Friday, April 27, 2012

Oracle Java SE Update

java

Oracle Java released an update to Java SE 6 and Java SE 7. 

Edited to clarify:  Included in the Oracle updates are eighty-eight (88) new critical security fixes across numerous Oracle products, listed in the Oracle Critical Patch Update Advisory.  It is strongly advised that the update be installed for those products as soon as possible due to the thread posed by a successful attack.

Now that Java SE 7 has been officially released, it is recommended that users of Java SE 6 update to the latest version.  The Java SE 7u4 does not add any fixes for security vulnerabilities beyond those in Java SE 7u3.

Although Java is not required (See Do You Need Java?), if you do have Java installed on your computer, it is advisable to install the latest update.  It is also advised that all prior (and vulnerable) versions of Java SE be uninstalled from your computer.

Download Update


For Java SE 6, the full internal version number for this update release is 1.6.0_32-b05 (where "b" means "build"). The external version number is 6u32.

For Java SE 7, the full internal version number for the update to the Java SE 7 release is 1.7.0_04-b20 (where "b" means "build"). The external version number is 7u4.  

When updating to Java SE 7, check installed programs because it does not appear that upgrading removes Java SE 6.  The "end of life" date for Java SE 6 has been extended from July 2012 to November 2012, to allow some more time for the transition to JDK 7.

Verify your version:  http://www.java.com/en/download/testjava.jsp

Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Critical Patch Updates

For Oracle Java SE Critical Patch Updates, the next three dates are:
  • 12 June 2012
  • 16 October 2012
  • 19 February 2013

    References






    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...

    Tuesday, April 24, 2012

    Mozilla Firefox 12 Released with Critical Security Updates


    Firefox 12 was sent to the release channel today by Mozilla.  It is important to note two important things to about this update.

    First, the release of version 12 is the last version release to officially support Windows 2000, Windows XP RTM or XP Service Pack 1.  Windows XP SP2 and above will be the oly supported Windows operating systems in the next version release of Firefox.

    Second, after installing version 12, subsequent updates will no longer require approval of the User Account Control (UAC).  Instead, Firefox will automatically update (silent updates).  Note, however, the addition of the Update Tab to the Advanced panel of the Options settings.  The option is provided to "Check for updates, but let me choose whether to install them."

    Edit Note:  The update to version 12 is the first step toward silent updates.  The addition included
    the Mozilla Maintenance Service.  It is expected that silent updates will be in place no later than version 14.



    Security Updates Fixed in Firefox 12

    MFSA 2012-33 Potential site identity spoofing when loading RSS and Atom feeds
    MFSA 2012-32 HTTP Redirections and remote content can be read by javascript errors
    MFSA 2012-31 Off-by-one error in OpenType Sanitizer
    MFSA 2012-30 Crash with WebGL content using textImage2D
    MFSA 2012-29 Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues
    MFSA 2012-28 Ambiguous IPv6 in Origin headers may bypass webserver access restrictions
    MFSA 2012-27 Page load short-circuit can lead to XSS
    MFSA 2012-26 WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error
    MFSA 2012-25 Potential memory corruption during font rendering using cairo-dwrite
    MFSA 2012-24 Potential XSS via multibyte content processing errors
    MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface
    MFSA 2012-22 use-after-free in IDBKeyRange
    MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9
    MFSA 2012-20 Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4)

    What's New

    The Release Notes include new and fixed features in version 12.  The numerous Bug Fixes are in the link available in References.


