Wednesday, June 30, 2010

Important service change regarding Twitter with Widows Live‏

Social Networking has become not only a popular way for friends to communicate. It is also a great means of sharing information. I have found that I generally get technical news and information faster via Twitter than my large collection of RSS feeds.

For Windows Live users who have not seen the announcement, effective June 30, 2010, twitter posts will no longer be imported from Twitter and shared with your Windows Live Messenger friends. Following is the e-mail notice from the Windows Live Team Newsletter:

"Dear Windows Live Customer,

Thank you for connecting your social networks and other services with Windows Live. We are contacting you because you have added your Twitter feed to Windows Live and we want to notify you of an upcoming change.

Beginning June 30, 2010 your tweets will no longer be automatically imported from Twitter and shared out to your Windows Live Messenger friends due to policy changes made by Twitter. We are working hard with Twitter to make this service available again and apologize for any inconvenience this may cause you.

We remain focused on making Hotmail, Messenger, and your PC with Windows great companions to social networks and other services. This change has no impact on your ability to connect Windows Live with our other 75+ other social networks and other service partners, which include Facebook, LinkedIn, MySpace, Flickr, and more.

Sincerely,

The Windows Live Team"

Clubhouse Tags: Clubhouse, Microsoft, Windows Live, Windows Live Messenger, Instant Messaging, Twitter, Information,






Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Online Armor sold to Emsisoft

Yes, it is true. Mike Nash confirmed in his blog post today that he sold the popular software firewall, Online Armor, to Emsisoft. Many followers of Security Garden will remember when Scot Finnie named Online Armor 2.1 as the Best Firewall Software of 2008.

Online Armor has remained a popular and excellent product. In fact, it is one of the two software free-for-personal use firewall products that I recommend.

On behalf of Emsisoft CEO, Christian Mairoll, Mike provided the following information for Online Armor customers:
  • "Product editions will stay untouched. Freeware edition will not end of course.
  • Website remains on www.online-armor.com, but we'll have to move everything away from tallemu.* domains soon.
  • Forum remains, but moved to support.online-armor.com
Which kind of benefits does Emsisoft expect from the deal then? As part of a much larger development team (8 at Emsisoft so far), OA development can progress faster. Sharing knowledge internally is a very important factor for speed and quality of the produced software.

  • With the existing marketing and sales force at Emsisoft, we want to spread the name about OA much more. It's a great product, winning tests, but we need to tell everybody about it to make it grow.

  • On the long run, we have plans to create some kind of a suite product. It's gonna be a completely new product most likely. But things are not finally decided yet."

  • I wish Mike and Tall Emu success in the flexible CRM system, developed for corporate customers.

    References:

    Clubhouse Tags: Clubhouse, Firewall, Security, Information,


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, June 29, 2010

    Bing Search Engine Statistics

    When reviewing the visitor statistics for Security Garden, I have been noticing a steady increase in visitors resulting from Bing searches.

    Although the bar graph below is from U.S. visitors, I noticed today that the results from Bing.com overshadowed those from Google.com.


    Thus far, international visitors to Security Garden are not using Bing for their locale and are staying with Google. To set Bing to your part of the world go to the Bing Worldwide page. To change your display language, go to preferences.

    Clubhouse Tags: Clubhouse, Microsoft, Bing, Search, Information,



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Adobe Reader and Acrobat Critical Security Updates

    AdobeIcon An Adobe Security Bulletin has been posted to address critical security issues in Adobe Reader and Acrobat, referenced in Security Advisory APSA10-01.

    Affected products include both Adobe Reader 9.3.2 and Adobe Acrobat 9.3.2 (and earlier versions) for Windows, Macintosh and UNIX, (and earlier versions) as well as both Adobe Reader 8.2.2 and Adobe Acrobat 8.2.2 (and earlier versions) for Windows and Macintosh.

    The Adobe Reader update for Windows is available from here. Download links for Acrobat and Macintosh and UNIX platforms are available from the Security Bulletin. If you elect to uninstall the current version of Adobe Reader and install the updated product, as with Adobe Flash Player, be careful to UNCHECK the box shown below. It is not needed for the update!

