank Christian for his efforts."

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Unpatched Adobe Version From Official Site

Tweet This

If you recently installed Adobe Reader, is is strongly recommend that you open Adobe Reader 9.x and go to the "Help" -> "About Adobe Reader 9" and verify that your installation is indeed version 9.1.2 (the latest patched version as of this posting).

See complete report at Secunia.com: Adobe Insecure / Unpatched Version From Official Site

Personally, I have replaced Adobe Reader with an open source reader, selected from http://pdfreaders.org/. The reader recommended for your operating system at PDFReaders.org will have a green background. According to the site, "The recommendations are based on ease of use and install and do not reflect the technical merits of the software itself."

Via Donna's SecurityFlash



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

July 2009 Microsoft Security Bulletin Release

Tweet This

Microsoft released six security updates for July. As Jerry Bryant explained at the MSRC Blog,

"This month we are releasing six bulletins. Three of those affect Windows and are rated Critical. All three of those also have an Exploitability Index rating of “1” which means that we believe that consistent exploit code in the wild is highly likely within the first 30 days. In fact, as we discussed in the advance notification blog post last week, two of those are under active attack and were discussed in security advisories which are being replaced with the release of these bulletins."

You may also want to watch the video presentation by Jerry Bryant and Adrian Stone at the MSRC Blog where they provide a little more discussion on risk and impact concerning this month’s bulletins and Security Advisory 973472.

Following is general information regarding the updates:

Critical:

MS09-028 - Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)

Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003

MS09-029 - Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)

Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008

MS09-032 - Cumulative Security Update of ActiveX Kill Bits (973346)

Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows XP, Windows Server 2003

Important:

MS09-030 - Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (969516)

Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Publisher 2007

MS09-031 - Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)

Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Internet Security and Acceleration Server 2006

MS09-033 - Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)

Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Virtual PC 2004, Virtual PC 2007, Virtual Server 2005

Summaries for the July bulletins may be found at http://www.microsoft.com/technet/security/bulletin/MS09-Jul.mspx.






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft Security Advisory 973472 Released

Tweet This

Security Advisory 973472 relates to a Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution. As with other "remote code execution" vulnerabilities, if exploited, the attacker could could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention. Microsoft is aware of attacks attempting to exploit the vulnerability.

You can prevent the Microsoft Office Web Components from running in Internet Explorer either manually, using the instructions in the Workaround section of the security advisory, or automatically, using the solution found in Microsoft Knowledge Base Article 973472. I recommend home users with "affected software" use the Fix it Solution in Microsoft Knowledge Base Article 973472.

Affected software:

• Microsoft Office XP Service Pack 3
• Microsoft Office 2003 Service Pack 3
• Microsoft Office XP Web Components Service Pack 3
• Microsoft Office 2003 Web Components Service Pack 3
• Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1
• Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3
• Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3
• Microsoft Internet Security and Acceleration Server 2006
• Internet Security and Acceleration Server 2006 Supportability Update
• Microsoft Internet Security and Acceleration Server 2006 Service Pack 1
• Microsoft Office Small Business Accounting 2006

Microsoft is currently working to develop a security update for all affected software listed above and will release the update when it has reached an appropriate level of quality for broad distribution.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Is Comodo President/CEO a Liar? You Decide

Tweet This

It appears that Comodo's "Hero Administrator" has sunk to the level of referring to anyone who criticizes Comodo as a liar. Well, Melih, your claim is wrong.

Here is the situation: I was checking blog visitor statistics this morning. When there is a referral link from a forum or another blog rather than as search results, I generally follow the link to see the source of the link. This is what I found today:

VISITOR ANALYSIS
Referring Link	http://forums.comodo.com/empty-t42573.0.html;msg288724;topicseen

Following the link, I saw this blog post by Melih Abdulhayoglu, the President and CEO of Comodo:

"And its been over a week and she still hasn't put my response to her post on her site Surprise Surprise!

http://securitygarden.blogspot.com/2009/07/parents-beware-of-comodo-firewall.html

I responded to her site on July 4th... and knowing the possibility of them censoring my post, i took a snapshot of my screen as I posted it.....7 days on... they rather censor what their users read...welldone Donna! Somehow I had a hunch that being concerned about telling the truth to her readers wasn't the first thing in her mind

Today its 11th July, they still continue to spread the lies and haven't changed a thing...