    • NEW -- Windows: Firefox is now easier to update with one less prompt (User Account Control)
    • NEW -- Page Source now has line numbers
    • CHANGED -- Line breaks are now supported in the title attribute
    • CHANGED -- Improvements to "Find in Page" to center search result
    • CHANGED -- URLs pasted into the download manager window are now automatically downloaded
    • DEVELOPER -- Support for the text-align-last CSS property has been added
    • DEVELOPER -- Experimental support for ECMAScript 6 Map and Set objects has been implemented
    • FIXED -- Various security fixes
    • FIXED -- Some TinyMCE-based editors failed to load (739141)
    • FIXED -- OS X: WebGL performance may be degraded on some hardware (713305)

        Known Issues

        • If you try to start Firefox using a locked profile, it will crash (see 573369)
        • For some users, scrolling in the main GMail window will be slower than usual (see 579260)
        • Some synaptic touch pads are unable to vertical scroll (see 622410)
        • Windows: The use of Microsoft's System Restore functionality shortly after updating Firefox may prevent future updates (see 730285)

        Update

        The upgrade to Firefox 12 will be offered through the browser update mechanism after any impacts related to the Microsoft Security Updates are analyzed.  To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

        If you do not use the English language version, Fully Localized Versions are available for download.

        References




        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...


        Monday, April 23, 2012

        SkyDrive Changes + 25 GB Storage for Current Users

        New storage options and apps to connect your devices to SkyDrive were announced by the Building Windows 8 blog.  The announcement provides information on the following.

        New Features

        • "SkyDrive for the Windows desktop (preview available now). View and manage your personal SkyDrive directly from Windows Explorer on Windows 8, Windows 7, and Windows Vista with this new preview app available in 106 languages worldwide.
        • Fetching files through SkyDrive.com. Easily access, browse, and stream files from a remote PC running the preview app to just about anywhere by simply fetching them via SkyDrive.com.
        • SkyDrive storage updates. A new, more flexible approach to personal cloud storage that allows power users to get additional paid storage as their needs grow.  
        • SkyDrive for other devices. We’ve updated the SkyDrive apps on Windows Phone and iOS devices, bringing better management features and sharing options to those devices. We’re also releasing a new preview client for Mac OS X Lion, letting you manage your SkyDrive right from the Finder."
        Of particular note is that SkyDrive for Windows desktop is only for Windows 8, Windows 7 and Windows Vista, notably excluding Windows XP.

        Paid Storage


        As anticipated, along with the changes to SkyDrive, Microsoft will be providing paid storage.  The cost structure is as follows:
        • New SkyDrive users:  7 GB free storage.
        • *Existing users:  After opt-in, up to 25 GB free storage
        • Additional 20 GB storage:  $10 per year
        • Additional 50 GB storage:  $25 per year
        • Additional 100 GB storage:  $50 per year

        *Existing users applies to SkyDrive accounts as of April 22, 2012.

        Limited Time Loyalty Offer - 25 GB Free


        In order to upgrade your existing SkyDrive account from 7 GB free storage to 25 GB free storage, log on to your SkyDrive account, https://skydrive.live.com/.  Click "Manage storage" > "Upgrade my storage" to lock in 25 GB for free.



        Other than specifying "limited time", I have not seen an indication of when the "Loyalty Offer" expires so I suggest you take advantage of the offer now before it expires.


        References








        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...


        Wednesday, April 18, 2012

        Understanding Microsoft Anti-Malware Software

        Microsoft provides a variety of security products for both consumers as well as business environments.  With multiple products available, there is bound to be questions and, occasionally, confusion on which product to use. 

        This article is presented to help clarify questions about the variety of Microsoft anti-malware products.  (Updated:  08Oct2014)

        Microsoft Security Essentials

        Microsoft Security Essentials (MSE) is an antivirus, anti-malware, anti-spyware software providing real-time protection for your computer.  Microsoft Security Essentials is free for home users as well as small and medium businesses with up to ten (10) PC's.  If your business has more than 10 PCs and, therefore, it is against the license terms to use MSE, consider System Center 2012 Endpoint Protection, described below.

        MSE works on Windows 7, Windows Vista and Windows XP*.  However, your PC must run genuine Windows to install Microsoft Security Essentials.  Beware of rogue/scam offerings and only download Microsoft Security Essentials from the Microsoft Safety & Security Center.