    McAfee Security Scan Plus

    The vulnerability in Security Advisory APSA10-01 could cause the application to crash and potentially allow an attacker to take control of the affected system.

    Important Note: There are reports that the issue in CVE-2010-1297, addressed in this update, relating to a memory corruption vulnerability that could lead to code execution is being actively exploited in the wild.

    Details of the additional mitigations reported in the Security Bulletin are as follows:
    • This update mitigates a social engineering attack that could lead to code execution (CVE-2010-1240).
    • This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-1285).
    • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1295).
    • This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2168).
    • This update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2201).
    • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2202).
    • This update resolves a UNIX-only memory corruption vulnerability that could lead to code execution (CVE-2010-2203).
    • This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-2204).
    • This update resolves an uninitialized memory vulnerability that could lead to code execution (CVE-2010-2205).
    • This update resolves an array-indexing error vulnerability that could lead to code execution (CVE-2010-2206).
    • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2207).
    • This update resolves a dereference deleted heap object vulnerability that could lead to code execution (CVE-2010-2208).
    • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2209).
    • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2210).
    • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2211).
    • This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2212).


    Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...
    v>

    Windows Installer Cleanup Utility Retired

    Since its original release, the Windows Installer Cleanup utility has been recommended countless times to resolve installation problems. The utility removed the installation files, not the program, providing the ability to start the process over.

    Unfortunately, it was found that the Windows Installer Cleanup utility was could damage some other components of the Windows operating system. As a result, Microsoft removed the Windows Installer Cleanup utility from the Download Center.

    In place of the Windows Installer Cleanup utility, Microsoft now provides a Fix it Solution to fully remove Office 2003, 2007 and 2010 suites without damaging other Windows components. The Fix it for Office 2003, 2007 and 2010 is available at http://support.microsoft.com/kb/290301.

    Although Major Geeks is still hosting the Windows Installer Cleanup utility, the use is at your own risk since Microsoft no longer supports the utility.

    Hat tip, The Windows Club, Microsoft retires Windows Installer Cleanup utility!

    References:

    Clubhouse Tags: Clubhouse, Microsoft, Windows, Office, Information,



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    U.S. Windows Anytime Upgrade Expires July 3, 2010


    The Windows Anytime Upgrade (WAU) program in the U.S. will expire on Saturday, July 3, 2010.

    In the event you purchased (or are about to purchase within the next few days) a new computer with a lower version of Windows 7, you can upgrade as follows:
    • Windows 7 Starter -> Windows 7 Home Premium for $49.99, saving $30.
    • Windows 7 Home Premium -> Windows 7 Professional for $79.99, saving $10.
    The step-by-step process of upgrading from a lower edition of Windows 7 to a higher edition provided by the Windows Team Blog is follows:

    STEP 1:

    When a customer launches Windows Anytime Upgrade (WAU) from Windows 7, they are presented with 2 options: purchase a WAU product key online or enter a WAU product key from a WAU retail package purchased in a store.

    If a customer has a WAU product key, they will choose "Enter an upgrade key" to proceed with the upgrade.

    STEP 2:

    Customer will enter their WAU product key.

    STEP 3:

    The WAU product key the customer entered will be verified as valid.

    NOTE: Step 2 and 3 do not happen for people who choose to purchase a WUA product key online. The process of buying a WUA product key automates these 2 steps and takes you directly to Step 4 after the purchase. After making a WUA purchase online, you are given the ability to print out a receipt and are also sent a copy via email.

    STEP 4:

    Customer will accept license terms to proceed.

    STEP 5:

    Customer will be asked to save their work and close all programs. To proceed, the customer will click the "Upgrade" button.

    STEP 6:

    The upgrade takes place! The customer's PC will reboot.

    STEP 7:

    The upgrade finishes and the customer is now running the version of Windows 7 they upgraded to with all its features!


