Security Garden

Data Privacy Day 2012

2012-01-25T20:19:00.001-05:00

Data Privacy Day is an annual international celebration designed to promote awareness about privacy and education about best privacy practices.

The 2012 international celebration of Data Privacy Day is scheduled for January 28.

Why the concern about privacy?

What may begin as a casual Facebook update or an innocuous tweet could easily come back to haunt you down the road. Unlike writing something on the bathroom wall, which can be easily painted over, what we do online is permanent. This includes status updates or comments on a friend's wall in Facebook, tweets, e-mail and online chats.

All of these on-line activities contribute to your online reputation -- a reputation that can impact being accepted to the college or university of your choice or a future employment opportunity.

Disclosing too much information online can also lead to identity theft, resulting in the loss of personal data, such as passwords, user names, banking information, or credit card numbers.

Protect Your Privacy

Take steps now to protect your privacy.

Don't share too much personal information online. Having your date of birth, address, where you went to school, mother's maiden name, and other personal information available to the public is the first step to identity theft.

The public does not need to know every location you "check-in" to via your smart phone and neither do the burglars!

Take advantage of the enhanced security and privacy features available in the browser you use. (See my article, Internet Explorer 9, Privacy and Security Enhancements, for tips on protecting your privacy and security.)

Use caution accepting friend requests in social media venues such as Facebook. Just because someone sends a friend request, it is not necessary to accept it. Be certain the person is someone known to you.

Parents need to monitor the online activities of their children.

Resources

Take advantage of the helpful resources below which include information on privacy settings for Microsoft products and excellent advice from Sophos on Facebook privacy.

Microsoft Press Pass: Microsoft Provides Tips to Help Protect Your Online Image
Microsoft Privacy: Privacy Settings and Technology
Sophos: Facebook Security - Best Practices For Protecting Yourself On Facebook
Sophos, Naked Security: Facebook’s ticker privacy scare, and what you should do about it
Stay Safe Online: Data Privacy Day
The Washington Post: Google tracks consumers’ online activities across products, and users can’t opt out

Related: Data Privacy

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

To My "Other" Girl

2012-01-20T00:01:00.001-05:00

Happy Birthday,
Nickerbee!

A special person in my life is officially a teenager!

Happy Birthday, Sweetheart!

(It seems like yesterday I sent the same wishes to my other girl. Time certainly flies!)

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Reader and Acrobat Critical Security Updates

2012-01-10T17:55:00.001-05:00

Adobe released critical security updates addressing vulnerabilities in Adobe Reader and Adobe Acrobat. The vulnerabilities relate to memory and heap corruption vulnerabilities which could cause a crash and potentially allow an attacker to take control of the affected system.

Acrobat and Reader users can update to the latest version using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from http://www.adobe.com/products/reader/. Even better is the FTP download site: ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.2/ with no risk of add-ons.

The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for April 10, 2012.

Release Details

Release date: January 10, 2012
Vulnerability identifier: APSB12-01
CVE numbers: CVE-2011-2462, CVE-2011-4369, CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373
Platform: Windows and Macintosh

Affected Software Versions

Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Reader 9.4.7 and earlier 9.x versions for Windows
Adobe Reader 9.4.6 and earlier 9.x versions for Macintosh
Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat 9.4.7 and earlier 9.x versions for Windows
Adobe Acrobat 9.4.6 and earlier 9.x versions for Macintosh

References

Security Advisory: Security updates available for Adobe Reader and Acrobat
PSIRT Blog: Security updates released for Adobe Reader and Acrobat (APSB12-01)

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft January 2012 Security Bulletin Release

2012-01-10T15:51:00.000-05:00

Microsoft released seven (7) security bulletins, one of which is rated Critical in severity, with the remaining six classified as Important.

The bulletins address vulnerabilities in Microsoft Windows and Microsoft Developer Tools And Software. Most updates will require a restart to complete the installation.

The security bulletin withdrawn last month after Microsoft discovered a compatibility issue between the bulletin-candidate addressing Security Advisory 2588513 and a major third-party vendor has been included in the release as MS12-006, "Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)".

Security Bulletins

Bulletin Number	Bulletin Title	Bulletin KB
MS12-001	Vulnerability in Microsoft Windows	2644615
MS12-002	Vulnerability in Microsoft Windows	2603381
MS12-003	Vulnerability in Microsoft Windows	2646524
MS12-004	Vulnerabilities in Microsoft Windows	2636391
MS12-005	Vulnerability in Microsoft Windows	2584146
MS12-006	Vulnerability in Microsoft Windows	2643584
MS12-007	Vulnerability in Microsoft ASP.NET	2607664

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

References

MSRC: January 2012 Security Bulletins Released
TechNet: Microsoft Security Bulletin Summary for January 2012
Security Research and Defense: More information on MS12-004
Security and Safety Center: Microsoft security updates for January 2012

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Security Bulletin Advance Notification for January, 2012

2012-01-05T14:09:00.000-05:00

On Tuesday, January 10, 2012, Microsoft is planning to release seven (7) Security Bulletins, of which one bulletin is identified as Critical with the remaining as Important.

The bulletins address vulnerabilities in Microsoft Windows and Microsoft Developer Tools And Software. Most updates will require a restart to complete the installation.

Note from the Advance Notification that Bulletin 2, identified as Important addresses a "Security Feature Bypass" in Microsoft Windows. As indicated by the MSRC Blog, Security Feature Bypass (SFB) class issues cannot be leveraged by an attacker. It is explained that a would-be attacker would use such issues to facilitate use of another exploit. Further information is expected to be available in the SRD blog following the release of the update.

References

MSRC Blog: January 2012 ANS is released
TechNet: Microsoft Security Bulletin Advance Notification for January 2012

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

2012 Microsoft® MVP Award

2012-01-01T19:05:00.000-05:00

Dear Corrine Chorney,

Congratulations! We are pleased to present you with the 2012 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Consumer Security technical communities during the past year.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Starting off the New Year with notice of being re-awarded as Microsoft® MVP is certainly a great way to begin the year!

Wishing family, friends and Security Garden readers a happy and healthy 2012!

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Out-of-Band Critical Security Update MS11-100

2011-12-29T15:05:00.001-05:00

Microsoft ended the year with a critical security update. Security Update MS11-100 was released to address the issue described in Security Advisory 2659883.

The update resolves a publicly disclosed remote unauthenticated Denial of Service issue in ASP.NET versions 1.1 and above on all supported versions of .NET Framework.

Update: December 2011 Out-Of-Band Security Bulletin Webcast Q&A

Known Issues

See KB Article 2638420, MS11-100: Vulnerability in the .NET Framework could allow elevation of privilege: December 29, 2011.

Reminder

When updating .NET Framework, always install the update separately from other updates and follow with a shutdown/restart.

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Merry Christmas, Ukrainian Style

2011-12-24T16:24:00.000-05:00

Merry Christmas to all my family, friends and Security Garden readers.

Sending warmest wishes to you and your family. May you enjoy the spirit of Christmas every day of the coming year.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Our family celebrates Christmas Eve in the Ukrainian tradition. The video below includes examples of some of the traditional foods that are part of the Christmas Eve celebration.

References:

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox 9 Released, Includes Critical Security Fixes

2011-12-20T21:15:00.000-05:00

Mozilla released Firefox 9 today, in keeping with the rapid release schedule,

As expected when a version update is released, you may find that many of your favorite add-ons are not compatible with the new release. Use Add-on Compatibility Reporter to test and report on your favorite add-ons in version 9.

Security Updates

The following security updates are included in the release of Firefox 9, in which MFSA 2011-58, MFSA 2011-55, MFSA 2011-54 and MFSA 2011-53 are rated Critical, with MVSA 2011-57 High and MVSA 2011-56 as Low.

MFSA 2011-58 Crash scaling to extreme sizes
MFSA 2011-57 Crash when plugin removes itself on Mac OS X
MFSA 2011-56 Key detection without JavaScript via SVG animation
MFSA 2011-55 nsSVGValue out-of-bounds access
MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)

What's New

The Release Notes listed the following new features in version 9:

Added Type Inference, significantly improving JavaScript performance
Improved theme integration for Mac OS X Lion
Added two finger swipe navigation for Mac OS X Lion
Added support for querying Do Not Track status via JavaScript
Added support for font-stretch
Improved support for text-overflow
Improved standards support for HTML5, MathML, and CSS
Fixed several stability issues
Fixed several security issues

The upgrade to Firefox 9 will be offered through the browser update mechanism. However, as the upgrade includes critical security updates, it is recommended that the update be applied as soon as possible. To get the update now, select Help, About Firefox, Check for Updates.

If you do not use the English language version, Fully Localized Versions are available for download.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Critical Security Update for Adobe Reader/Acrobat

2011-12-16T14:09:00.000-05:00

Adobe released a critical security update addressing vulnerabilities being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.

The vulnerability relates to memory corruption vulnerabilities which could cause a crash and potentially allow an attacker to take control of the affected system.

Acrobat and Reader users can update to the latest version using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from http://www.adobe.com/products/reader/.

Adobe plans on updating all other versions as part of the next quarterly update scheduled for January 10, 2011. According to Adobe, Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing.

Release Details

Release date: December 16, 2011
Vulnerability identifier: APSB11-30
CVE number: CVE-2011-2462, CVE-2011-4369
Platform: Windows

Alternatives

Several years ago, I tired of Adobe Reader and switched to Sumatra PDF, an alternate PDF reader. After I got past the bright yellow GUI, I found Sumatra PDF to be a nice, light-weight option with no unnecessary add-ons or toolbars. There are a number of open source readers available from http://pdfreaders.org/.

References

Security Advisory: Security updates available for Adobe Reader and Acrobat 9.x for Windows
PSIRT Blog: Security updates released for Adobe Reader and Acrobat 9.x for Windows (APSB11-30)

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft December 2011 Security Bulletin Release

2011-12-13T18:10:00.000-05:00

Microsoft released thirteen (13) bulletins addressing 19 vulnerabilities in Microsoft Windows, Microsoft Office (including Microsoft Office for Mac) and Internet Explorer.

Three bulletins are rated Critical with the remaining ten rated as Important. Most updates will require a restart to complete the installation.

Originally, 14 bulletins were planned one was withdrawn after Microsoft discovered a compatibility issue between the bulletin-candidate addressing Security Advisory 2588513 and a major third-party vendor. Microsoft is working with that vendor to address the issue on their platform. Microsoft has been monitoring the issue in Security Advisory 2588513 and has not seen active attacks in the wild.

Disable Microsoft Fix it

MS11-087 was issued to address Security Advisory 2639658. If you installed Microsoft Fix it 50792, before installing the updates released today, I recommend disabling the Fix it

Direct download link: Microsoft Fix it 50793

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

References

MSRC: The December Bulletins are Released
TechNet: Microsoft Security Bulletin Summary for December 2011

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Security Bulletin Advance Notification for December, 2011

2011-12-08T18:12:00.001-05:00

On Tuesday, December 13, 2011, Microsoft is planning to release fourteen (14) Security Bulletins, of which three bulletins are identified as Critical with the remaining as Important.

The bulletins address vulnerabilities in Microsoft Windows, Microsoft Office (including Microsoft Office for Mac) and Internet Explorer. Most updates will require a restart to complete the installation.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Windows Defender Offline Beta, formerly Standalone System Sweeper

2011-12-06T20:58:00.000-05:00

Although the Microsoft Standalone System Sweeper is currently still available at Connect, it can now also be found as Windows Defender Offline Beta on the Microsoft Help & How-to web pages.

Windows Defender Offline Beta Information

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Security Advisory for Adobe Reader and Acrobat (APSA11-04)

2011-12-06T17:37:00.000-05:00

Adobe released a Security Advisory (APSA11-04) which references a critical vulnerability in Adobe Reader X and Adobe Acrobat X (10.1.1) and earlier versions for all versions.

The vulnerability relates to a memory corruption vulnerability which could cause a crash and potentially allow an attacker to take control of the affected system. Adobe indicates that there are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows.

An update for Adobe Reader and Acrobat 9.x only for Windows is expected no later than the week of December 12, 2011. Adobe plans on updating all other versions as part of the next quarterly update scheduled for January 10, 2011. According to Adobe, Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing.