        Definition updates for MSE are obtained automatically through the program or downloaded directly from the Microsoft Malware Protection Center (MMPC) Portal.  You may also be offered updates through Windows Update.

        Note*With Windows XP having reached "end of life" on April 8, 2014, Microsoft has stopped providing Microsoft Security Essentials for download for that operating system.  Definitions will continue to be available for Windows XP until July 15, 2015.  See Microsoft antimalware support for Windows XP.
         

        Windows Defender (Windows 8)

        Adding to the confusion between the anti-spyware program named Windows Defender and the boot-scan software Windows Defender Offline, is Windows Defender installed on Windows 8. In addition to including all of the same features as Microsoft Security Essentials, Windows Defender on Windows 8 will interface with Windows secured boot, a new Window 8 protection feature.

        On a PC that supports UEFI-based Secure Boot, Windows secured boot will help ensure that all firmware and firmware updates are secure.  By loading only properly signed and validated code in the boot path, the entire Windows boot path up to the anti-malware driver will be checked to ensure that it has not been tampered with. 

        Like Microsoft Security Essentials, definition updates for Windows Defender on Windows 8 are obtained automatically through the program or downloaded directly from the Microsoft Malware Protection Center (MMPC) Portal.  You may also be offered updates through Windows Update.

        Note:   Do not attempt to install Microsoft Security Essentials on Windows 8.  It is incompatible with Windows 8.  Windows Defender on Windows 8 incorporates the antivirus engine of Microsoft Security Essentials.  If you elect to install a different antivirus product on Windows 8, Windows Defender will be disabled.

        Microsoft Safety Scanner

        The Microsoft Safety Scanner is a no-frills scanner to help remove viruses, spyware, and other malicious software. The Microsoft Security Scanner will work with your existing antivirus software but it is not a replacement for a resident antivirus software program.

        The Microsoft Safety Scanner works on Windows 7, Windows Vista and Windows XP.  There is no charge to use the Microsoft Safety Scanner and there is no requirement to prove Windows is genuine.

        The Microsoft Safety Scanner expires ten (10) days after being downloaded. The reason for the expiration time is at the point of downloading the Microsoft Safety Scanner, it installs the most recent definitions from the Microsoft Malware Protection Portal (MMPC). Due to the frequency of definition updates, even after one day, the definitions are outdated.  The Microsoft Safety Scanner uses the same definitions that are used for Microsoft Security Essentials and Microsoft Forefront.

        For instructions on the use of the Microsoft Safety Scanner, you may be interested in this brief tutorial:   How to Use the New Microsoft Safety Scanner.

        Malicious Software Removal Tool

        The Malicious Software Removal Tool (MSRT) scans for select malware only. Microsoft releases an updated version of the MSRT on the second Tuesday of each month along with security updates.  Additional updates are added as needed to respond to security incidents.  The current list of targets for removal is available at Families Cleaned by the Malicious Software Removal Tool.  

        The MSRT works on Windows 7, Windows Vista, Windows XP, Windows Server 2003, or Windows Server 2008 and is available from Microsoft Update, Windows Update and the Microsoft Download Center.

        As explained in Microsoft KB Article 890830, the Microsoft Malicious Software Removal Tool is not a substitute for antivirus software.  There is no real-time protection and, as shown in the above-referenced list of families cleaned, the MSRT is targeting specific prevalent malicious software that is actively running on the computer.

        Windows Defender Offline

        Originally named Microsoft Standalone System Sweeper, the released tool was renamed "Windows Defender Offline". The original tool had long been a part of the Microsoft Diagnostics and Recovery Toolset (DaRT) for Microsoft Enterprise customers.

        Windows Defender Offline is a recovery tool currently available from Microsoft.  The tool is not a general, all-purpose scanner and is not a replacement for an updated antivirus program.  Rather, it is to help start an infected PC and perform an offline scan to identify and remove rootkits and other advanced malware.