Your sole purpose is a witchhunt against Comodo.. I hope you are being paid well for that

Melih"

Since the only comments I reject are spam links or comments containing vulgarities, I proceeded to check the Dashboard. A screen copy of the Dashboard notice of comments that were awaiting moderation at Security Garden is too wide to incorporate here. The image is available at http://securitygarden.googlepages.com/MelihCommentNotices.GIF

As can clearly be seen in the above-linked screen copy as well as the e-mail notice, reproduced in References below, the comment was left not on July 4 but rather last evening, July 11, at 11:29 PM. It is apparent that Comodo President/CEO "doth protest too much".

No, Melih, I do not get paid for blog posts or help on the forums. My issue is not only with Comodo but also with any so-called security company with practices I perceive as not being representative of a security vendor (see Ethics tag).

As to HopSurf, the domain registration information from DNS Stuff is copied below and HopSurf is registered to Comodo. That does not, however, change my warning to parents, as originally posted. HopSurf is a pre-checked toolbar for a so-called security product with a EULA clearly warning against the toolbar being available to anyone under age 18:

"1.5.The Toolbar and the Services are not intended for use by or availability to persons under the age of 18.IF YOU ARE UNDER 18 YEARS OF AGE, YOU MAY NOT DOWNLOAD, INSTALL OR USE THE TOOLBAR AND YOU MAY NOT ACCESS THE SERVICES."

With such a warning, I have no other choice but to believe that use of the toolbar would provide "adult-only" results in searches.


References:

• DNS Stuff Lookup: www.hopsurf.com A record

  
    
  Domain
  Type
  Class
  TTL
  Answer
    
  www.hopsurf.com.
  A
  IN
  3600
  91.199.212.173
    
  hopsurf.com.
  NS
  IN
  3600
  ns0.comododns.net.
    
  hopsurf.com.
  NS
  IN
  3600
  ns0.comododns.com.
    
  hopsurf.com.
  NS
  IN
  3600
  ns1.comododns.com.
    
  hopsurf.com.
  NS
  IN
  3600
  ns1.comododns.net.
    
  ns0.comododns.com.
  A
  IN
  21600
  91.209.196.4
    
  ns0.comododns.net.
  A
  IN
  21600
  149.5.128.4
    
  ns1.comododns.com.
  A
  IN
  21600
  67.51.175.4
    
  ns1.comododns.net.
  A
  IN
  21600
  91.209.196.5
   
  
  

• E-mail notice: "New comment on Parents Beware of Comodo Firewall."

Anonymous to me

Anonymous has left a new comment on your post "Parents Beware of Comodo Firewall

":

HopSurf is a Comodo product, developed and published solely by Comodo, not ASk.com.
Please get you facts straight before posting what could be considered and is False information.

Publish

this comment.

Reject

this comment.

Moderate

comments for this blog.

Posted by Anonymous to Security Garden

at July 11, 2009 11:29 PM

Reply

Forward

Reply

|

Anonymous to me

show details 11:32 PM (10 hours ago)

Reply

Anonymous has left a new comment on your post "Parents Beware of Comodo Firewall

":

Please note - failure to publish any posted comments that are contrary to your posts is proof you are completely biased and therefore unreliable. People should be made aware of this fact.

Publish

this comment.

Reject

this comment.

Moderate

comments for this blog.