Alternatives

Advisory Details

Release date: December 6, 2011
Vulnerability identifier: APSA11-04
CVE number: CVE-2011-2462
Platform: All

References

Security Advisory: Security Advisory for Adobe Reader and Acrobat
PSIRT Blog: Security Advisory for Adobe Reader and Acrobat (APSA11-04)

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No, it isn't the Blaster Worm

2011-11-25T15:13:00.000-05:00

There has been a rash of posts in help forums by people reporting their computer is infected with the Blaster Worm, w32blaster/worm. It is not the Blaster Worm that has infected these computers but rather a fake/rogue antispyware program called "Spyware Protection".

Those who have attempted self-help fixes are reporting that they are unable to boot the computer in any mode. If you are getting notices that your computer is infected with the w32blaster/worm, follow the following steps:

1. Please restart the computer in Safe Mode with Networking. (To do this, turn your computer off and then back on. Immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. Windows will now boot into safe mode with networking and prompt you to login as a user.)

Note: If you are unable to connect to the Internet, it will be necessary to go to an uninfected computer and download both RKill and Malwarebytes and transport the files to the infected computer via CD/DVD or memory stick.

2. Please download RKill from one of the following links at Bleeping Computer and save to your Desktop:

One, Two,Three or Four

Double-click RKill to run.
A command window will open then disappear upon completion, this is normal.
Please leave RKkill on the Desktop until otherwise advised.
Do NOT restart your computer after running rkill as the malware program(s) will start again.

Note: If you you receive security warnings about RKill, please ignore and allow the download to continue.

3. Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, be sure Quick scan is selected, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
Click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

After completing the above steps, take the additional time to update the third-party software on your computer, particularly Adobe products and Java. Also, double-check that any old, vulnerable versions of Java have been uninstalled.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

If you are still having problems with your computer after completing the above instructions, assistance is available from trained analysts trained in malware removal at the sites listed in Malware Removal Help Sites. As each site has different requirements, please follow the instructions provided at the site.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Safety Tips for Online Shopping

2011-11-23T19:18:00.000-05:00

Online shopping is no longer reserved for Cyber Monday, the Monday after Thanksgiving when most Americans return to work after the long Thanksgiving Holiday weekend. However, during the Holidays, online shopping does increase.

Along with the increased shopping, there is also increased opportunities for scams, phishing, and identity theft. If the deal sounds too good to be true, most likely there are hidden strings, such as high shipping costs.

Protect Your PC

Before you start shopping, take care of basic security. This includes having a software firewall and up-to-date antivirus and anti-malware software.

If your antivirus software license expired, either renew the license or uninstall it and download and install Microsoft Security Essentials. (If the replaced antivirus was a "security suite", be sure to activate the Windows Firewall when uninstalling.)
Now run a full system scan with your updated antivirus software.
Next, scan with an anti-malware software. If you do not have an anti-malware software, my favorite is Malwarebytes' Anti-Malware. Another popular program is SUPER AntiSpyware.
Check for and install Security Updates, including third-party software such as Adobe Flash and Java.
Be sure you are using an updated browser. Each version release includes security updates.

Protect Your Credit

Your computer is ready and so are you. But, safety precautions do not end with your computer. Now the onus is on you to protect your credit.

Shop at reputable websites. If the offer sounds too good to be true, it is probably a scam. Customer evaluations are available at sites like Epinions.com or BizRate to help you determine the legitimacy of a company.
ONLY do your online shopping from home and never from an insecure public WiFi spot or public area like an Internet cafe.
To complete your purchases, checking out will require creating an account. It is not advisable to store your credit card and other personal information on the website.
At checkout, the site web address should be https: and there should be a closed padlock there or in the lower right corner of your browser. If not, forget about it. You will be giving away your credit card information!
It is best to use a "true" credit card, rather than a debit card as it is better fraud protection.
At the completion of your order, print or make a screen copy, including the confirmation number, as a receipt for your purchase.

Tips

Finally, a couple of money-saving tips that may result in additional savings when you shop online.

Be wary of most of the "coupon sites". However, there is at least one that I am aware of that appears to have a good reputation and is "McAfee Secure":

"Hundreds of well-known online stores like Barnes and Noble, Staples, and Overstock.com have a place within their shopping cart for a "coupon code" that gives a percent or dollar amount off your purchase. If you don't know the code, you can't take advantage of the discount. You can find these secret discount codes and coupon codes listed on many sites across the internet but the problem with these sites is that they're usually personal homepages and they don't maintain their lists! Currentcodes.com has a full-time staff of trained individuals whose only job is to find new coupon codes and discount codes and verify the accuracy of the existing database. We don't flood you with ads and we don't throw deals in your face. No hype, just current codes."

Check CyberMonday.com which includes special offers, including free shipping, at hundreds of online merchants. On the actual Cyber Monday, the site will provide hourly specials and exclusives from popular online retailers. A portion of the proceeds from CyberMonday.com supports the Ray Greenly Scholarship Fund.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Lest We Forget

2011-11-11T01:11:00.004-05:00

At the the 11th hour of the 11th day of the 11th month, set aside politics and petty grievances and take time to pay tribute to all who died for their country. As it happens, the 11th hour this year will occur on 11/11/11.

As in previous years, I am republishing my friend Canuk's last tribute. The comment he posted provides one example of why he was a special person:

"I too "will remember your friends who never had a full life", while thanking you and your comrades who have served with pride, honesty and honour.

Despite anyone's thoughts of the current conflict in Iraq - opposition or agreement, we must always remember that these brave young men and women are fighting for a cause they also may or may not agree with. The huge difference between them and us is that they are putting their lives on the line 24/7 while we sit in our homes in comfort, using the freedom of speech previous warriors won for us, and for that they deserve our love, respect, and support."

LEST WE FORGET

We Shall Keep the Faith by Moira Michael, November 1918

Oh! you who sleep in Flanders Fields, Sleep sweet - to rise anew! We caught the torch you threw And holding high, we keep the Faith With All who died. We cherish, too, the poppy red That grows on fields where valor led; It seems to signal to the skies That blood of heroes never dies, But lends a lustre to the red Of the flower that blooms above the dead In Flanders Fields. And now the Torch and Poppy Red We wear in honor of our dead. Fear not that ye have died for naught; We'll teach the lesson that ye wrought In Flanders Fields.
Flags courtesy of3DFlags.com

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft Security Advisory 2641690 Addresses Fraudulent Digital Certificates

2011-11-10T20:19:00.000-05:00

Microsoft released Security Advisory 2641690 which relates to the revocation of trust in an Intermediate Certificate Authority, DigiCert Sdn. Bhd. (Digicert Malaysia).

The subordinate CA issued 22 certificates with weak 512 bit keys. The subordinate CA has also issued certificates without the appropriate usage extensions or revocation information. to a Windows kernel issue related to the Duqu malware, a trojan that injects malicious code into other processes.

If you do not have automatic updating enabled, the update is available by checking for updates or can be downloaded from KB Article 2641690.

References

MSRC: Untrusted Certificate Store to be updated
MSRC: Microsoft releases Security Advisory 2639658
Tech Net Advisory: Microsoft Security Advisory (2641690) Fraudulent Digital Certificates Could Allow Spoofing
Knowledge Base Article: Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Releases Critical Update for Flash Player and AIR

2011-11-10T18:09:00.004-05:00

A critical update was released today by Adobe for Adobe Flash Player and Adobe AIR. The update was released to address critical security issues in which all except one of the CVE's relate to vulnerabilities that could result in code execution. The remaining vulnerability could lead to a cross-domain policy bypass for Internet Explorer users.

Release date: November 10, 2011
Vulnerability identifier: APSB11-28
CVE number: CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460
Platform: All Platforms

Update Instructions

Adobe Air

The update to Adobe AIR 3.1.0.4880 can be obtained from the following locations:

Adobe AIR 3.1.0.4880: AIR Download Center
Adobe AIR 3.1.0.4880 for Android Android Marketplace (access via an Android device)

Adobe Flash Player

The latest version for Adobe Flash Player for Android is 11.1.102.59. It is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

The newest version of Flash Player for Windows, Macintosh, Linux and Solaris is 11.1.102.55.

Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, the direct download links are as follows:

(Edit Note: Download links updated. Thank you, ky331!)

Flash Player 11 (32-Bit)

IE 32-Bit: http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_active_x_32bit.exe
Non-IE 32-Bit (Opera, Firefox etc): http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_plugin_32bit.exe

Flash Player 11 (64-Bit)

IE 64-Bit: http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_active_x_64bit.exe
Non-IE 64-Bit (Opera Firefox etc): http://fpdownload.macromedia.com/pub/flashplayer/current/licensing/win/install_flash_player_11_plugin_64bit.exe

If you use the Adobe Flash Player Download Center, be careful to UNCHECK the box shown below. It is not needed for the Flash Player update. In addition, any toolbar offered with Adobe products can be unchecked if not wanted.

Free McAfee® Security Scan Plus (optional)

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.

Do this for each browser installed on your computer.

References

Adobe Security Advisory: Security update available for Adobe Flash Player
Adobe PSIRT Blog: Security Update for Adobe Flash Player (APSB11-28)

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox 8 Released, Includes Critical Security Fixes

2011-11-08T17:37:00.000-05:00

Mozilla released Firefox 8 today, in keeping with the rapid release schedule,

As expected when a version update is released, you may find that many of your favorite add-ons are not compatible with the new release. Use Add-on Compatibility Reporter to test and report on your favorite add-ons in version 8.

Security Updates

The following security updates are included in the release of Firefox 8, in which MFSA 2011-48, MFSA 2011-49 and MFSA 2011-52 are rated Critical, with the other three updates rated High.

MFSA 2011-52 Code execution via NoWaiverWrapper
MFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU
MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D
MFSA 2011-49 Memory corruption while profiling using Firebug
MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)
MFSA 2011-47 Potential XSS against sites using Shift-JIS

What's New

The Release Notes listed the following new features in version 8:

Add-ons installed by third party programs are now disabled by default
Added a one-time add-on selection dialog to manage previously installed add-ons
Added Twitter to the search bar for select locales. Additional locale support will be added in the future
Added a preference to load tabs on demand, improving start-up time when windows are restored
Improved performance and memory handling when using
and elements
Added CORS support for cross-domain textures in WebGL
Added support for HTML5 context menus
Added support for insertAdjacentHTML
Improved CSS hyphen support for many languages
Improved WebSocket support
Fixed several stability issues
Fixed several security issues

The upgrade to Firefox 8 will be offered through the browser update mechanism. However, as the upgrade includes critical security updates, it is recommended that the update be applied as soon as possible. To get the update now, select Help, About Firefox, Check for Updates.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft November 2011 Security Bulletin Release

2011-11-08T14:54:00.000-05:00

Microsoft released four (4) bulletins addressing vulnerabilities in Microsoft Windows. One bulletin is rated Critical, two Important and one Moderate.

The Critical update, MS11-083, Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516), requires a restart.

Three three threat families are included in the November edition of the Microsoft Malicious Software Removal Tool - Win32/Carberp, Win32/Cridex and Win32/Dofoil. Additional information about Win32/Carberp is available in MSRT November '11: Carberp.

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Releases Critical Update for Shockwave Player

2011-11-08T11:11:00.000-05:00

An update to Adobe Shockwave Player has been released to address critical vulnerabilities in version 11.6.1.629 and earlier version on both Windows and Macintosh systems. If successfully exploited, malicious code could be executed on the system.

Release date: November 8, 2011
Vulnerability identifier: APSB11-27
CVE number: CVE-2011-2446, CVE-2011-2447, CVE-2011-2448, CVE-2011-2449
Platform: Windows and Macintosh

Update Information

The newest version of Shockwave Player 11.6.3.633 is available here: http://get.adobe.com/shockwave/.

Please remember to uncheck any unwanted 3rd party toolbars/programs during installation. Also please do not confuse this with Adobe Flash Player which is a different program.

For how to disable the auto-update setting in Shockwave Player, see http://kb2.adobe.com/cps/166/tn_16683.html (This must be set every time Shockwave Player is updated if you do not want auto-updating.)

Reference

Adobe - Security Bulletins: APSB11-27 - Security update available for Adobe Shockwave Player

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft Fix it for Duqu Malware, Security Advisory 2639658

2011-11-04T15:18:00.000-04:00

Microsoft released Security Advisory 2639658 which relates to a Windows kernel issue related to the Duqu malware, a trojan that injects malicious code into other processes.