        Windows Defender Offline can also be used in situations where antivirus software fails to install or the program that is installed is unable to detect or remove malware from the computer.

        A unique feature of Windows Defender Offline is if a rootkit or other advanced malware is detected on your PC by Microsoft Security Essentials, Windows Defender, Forefront Endpoint Protection or System Center Endpoint Protection, you will be prompted to download and run Windows Defender Offline.

        For additional information on setting up and scanning with Windows Defender Offline, refer to the tutorial created under the former name, Standalone System Sweeper, at Setting Up the Microsoft Standalone System Sweeper Beta, Now Windows Defender Offline.

        Windows Defender (Anti-Spyware)

        Windows Defender anti-spyware software is available for installation on Windows XP and Windows Server 2003.  Windows Defender is pre-installed on Windows Vista, Windows 7 and Windows Server 2008 (enabled if the Desktop Experience feature is installed).  It is not an anti-malware software.  Rather, it is a free active system monitor that provides real-time protection against pop-ups, slow performance, and security threats caused by spyware and other unwanted software.

        Windows Defender can be downloaded from the Windows Download Center 
        Note:  Microsoft Security Essentials as well as Windows Defender on Windows 8 include the anti-spyware engine of Windows Defender.

        Microsoft Forefront

        Update December 17, 2013:

        "Today, Microsoft is announcing important changes to the roadmaps of Forefront Identity Manager (FIM) and Forefront Unified Access Gateway (UAG):
        • We plan to ship another major release of FIM in the first half of calendar year 2015
        • Microsoft will not deliver any future full version releases of Forefront UAG and the product will be removed from price lists on July 1, 2014.
        Microsoft remains committed to delivering the identity and access capabilities offered in FIM (identity and access management).  Some Forefront UAG scenarios (secure application publishing and remote access) are addressed with new capabilities available in Windows Server 2012 R2 today."
        See the complete article, "Important Changes to the Forefront Product Line"

         ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

        The Microsoft Forefront product line was revamped, with most of the product line discontinued, although maintenance and support continues through the standard Microsoft support product life cycle. (See Important Changes to Forefront Product Roadmaps.)

        Remaining in the product line are Forefront Unified Access Gateway 2010 and Forefront Identity Manager 2010 R2, security products for business customers.  These products are designed to be centrally managed and integrated into IT infrastructure products.

        Microsoft Forefront is intended to scale to many thousands of users.  It uses the same definitions as Microsoft Security Essentials and the Microsoft Safety Scanner.

        Microsoft Exchange Online Protection

        The Exchange Online Protection service was formerly called Forefront Online Protection for Exchange.  As a spam filtering and anti-malware service integrated with Office 365 services.

        Windows Intune Microsoft Intune*

        Microsoft Intune is an Enterprise Solution that provides PC Management and Security in the Cloud.  It is an end-to-end Microsoft solution that brings together Windows cloud services for PC management and endpoint protection with a Windows 7 Enterprise upgrade subscription.

        Through the web-based console, IT Staff can centrally manage and secure all the company PCs.  Windows Intune includes support for Windows RT, Windows Phone 8, iOS, and Android platforms.

        Included in the numerous features of Windows Intune is malware protection, using the same definitions Microsoft Forefront and Microsoft Security Essentials.

         ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

        October 8, 2014 Update, Quote, Windows Intune to be renamed to Microsoft Intune - The Windows Intune Team Blog:
        "Today we are announcing that in its next major update, coming later this year, Windows Intune will be renamed to Microsoft Intune.

        This change reflects Microsoft’s ongoing strategy for Intune as a cloud-based mobile device management (MDM) and mobile application management (MAM) solution. The “Microsoft Intune” name more accurately represents Intune’s capabilities, supporting both iOS and Android platforms, in addition to Windows. It is also in alignment with our commitment to embrace the new dynamics of the workplace, and increase employee productivity by enabling them to work wherever and whenever they want on any device, while helping IT keep corporate information secure.