Posted by Anonymous to Security Garden

at July 11, 2009 11:32 PM

Reply

Forward

• Referral link: http://forums.comodo.com/empty-t42573.0.html;msg288724;topicseen
  
  
• Screen Copy of Dashboard Comments: http://securitygarden.googlepages.com/MelihCommentNotices.GIF
  
  
• Security Garden: Ethics tag
  
  
• Security Garden: Parents Beware of Comodo Firewall

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Important: Upcoming Upgrade for Windows Update

Tweet This

The Microsoft Update Product Team Blog has announced that beginning late in August, an upgrade will be started for Windows Update and Microsoft Update services. The Team assures us in Upcoming Update for Windows Update that the update will not change your current Windows Update or Automatic Updates settings.

The upgrade is reported as an improvement to the user interface for Windows Vista and Windows Server 2008 computers running Windows Update by adding a more visible and detailed description of updates. Improvements in how users are notified about service packs is also included.

Note in particular the following from the notice:

• The Windows Update or Automatic Updates client software must be updated, or you may not be able to successfully check for updates or perform other configured actions.
  
  
• If Windows Update or Automatic Updates is enabled to automatically check for updates, download updates, or install updates on your computer then the infrastructure update will be downloaded and installed automatically.
  
  
• Your computer will not be updated if you have disabled Windows Update (or Automatic Updates) and do not check for updates.

I believe it needs repeating: unless Windows Update (or Automatic Updates) is disabled, regardless of your settings, the upgrade will be downloaded and installed automatically.

See Upcoming Update for Windows Update for complete information.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

CA Antivirus Detected Windows System File as Virus

Tweet This

Via @Bugbatter, I see that Computer Associates had a problem with a false/positive in a recent update. I have a lot of friends who use CA because it is included with their broadband account.

From the c|net article, Users upset after CA anti-virus detects Windows system file as virus:

"CA Internet Security Suite users should restore affected files from quarantine using the GUI. CA Threat Manager customers should search local hard drives for files with the extension .AVB and manually rename to their original file extension by removing the appended text on the original file name."

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Comodo continues to damage it's reputation

Tweet This

As reported (again) by Microsoft MVP Mike Burgess, Comodo does it again:

"Here again we find another bogus Antispyware program that does nothing but take your money ... with a little help from Comodo"

Read about it at Comodo continues to damage it's reputation.

Remember, Security Garden readers, the following firewall programs are free for personal use.

Online Armor Free
Agnitum Outpost Firewall
Kerio Personal Firewall




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Advance Notice: July 2009 MSRC Security Bulletin

Tweet This

As part of the monthly security bulletin release cycle, Microsoft provides advance notification on the number of new security updates being released, the products affected, the aggregate maximum severity, and information about detection tools relevant to the update.

On July 14, 2009 Microsoft is planning to release six new security bulletins. Below is a summary in order of severity. The full version of the Microsoft Security Bulletin Advance Notification for this month can be found here at http://www.microsoft.com/technet/security/bulletin/ms09-jul.mspx.

Jerry Bryant provided important clarification regarding two of the pending Windows updates at the MSRC Blog in July 2009 Advance Notification:

"First, we will be addressing the issue discussed in Security Advisory 971778 concerning a vulnerability in DirectShow. As noted in the advisory, we are aware of limited active attacks and we have been working aggressively to get a quality update shipped to customers.

Second, our engineering teams have been working around the clock to produce an update for the issue discussed in Security Advisory 972890 (vulnerability in the Microsoft Video ActiveX Control) and we believe that they will be able to release an update of appropriate quality for broad distribution that protects against the attacks we detailed in the advisory and in an MSRC blog post by Christopher Budd. In the mean time, we encourage customers to continue to enable the workaround by running the “Microsoft Fix it” solution in the associated knowledge base article (KB972890)."

Bulletin ID: Windows 1

Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008

Bulletin ID: Windows 2

Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows 2000, Windows XP, Windows Server 2003

Bulletin ID: Windows 3

Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Windows XP, Windows Server 2003

Bulletin ID: VPC/VS

Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Virtual PC 2004, Virtual PC 2007, Virtual Server 2005

Bulletin ID: ISA

Maximum Severity Rating: Important
Vulnerability Impact: Elevation of Privilege
Restart Requirement: Requires restart
Affected Software: Microsoft Internet Security and Acceleration Server 2006

Bulletin ID: Publisher

Maximum Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Restart Requirement: May require restart
Affected Software: Microsoft Office Publisher 2007

Although Microsoft does not anticipate any changes, the number of bulletins, products affected, restart information, and severity of the bulletins are subject to change until released.