As illustrated in the image below of the Duqu infection schematics, provided by Symantec in Duqu: Status Updates Including Installer with Zero-Day Exploit Found, once infected, the trojan can then install programs; view, change, or delete data; or create new accounts with full user rights.

Duqu infection schematics

Microsoft is aware of targeted attacks that try to use the reported vulnerability and reports that at this time they see "low customer impact". Work continues to provide a security update for the vulnerability, either via an out-of-band update or during the regular monthly release process. An update is not expected to be ready for delivery with the scheduled November update.

Microsoft Fix it

As an interim work-around, Microsoft has provided a Microsoft Fix it solution to simplify the work-around for workaround to deny access to t2embed.dll.

The Fix it solution is available from Microsoft KB Article 2639658, with direct links to the download files to enable and disable the solution below.

Enable	Disable
Fix this problem Microsoft Fix it 50792	Fix this problem Microsoft Fix it 50793

References

MSRC: Microsoft releases Security Advisory 2639658
Tech Net Advisory: Microsoft Security Advisory (2639658) Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
Knowledge Base Article: Microsoft Security Advisory: Vulnerability in TrueType font parsing could allow elevation of privileges
Symantec: Duqu: Status Updates Including Installer with Zero-Day Exploit Found

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Security Bulletin Advance Notification for November, 2011

2011-11-03T13:31:00.000-04:00

On Tuesday, November 8, 2011, Microsoft is planning to release four (4) Security Bulletins, addressing four (4) CVEs in Windows. One bulletin is identified as Critical, two as Important and one Moderate.

The bulletins address Remote Code Execution, Elevation of Privilege and Denial of Service, several requiring a restart. Whether required or not, it is advised to restart your computer after installing updates.

References

MSRC Blog: Advanced Notification for November 2011
TechNet: Microsoft Security Bulletin Advance Notification for November 2011

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Oracle Java SE Critical Security Update

2011-10-18T18:12:00.000-04:00

Oracle Java released a critical security update to Java Runtime Environment (JRE). The full internal version number for this update release is 1.6.0_29-b11 (where "b" means "build"). The external version number is 6u29.

The critical update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. The update includes twenty (20) new security vulnerability fixes, of which six (6) are applicable to JRockit.

The update to Java SE 6u29 follows Java SE 6u27. Java SE 6u28 was used as an internal build and by-passed in favor of the current release of Java SE 6u29.

Although Java is not required (See Do You Need Java?), if you do have Java installed on your computer, it is advisable to install the latest update. It is also advised that all prior (and vulnerable) versions of Java SE be uninstalled from your computer.

Download Update: Java SE Runtime Environment 6u29

Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Affected Java SE Products and Components

JDK and JRE 7
JDK and JRE 6 Update 27 and earlier
JDK and JRE 5.0 Update 31 and earlier
SDK and JRE 1.4.2_33 and earlier
JavaFX 2.0
JRockit R28.1.4 and earlier(JDK and JRE 6 and 5.0)

The next scheduled Oracle Java SE Critical Patch Update is 14 February 2012.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

SUPERAntiSpyware Adds Opt-in Toolbar

2011-10-18T15:35:00.001-04:00

Personally, I prefer not to use toolbars. However, there are many people who like add-on toobars on their browser of choice.

Something that has been a point of contention, particularly within the security community, is the inclusion of pre-checked toolbars with security software. This practice has resulted in discontinuing recommendations for those programs, even though the software is offered free for personal use.

SUPERAntiSpyware has apparently found it necessary to supplement the support of the free version of SUPERAntiSpyware by the inclusion of the Ask Toolbar. The difference between the inclusion of the toolbar by SUPERAntiSpyware and other vendors is that it is opt-in rather than opt-out (pre-checked).

Nick Skrepetos*, developer of SUPERAntiSpyware, provided the statement below at Wilders Security Forums:

"It's not bundled, but rather an optional install that, if elected, enables a Professional feature - scheduled scanning at no charge. A "bundle" means it's included and installed as part of the package - we have an optional install. Nothing is disabled or features lost if the user elects not to install - it's still the great free SUPERAntiSpyware we have always produced!"

Recommendation

If SUPERAntiSpyware is your anti-malware software program of choice, consider purchasing a license for the software. However, if your preference is to continue using the free version, the built in Windows Scheduler is an option to use in order to schedule scanning.

*SUPERAntiSpyware was acquired by Support.com in June, 2011. Press Release: Support.com Expands Software Offerings With Acquisition of SUPERAntiSpyware

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft October 2011 Security Bulletin Release

2011-10-11T13:33:00.000-04:00

Microsoft released eight (8) bulletins addressing vulnerabilities in Internet Explorer, .NET Framework & Silverlight, Microsoft Windows, Microsoft Forefront UAG, and Microsoft Host Integration Server. Two of the bulletins are rated Critical and six are rated Important

Note: With the inclusion of .NET Framework updates, it is recommended that those updates be installed separately from the remaining updates. This is due to issues many people experience when installing .NET Framework updates. Shutdown/restart the computer to complete the installation.

Below are the Bulletins identified as Critical. As noted above, it is recommended that MS11-078 be installed separately.

MS11-081 (Internet Explorer): This security update resolves eight privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
MS11-078 (.NET Framework & Silverlight): This security update resolves a privately reported vulnerability in Microsoft .NET Framework and Microsoft Silverlight. The vulnerability could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications. The vulnerability could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and then executes the page, as could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

.

Although the Executive Summaries indicate that some of the updates "may" require a restart, regardless of the recommendation, it is always best to restart your computer after applying updates.

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

How Windows PCs Get Infected with Malware

2011-10-09T20:49:00.000-04:00

CSIS Security Group in Denmark conducted a study of almost three months where they collected real-time data from various so-called exploit kits that Danish users were exposed to. As described by Peter Kruse, Partner and Security Specialist at CSIS:

"An exploit kit is a commercial hacker toolbox that is actively exploited by computer criminals who take advantage of vulnerabilities in popular software. Up to 85 % of all virus infections occur as a result of drive-by attacks automated via commercial exploit kits."

How PCs Get Infected

The CSIS study revealed that as much as 99.8 % of all virus/malware infections were a direct result of not updating five specific software packages. Aside from missing Microsoft security updates, the study revealed the following out of date programs as being the most used by malware: Java JRE (37%), Adobe Reader and Adobe Acrobat (32%), Adobe Flash (16%) and Microsoft Internet Explorer (10%).

Third-Party Software

Setting aside browser and operating system for the moment, what is notable from the CSIS study is the impact of third-party software, notably Java JRE, Adobe Reader and Adobe Acrobat and Adobe Flash.

Oracle Java JRE
When it comes to Oracle Java JRE, you may have it installed on your computer but might not even need it. Following are reasons why someone may need Oracle Sun Java installed on their computer:

Playing on-line games generally requires Java.
With OpenOffice, Java is needed for the items listed here .
It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over.
There may be commercial programs that depend on Java. If Java is needed for a software installed on your computer, there should be a prompt for it.

If the above does not apply to you, consider uninstalling Java. In the event you discover that it is needed, you can always download the most recent version.

Adobe Products
Regular readers of this blog are familiar with my postings of critical updates for Adobe products. You may not realize, however, that there have been over a dozen critical updates of Adobe products just this year between February and September. Combined, out-dated Adobe products were the direct result of 48% of the infections in the analysis.

Although I will continue providing updates for these products, it is advisable that you check that you have the most recent versions of Adobe products. Personally, I switched to an alternate PDF reader some time ago. There are a number of open source readers available from http://pdfreaders.org/. Others include Nitro Reader and Sumatra PDF.

Internet Explorer

Although Internet Explorer is listed as shown in the CSIS analysis as the most affected browser, the report falls short in not breaking down the statistics by browser version. According to the IE6 Countdown, at the end of September, 2011, 9% of the world is still using IE6.

It is not very likely that 66% of reported thousands of users in the analysis who had been exposed to drive-by attacks were using IE9. Nonetheless, Denmark should be commended with only 0.7% of the users still on IE6. The percentage still using IE7 is unknown. Considering the high percentage of affected Windows XP computers, it would not be surprising to learn that the majority have not updated to IE8.

References

CSIS: This is how Windows get infected with malware
IE6 Countdown
Microsoft Download Center - Windows Internet Explorer 8 for Windows XP

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Security Bulletin Advance Notification for October, 2011

2011-10-06T13:29:00.000-04:00

On Tuesday, October 11, 2011, Microsoft is planning to release eight (8) Security Bulletins, addressing 23 vulnerabilities. Two of the bulletins are rated Critical and six are rated Important, addressing vulnerabilities in Internet Explorer, .NET Framework & Silverlight, Microsoft Windows, Microsoft Forefront UAG, and Microsoft Host Integration Server.

The bulletins address Remote Code Execution, Elevation of Privilege and Denial of Service, several requiring a restart. Whether required or not, it is advised to restart your computer after installing updates. In addition, due to issues many people experience when installing .NET Framework updates, it is advised that update be installed separately.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

To Mozilla: Update Fatigue, Yes, Silent Updates, No!

2011-10-05T19:03:00.000-04:00

Mozilla, what is the matter with your thinking? Being stuck with a slow dial-up connection, I switched to Phoenix because it was faster that other browsers I tried. I stayed with Firebird and then the final product name, Firefox. That is a lot of years history, which I can envision coming to an end.

It has almost reached the point that the only thing that is keeping me from uninstalling Firefox is the extensions that I use throughout the day.

Update Fatigue

First came the rush out the door every six weeks with the "rapid-release process". This nonsense put unnecessary stress and strain on both devoted Firefox users as well as developers of users' favorite extensions. The process has not been error free, particularly as evidenced by the problems users encountered with the update to version 7, resulting in "hidden add-ons".

There would be no "update fatigue" if the silly rapid-release process is put to rest, where it belongs. New features important for maintaining excitement and interest in the product. Prompt security updates are critical. However, what value is there in introducing new features every six weeks when the users have not fully appreciated or become accustomed to the previous changes?

Silent Updates

Now, brought back from the dark channels is the ill-planned silent update currently in development for version 10. Back up, Mozilla. You have no right to override UAC in order to achieve your silent update plans. Only the computer owner has the right to make any changes to UAC, not a third-party software program. It is my computer and I will decide what I install on it and when it will be installed.

Can anyone hear the world-wide uproar if Microsoft switched to silent updates?

Additional Reading

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Cyber Security Awareness Month 2011

2011-10-03T22:13:00.000-04:00

For the eighth consecutive year, October has been declared Cyber Security Awareness Month.

The purpose of Cyber Security Awareness Month is to provide both awareness and education for all digital citizens, whether using a desktop PC, laptop, tablet, smart phone, or multiple devices.

The official declaration was made in the United States in an official proclamation by The President. Again this year, the theme is "Our Shared Responsibility", with Stay Safe Online continuing as the official sponsor site.

The United States is not alone in declaring October as Cyber Security Awareness Month. Canada’s Minister of Public Safety kicked off Cyber Security Awareness Month in Canada with the launch of Get Cyber Safe.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox 7.0.1 Released to Fix Missing Add-On Problem

2011-09-30T20:20:00.000-04:00

The rapid release path for Firefox version updates did not run all that smoothly for Version 7. After updating to Version 7, there were instances in which users discovered one or more of their add-ons were hidden. As a result, the release of the new updates to Firefox Version 7 was paused in order to minimize the impact.

An update fixing the issue has been released. To get the update now, select Help, About Firefox, Check for Updates.

Also available now is the list of vulnerabilities that were fixed in Version 7.

Fixed in Firefox 7
MFSA 2011-45 Inferring Keystrokes from motion data
MFSA 2011-44 Use after free reading OGG headers
MFSA 2011-43 loadSubScript unwraps XPCNativeWrapper scope parameter
MFSA 2011-42 Potentially exploitable crash in the YARR regular expression library
MFSA 2011-41 Potentially exploitable WebGL crashes
MFSA 2011-40 Code installation through holding down Enter
MFSA 2011-39 Defense against multiple Location headers due to CRLF Injection
MFSA 2011-36 Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23)

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox 7 Released, Includes Security Updates

2011-09-27T17:34:00.001-04:00

In keeping with the rapid release schedule, Mozilla released Firefox 7 today.