        Intune is included in the Enterprise Mobility Suite (EMS) which is Microsoft’s comprehensive and cost-effective solution for addressing consumerization of IT, BYOD, and SaaS challenges. The suite also includes Azure Active Directory Premium and Azure Rights Management."

        Enterprise Mobility Suite

        Enterprise Mobility Suite is the comprehensive cloud solution to address consumerization of IT, BYOD, and SaaS challenges. The suite is the most cost effective way to acquire all of the included cloud services:
        • Microsoft Azure Active Directory Premium
        • Windows Intune
        • Microsoft Azure Rights Management

        System Center 2012 Endpoint Protection

        Microsoft System Center 2012 Endpoint Protection was previously known as Forefront Endpoint Protection 2010.  System Center 2012 Endpoint Protection provides the ability to consolidate desktop security and management in a single solution.

        System Center 2012 Endpoint Protection is built on System Center 2012 Configuration Manager.  It provides a single, integrated platform that reduces your IT management and operating costs.

        Questions and Answers

        Q.  Does the Microsoft Safety Scanner include all of the definitions included in the Malicious Software Removal Tool?
        A.  Yes, at the time of download, the Microsoft Safety Scanner will include the same target families as the Malicious Software Removal Tool.  However, the Microsoft Safety Scanner includes more than specifically targeted prevalent malicious software.

        Q.  Does the Malicious Software Removal Tool include definitions that are not included in the Microsoft Safety Scanner?
        A.  No, although if the timing is such that additional targeted families or variants were added to the Malicious Software Removal Tool after the download of the Microsoft Safety Scanner, those families or variants would obviously not be in the already downloaded Microsoft Safety Scanner.

        Q.  In terms of detection and removal, does the Microsoft Safety Scanner offer what the Malicious Software Removal Tool offers?
        A.  The Malicious Software Removal Tool has specific malicious targets whereas the Microsoft Safety Scanner targets not only the same specifically targeted malicious programs as the Malicious Software Removal Tool, but also targets the same viruses, spyware, and other malicious software included in Microsoft Security Essentials and Microsoft Forefront.

        Q.  Do users need both the Microsoft Safety Scanner and Malicious Software Removal Tool?
        A.  The simple answer is No.  In point of fact, if you are using Microsoft Security Essentials as your antivirus product, you theoretically do not need either the Microsoft Safety Scanner or the Malicious Software Removal Tool.  However, there are instances where, for one reason or another, there is a problem updating MSE or the need to clean a computer that does not have Internet access.  Another valuable use of these tools is if your computer has a virus that your current antivirus software missed or is unable to remove.

        Q.  Is there any point in running both the Microsoft Safety Scanner and Microsoft Security Essentials?
        A.  No.  The Microsoft Safety Scanner uses the same definitions as Microsoft Security Essentials.  However, if Microsoft Security Essentials detects a rootkit or other advanced malware on your computer, you may be prompted to run Windows Defender Offline.

        Q.  Can I download both the 32 bit and the 64 bit versions of the Microsoft Safety Scanner to a USB stick and take to another computer to run the correct version for the destination machine?
        A.  I suggest that you create a separate folder for each version of the download as both the 32-bit and 64-bit versions are named the same, as msert.exe.

        Q.  How do I know if I have the latest definitions?
        A.  The change log for the latest definitions for not only Microsoft Security Essentials but also Microsoft Forefront and Windows Defender is available from the Microsoft Malware Protection Center (MMPC) Portal.
        Q.  I installed Microsoft Security Essentials and now Windows Defender isn't available.  Why?
        A.  The anti-spyware engine and real-time protection of Windows Defender are incorporated in Microsoft Security Essentials and Windows Defender on Windows 8. 
        Q.  Does Microsoft provide server and cloud security software and services?

        AWindows Intune provides both PC management and cloud security features.  For Microsoft servers, the Microsoft System Center 2012 Endpoint Protection consolidates desktop security and management in a single solution.