    References:

    Clubhouse Tags: Clubhouse, Microsoft, Windows, Windows 7, How-To, Information,


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Monday, June 28, 2010

    Microsoft Security Essentials Version Update


    Microsoft Security Essentials (MSE) has been updated to Version 1.0.1963.0. As indicated in Microsoft KB Article 975959, notification of the update can take several forms:
    "You are prompted to do this through the Microsoft Security Essentials user interface, through a pop-up window, or through a "toast" message. Additionally, you may notice an "Important" or "High priority" download, Microsoft Security Essentials Client update package - KB2254596, on Microsoft Update (http://www.update.microsoft.com) that offers an upgrade to the latest version of Microsoft Security Essentials."
    To ensure that you have the current version, launch MSE. Click the down arrow by Help (located in the right-hand corner) and select "About Microsoft Security Essentials". If the version number does not match 1.0.1963.0, the updated version can be obtained from the Microsoft Download Center: Microsoft Security Essentials.


    Clubhouse Tags: Clubhouse, family, security, How-to, antivirus, Updates, Information





    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Sunday, June 27, 2010

    Mozilla Firefox 3.6.6 Update

    Mozilla released Firefox version 3.6.6 which modifies the crash protection feature, added in Firefox 3.6.4. The update increases the amount of time that plugins are allowed to be non-responsive before being terminated.

    Note: there was no Firefox version 3.6.5.

    The purpose of the crash protection feature is to provide uninterrupted browsing for Windows and Linux users when there is a crash in the Adobe Flash, Apple Quicktime or Microsoft Silverlight plugins. The default timeout in Firefox version 3.6.4 was set to 10 seconds. Apparently, this was too short, particularly for some Facebook Flash-based games such as FarmVille and Mafia Wars.

    The default timeout in Firefox 3.6.6 was increased to 45 seconds. If you are still experiencing problems with the default timeout not being long enough, Mozilla provided instructions to disable the hang protection:

    "You can disable hang protection to prevent Firefox from killing a hanging plugin process, regardless of how long it's taking. Crashes in the plugin will still be caught and will not terminate the browser process.

    1. In the Location bar, type about:config and press Enter.
      • The about:config "This might void your warranty!" warning page may appear. Click I'll be careful, I promise!, to continue to the about:config page.
    2. The about:config page should appear. In the Filter box, type dom.ipc.plugins.timeoutSecs
    3. Double click the setting and change the number to -1 to disable hang protection.



    If not prompted to update, existing Firefox users can update via Help > Check for Updates.


    References:

    Clubhouse Tags: Clubhouse, Updates, Information






    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, June 22, 2010

    Mozilla Firefox 3.6.4 Update

    Mozilla released Firefox version 3.6.4 which includes a feature to provide uninterrupted browsing for Windows and Linux users when there is a crash in the Adobe Flash, Apple Quicktime or Microsoft Silverlight plugins.

    In addition, the following security updates were included, with the last four listed fixes identified as Critical:

    Fixed in Firefox 3.6.4

    • MFSA 2010-33 User tracking across sites using Math.random()
    • MFSA 2010-32 Content-Disposition: attachment ignored if Content-Type: multipart also present
    • MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes
    • MFSA 2010-30 Integer Overflow in XSLT Node Sorting
    • MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal
    • MFSA 2010-28 Freed object reuse across plugin instances
    • MFSA 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)
    If not prompted to update, existing Firefox users can update via Help > Check for Updates.



    Clubhouse Tags: Clubhouse, Security, Vulnerabilities, Updates, Information






    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Wednesday, June 16, 2010

    Micrsooft Fix it Available for Windows Help & Support Vulnerability

    Last week, Microsoft released Security Advisory 2219475, addressing a vulnerability in the Windows Help and Support Center function in Windows XP and Windows Server 2003. Microsoft updated the Executive Summary of the Security Advisory after becoming aware of limited, targeted active attacks that use the published proof-of-concept exploit code. Note that based on the samples analyzed, Windows Server 2003 systems are not currently at risk from the attacks.