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft Twitters Update

Tweet This

Microsoft Twitters has been updated to add additionally discovered Microsoft Twitter accounts. Don't be surprised to find that someone from Microsoft takes up the challenge to provide a master list.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

"Fix it" for Security Advisory 972890 and Infected Michael Jackson Videos

Tweet This

Microsoft released Security Advisory 972890, "Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution". This is a vulnerability in Microsoft Video ActiveX Control. Successful exploitation of this vulnerability could result in gaining the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

This vulnerability only affects Windows XP and Windows Server 2003. Windows Vista or Windows Server 2008 are not affected. Not surprisingly, there have been reports of fake Michael Jackson videos sent via e-mail or served on web pages that include malware using this known vulnerability.

Microsoft has issued a workaround that disables the Microsoft Video ActiveX Control automatically on a computer that is running Windows XP or Windows Server 2003. Home computer users using Windows XP are strongly encouraged to use the Microsoft Fix it solution in order to disable the ActiveX Control.

Click the Fix it image to access the workaround:

When a security update has been released for this vulnerability, a Microsoft Fix it workaround is also provided to disable the workaround.


References:

• Advisory: Microsoft Security Advisory (972890): Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution
• Fix it: Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft Twitters

Tweet This

BlogMS maintains a listing of Official Microsoft Team Blogs (with RSS links) and additionally provides regular updates of new blog posts. What is missing on TechNet is a "TwitterMS Blog" maintaining a listing of Official Microsoft Team Twitter Accounts.

Until someone at Microsoft has an opportunity to create and maintain a TwitterMS Blog, included below is an update to the partial list of Microsoft Twitter accounts published in Microsoft completes embrace of Twitter at Ars Technica.

The initial list comprises 65 Microsoft Twitter accounts, listed in alphabetical order. Please post any updates to the list as a comment and I will update the list after verification.

Microsoft Twitters:

http://twitter.com/adCenterBlog
http://twitter.com/AskTechNetUK
http://twitter.com/Azure
http://twitter.com/bing
http://twitter.com/bingcashback
http://twitter.com/bizspark
http://twitter.com/ch10
http://twitter.com/ch8
http://twitter.com/ch9
http://twitter.com/codeplex
http://twitter.com/continuumshow
http://twitter.com/CRMOnline
http://twitter.com/fixit4me
http://twitter.com/HealthVault
http://twitter.com/IE
http://twitter.com/live_at_edu
http://twitter.com/liveframework
http://twitter.com/livemesh
http://twitter.com/liveside
http://twitter.com/MBSConvergence
http://twitter.com/Microsoft
http://twitter.com/Microsoft_EDU
http://twitter.com/microsoft_green
http://twitter.com/microsoft_xbox
http://twitter.com/MicrosoftCES
http://twitter.com/microsofthohm
http://twitter.com/MicrosoftIW
http://twitter.com/MicrosoftPress
http://twitter.com/MicrosoftSB
http://twitter.com/MicrosoftStore
http://twitter.com/microsofttag
http://twitter.com/MicrosoftUP
http://twitter.com/microsoftvine
http://twitter.com/MicrosoftVSTS
http://twitter.com/microspotting
http://twitter.com/MicrsftTech4All
http://twitter.com/mixonline
http://twitter.com/msaccess
http://twitter.com/msadvertising
http://twitter.com/MSDN
http://twitter.com/MSDN_News
http://twitter.com/MSDN_Office
http://twitter.com/MSDynamicsCRM
http://twitter.com/MSExpression
http://twitter.com/MSExpression
http://twitter.com/MSFTBizBuilder
http://twitter.com/MSFTResearch
http://twitter.com/mslearning
http://twitter.com/msmyphone
http://twitter.com/MSOffice_ITPro
http://twitter.com/MSOfficeResKit
http://twitter.com/MSOfficeUS
http://twitter.com/msonline
http://twitter.com/msPartner
http://twitter.com/msretail
http://twitter.com/msrobotics
http://twitter.com/MSRobotics
http://twitter.com/MSSpringboard
http://twitter.com/MSSurface
http://twitter.com/mswebplatform
http://twitter.com/MSWindows
http://twitter.com/MVPAwardProgram
http://twitter.com/mvpglobalsummit
http://twitter.com/office_live
http://twitter.com/Office2010Movie
http://twitter.com/officelabs
http://twitter.com/PDC09
http://twitter.com/projectrosetta
http://twitter.com/recite
http://twitter.com/SharePoint
http://twitter.com/sharepointBI
http://twitter.com/silverlightnews
http://twitter.com/SiteNamedDesire
http://twitter.com/STBNewsBytes
http://twitter.com/teamsilverlight
http://twitter.com/tnedge
http://twitter.com/virtualization
http://twitter.com/WindowsAzure
http://twitter.com/windowsblog
http://twitter.com/windowslive
http://twitter.com/WindowsLiveWire
http://twitter.com/wlmessenger
http://twitter.com/wmdev
http://twitter.com/xamlevents
http://twitter.com/XNACommunity
http://twitter.com/zune
http://twitter.com/ZuneHD
http://twitter.com/ZuneInsider
http://twitter.com/zunemarketplace