As expected when a version update is released, you may find that many of your favorite add-ons are not compatible with the new release. Use Add-on Compatibility Reporter to test and report on your favorite add-ons in version 7.

The Release Notes listed the following new features in version 7, At this point the indicated security updates are not listed in the Security Advisories. There is, however, a very lengthy list of Bug Fixes for version 7.

What's New

Drastically improved memory handling for certain use cases
Added a new rendering backend to speed up Canvas operations on Windows systems
Bookmark and password changes now sync almost instantly when using Firefox Sync
The 'http://' URL prefix is now hidden by default
Added support for text-overflow: ellipsis
Added support for the Web Timing specification
Enhanced support for MathML
The WebSocket protocol has been updated from version 7 to version 8
Added an opt-in system for users to send performance data back to Mozilla to improve future versions of Firefox
Fixed several stability issues
Fixed several security issues

The upgrade to Firefox 7 will be offered through the browser update mechanism. However, as the upgrade includes critical security updates, it is recommended that the update be applied as soon as possible. To get the update now, select Help, About Firefox, Check for Updates.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft Removes Gold Certified Partner Over Telephone Scam Claims

2011-09-21T20:37:00.001-04:00

As illustrated in this topic on the Microsoft Answers forum, the issue of fake tech support telephone calls has been a problem for over two years. The scams appeared to have originated in the U.K., spread to Australia, followed by Canada and the United States.

Although reports in various forum topics have pointed fingers at other vendors, in the instant case, the finger was pointing at "Comantra" who was a Microsoft Gold Certified Partner.

Comantra, like other vendors, was said to have cold-called people, implying that they represent Microsoft. After convincing the call recipients that the errors seen in Event Viewer on Windows are dangerous, the technicians would attempt to convince the people to allow the technicians to have remote access to their computer. Repairs, of course, required a credit card charge.

About Microsoft Gold Certified and Certified Partners

It is important to understand that being a Microsoft Partner, in any shape, whether Certified or Gold Certified, does not mean that the company represents Microsoft. Rather, it merely means that the company has met the requisite requirements, has paid the requisite fee and has earned the appropriate Partner Points for the Partner level. The requirements for both Microsoft Gold Certified and Microsoft Certified Partners are fully described at the eHow.com references below.

In addition to the above, Microsoft Gold Certified Partners must employ a minimum number of Microsoft certified professionals, meet the certification and sales requirements and submit competency-specific customer referrals.

Microsoft Certified Partners additionally complete one of three requirements (i.e. employ or employ by contract at least two Microsoft Certified Professionals, with three customer references approved by Microsoft or product software that Microsoft has tested and approved or hardware that a Microsoft authorized testing vendor has approved.)

How to handle telephone scams

If you receive a call from someone claiming to be representing Microsoft or Microsoft tech support, just hang up! Microsoft does not make unsolicited calls.

In the event you have been taken in by one of the fake tech support calls, it is strongly recommended that you take the following steps:

Change the passwords or PINs on your computer and your online accounts.
Place a fraud alert on your credit reports.
If you know of any accounts that were accessed or opened fraudulently, close those accounts.
Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that were not initiated by you.

People in Australia, Canada, U.K. and U.S. appear to have been hardest hit by telephone tech support scams. The links below have additional information and resources.

References

Microsoft References

History

Articles illustrative of the on-going telephone scam problem:

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Critical Adobe Flash Update

2011-09-21T16:13:00.001-04:00

Adobe Flash Player was updated to address critical security issues as well as what is described as an important universal cross-site scripting issue that is reportedly being exploited in the wild in targeted attacks. The exploit could cause a crash and potentially allow an attacker to take control of the affected system.

The newest version for Windows, Macintosh, Linux and Solaris is 10.3.183.10 and the update for Android is 10.3.186.7.

Release date: September 21, 2011
Vulnerability identifier: APSB11-26
CVE number: CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2429, CVE-2011-2430, CVE-2011-2444
Platform: All platforms

Adobe Flash Player for Android 10.3.186.7 by downloading it from the Android Marketplace by browsing to it on a mobile phone.

Browser Update Instructions

Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, the direct download links are as follows:

IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
Non-IE (Opera, Firefox etc) http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

Verify Installation

References

Adobe Security Advisory: Security update available for Adobe Flash Player
Adobe PSIRT Blog: Security Update for Adobe Flash Player (APSB11-26)

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Critical Updates for Adobe Reader/Acrobat

2011-09-13T18:10:00.001-04:00

Adobe released a Security Bulletin (APSB11-24) which contains the quarterly security updates for Adobe Reader and Acrobat. The updates address critical security issues in the products. Adobe recommends that users apply the updates for their product installations.

Details

Release date: September 13, 2011
Vulnerability identifier: APSB11-24
CVE numbers: CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442
Platform: All

Acrobat and Reader users can update to the latest version using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from http://www.adobe.com/products/reader/.

The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for December 13, 2011.

Alternatively, you could switch to an alternate PDF reader. There are a number of open source readers available from http://pdfreaders.org/. I have been using Sumatra PDF for around three years. Nitro Reader is also a viable substitute.

References

Security Bulletin: Adobe-Security Bulletins: APSB11-08
PSIRT Blog: Security updates available for Adobe Reader and Acrobat (APSB11-08)

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft September 2011 Security Bulletin Release

2011-09-13T17:49:00.000-04:00

Microsoft released five (5) bulletins addressing vulnerabilities in Microsoft Windows and Office All five bulletins are rated Important.

MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

Although the Executive Summaries indicate that the updates "may" require a restart, regardless of the recommendation, it is always best to restart your computer after applying updates.

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mouse without Borders

2011-09-11T15:50:00.003-04:00

Mouse without Borders is a program created in The Garage at Microsoft by Truong Do, a developer for Microsoft Dynamics. The software allows you to use one keyboard and mouse across your PC's as if they were one desktop. You can control up to four computers with a single mouse and keyboard with Mouse without Borders.

Features

Control up to four (4) computers
Move or copy files between computers by dragging from one desktop to another
Lock or log in to all PCs from one PC
Personalize Logon Screen
Get/Send Screen Capture

Installation

Install Mouse Without Borders on the first PC:

At this screen, click No:

You will be presented with a Security Code:

Now follow the same installation instructions on the second PC, but this time click Yes to acknowledge installation on another computer and fill in the Security Code information from the first computer.

The two computers will be linked!

Uninstalling Mouse Without Borders

This update is to add information should you wish to uninstall Mouse Without Borders. You can uninstall Mouse Without Borders as you would any other program through Control Panel. However, if you cannot locate it, that is because you are looking in the wrong place! Scroll further down further and you will find it under Windows Garage.

In the event you are still having problems removing it, run the following command as an Admin:

msiexec /uninstall {D3BC954F-D661-474C-B367-30EB6E56542E}

I recommend exiting the program prior to uninstalling.

References

Download Link: Download Now [1.1mb]
Source: Microsoft download from The Garage: Mouse without Borders
Privacy Information: Microsoft Office Labs Application Prototypes Privacy Statement
Unofficial community-powered support for Mouse without Borders on Get Satisfaction

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Diagnose and Fix Program Installing/Uninstalling Problems

2011-09-10T17:53:00.001-04:00

There are occasions when a program will not completely uninstall. Other times, there are issues preventing a new program to be installed.

A recently released Microsoft Fix it solution is available to assist in diagnosing and fixing program installing and uninstalling problems automatically.

What it fixes...

Removes bad registry key on 64 bit operating systems.
Windows registry keys that control the upgrade (patching) data that become corrupted.
Resolves problems that prevent new programs from being installed.
Resolves problems that prevent programs from being completely uninstalled and blocking new installations and updates.
Use this troubleshooter for an uninstall only if the program fails to uninstall using the windows add/remove programs feature.

Download Link

Diagnose and fix program installing and uninstalling problems automatically

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe News: Released Updates, Advance Notice and DigiNotar

2011-09-09T13:28:00.001-04:00

Critical security updates were issued by Adobe earlier this week for Adobe Flash Player, Shockwave Player, Photoshop and more. Details are available in the Released Updates linked below.

On Tuesday, September 13, 2011, Adobe is planning to release updates for Adobe Reader X (10.1) and Adobe Acrobat X (10.1) and earlier versions for Windows and Macintosh to resolve critical security issues.

Adobe additionally announced that they are in the process of removing the DigiNotar Qualified CA certificate from the Adobe Approved Trust List, indicating a further update is forthcoming.

In the meantime, the instructions below were provided by PSIRT for manually removing the DigiNotar certificates from Adobe Reader and Acrobat:

Adobe Reader Version 9
1)   Open Adobe Reader.
2)   Open the Document Menu and choose Manage Trusted Identities.
3)   Drop down the ‘Display’ box that reads ‘Contacts’ and choose ‘Certificates.’
4)   Select the DigiNotar Qualified CA. If you do not see this certificate in the list, no further action is required.
5)   Click Delete, and then confirm the deletion by clicking OK.

Adobe Acrobat Version 9
1)   Open Adobe Acrobat.
2)   Open the Advanced Menu and choose Manage Trusted Identities.
3)   Drop down the ‘Display’ box that reads ‘Contacts’ and choose ‘Certificates.’
4)   Select the DigiNotar Qualified CA. If you do not see this certificate in the list, no further action is required.
5)   Click Delete, and then confirm the deletion by clicking OK.

Adobe Reader and Acrobat X
1)   Open Adobe Reader or Acrobat.
2)   Open the Edit Menu->Protection->Manage Trusted Identities.
3)   Drop down the ‘Display’ box that reads ‘Contacts’ and choose ‘Certificates.’
4)   Select the DigiNotar Qualified CA. If you do not see this certificate in the list, no further action is required.
5)   Click Delete, and then confirm the deletion by clicking OK.

Adobe Product Released Updates

References

Adobe Product Security Updates
PSIRT Blog: Prenotification: Quarterly Security Updates for Adobe Reader and Acrobat
PSIRT Blog: Update on DigiNotar and the Adobe Approved Trust List (AATL)
Security Bulletin APSB11-24: Prenotification Security Advisory for Adobe Reader and Acrobat

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Security Bulletin Advance Notification for September, 2011

2011-09-08T13:41:00.001-04:00

On Tuesday, September 14, 2011, Microsoft is planning to release five (5) Security Bulletins, addressing 15 vulnerabilities. The bulletins are rated Important and address vulnerabilities in Microsoft Windows and Office.

The bulletins address Elevation of Privilege and Remote Code Execution, with at least one requiring a restart. Whether required or not, it is advised to restart your computer after installing updates.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox 6.0.2 Update Released

2011-09-07T13:08:00.000-04:00

To complete the process of providing protection against fraudulent DigiNotar certificates, Firefox 6.0.2 was released to the update channel today. (It has been available via FTP downloads since Sunday.)

From the Release Notes:

Removed trust exceptions for certificates issued by Staat der Nederlanden (see bug 683449 and the security advisory)
Resolved an issue with gov.uk websites (see bug 669792)

The update to Firefox 6.0.2 is being offered through the browser update mechanism. To get the update now, select Help, About Firefox, Check for Updates.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft Security Update for DigiNotar Certificates

2011-09-06T17:41:00.001-04:00

Microsoft Security Advisory 2607712 has been updated to revoke the trust of the DigiNotar root certificates by placing them into the Microsoft Untrusted Certificate Store.

The update is available via Automatic Update and applies to all supported releases of Microsoft Windows, including Windows XP, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.

Copied below are the known issues from Microsoft KB Article 2607712, Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing for this update.

Known issues

A restart is required for all editions of Windows XP and of Windows Server 2003.
A restart is not required for all editions of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
At the explicit request of the Dutch government, the release of this update on Windows Update will be delayed for the Netherlands.

This update will become available to the Netherlands on Windows Update and on all Automatic Update channels at a later date. Customers who want to manually install this update should click the appropriate platform download in the "Download information" section. On the next page, users will be able to select the language to install and can continue with the download and the installation.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox 6.0.1 Update Released

2011-08-31T11:34:00.000-04:00

As a result of the Fraudulent *.google.com SSL Certificate, Firefox has been updated to version 6.0.1. Thunderbird and SeaMonkey have also been updated.