    Fix it

    For anyone using an operating system affected by the Windows Help and Support Center vulnerability, Microsoft released KB Article 2219475, "Vulnerability in Help Center could allow remote code execution". The KB Article which includes a Fix it solution to protect computers from the vulnerability. Also included is an "undo" Fix it to reverse the process after a security update has been released addressing the issue.

    Click the Fix it image above or go to Microsoft Fix it to download the wizard to fix this problem automatically.


    Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information,




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, June 15, 2010

    Windows Live Hotmail

    WLHotmail

    The Windows Live Hotmail Team has good reason to celebrate. Microsoft has started rolling out the “new Hotmail” features. Because the Hotmail servers are grouped into hundreds of clusters, and only one cluster is upgraded at a time, the migration is not expected to be complete until the end of summer (winter in the Southern Hemisphere!). If you do not see the new features yet, please be patient. They will be coming your way soon.

    Initially, there are some features, like the integrated Office Web Apps and the ability to send files via SkyDrive, that are available only in certain countries. For example, the US, Canada, UK, and Ireland are receiving Office integration first and it will be rolled out to other countries later this year.

    Some of the enhanced features of Windows Live Hotmail include the new Sweep menu, freshly integrated Office Web Apps, via SkyDrive, new attachment limits up to 10 GB, and the ability to create and send photo albums right from Hotmail.

    However, I am most interested in the improved security features, briefly described below. For more detailed information on the improved security features as well as the other new features in Hotmail, see What's new in Hotmail.

    Trusted senders

    One feature I am particularly looking forward to is the "Trusted Sender". This feature visually identifies legitimate mail from about 100 senders, mostly financial institutions like banks, that are commonly spoofed by identity thieves.

    Account security information

    The new Hotmail encourages you to increase the security of your account by adding security information that you can privately associate with your Hotmail account. For example, you can use your cell phone or other items as proof of account ownership. Then, should a problem arise with your account, you can be sent an account recapture code via an SMS message or enable regaining account access.

    Single-use codes

    For times when you will be using a public computer (i.e., at an internet cafe, airport, coffee shop), All it takes is clicking "request a code", and a one-time use authentication code will be sent to a private proof point (mobile phone or alternate e-mail address). By using a single-use code on a public computer instead of your password, you avoid the chances of it being stolen by key-loggers.

    Full-session SSL

    The new Hotmail will soon support the option to maintain SSL encryption between you and Microsoft servers during the entire Hotmail session.

    References:





    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Thursday, June 10, 2010

    Microsoft Security Advisory (2219475)

    Microsoft released Security Advisory 2219475, addressing a vulnerability in the Windows Help and Support Center function in Windows XP and Windows Server 2003. One of Google’s security researchers publicly released vulnerability details as well as a working exploit for the vulnerability. Microsoft is not aware of any active attacks at this time.

    Because Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 do not include the Help and Support Center application, they are not vulnerable to this issue or at risk of attack.

    Important Note from the Security Research & Defense Team:
    "The full-disclosure advisory included a hotfix tool built by the Google security researcher. Unfortunately it is ineffective at preventing the vulnerable code from being reached and can be easily bypassed. We recommend not counting on the Google hotfix tool for protection from the issue."
    For an effective workaround, please see the information provided in Microsoft Security Advisory (2219475).


    Affected Software
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems


    References:
    Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information,


    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Security update available for Adobe Flash Player

    AdobeIcon An Adobe Security Bulletin has been posted to address critical security issues in Adobe Flash Player, referenced in Security Advisory APSA10-01. This Security Bulletin affects Flash Player versions 10.0.45.2 and earlier, as well as AIR versions 1.5.3.9130 and earlier.

    Although Adobe suggests downloading the upate from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, the fastest method is the direct download:

    If you use the Adobe Flash Player Download Center, be careful to UNCHECK the box shown below. It is not needed for the Flash Player update!

    1 MB

    McAfee Security Scan Plus

    Verify Installation:

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. Do this for each browser installed on your computer.