Disclaimer: The above Twitter Account Information is supplied "AS IS". No warranty, either expressed or implied, is made in relation to the accuracy or completeness thereof.

Note: Since the copy/paste formatting resulted in each link to open in a new window/tab, you may find it more convenient to copy/paste the list to Microsoft Word or Excel to compare to the groups you are already following.

Edit 07Jul09: Updated to add additional accounts shown in Comments



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

The Best Windows Website

Tweet This

The Windows Club "Best Windows Website Contest 2009" is live and I am privileged to be one of the contest Judges.

The purpose of the contest is to discover and recognize some of the best Windows bloggers and website owners. If you run a website, including a blog or a forum, which primarily focuses on Microsoft Windows, you are invited to participate in this Contest. The first 50 sites entered in the Contest will receive a 1-year license for a-squared anti-malware.

Judges:

The 10 best websites will be selected from the submissions by a Panel of 10 Judges, comprising the following (including me):

Ed Bott, MVP, Ed Bott's Windows Expertise
Lowell Heddings, HowToGeek
Howard Lo, Microsoft Regional Team Manager (APAC)
Emil Protalinski, Arstechnica
Rafael Rivera, Within Windows
Paul Schottland, Microsoft Product Unit Manager
Steven Sinchak, MVP, Tweaks

and representing The Windows Club:

Corrine Chorney, MVP, Security Garden and The Windows Club Moderator
James Fisher, MVP, Windows Talk and The Windows Club Moderator
Anand Khanse, MVP, and The Windows Club Administrator

(MVP = Recipient of Microsoft Most Valuable Professional Award)

Following the selection of 10 sites from among the entrants, those sites will be submitted for a community vote. The top 5 vote recipients will be judged again, de nova, by the Panel of Judges and the Winner and the 2 Runners-up declared. While selecting the final 3, the votes received by the top 5 will not be a considering factor.

The submissions will be judged on content, quality, originality, continuity, presentation and overall impression. The website can be in any language, but it must have a language translator widget. The over-riding consideration will be: Does the website have substantial original quality content of interest to Windows Vista & Windows 7 users?