The upgrade to Firefox 6 is being offered through the browser update mechanism. To get the update now, select Help, About Firefox, Check for Updates.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Fraudulent *.google.com SSL Certificate

2011-08-30T18:11:00.001-04:00

A fraudulent SSL certificate was issued for the .google.com domain name from Diginotar, a Dutch Certificate Authority on July 10,2011. The articles referenced below provide background information and a time-line about the events.

Of concern, is whether your browser is protected from spoofs, phishing attacks, or man-in-the-middle attacks from subdomains of google.com.

Internet Explorer

Microsoft issued Security Advisory (2607712): Fraudulent Digital Certificates Could Allow Spoofing, indicating that the precautionary step of removing the DigiNotar root certificate from the Microsoft Certificate Trust List.

All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Should you land on a website or attempt to install a program signed by the DigiNotar root certificate, you will receive an invalid certificate error.

A future update will be released to address this issue for all supported editions of Windows XP and Windows Server 2003.

Mozilla Firefox

The Mozilla Security Blog reported at Fraudulent *.google.com Certificate at Mozilla Security Blog that new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9), Thunderbird (3.1.13, and 6.0.1) and SeaMonkey (2.3.2) will be released shortly that will revoke trust in the DigiNotar root.

Rather than waiting for the update, action can be taken now by following the instructions at Deleting the DigiNotar CA certificate.

Other Browsers

As reported in the Google Online Security Blog at An update on attempted man-in-the-middle attacks, steps were taken to disable the DigiNotar certificate authority in Chrome. This was done while the investigations continues because it is not known if other fraudulent certificates were exist that have yet to be discovered.

Google Chrome is expected to be updated soon. Chrome 13 and newer have legitimate Google certificates, hard-coded.

No official word has been issued regarding an update for either the Safari or Opera browser.

Background Articles

Computerworld: Hackers stole Google SSL certificate, Dutch firm admits
F-Secure: Diginotar Hacked by Black.Spook and Iranian Hackers
PC World: Google One of Many Victims in SSL Certificate Hack

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

WinPatrol PLUS available for $9.99

2011-08-22T11:15:00.000-04:00

Anyone who knows me as well as those I have helped clean their computer in the forums, knows that WinPatrol is a particular favorite. I've been using WinPatrol since Windows 95 and it hasn't let me down yet. The tabbed interface is easy to use and the features are abundant.

Bill Pytlovany is providing a great opportunity for WinPatrol fans to upgrade to WinPatrol PLUS for a one-time fee of $9.99! Click here to upgrade to WinPatrol PLUS now!

Read more about Bill's offer and C|Net's latest annoyance at WinPatrol PLUS available for $9.99 while CNET Annoys Users.

Need additional information about WinPatrol? See a list of the numerous at LandzDown Forum in WinPatrol Features.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox 6 Released, Includes Critical Security Updates

2011-08-16T19:14:00.002-04:00

In keeping with the rapid release schedule, Mozilla released Firefox 6 today.

As expected when a version update is released, you may find that many of your favorite add-ons are not compatible with the new release. Use Add-on Compatibility Reporter to test and report on your favorite add-ons in version 6.

What's New

The address bar now highlights the domain of the website you're visiting
Streamlined the look of the site identity block
Added support for the latest draft version of WebSockets with a prefixed API
Added support for EventSource / server-sent events
Added support for window.matchMedia
Added Scratchpad, an interactive JavaScript prototyping environment
Added a new Web Developer menu item and moved development-related items into it
Improved usability of the Web Console
Improved the discoverability of Firefox Sync
Reduced browser startup time when using Panorama
Fixed several stability issues
Fixed several security issues

Fixed in Firefox 6

MFSA 2011-29 includes eight (8) critical and two (2) high security updates.

Miscellaneous memory safety hazards (rv:4.0)

Impact: Critical
Description: Mozilla identified and fixed several memory safety bugs in the browser engine used in Firefox 4, Firefox 5 and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.
https://bugzilla.mozilla.org/show_bug.cgi?id=674042

CVE-2011-2989

JavaScript crash
https://bugzilla.mozilla.org/show_bug.cgi?id=655660

CVE-2011-2991

Crash in the Ogg reader which affected Firefox 4 and Firefox 5.
https://bugzilla.mozilla.org/show_bug.cgi?id=672789

CVE-2011-2992

Memory safety issues which affected Firefox 4 and Firefox 5.
Memory safety bugs - Firefox 6

CVE-2011-2985

Unsigned scripts can call script inside signed JAR

Impact: Critical
Description: Unsigned JavaScript could call into script inside a signed JAR thereby inheriting the identity of the site that signed the JAR as well as any permissions that a user had granted the signed JAR.
This is a distinct issue from MFSA 2008-23 and did not affect Firefox 3.6.

References:
https://bugzilla.mozilla.org/show_bug.cgi?id=657267

CVE-2011-2993

String crash using WebGL shaders

Impact: Critical
Description: An overly long shader program could cause a buffer overrun and crash in a string class used to store the shader source code.

References:
https://bugzilla.mozilla.org/show_bug.cgi?id=665936

CVE-2011-2988

Heap overflow in ANGLE library

Impact: Critical
Description: Potentially exploitable heap overflow in the ANGLE library used by Mozilla's WebGL implementation.

References:
https://bugzilla.mozilla.org/show_bug.cgi?id=665934

CVE-2011-2987

Crash in SVGTextElement.getCharNumAtPosition()

Impact: Critical
Description: A SVG text manipulation routine contained a dangling pointer vulnerability.

References:
https://bugzilla.mozilla.org/show_bug.cgi?id=648094

CVE-2011-0084

Credential leakage using Content Security Policy reports

Impact: High
Description: Content Security Policy violation reports failed to strip out proxy authorization credentials from the list of request headers. Redirecting to a website with Content Security Policy resulted in the incorrect resolution of hosts in the constructed policy.

References:
CSP reports leak proxy auth tokens

Incorrect CSP host resolution

CVE-2011-2990

Cross-origin data theft using canvas and Windows D2D

Impact: High
Description: When using Windows D2D hardware acceleration, image data from one domain could be inserted into a canvas and read by a different domain.

References:

https://bugzilla.mozilla.org/show_bug.cgi?id=655836

CVE-2011-2986

The upgrade to Firefox 6 will be offered through the browser update mechanism. However, as the upgrade includes critical security updates, it is recommended that the update be applied as soon as possible. To get the update now, select Help, About Firefox, Check for Updates.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Flash Player Critical Update

2011-08-11T17:41:00.000-04:00

Adobe Flash Player was updated to version 10.3.183.5 to address critical vulnerabilities in the previous version. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Release date: August 9, 2011
Vulnerability identifier: APSB11-21
CVE number: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2425
Platform: All platforms

Adobe Flash Player for Android 10.3.186.3 by downloading it from the Android Marketplace by browsing to it on a mobile phone.

Browser Update Instructions

IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
Non-IE (Opera, Firefox etc) http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

Verify Installation

Additional Recommendations

The latest version of Adobe Flash Player for is available for download from the Android Marketplace by browsing to it on a mobile phone.

Adobe further recommends users of Adobe AIR 2.7 for Windows and Macintosh update to Adobe AIR 2.7.1. Users of Adobe AIR 2.7 for Android should update to Adobe AIR 2.7.1.1961 from the Android Marketplace by browsing to it on a mobile phone.

References

Adobe Security Advisory: Security update available for Adobe Flash Player
Adobe PSIRT Blog: Adobe produce security update available

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft Update Impacts WinPatrol Cookie Monitoring

2011-08-11T10:35:00.002-04:00

WinPatrol fans who monitor cookies in Internet Explorer will discover after installing the latest Microsoft security updates that cookies do not display as expected in WinPatrol.

Instead of seeing the expected site or cookie name displayed, cookies are identified as alpha-numeric.txt files (i.e., HILD912G.txt).

In testing, I intentionally started installing the security updates one-by-one, selecting Microsoft Security Bulletin MS11-057 - Critical: Cumulative Security Update for Internet Explorer (2559049) first since it applies to all three operating systems and browsers. Indeed, following a restart, I was able to confirm the change in cookie display for IE9 on Windows 7.

Based on feedback from WinPatrol users, this issue has been confirmed in Windows XP, Windows Vista and Windows 7 with IE8 and IE9. (IE6 and IE7 have not been tested but will likely be impacted the same since the update applies to all versions of Internet Explorer.)

MS11-057 is a critical security update and it is strongly advised that it be installed. Cookies are a minor issue compared to the fix in this update, which, as described in the MSRC Blog:

"resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer."

Bill Pytlovany has been advised of the situation and is actively working on a solution.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft August 2011 Security Bulletin Release

2011-08-09T15:11:00.000-04:00

Microsoft released thirteen (13) bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer, .NET and Visual Studio. Two are rated Critical in severity, nine Important and two Moderate.

Below is a quotation of the description of the priority bulletins, from the MSRC Blog:

MS11-057 (Internet Explorer). This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. Microsoft is not aware of any attacks leveraging the vulnerabilities addressed in this bulletin.
MS11-058 (DNS Server). This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a specially crafted Naming Authority Pointer (NAPTR) query to a DNS server. Servers that do not have the DNS role enabled are not at risk.

In reviewing the Executive Summaries from the Microsoft Security Bulletin Summary for August 2011, most of the updates will require a restart. Regardless of the recommendation, it is always best to restart your computer after applying updates. If you have had problems with .NET Framework updates in the past, consider installing MS11-066 and MS11-069 separately, followed by a restart.

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

References

MSRC: A live BlueHat Prize webcast and the August 2011 security updates
Security Research and Defense: Assessing the risk of the August security updates
TechNet: Microsoft Security Bulletin Summary for August 2011

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Security Bulletin Advance Notification for August, 2011

2011-08-04T17:43:00.001-04:00

On Tuesday, August 9, 2011, Microsoft is planning to release thirteen (13) bulletins addressing 22 vulnerabilities in Microsoft Windows, Office, Internet Explorer, .NET and Visual Studio.

Two of the updates are identified as Critical, nine as Important and the remaining two as Moderate, with most requiring a restart.

Although, whether required or not, it is advised to restart your computer after installing updates, a number of the scheduled bulletins will require a restart in order to complete the installation. Even though the updates to .NET Framework are identified as "may require a restart", I recommend installing them separate from the other updates.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Solve Microsoft Standalone System Sweeper Errors

2011-08-03T20:46:00.003-04:00

Edit Note: *The Microsoft Standalone System Sweeper Beta has been renamed to "Windows Defender Offline Beta".

There is a lot of interest in the Microsoft Standalone System Sweeper Beta, a recovery tool currently available from Microsoft Connect. Most people using the tool have not had any problems. However, as is inevitable, there are several error codes that some people have experienced.

Below is a summary of the common error codes and suggested trouble-shooting steps.

Items of note

At least 1 GB RAM is required in order to run the Standalone System Sweeper.
A minimum of at least 250 MB of free space on the selected media (CD, DVD or USB drive) is required.
The correct version of the tool (32- or 64-bit) is required for the infected operating system where the tool will be used.
The System Sweeper will not be able to scan if there are no definitions.
An Internet connection is needed in order to update the definitions.

Error Code 0x8004cc04

Error Code 0x8004cc04 relates to missing definitions.

Recommendation: Run the tool again and select the USB drive option. The USB drive will be reformatted and a Standalone System Sweeper will be installed on the USB drive. This will convert the USB to a bootable USB drive. Be sure to click Yes, download the latest definitions. You must be connected to the Internet to complete this process.

Error Code 0x8004cc05

Update: Error Code 0x8004cc05 has also occurred in situations where no floppy drive is enabled. In those cases, a solution that has worked is to boot without the network cable. After the Microsoft Standalone System Sweeper launches, reconnect the network cable and download the current definitions.
(Added 12SEP2011)

Error Code 0x8004cc05 appears to be more common on systems with an AMD processor. I also found that Error Code 0x8004cc05 is also more likely on systems with a 3.5" floppy drive. Disabling the floppy drive either via Device Manager or BIOS appears to solve the problem.