    Details: from the Security Bulletin:

    Release date: June 10, 2010

    Vulnerability identifier: APSB10-14

    CVE number: CVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189

    Platform: All Platforms

    Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, June 08, 2010

    June 2010 Security Bulletin Release


    Microsoft released 10 bulletins to address 34 total vulnerabilities in Windows, Microsoft Office (including SharePoint), Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework.

    Only three of these bulletins get our maximum severity rating of Critical, described at the MSRC Blog as follows:

    • MS10-033 is a remote code execution vulnerability in both Quartz.dll and Asycfilt.dll and is rated Critical on all supported versions of Windows. Specially crafted media files could trigger the vulnerability when a user visits a web page or opens a malicious file.

    • MS10-034 is a cumulative update for ActiveX Kill Bits and is Critical on Windows 2000, XP, Vista, and Windows 7. There are two Microsoft controls we are applying Kill Bits for. Those are the Internet Explorer 8 Developer Tools control, and the Data Analyzer ActiveX control. The latter control is not installed by default. In addition, there are Kill Bits for four third-party controls. Please review the bulletin for additional details.

    • MS10-035 is a cumulative update for Internet Explorer. Of the six vulnerabilities addressed in the bulletin, only one, an information disclosure vulnerability, is publicly known. This issue was identified in Security Advisory 980088. We remain unaware of any active attacks against this vulnerability.
    The seven remaining bulletins were rated Important:

    Microsoft Security Bulletin MS10-032
    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)
    Microsoft Security Bulletin MS10-036
    Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
    Microsoft Security Bulletin MS10-037
    Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218)
    Microsoft Security Bulletin MS10-038
    Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)
    Microsoft Security Bulletin MS10-039
    Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554)
    Microsoft Security Bulletin MS10-040
    Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666)
    Microsoft Security Bulletin MS10-041
    Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)

    References:

    Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Sunday, June 06, 2010

    Adobe Flash/Reader Vulnerability Mitigation Options

    Reports are that exploitation of the critical vulnerability in Adobe Flash player is growing rapidly. This vulnerability can also be vectored through malicious PDF files to invoke Flash.

    Although Adobe has reported that Flash version 10.1 does not appear to be vulnerable to this attack (available from Adobe Labs), this is a release candidate and not the final version. Of course, that is the option suggested by Adobe but many people prefer not to run beta or RC software on their computer systems. Personally, I prefer to take a different route.

    For people who use Internet Explorer, I recommend disabling Flash with WinPatrol. Merely launch WinPatrol, select the ActiveX tab and click the Shockwave Flash Object. Click Disable and Yes to the WinPatrol warning:


    If you use Firefox, with the NoScript Firefox extension, Flash can be executed only by trusted websites of your choice. However, even with NoScript installed, I recommend disabling the Shockwave Flash plugin:


    I long ago left Adobe Reader behind, uninstalling it from all my computers. I prefer Sumatra PDF. Although the bright yellow background is a bit harsh to my liking, Sumatra PDF is a clean, light-weight PDF reader that just works. It has no undesirable toolbars, does not write to the registry and can be run from an external USB drive. Other open source PDF Readers are available from http://pdfreaders.org/.


    Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, WinPatrol, Vulnerabilities, Information,



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Saturday, June 05, 2010

    Security Advisory: Adobe Flash Player, Adobe Reader and Acrobat

    AdobeIcon Security Advisory CVE-2010-1297 has been posted due to a critical vulnerability in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems. The advisory includes the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems.

    This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.

    Adobe's Product Security Incident Response Team (PSIRT) has confirmed that the 8.x versions of Adobe Reader and Acrobat are not vulnerable in this instance. However, there are other vulnerabilities affecting the 8.x versions. The PSIRT also reports that the Flash Player 10.1 Release Candidate does not appear to be vulnerable.