        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...


        Monday, April 16, 2012

        It is official!  Windows 8 will be called Windows 8!  Simplicity works for me.  In fact, Microsoft has simplified Windows 8 even further.  In short, there will be only two versions of Windows 8 for 32- and 64-bit windows, simply Windows 8 and Windows Pro. 

        Most home computer users will likely be fine with Windows 8.  Windows 8 Pro is designed for the "enthusiast" and the business environment.  It includes features for encryption, virtualization, PC management and domain connectivity.  In addition, Windows Media Center will be available as an economical “media pack” add-on to Windows 8 Pro. .

        There will also be Windows RT which is Windows on ARM or WOA.  Windows RT will only be available pre-installed on PCs and tablets powered by ARM processors.  It will help enable new thin and lightweight form factors with impressive battery life.  As explained by Brandon LeBlanc in the Windows Blog
        "Windows RT will include touch-optimized desktop versions of the new Microsoft Word, Excel, PowerPoint, and OneNote. For new apps, the focus for Windows RT is development on the new Windows runtime, or WinRT, which we unveiled in September and forms the foundation of a new generation of cloud-enabled, touch-enabled, web-connected apps of all kinds.  For more details on WOA, we suggest reading this blog post which shares more detail on how we have been building Windows 8 to run on the ARM architecture."
        Although any of the Windows 7 versions can upgrade to either Windows 8 or Windows 8 Pro, Windows 7 Ultimate an Windows 7 Pro can only upgrade to Windows 8 Pro.


        The chart at Announcing the Windows 8 Editions breaks down a starter list of key features by edition and upgrade path.


        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...


        WinPatrol PLUS for 99 Cents and Family Pack only $9.99!


        You read the title correctly.  Once again Bill Pytlovany is offering a very special deal for WinPatrol PLUS.  This time, he is also including a special deal on the Family Pack.

        Limited Time Offer:


        Starting at noon on Monday, April 16, 2012, until noon on Wednesday, April 18, 2012, EST, WinPatrol PLUS will be available once again for purchase for the unbelievable price of 99 cents USD.  In addition, the Family Pack will be offered at the special price of $9.99 USD.

        To help spread the impact on the server, the download page will point to alternate download sites of the WinPatrol software.  That way, hopefully no one will experience any problems retrieving their new PLUS code or have other delays due to the high traffic.

        New F.A.Q.

        Can I use my 99¢ WinPatrol PLUS on multiple computers. 
        This experiment is meant to compare a software purchase to those purchases from the Apple App Store or Droid Market. Unlike our $29.95 license, this purchase is good for one computer at a time. The cost of the Family Pack license has also been reduced to $9.99 and will allow you to create a single family PLUS code.
        I heard a new WinPatrol version is coming soon. Will I have to pay again for this version?
        No way. The PLUS activation you purchase for 99¢ will work with all future versions.
        Can I purchase 100 copies.
        Yes, but only for your own use.  You must be a home user and you’ll still receive a single PLUS code for all your computers.
        Do I need to download anything in advance?
        If you already have the free version of WinPatrol no additional download is required. If you don’t have WinPatrol you can download and become familiar with WinPatrol at http://www.winpatrol.com/download.html. I’ve included some alternate download sites to prevent traffic jams on WinPatrol.com. Using your PLUS code will activate the premium features hidden in the free version.


        Head over to Bits from Bill for the rest of the details on this one-day event. Even if you already have a license for WinPatrol Plus, it is a great opportunity to purchase a license for a friend or family member.



        Remember - "A day without laughter is a day wasted."
        May the wind sing to you and the sun rise in your heart...