To Disable the Floppy Drive in Device Manager: Go to Device Manager. (Accept any UAC Prompt in Windows Vista or Windows 7). Locate and Expand FloppyDiskdrives. Right-click on the FloppyDiskDrive and select Disable. Close Device Manager and restart the computer.
To Disable the Floppy Drive in BIOS: On most computers you can access the BIOS by tapping the Delete key when restarting the Computer, although some use the F2, F10 or ESC key. In CMOS Setup, click the device associated with the drive, generally Floppy Drive A and select Disabled. Press F10 to save and select Yes to confirm your changes and restart the computer.

Reverse the process to re-enable the floppy drive.

Error Code 0x8050800c

There are a couple of issues that may result in Error Code 0x8050800c.

At least 1 GB RAM is needed in order to run the Standalone System Sweeper
The ISO created may be defective. Try creating a new ISO, allowing it to download the newest definitions (Note: You will not be able to scan if there are no definitions.)
Run chkdsk /r on the drive and see if system sweeper will work correctly

Additional Help

For additional assistance, see the problems listed below addressed in Microsoft Standalone System Sweeper Beta Help & How-To

Hotmail Security, Common Passwords Blocked

2011-07-14T21:05:00.000-04:00

A commonality in hacked Hotmail accounts is a weak password. A weak password is not only a sequence of numbers or consecutive keyboard characters such as 3333333 or asdfgh. Any dictionary word (regardless of language), abbreviations, and words spelled backward are weak passwords. The list of common passwords also includes personal information, such as your children or pet's name, telephone number, house numbers, etc.

Hotmail Team Action

The Hotmail team is rolling out a new security feature that will prevent you from choosing a very common password when recovering a compromised Hotmail account, signing up for a Hotmail account or when changing your password. In addition, if you are already using a common password, you may, at some point in the future, be asked to change it to a stronger password.

Key to a Strong Password

The key to a strong password is both complexity and length.

Complexity is not merely adding an upper case letter or an obvious misspelling, such as P@$$w0rd. That just won't pass muster. A list of the 500 worst passwords is in the references below. If you use any of those examples or even something similar it is time to change it, especially for your e-mail, banking or any site where you pay bills or conduct on-line purchases.

Although some websites limit the number of characters allowed in a password, the longer your password, the harder it will be for it to be compromised.

Test the passwords you use with the Password Checker. If your password is weak or medium in strength, make it experiment with the Password Checker adding characters, with a combination of upper and lower case letters, numbers and keyboard symbols.

Additional Topics on Managing Hotmail

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Hotmail Security, How to Report a Hacked Account

2011-07-14T18:48:00.004-04:00

Dealing with hijacked Hotmail accounts has long been a top priority for the Hotmail team. The Hotmail Safety and Security blog recently reported about an increase in hijacked accounts and spam emails sent to a account owner's contact list without their knowledge.

Some of the symptoms reported to the Hotmail team by people whose account was hijacked include:

Deleted contacts
Deleted emails
Safe sender's list is deleted
Junk Mail Settings is set to Exclusive, which prevents mail from being delivered to the Inbox.

Unfortunately, the account owner is not always the first person to discover that their account has been hacked. Instead, it is the recipients of the spam or phishing emails that arrived in their inbox from their friend's hacked account.

How to Report a Hacked E-Mail Account

Now, in addition to contacting your friend about the problem with their account, the Hotmail team is incorporating a way to report a compromised account.

From the "Mark as" menu option, click the My friend’s been hacked!” option:

You can also report an account you believe is compromised while marking as Junk or moving it to the Junk folder:

What Happens After The Account is Reported

When Hotmail receives the report, the information is added to the other information from their compromise detection engine to determine if the account has been compromised.

If the reported account is a Yahoo! or Gmail account, arrangements have been made with those providers for the information to be forwarded to them to use in their respective systems to recover hacked accounts.

For Hotmail accounts identified as compromised, the following will occur:

The spammer can no longer use the account
When the account owner attempts to access their account, they will be referred to the account recovery process.

Additional Topics on Managing Hotmail

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Windows Vista SP1 Reaches End of Support

2011-07-12T20:05:00.001-04:00

With the release of the July 12, 2011, Security Bulletin, Windows Vista Service Pack 1 (SP1) has reached its end of support life cycle. In the case of a service pack, "End of Support" means that automatic fixes, updates and online technical assistance will no longer be provided by Microsoft.

Don't be a victim to malware. Update to the latest service pack to stay up to date with security updates and reduce the chances for infection.

Windows Service Pack Lifecycle

As shown in the table below from the Windows lifecycle fact sheet - Microsoft Windows, the only services packs still supported are for Windows XP SP3, Windows Vista, SP2 and Windows 7 SP1.

Desktop operating systems

Date of availability

Support retired

Windows XP SP1

August 30, 2002

October 10, 2006

Windows XP SP2

September 17, 2004

July 13, 2010

Windows XP SP3

April 21, 2008

Available now

Windows Vista SP1

February 4, 2008

July 12, 2011

Windows Vista SP2

May 26, 2009

Available now

Windows 7 SP1

February 22, 2011

Available now

Desktop operating systems	Date of availability	Support retired
Windows XP SP1	August 30, 2002	October 10, 2006
Windows XP SP2	September 17, 2004	July 13, 2010
Windows XP SP3	April 21, 2008	Available now
Windows Vista SP1	February 4, 2008	July 12, 2011
Windows Vista SP2	May 26, 2009	Available now
Windows 7 SP1	February 22, 2011	Available now

Update to Windows Vista SP2

If you are not sure if you have installed the latest service pack, you can easily find out by clicking the Start button, right-click Computer and select Properties. SP2 will be listed in the Windows edition section if it has already been installed.

In the event you discovered SP2 has not been installed yet, Microsoft has provided very complete instructions installing Windows Vista SP2, including recommendations to follow prior to updating to SP2. Following the "Before You Begin" recommendations at Learn how to install Windows Vista Service Pack 2 (SP2) will help ensure a smooth upgrade to SP2.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft July 2011 Security Bulletin Release

2011-07-12T14:08:00.003-04:00

Microsoft released four (4) bulletins, one rated Critical and three rated Important. The bulletins address issues in Microsoft Windows and Office. Twenty-two (22) vulnerabilities are be closed with those bulletins.

Although an an Exploitability Index rating of 2, Microsoft identified MS11-053 as the highest deployment priority for the July updates:

MS11-053 (Bluetooth Stack). This security bulletin resolves one privately reported vulnerability in the Windows Bluetooth Stack. This bulletin is rated Critical for Windows Vista and Windows 7 platforms. All prior versions of Windows are unaffected.

As indicated in the below-linked Security Research and Defense blog post, if you are not yet prepared to install the MS11-053 security update, you can close off the attack surface by preventing any Bluetooth device from connecting to your computer.

In reviewing the Executive Summaries from the Security Bulletin Summary, note that updates are included that will require a restart. Regardless of the recommendation, it is always best to restart your computer after applying updates.

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

WinPatrol PLUS Special Half-price Sale!

2011-07-09T17:58:00.000-04:00

Scotty, the Windows Watchdog, has changed over the years to keep up with the changes in the Windows operating systems he monitors. WinPatrol is a multi-purpose utility designed to increase performance and protect against unwanted changes to your Windows Computer. The program was introduced in the days of Windows 95 and is compatible with every Windows Operating System, both 32- and 64-bit. WinPatrol is free for personal use and also has a one-time payment licensed PLUS version.

The features listed below are among the reasons I use WinPatrol, described more fully at the WinPatrol Features page:

Delay Startup Programs
Track Date/Time Programs are First Detected
Prevents Changes to File Type Associations
Keylogger Detection
Kill Multiple Tasks in One Step
Well over Twenty Thousand Program Descriptions
Disable Vulnerable Active X Controls

If you've been waiting for some extra cash to upgrade to WinPatrol PLUS, now is the time! For a limited time, Bill Pytlovany is offering a special half-price sale. Get WinPatrol PLUS for a one-time fee of $14.95!

http://www.winpatrol.com/

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Security Bulletin Advance Notification for July, 2011

2011-07-07T14:41:00.000-04:00

On Tuesday, July 12, 2011, Microsoft is planning to release four (4) bulletins, one rated Critical and three rated Important. The bulletins will be addressing issues in Microsoft Windows and Office. Twenty-two (22) vulnerabilities will be closed with those bulletins.

In addition to the upcoming security updates, the MSRC Blog also referenced the Special Edition Security Intelligence Report (SIR) entitled Battling the Rustock Threat. The special SIR provides new data on the Rustock botnet and the impact of the malware on computers around the world.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Link Windows Live IDs in Hotmail

2011-06-29T16:23:00.001-04:00

Multi-faceted Windows Live Hotmail not only includes the ability to add up to four POP3 accounts to your Windows Live Hotmail account, you can also link multiple Windows Live IDs. With multiple Hotmail accounts, this enables you to easily switching between accounts without the necessity of signing in again.

Follow the simple steps below to link multiple Windows Live IDs.

Link Windows Live IDs

Sign in to your Windows Live Hotmail account. In the left pane, next to Inbox, click the Tools icon , and then click Get email from another account.

In the window that opens, click Windows Live:

Next, click the link for "Linked IDs".

Linked IDs
Link your Windows Live IDs so you can quickly switch between accounts.

For security reasons, it will be necessary to provide your password again in order to access Account options. Then simply enter the Windows Live ID you want to link to the account that you signed in to and provide the password for that account. Lastly, click the button to Link the accounts.

To access the linked Windows Live ID, merely click the down arrow in the upper right next to your account name and select the account. Windows Live will be redirected to that linked account.

Additional Topics on Managing Hotmail

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Use Hotmail to Manage All Your E-Mail Accounts

2011-06-29T16:22:00.003-04:00

The value of a Windows Live Hotmail account is increased exponentially by including the ability to access multiple e-mail accounts all from your Hotmail inbox.

Not only can you can link multiple Windows Live IDs, you can also add up to four POP3 accounts to your Windows Live Hotmail account. By following the steps below, you can send and receive e-mail from your Gmail, AOL Mail, and Yahoo! Mail Plus.

Note that POP access needs to be turned on in the other account for Hotmail to access the email. Some email services have POP turned off by default, so be sure to check those settings. Using Gmail as an example, the option is located in Settings, Forwarding and POP/IMAP.

Add an email account

After logging on to your Windows Live Hotmail account, in the left pane, next to Inbox, click the Tools icon , and then click Get email from another account.

Enter your account information

In the window that opens, click Add an email account.

Type the e-mail address and the password for the desired account to be added to your Hotmail account:

Set folders and icons

Select the folder where you'd like email from this account to go. You can also choose a colored icon to indicate mail from that account. When you're done, click Save.

Verify that you own this email address

An e-mail will be sent to the account to be forwarded to your Windows Live Hotmail. It is necessary to approve forwarding by clicking the link in the e-mail.

You have set up your Windows Live Hotmail account to send messages from this email address.
By adding this address, you'll be able to write messages and send them from this Windows Live Hotmail account:

1. To verify that you own this account and want to send messages from it, click the link below:

{LINK}

2. The link will take you to the sign-in page for Windows Live Hotmail. Just sign in to the account that you want to send mail from. Once you've done that, your mail from that account will start being sent from this address.

Additional Topics on Managing Hotmail

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mozilla Firefox 5 Includes Critical Security Updates

2011-06-21T14:15:00.000-04:00

While many are celebrating the Summer Solstice, Mozilla developers are celebrating the rapid release of Firefox 5.

Although the latest version reportedly includes more than 1,000 improvements and performance enhancements, the update from version 4 to version 5 feels more like a security update than a new version.

As indicated at Security Advisories for Firefox, the vulnerabilities listed below were Fixed in Firefox 5. This includes the WebGL graphics memory stealing issue addressed in at Mozilla Security Blog.

Fixed in Firefox 5

MFSA 2011-28 Non-whitelisted site can trigger xpinstall
MFSA 2011-27 XSS encoding hazard with inline SVG
MFSA 2011-26 Multiple WebGL crashes
MFSA 2011-25 Stealing of cross-domain images using WebGL textures
MFSA 2011-22 Integer overflow and arbitrary code execution in Array.reduceRight()
MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images
MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled
MFSA 2011-19 Miscellaneous memory safety hazards (rv:3.0/1.9.2.18)

The upgrade to Firefox 5 will be offered to users with Firefox 4 through the browser update mechanism. However, as the upgrade includes critical security updates, it is recommended that the update be applied as soon as possible. To get the update now, select Help > About Firefox > Check for Updates.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

New WinPatrol Help & Information Forum

2011-06-17T19:21:00.000-04:00

Scotty, the Windows Watchdog

As long-time supporters of WinPatrol, LandzDown Forum is excited and proud to announce the opening of the new WinPatrol forum.