    Release date: June 4, 2010
    Vulnerability identifier: APSA10-01
    CVE number: CVE-2010-1297


    References:


    Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,



    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Thursday, June 03, 2010

    June 2010 Bulletin Release Advance Notification

    On June 8, 2010 Microsoft is planning to release ten (10) new security bulletins addressing 34 vulnerabilities. As described at the MSRC Blog:
    • Six of the bulletins affect Windows; of those, two carry a Critical severity rating and four are rated Important.
    • Two bulletins, both with a severity rating of Important, affect Microsoft Office.
    • One bulletin, again with a severity rating of Important, affects both Windows and Office.
    • One bulletin, with a severity rating of Critical, affects Internet Explorer.
    The bulletin summary is below.

    Security Advisory 983438 (Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege) will be closed with the June bulletins. Also addressed will be Security Advisory 980088 (Vulnerability in Internet Explorer Could Allow Information Disclosure).

    ==================================
    NEW BULLETIN SUMMARY
    ==================================
    Bulletin ID: Bulletin 1
    Maximum Severity Rating: Important
    Vulnerability Impact: Elevation of Privilege
    Restart Requirement: Requires restart
    Affected Software: Microsoft Windows
    ----------------------------------
    Bulletin ID: Bulletin 2
    Maximum Severity Rating: Critical
    Vulnerability Impact: Remote Code Execution
    Restart Requirement: May require restart
    Affected Software: Microsoft Windows
    ----------------------------------
    Bulletin ID: Bulletin 3
    Maximum Severity Rating: Critical
    Vulnerability Impact: Remote Code Execution
    Restart Requirement: May require restart
    Affected Software: Microsoft Windows
    ----------------------------------
    Bulletin ID: Bulletin 4
    Maximum Severity Rating: Critical
    Vulnerability Impact: Remote Code Execution
    Restart Requirement: Requires restart
    Affected Software: Internet Explorer
    ----------------------------------
    Bulletin ID: Bulletin 5
    Maximum Severity Rating: Important
    Vulnerability Impact: Remote Code Execution
    Restart Requirement: May require restart
    Affected Software: Microsoft Office
    ----------------------------------
    Bulletin ID: Bulletin 6
    Maximum Severity Rating: Important
    Vulnerability Impact: Elevation of Privilege
    Restart Requirement: May require restart
    Affected Software: Microsoft Windows
    ----------------------------------
    Bulletin ID: Bulletin 7
    Maximum Severity Rating: Important
    Vulnerability Impact: Remote Code Execution
    Restart Requirement: May require restart
    Affected Software: Microsoft Office Excel, Microsoft Office Compatibility Pack, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac.
    ----------------------------------
    Bulletin ID: Bulletin 8
    Maximum Severity Rating: Important
    Vulnerability Impact: Elevation of Privilege
    Restart Requirement: May require restart
    Affected Software: Microsoft Office InfoPath 2003, InfoPath 2007, SharePoint Server 2007, and Windows SharePoint Services 3.0.
    ----------------------------------
    Bulletin ID: Bulletin 9
    Maximum Severity Rating: Important
    Vulnerability Impact: Remote Code Execution
    Restart Requirement: May require restart
    Affected Software: Microsoft Windows
    ----------------------------------
    Bulletin ID: Bulletin 10
    Maximum Severity Rating: Important
    Vulnerability Impact: Tampering
    Restart Requirement: May require restart
    Affected Software: Microsoft Windows
    ----------------------------------

    References:


    Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,





    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Wednesday, June 02, 2010

    Kid-Safe Cool Applications and Websites

    When I was growing up, before going outside to play, parental instructions were, "Be home by dark" and "Don't talk to strangers". That was before the computer age and was a time when parents depended on school teachers to teach their children in reading, writing and arithmetic.

    We live in a much different world today. Before beginning school, children not only know their ABC’s but most also have basic reading and number recognition skills. Parents (or grandparents, aunts or uncles) looking for kid-safe learning games may be interested in ItzaBitza or kidthing.

    ItzaBitza
    ItzaBitza is a kids learning game from http://sabigames.com/kids-games/itzabitza/. It has a target audience of kids ages 4 to 8. The program is listed at $19.99 and is compatible with Windows XP, Windows Vista, and Windows 7.