        Tuesday, April 10, 2012

        Adobe Reader and Acrobat Critical Security Updates


        Adobe released critical security updates addressing vulnerabilities in Adobe Reader and Adobe Acrobat.  In addition to Adobe Reader X (10.1.3) and Adobe Acrobat X (10.1.3) incorporating the Adobe Flash Player updates noted in Security Bulletins APSB12-03, APSB12-05 and APSB12-07, the updates address a variety of vulnerabilities, including the following:
        • an integer overflow in the True Type Font (TTF) handling that could lead to code execution (CVE-2012-0774)
        • a memory corruption in the JavaScript handling that could lead to code execution (CVE-2012-0775)
        • a security bypass via the Adobe Reader installer that could lead to code execution (CVE-2012-0776)
        • a memory corruption in the JavaScript API that could lead to code execution (CVE-2012-0777)(Macintosh and Linux only)

        Acrobat and Reader users can update to the latest version using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from http://www.adobe.com/products/reader/.  Even better is the FTP download site:  ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.3/ with no risk of add-ons.

        The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for July 10, 2012.

        Release Details

        • Release date: April 10, 2012
        • Vulnerability identifier: APSB12-08
        • Priority rating: See table below
        • CVE numbers: CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777
        • Platform: All

            Affected Software Versions

            • Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh
            • Adobe Reader 9.5 and earlier 9.x versions for Windows and Macintosh
            • Adobe Reader 9.4.6 and earlier 9.x versions for Linux
            • Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh
            • Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh


            References





            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...


            Microsoft April 2012 Security Bulletin Release


            Microsoft released six (6) bulletins, of which four bulletins ares identified as Critical and two (2) as Important.

            The bulletins address issues in Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft SQL Server, Microsoft Server Software, Microsoft Developer Tools, Forefront UAG, and .NET Framework. 

            MS12-023 and MS12-024 require a restart.  In addition, If you have had difficulties with .NET Framework in the past, it is strongly advised that update MS12-025 installed separately. 

            Security Bulletins

            Bulletin NumberBulletin TitleBulletin KB
            MS12-023Vulnerabilities in Internet Explorer 2675157
            MS12-024Vulnerability in Microsoft Windows 2653956
            MS12-025Vulnerability in Microsoft Windows 2671605
            MS12-026Vulnerabilities in Microsoft Forefront 2663860
            MS12-027Vulnerability in Microsoft Windows 2664258
            MS12-028Vulnerability in Microsoft Office 2639185


            Support

            The following additional information is provided in the Security Bulletin:
            • The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
            • Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
            • International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

            References





            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...


            Monday, April 09, 2012

            OSX/Flashback Trojan

            Last week security company, Dr.Web, reported findings of a massive bot net infection impacting Macintosh computers. The Dr.Web report met with a fair amount of skepticism until confirmed by Kaspersky researchers.

            Estimates are that around 1 percent of all Macs worldwide have been infected with the Flashback trojan, with the largest majority in the U.S. and Canada.

            Detection and Removal


            If you or a friend has a Mac, there are a couple of simple methods for Mac users to check to see if their computer is infected with Flashback:
            1. via Forbes, An Easy Way To Check Your Mac For The Flashback Malware 
            2. via DrWeb, Dr.Web C&C Botnet HW-UUID checker

            F-Secure provided removal instructions at Threat Description: Trojan-Downloader:OSX/Flashback.K. Because the OSX/Flashback Trojan uses a flaw in Oracle’s Java, F-Secure also provided instructions for Mac users to Update, Disable or Remove Your Java.

            So, do Mac or Windows users really need Java? Following are reasons why someone may need Oracle Sun Java installed on their computer:

            • Playing on-line games generally requires Java.
            • With OpenOffice, Java is needed for the items listed here .
            • It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over.
            • There may be commercial programs that depend on Java. If Java is needed for a software installed on your computer, there should be a prompt for it.
            If the above does not apply to you, consider uninstalling Java. In the event you discover that it is needed, you can always download the most recent version.

            Protect Your Mac


            With Windows operating systems being the majority, they have long been the the target of malware writers. As a result, it is seldom that I see a Windows OS without an antivirus software installed. The same is not the case for Mac users, although perhaps now they will see the light. Most antivirus vendors now provide licensed software specifically designed for Macs. There are also a few free programs available:

            Free A/V for Macintosh:



            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...