Although created with the approval of Bill Pytlovany, developer of WinPatrol, the forum is not an "official" WinPatrol-sponsored help site. Official support for WinPatrol continues to be provided by BillP Studios.

The purpose of the forum at LandzDown is to provide an additional place to obtain answers to questions about WinPatrol. If you have questions about WinPatrol, a problem or would just like more information about the program, create a new topic in the forum and we will do our best to assist.

You can find the forum here: WinPatrol Help & Information.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Critical Updates for Adobe Products

2011-06-14T21:15:00.000-04:00

Adobe released critical updates today Adobe Reader and Acrobat, Flash Player and Shockwave Player. Important Severity updates were released for Adobe ColdFusion, Live Cycle Data Services, Live Cycle ES and Blaze DS.

Details on all of the updates are available in the references section below. The most common products used by home computer users are Adobe Reader, Flash Player and Shockwave Player.

Please see the following special items of note regarding the updates for Adobe Reader, Flash Player and Shockwave Player.

Adobe Reader and Acrobat

As always, beware of third party toolbar offerings. In the event you use Adobe Acrobat, you may be interested in Inside Adobe Acrobat Protected View.

Download Links:

Adobe Reader FTP Direct Download: ftp://ftp.adobe.com/pub/adobe/reader/win/
Adobe Reader Sandboxed Version: http://get.adobe.com/reader/otherversions/

Adobe Flash Player

IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
Non-IE (Opera, Firefox etc) http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

Verify Flash Player Installation

Adobe Shockwave Player

Shockwave Player download for Windows: http://www.adobe.com/shockwave/download/

Note: Please remember to uncheck any unwanted 3rd party toolbars/programs during installation. Also please do not confuse this with Adobe Flash Player which is a different program.

How to disable the auto-update setting in Shockwave: http://kb2.adobe.com/cps/166/tn_16683.html. If you do not want auto-updating, this must be set every time Shockwave Player is updated.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Microsoft June 2011 Security Bulletin Release

2011-06-14T15:25:00.000-04:00

Microsoft released sixteen (16) bulletins addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studios, Silverlight and ISA. Nine of the bulletins are identified as Critical in severity and seven as Important.

Below is a quotation of the description of the priority bulletins, from the MSRC Blog:

"MS11-042 (DFS). This bulletin resolves two privately reported issues affecting all versions of Windows.
MS11-043 (SMB Client). This bulletin resolves one privately reported issue affecting all versions of SMB Client on Windows.
MS11-050 (Internet Explorer). This security bulletin resolves 11 privately reported issues in Internet Explorer.
MS11-052 (Windows). This bulletin resolves one privately reported issue in Windows and is also Critical. "

In reviewing the Executive Summaries from the Microsoft Security Bulletin Summary for June 2011, note that most of the updates will require a restart. Regardless of the recommendation, it is always best to restart your computer after applying updates.

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Avira AntiVir Adds Ask Toolbar and Scareware PopUp

2011-06-13T21:10:00.000-04:00

Avira AntiVir has long been a favorite provider of free antivirus protection. The product has also received acclaims for the quality of protection. Unfortunately, Avira has made several changes, resulting in removing the product from the "recommended list".

Avira AntiVir had replaced the Avira Personal Free edition notifier. It is no longer suggesting upgrading to Avira premium or the security suite. Instead, the notifier is advertising Uniblue "Registry Booster".
Licensed users of Avira Premium are receiving e-mails advertising the same Uniblue "Registry Booster" product.
The addition of a toolbar with the pre-checked option to include the Ask Toolbar (AntiVir WebGuard) and change the default search provider to Ask.

Although some people have referred to Uniblue's "Registry Booster" product as a rogue, based on descriptions of how it works, the product is better described as scareware. Scareware products are those that provide scan results that imply there are serious issues with the computer. However, the only way to fix the issues is purchase the product.

To add to the computer owner's confusion is that Uniblue proudly displays the Microsoft Partner logo. This gives the impression that the company has any close relationship with Microsoft. It is important to understand that there is no vetting to become a registered Microsoft partner. All it means to be a Microsoft Partner is that the company employs the requisite number of certified professionals and has completed the registration process, nothing more.

In my opinion, as well as that of many members of the security community, it is deplorable when a security vendor adds a pre-checked option to include an unnecessary add-on and change the user's preferences. A responsible security vendor should provide a clean installer, focusing on improving the product, fixing any bugs and continuing to improve the product.

If you are using Avira AntiVir antivirus software, I encourage you to read the articles listed in the references section below and decide for yourself if this is a product you wish to continue using.

There are still two recommended antivirus software programs that are free for personal use, avast! 6 Home Edition and Microsoft Security Essentials. My favorite licensed antivirus choice is ESET.

References

AntiVir Personal for Windows Support Forum: [Off-topic] Uniblue scareware ads (hello Uniblue, goodbye Avira)
AntiVir Premium and Avira Premium Security Suite Support Forum: [Off-topic] Registry Booster 2011 email from Avira
Calendar Of Updates: AntiVir/Avira adds ask.com toolbar
Complaints Board: UNIBLUE REGISTRY BOOSTER Complaints - Deceptive Advertising and Sales Practice

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Ten Immutable Laws Of Security (Version 2.0)

2011-06-09T20:59:00.000-04:00

Having a secure computer is not only about the operating system. As the Microsoft Security Response Center (MSRC) has seen, there are some things that neither Microsoft nor another software vendor can fix. This is because, although they are real security problems, the problems are not from product flaws.

Dilbert by Scot Adams

Being aware of phishing attempts is only part of having good judgement. The MSRC delves into the details of the 10 Immutable Laws of Security identified in the following summary.

The 10 Immutable Laws Summary

Law #1: If a bad guy can persuade you to run his program on your computer, it's not solely your computer anymore.
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore.
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.
Law #4: If you allow a bad guy to run active content in your website, it's not your website any more.
Law #5: Weak passwords trump strong security.
Law #6: A computer is only as secure as the administrator is trustworthy.
Law #7: Encrypted data is only as secure as its decryption key.
Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all.
Law #9: Absolute anonymity isn't practically achievable, online or offline.
Law #10: Technology is not a panacea.

Learn how using sound judgement will help to improve the security of your computer in the Ten Immutable Laws Of Security.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Security Bulletin Advance Notification for June, 2011

2011-06-09T19:39:00.000-04:00

On Tuesday, June 14, 2011, Microsoft is planning to release sixteen (16) bulletins addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studios, Silverlight and ISA. Nine of the bulletins are identified as Critical in severity and seven as Important.

Although it is advised to restart your computer after installing updates, whether required or not, a number of the scheduled bulletins will require a restart in order to install the updates. I recommend installing the update to .NET Framework separately as well as other updates requiring a restart.

The Internet Explorer bulletin will address one of the known vectors to the cookie folder related to "“cookiejacking.” Cookiejacking allows an attacker to steal cookies from a user’s computer and access websites the user has logged into. Note, however, that the Microsoft Malware Protection Center (MMPC) has not detected attempts to use this technique.

References

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Critical Java Security Update

2011-06-07T15:10:00.000-04:00

Oracle Java released an update to Java Runtime Environment (JRK). The full internal version number for this update release is 1.6.0_26-b03 (where "b" means "build"). The external version number is 6u26.

The Critical Patch Update contains seventeen (17) new security vulnerability fixes for Java SE. As explained in the Executive Summary, all of the vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Although Java is not required (See Do You Need Java?), if you do have Java installed on your computer, it is advisable to install the latest update.

Download Information

Download Link: Java SE Runtime Environment 6u26. Accept the License agreement and select the correct version for your operating system.

Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Please check add/remove programs to ensure that you have uninstalled all prior (and vulnerable) versions of SunJava.

After installation, verify that Java has been installed correctly: Verify Java Installation.

References

Release Notes: Java SE 6, Update 26
Update Schedule: Critical Patch Updates

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Another Adobe Flash Player Security Update

2011-06-06T14:37:00.000-04:00

An unexpected Adobe Flash Player was released addressing. The update addresses a universal cross-site scripting vulnerability (CVE-2011-2107) which could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website.

Adobe indicated that there are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message.

Release date: June 5, 2011
Vulnerability identifier: APSB11-13
CVE number: CVE-2011-2107
Platform: All Platforms

Standing Instructions

IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
Non-IE (Opera, Firefox etc) http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

Verify Installation

References

Adobe Security Advisory: Security Bulletins: APSB11-13 - Security Update available for Adobe Flash Player
Adobe PSIRT Blog: Security update available for Adobe Flash Player (APSB11-13)

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Advance Notice of Critical Java Update

2011-06-03T19:11:00.000-04:00

Oracle provided advance notification regarding the Oracle Java SE Critical Patch Update for June 2011. The update is scheduled to be released on Tuesday, June 7, 2011.

The Critical Patch Update contains seventeen (17) new security vulnerability fixes for Java SE. As explained in the Executive Summary, all of the vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Affected Products and Components

Security vulnerabilities addressed by this Critical Patch Update affect the following products:

JDK and JRE 6 Update 25 and earlier for Windows, Solaris, and Linux
JDK and JRE 5.0 Update 29 and earlier for Windows, Solaris and Linux
SDK and JRE 1.4.2_31 and earlier for Windows, Solaris and Linux

Reference: Oracle Java Critical Patch Update - June 2011

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Setting Up the Microsoft Standalone System Sweeper Beta

2011-06-02T20:51:00.003-04:00

Edit Note: The Microsoft Standalone System Sweeper Beta has been renamed to "Windows Defender Offline Beta".

Microsoft Standalone System Sweeper Beta

Microsoft Standalone System Sweeper Beta is a recovery tool currently available from Microsoft Connect. The tool is not a general, all-purpose scanner and is not a replacement for an updated antivirus program. Rather, it is to help start an infected PC and perform an offline scan to identify and remove rootkits and other advanced malware.

The Microsoft Standalone System Sweeper Beta can also be used in situations where an antivirus software fails to install or the program that is installed is unable to detect or remove malware from the computer.

Although the Standalone System Sweeper is still labeled Beta and caution is necessary as with all beta programs, the tool has long been a part of the Microsoft Diagnostics and Recovery Toolset (DaRT) for Microsoft Enterprise customers.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

With USB sticks so readily available, the instructions that follow are for that media. However, a blank CD or DVD can also be used.

Requirements When Creating Standalone System Sweeper Media

When creating the bootable media, it is important to consider the following information and requirements:

A minimum of at least 250 MB of free space on the selected media (CD, DVD or USB drive) is required.
If you elect to prepare an ISO for future use, keep in mind that the definitions will not be up-to-date.
Installing the Standalone System Sweeper on a USB drive will reformat the USB drive, resulting in the loss of all data stored on the USB drive. (See Note below*)
Regardless of the operating system used to create the file, it is essential to select the correct version of the tool, either 32- or 64-bit, for the infected operating system where the tool will be used.
An Internet connection is required for installation and download of the latest virus and spyware definitions for Standalone System Sweeper.
Internet Browser: Windows Internet Explorer 6.0 or higher or Mozilla Firefox 2.0 or higher.

Installing on USB Drive

The download file is located at Microsoft Connect. Again, it does not matter what the operating system is that you use to download and create the bootable media. However, it is critical to select the correct version for the computer where the tool will be used.

After downloading the file, select the correct version. If you need assistance determining whether the infected computer is 32- or 64-bit, see the Microsoft Help and Support article for instructions.

Launching the installer, will take you to the "Welcome" screen:

Clicking Next is when you select the media where the tool will be created:

The files for the selected version (32- or 64-bit) will download and install on the media:

After the process has been completed, the bootable USB drive is ready for use.

When you click "Computer" to eject the USB drive, note that the name includes the version of the tool that was created.

Updating the Definitions

After starting the infected computer with Standalone System Sweeper do the following to insure that the most recent definitions are installed:

Click on the Help drop down arrow menu.
Click on Check for updates.
Click on Download.