    The free content available from ItzaBitza includes Let’s Read!PDF (1.5MB), by Dr. Diana Sharp with creative ways to plant seeds of a lifelong love of reading in your child. Also available is Sketchy Adventures PDF (2.1MB):

    The Sketchies are waiting to go on an adventure with you and your child! Each adventure is designed to engage your child in using their creativity and imagination to come up with their own endings.

    The ItzaBitza drawing games are intended to allow kids to interact with their drawings. As kids play, they are using creative thinking, problem solving, and reading comprehension skills.

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Kids play, read, learn safely online and more from http://www.kidthing.com/kidthing. The suggested age ranges of the kidthing products range from 3 to 11. The store has categories by age as well as school levels Pre-K and Elementary.

    The kidthing player is free to download and includes a few free things not only to get you started but also to evaluate if it will suit your child. The products at the kidthing store cost between $ .99 and $ 7.99. kidthing is compatible with Windows XP, Windows Vista and Windows 7.

    kidthing™ was formed with a single goal in mind - create a new platform that keeps kids safe while using the Internet to have fun learning, sharing and getting to know the world around them.

    The company was founded by a team of experienced business people, technologists, and designers. We all have kids and are just as worried about them surfing websites as you are about yours.

    kidthing leverages the power and global reach of the Internet to deliver fun and engaging content to kids everywhere, yet keeps them off of the World Wide Web and all of the inappropriate and potentially harmful things that they can encounter there.


    As your children begin to explore the computer and the Internet on their own, it is important for parents and family members to have the tools to keep them safe. In addition to the resources provided below, an excellent on-line resource for parents and family members is the website, BeWebAware.

    Be Web Aware is a national, bilingual public education program on Internet safety. The initiative was developed and supported by Media Awareness Network (MNet), Bell and Microsoft Canada. It includes safety tips by age, information for parents on cyberbullying, privacy, gaming, marketing aimed at kids, and much more.

    A Small Selection of Kid-Safe Websites and Activities

    Child Safety Help for Parents

    Clubhouse Tags: Clubhouse, Challenge-Apps, Family Safety, Games, Story, Windows Vista, Windows 7,




    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, June 01, 2010

    End of Support: Vista SP1, XP SP2, Windows 2000

    Windows Vista

    Support for Windows Vista without any service packs installed ended on April 13, 2010. Even if you updated Windows Vista to SP1, it is time to install the SP2 update. Windows Vista SP2 includes support for new types of hardware and includes all of the updates that have been released since Windows Vista SP1. See How to Install Windows Vista SP2.

    Windows XP

    Support is ending for Windows XP SP2 and below on July 13th, 2010. There is, however, a solution for Windows XP users who are not in a position to upgrade to a new operating system. Windows XP SP3 includes all previously released updates and a small number of new updates. It won't significantly change the Windows XP experience. See How to Install Windows XP SP3.

    Note:

    There is no SP3 for the 64-bit version of Windows XP. If you are running the 64-bit version of Windows XP with SP2, you have the latest service pack and will continue to be eligible for support and receive updates until April 8, 2014.

    Windows 2000

    Support is also ending for Windows 2000 on July 13th, 2010. I seldom see many people in the forums with Windows 2000 installed on their computers. The few I see are on old computers that have been lovingly maintained by their owner. As they are painfully aware, end of support is rapidly approaching for all versions of Windows 2000. When their Windows 2000 computers are replaced, they are certainly going to have an adjustment to the newest Operating System!

    Update: The following resource was recently published by Microsoft, Migrating User Files from Windows 2000 to Windows 7
    , described as follows:
    The Windows User State Migration Tool (USMT) version 4.0 does not support migrating user state from Windows 2000 to Windows 7—a challenge for organizations wanting to refresh many computers running Windows 2000 while moving users’ files. This white paper and its companion scripts help overcome this challenge by providing a solution that preserves users’ files during deployment.

    Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information, Service Pack,





    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...