            Sunday, April 08, 2012

            Happy Easter 2012



            "Khrystos Voskres!"

            (Christ is Risen!)






            "Voistyno Voskres!"


            (He is Truly Risen!)








            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...


            Thursday, April 05, 2012

            Security Bulletin Advance Notification for April, 2012


            On Tuesday, April  10, 2012, Microsoft is planning to release six (6) bulletins, of which four bulletins are identified as Critical and the remaining two as Important.

            The bulletins address eleven vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, Forefront UAG, and .NET Framework.  At least two of the updates will require a restart.  If you have had difficulties with .NET Framework in the past, it is strongly advised that update be installed separately. 

            As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

            References




            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...


            Monday, April 02, 2012

            SkyDrive Command Line Interface

            There are so many wonderful uses for SkyDrive.  With 25GB free storage, SkyDrive is the perfect place to store team documents and family photos.  The integration of Microsoft OneNote 2010 with SkyDrive works seamlessly.

            Followers of the Building Windows 8 blog already know about some of the changes coming to SkyDrive with Windows 8.  As a refresher, however, here's what to expect:
            • SkyDrive Metro style app on Windows 8
            • SkyDrive files integrated into Windows Explorer on the desktop, and
            • The ability to fetch remote files through SkyDrive.com
            There is more, including support for the desktop to upload files up to 2GB through Explorer.  Uploading your files to your SkyDrive folder will ensure access to your files across all of your PCs and also make it easier to upgrade to Windows 8.

            About SkyCMD

            With the integration of SkyDrive in Windows 8 and the ability for SkyDrive to automatically update files as changes are made, the option to get back to basics with simple DOS-type commands to access SkyDrive is being made available in the form of SkyCMD.

            It isn't necessary to wait for Windows 8 to give SkyCMD a workout.  Just follow these simple steps.

            1.  Navigate to http://www.skycmd.com/ where you'll see the following:


                 _____ __ __  __ _____  _   _     ____
                / ___// /_\ \/ // ___/ / | / |   / _  \
                \__ \/ / / \  // /    /  |/  |  / / / /
              ____/ /   /  / // /___ / /\_/| | / /_/ /
             /_____/_/|_\ /_/ \____//_/    |_|/_____/
            
            
            
            type "help" for list of supported commands


            :SkyDrive>

            2. When typing help at the command prompt, familiar DOS commands are displayed:

            _____ __ __  __ _____  _   _     ____
                / ___// /_\ \/ // ___/ / | / |   / _  \
                \__ \/ / / \  // /    /  |/  |  / / / /
              ____/ /   /  / // /___ / /\_/| | / /_/ /
             /_____/_/|_\ /_/ \____//_/    |_|/_____/
            
            
            
            type "help" for list of supported commands
            :SkyDrive>help

            :SkyDrive>help
            ACCOUNT
            login - opens the login window, make sure your browser doesn't block the popup
            logout

            NAVIGATION
            dir - displays contents of current directory
            cd [directory] - changes the current directory
            cls - clears the terminal window

            FILE
            mkdir [directory] - creates a new directory
            move [source] [destination] - moves the source file to the destination
            copy [source] [destination] - copies the source file to the destination
            start [file] - opens a file in the browser
            download [file] - downloads a file

            SYSTEM
            ver - displays the system version
            green - sets command line text to green
            white - sets command line text to white

            :SkyDrive>_
            3. Typing login at the prompt the first time takes you to the Windows Live Connect Services.
            :SkyDrive>login
            After giving approval, the command skycmd changes to display logged in:


            :SkyDrive>login
            logged in
            From there on out, just login and use the familiar commands to manage your SkyDrive files.  It is that simple.

            References






            Remember - "A day without laughter is a day wasted."
            May the wind sing to you and the sun rise in your heart...