In the event the infected computer does not have an Internet connection, the updates can be manually transported to the infected machine. The definitions are the same for Standalone System Sweeper as used with Microsoft Security Essentials.

Download the latest definitions from the Malware Protection Center Portal, selecting the correct version for the infected computer:
-- mpam-fe.exe is for the 32-bit version
-- mpam-fex64.exe is for the 64-bit version
Transport the saved definitions to the infected computer, selecting the Browse button to navigate to the location of the saved definitions. (See Note below*)

*Note regarding reformatting the USB Drive

If the following conditions are met, when running the tool again, the USB drive will not be reformatted. In addition, after creating the tool on your USB, you can copy other tools, "rescue data" as well as the latest definitions.

The files on the USB drive are not damaged or missing (the tool will verify that the files are not damaged).
The same USB drive is used.
The version of the Standalone System Sweeper used to create the bootable USB drive is the same as the version of the tool being re-run or updated. The tool will detect the already installed product and will only update the definitions without reformatting or altering your data.

System Requirements for Infected Computer

Important Note: BitLocker must be disabled on the infected computer to use Microsoft Standalone System Sweeper Beta.

Operating system: Windows XP Service Pack 3; Windows Vista (RTM, Service Pack 1, or Service Pack 2, or higher); Windows 7 (RTM, Service Pack 1, or higher).
Required processor:
Windows XP: 500 MHz or higher1.0 GHz or higher
Windows Vista and Windows 7: 1.0 GHz or higher
Required memory:
Windows XP: 768 MB RAM or higher
Windows Vista and Windows 7: 1 GB RAM or higher
Required video card: 800 × 600 or higher
Available hard disk space: 500 MB

Download and Additional Information

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Fix for Adobe Flash Player Rendering Issues with IE9

2011-05-31T18:09:00.001-04:00

Adobe has released Flash Player 10.3.181.16 for Internet Explorer only. The update for Internet Explorer addresses an issue where Flash animations were displaying in the left-hand corner of the screen for users of Internet Explorer 9.

The version for other browsers remains at 10.3.181.14.

Note: If you disabled hardware acceleration in Internet Explorer 9 using the instructions on this page, you should re-enable hardware acceleration.

In the event you reverted to a previous version of Flash Player, it is strongly advised that this update be applied as soon as possible as the updated version included critical security updates.

Download

Direct Download for IE users: http://fpdownload.macromedia.com/get/flashplayer/current/install_flash_player_ax.exe

Verify Installation

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Remembering Those Who Served, Memorial Day 2011

2011-05-29T21:13:00.000-04:00

Vietnam Memorial Wall
April 30, 2005
Photograph by Luigi Masu

Memorial Day is a day set aside to remember those who have died in the service of their country. It is also a time when I remember a very special Canadian who likely knew more about U.S. politics and history than most U.S. citizens. Memorial Day 2007 was his last blog post, reading in part:

"Memorial Day was officially proclaimed on 5 May 1868 by General John Logan, national commander of the Grand Army of the Republic, in his General Order No. 11, and was first observed on 30 May 1868, when flowers were placed on the graves of Union and Confederate soldiers at Arlington National Cemetery. The first state to officially recognize the holiday was New York in 1873. By 1890 it was recognized by all of the northern states. The South refused to acknowledge the day, honoring their dead on separate days until after World War I (when the holiday changed from honoring just those who died fighting in the Civil War to honoring Americans who died fighting in any war). For more history of Memorial Day visit Memorial Day History."

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Mac Rogue Remover Tool

2011-05-26T19:18:00.002-04:00

The creators of rogue (fake) antivirus programs that have been plaguing Windows users for many years have now migrated to the Mac platform.

Although Apple is planning a Mac OS X software update that is expected to automatically find and remove Mac Defender malware and its known variants, affected Mac users do not need to wait for the update. In the meantime, Mac users are advised to consider the following:

For Safari users, uncheck the default setting "Open safe files after downloading" on your Mac.
In the event you fell for the scam and purchased the fake program, contact your credit card company.
Watch for the promised update to be issued by Apple.
Install an antivirus software. (Sophos offers a free antivirus software for Mac home users.)

In the unfortunate event your computer has been infected with one of the rogues, Bleeping Computer to the rescue! Site owner, Microsoft MVP Lawrence Abrams, has created a tool and removal guides to assist in the removal of many of the known variants of the recently released rogues. As other variants become available, expect that additional removal guides will be made available.

Mac Security: Mac Security Removal Guide
Mac Defender: Mac Defender Removal Guide
Mac Protector: Mac Protector Removal Guide
Mac Guard: Mac Guard Removal Guide

For background information on the Mac Removal Tool, see Introducing the BleepingComputer Mac Rogue Remover Tool.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Flash Player 10.3 and IE 9 Issues

2011-05-20T20:40:00.000-04:00

The critical security update to Adobe Flash Player 10.3 has resulted in SWF content being displayed in the upper left corner of the screen in some cases.

The issues appear to be limited to Adobe Flash Player 10.3 and Internet Explorer 9. As a result, Adobe has temporarily disabled the automatic update notification for Flash Player 10.3 and Internet Explorer.

A hotfix is in the works and a new version is expected to be available next week. In the meantime, Adobe has provided the following workarounds:

"1. On some systems, you might be able to resolve this issue by updating the Intel HD Graphics drivers. It has been reported that version 8.15.10.2361 and above do not display this bug. Unfortunately, some systems might require updates directly from your system manufacturer. We're working with system manufacturers to make sure they include the latest drivers in future releases.

2. You can disable hardware acceleration in Internet Explorer 9 using the instructions on this page. Please note that you should re-enable hardware acceleration once this problem has been resolved to enjoy the full benefits of hardware acceleration.

3. Use an alternate browser. All reports indicate that this issue is specific to Internet Explorer 9. You can use Firefox, Chrome, Safari, Opera, etc. with content designed for Flash Player while this issue is being resolved.

4. You can manually uninstall Flash Player 10.3 and revert back to Flash Player 10.2. While we always recommend you use the latest Flash Player for security and stability, this will get you back to your previous version."

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Coming Soon: Office 2010 and Sharepoint 2010 SP1

2011-05-20T14:12:00.000-04:00

Service Pack 1 for Microsoft Office 2010 and Sharepoint 2010 was announced at TechNet Atlanta.

As of this timing, the service pack is scheduled to be released the end of June. It will initially be available from both the Download Center and Microsoft Update and will include all language versions. The service pack will not be included as an Automatic Update until at least 90 days after the initial release.

In addition to including public and cumulative updates, below is a sampling from the Microsoft Office Blog of highlighted changes to be included in SP1.

Outlook fixes an issue where “Snooze Time” would not reset between appointments.
The default behavior for PowerPoint "Use Presenter View" option changed to display the slide show on the secondary monitor.
Integrated community content in the Access Application Part Gallery.
Better alignment between Project Server and SharePoint Server browser support.
Improved backup / restore functionality for SharePoint Server
The Word Web Application extends printing support to “Edit Mode.”
Project Professional now synchronizes scheduled tasks with SharePoint task lists.
Internet Explorer 9 “Native” support for Office Web Applications and SharePoint
Office Web Applications Support for Chrome
Inserting Charts into Excel Workbooks using Excel Web Application
Support for searching PPSX files in Search Server
Visio Fixes scaling issues and arrowhead rendering errors with SVG export
Proofing Tools improve spelling suggestions in Canadian English, French, Swedish and European Portuguese.
Outlook Web Application Attachment Preview (with Exchange Online only)
Office client suites using “Add Remove Programs” Control Panel, building on our work from Office 2007 SP2

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Ribbon Search Commands for Microsoft Office 2010 and 2007

2011-05-16T15:07:00.009-04:00

Microsoft Office has so many formatting and editing features, it is difficult to remember where everything is located. In addition, many long-time users of Microsoft Office have found the Ribbon confusing.

The Microsoft Office Labs has a solution in the form of a simple add-in called Search Commands. Search Commands has been available for a while now, but it seems to be a little-known add-in. Search Commands will help you quickly find the commands you need in Microsoft Office 2007 and 2010 Word, Excel and PowerPoint.

To launch Search Commands, click on the Search Commands tab in Word, Excel and PowerPoint. If you prefer keyboard shortcuts, click the Windows Key + Y combination.

As illustrated in the images below from Office 2010 and Office 2007, the search mechanism is very intuitive. Merely typing "insert" in the search box yielded the most commonly searched information:

Try it. You'll like it.

If you are new to the Ribbon, you may also find the information at Office.com helpful: Office Ribbon Find Commands.

Requirements and Download Information

Requirements: Windows XP or later. Office 2007 or Office 2010 32- or 64-bit.
Limitations: English only. Works with Word, Excel and PowerPoint only.
Additional Information: Microsoft Office Labs
Download Link: Download Search Commands

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

WinPatrol 20.5 Update

2011-05-15T17:53:00.000-04:00

WinPatrol 2011 has been upgraded to version 20.5. The upgraded version addresses both a number of long-time requests and also resolves many issues related to 64-bit Windows operating systems.

The updated features and resolved issues at WinPatrol 2011.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Adobe Flash and other Products Critical Severity Updates

2011-05-14T16:00:00.001-04:00

Adobe released Critical Severity updates to three products and one Important Severity update to another. If you use RoboHelp, Audition or Flash Media Server (FMS), it is strongly recommended that you apply the updates as soon as possible.

Adobe Security Bulletins

Adobe Flash Update Details

Although, to date, Adobe has not obtained a sample that completes an attack, the identified vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

Adobe indicated that there are reports of malware attempting to exploit the CVE-2011-0627 vulnerability in the wild. The attack is via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform.

Release date: May 12, 2011
Vulnerability identifier: APSB11-12
CVE number: CVE-2011-0579, CVE-2011-0618, CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626, CVE-2011-0627
Platform: All Platforms

Standing Instructions

IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
Non-IE (Opera, Firefox etc) http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

1 MB
Free McAfee® Security Scan Plus (optional)

Verify Installation

References

Adobe Security Advisory: Security Update Available for Adobe Flash Player
Adobe PSIRT Blog: Security updates available for Flash Player, RoboHelp, Audition, and Flash Media Server

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Security Garden

Data Privacy Day 2012

Why the concern about privacy?

Protect Your Privacy

Resources

To My "Other" Girl

Adobe Reader and Acrobat Critical Security Updates

Release Details

Affected Software Versions

References

Microsoft January 2012 Security Bulletin Release

Security Bulletins

Support

References

Security Bulletin Advance Notification for January, 2012

References

2012 Microsoft® MVP Award

Out-of-Band Critical Security Update MS11-100

Known Issues

Reminder

Support

References

Merry Christmas, Ukrainian Style

Mozilla Firefox 9 Released, Includes Critical Security Fixes

Security Updates

What's New

References

Critical Security Update for Adobe Reader/Acrobat

Release Details

Alternatives

References

Microsoft December 2011 Security Bulletin Release

Disable Microsoft Fix it

Support

References

Security Bulletin Advance Notification for December, 2011

References

Windows Defender Offline Beta, formerly Standalone System Sweeper

Windows Defender Offline Beta Information

Related Articles

Security Advisory for Adobe Reader and Acrobat (APSA11-04)

Alternatives

Advisory Details

References

No, it isn't the Blaster Worm

Safety Tips for Online Shopping

Protect Your PC

Protect Your Credit

Tips

Lest We Forget

Microsoft Security Advisory 2641690 Addresses Fraudulent Digital Certificates

References

Adobe Releases Critical Update for Flash Player and AIR

Update Instructions

Verify Installation

References

Mozilla Firefox 8 Released, Includes Critical Security Fixes

Security Updates

What's New

References

Microsoft November 2011 Security Bulletin Release

Support

References

Adobe Releases Critical Update for Shockwave Player

Update Information

Reference

Microsoft Fix it for Duqu Malware, Security Advisory 2639658

Microsoft Fix it

References

Security Bulletin Advance Notification for November, 2011

References

Oracle Java SE Critical Security Update

Affected Java SE Products and Components

References

SUPERAntiSpyware Adds Opt-in Toolbar

Recommendation

Microsoft October 2011 Security Bulletin Release

Support

References

How Windows PCs Get Infected with Malware