Prizes:

The winner of The Windows Club "Best Windows Website Contest 2009" will receive:

• Windows 7 Home Premium Upgrade (when available)
• Windows Vista Ultimate box DVD
• Microsoft Office 2007 box DVD
• "I'm A PC" tee

plus a license for each of the following products:

• Acronis® True Image Home 2009
• Diskeeper 2009
• ESET Smart Security Suite 4
• Extensions For Windows®
• Glary Utilities Pro
• Malwarebytes' Anti-Malware
• SnagIt 9
• TuneUp Utilities 2009
• WinPatrol PLUS

The 2nd and 3rd runners-up will each receive a license for Acronis® True Image Home 2009, Diskeeper 2009, Malwarebytes' Anti-Malware, TuneUp Utilities 2009, and WinPatrol PLUS.

The 4th and 5th runners-up will each be provided a license for Webroot Internet Security Essentials.

Contest Schedule:

July 1: Contest Announcement
July 5: Submission of entries start, 1.30 PM UTC
July 30: Last date for submitting entries, 1.30 PM UTC
August 1-8: Judges shortlist the top 10 entries
August 9: Open Community Voting, 1.30 PM UTC
August 25: Close Community Voting, 1.30 PM UTC
August 26-30: Judges Decide
August 31: Announcement of Winners

Time Zones: 1.30 PM UTC converts to 11:30:00 PM AEST, 7.00 PM IST, 6:30:00 AM PST, same date.

The Panel of Judges, and the first, second and third place websites from the contest last year are not eligible to participate again this year. However, last years winning individuals may submit different websites, if they have launched a new Windows website.

The blog/site title, Home Page URL, along with a 2-4 line description about the site, should be submitted. If you are not a member, you will be required to REGISTER at TheWindowsClub forum. Registration is instantaneous and you do not have to wait for an email verification.

Submit your entry --> HERE <--

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Declaration of Independence

Tweet This

"IN CONGRESS, JULY 4, 1776

The unanimous Declaration of the thirteen united States of America

When in the Course of human events it becomes necessary for one people to dissolve the political bands which have connected them with another and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature's God entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation.

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. . ."

Although our forefathers declared equality in the Declaration of Independence, here we are 233 years later and still seeing a lack of equality and continued discrimination. Let us hope that a time comes when those words will have a real meaning.

Happy Independence Day!

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Parents Beware of Comodo Firewall

Tweet This

Oh yes, Comodo promised to remove the Ask Toolbar and they did. In its place is another IAC product, the HopSurf Toolbar -- also a pre-checked installation. Not only is the toolbar pre-checked, as reported by Consumer Security MVP, Donna Buenaventura, there is no EULA (End User License Agrement) included with the installer.

Donna kindly provided links to the on-line EULA for the HopSurf Toolbar at both Comodo and HopSurf. Reading the EULA, I cannot help but be concerned regarding what sort of material is provided by HopSurf that results in the inclusion of the following:

"1.5.The Toolbar and the Services are not intended for use by or availability to persons under the age of 18.IF YOU ARE UNDER 18 YEARS OF AGE, YOU MAY NOT DOWNLOAD, INSTALL OR USE THE TOOLBAR AND YOU MAY NOT ACCESS THE SERVICES."

Based on the above, as well as the sneaky inclusion of the pre-checked toolbar and missing EULA in the installer, I strongly advise caution, particularly to parents who have young children using the family computer.

As Donna said:

"So Comodo’s promise to remove SafeSurf Toolbar happened but not to finish their agreement with A$k/IAC. Instead, the new version of Comodo is now bundled with HopSurf Toolbar which is IAC/Ask.com too. The installer become worst because there’s no EULA presented in addition to known method of misleading people by offering unnecessary third party service/component in a SECURITY software. Note that it is a security software that should offer clean installer no?"

So much for improvements.

See Donna's complete post in Comodo removed Ask/IAC SafeSurf Toolbar by replacing it with HopSurf/IAC/Ask Toolbar and the accompanying screen shots at CoU.

The following firewall programs are free for personal use and do not include a toolbar.

• Online Armor Free
• Agnitum Outpost Firewall
• Kerio Personal Firewall

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...