Tag: security update
November 14, 2009 by
Jason
Microsoft has reacted rapidly to public reports of a zero-day denial-of-service vulnerability in its latest iterations of the Windows client and server operating systems, and is providing customers with guidance on how to block potential attempts to take advantage of the security flaw. In this regard, the Redmond company has underlined that no exploits or attacks have been detected for the denial-of-service (DoS) hole in the Microsoft Server Message Block (SMB) Protocol impacting both SMBv1 and SMBv2 in Windows 7 and Windows Server 2008 R2. However, Proof of Concept (PoC) code was irresponsibly published in the wild, making it extremely easy for attackers to build exploits putting at risk users of Windows 7.
“Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable. If exploited, this DoS vulnerability would not allow an attacker to take control of, or install malware on, the customer’s system but could cause the affected system to stop responding until manually restarted. It is important to note that the default firewall settings on Windows 7 will help block attempts to exploit this issue,” Dave Forstrom, group manager, public relations, Microsoft Trustworthy Computing, revealed. “The company is not aware of attacks to exploit the reported vulnerability at this time.” Read More»
Posted in Windows 7 | No Comments »
November 14, 2009 by
Jason A DVD5 ISO image file containing all the security bulletins made available on November 10th, 2009 for all supported Windows platforms, is now up for grabs via the Microsoft Download Center. As is the case every month, the Redmond company is accompanying the security patched it offers through Windows Update, Automatic Updates, and Microsoft Update with standalone downloads as well as with a package of updates. In this regard, the November 2009 Security Release ISO Image has become available for download earlier this week.
There are no less than six security updates packaged into the ISO image, four of which are now served through WU, AU, and MU to Windows users around the world. MS09-063, MS09-064, MS09-065, MS09-066 are all designed to patch security vulnerabilities in Windows server and client platforms, including versions such as Windows Vista SP2 and Windows XP SP3.
“This DVD5 ISO image file contains the security updates for Windows released on Windows Update on November 10th, 2009. The image does not contain security updates for other Microsoft products. This DVD5 ISO image is intended for administrators that need to download multiple individual language versions of each security update and that do not use an automated solution such as Windows Server Update Services (WSUS). You can use this ISO image to download multiple updates in all languages at the same time,” Microsoft explained. Read More»
Posted in Windows Vista, Windows XP | No Comments »
October 15, 2009 by
Jason It has by no means been a slow month as far as Microsoft security bulletins go, with no less than 13 patch packages being released by the company for a range of products. In total, the Redmond company patched no less than 34 security holes across Windows, Internet Explorer, Silverlight, Microsoft Office, Developer Tools, Forefront and SQL Server, revealed Christopher Budd, security response communications lead, Microsoft. October 2009 is also the first month in the software giant’s security patch cycle when updates were made available for the gold version of Windows 7. October 2009 marks yet another first, namely the first time that patches for Windows 7 RTM have been included into a company Security Release ISO Image.
At the bottom of this article you’ll be able to find a download link for the October 2009 Security Release ISO Image. The ISO package brings to the table all of the security updates made available for supported Windows operating systems, including Windows 7, Vista, Windows XP, Windows Server 2008 R2, etc. Read More»
Posted in Windows 7 | 1 Comment »
October 15, 2009 by
Jason On October 13th, 2009, Microsoft started serving to Windows users patches for no less than 34 vulnerabilities, releasing the most security bulletins in the company’s history. The 13 security bulletins made available are designed to offer fixes for a range of security issues affecting Windows, Internet Explorer, Silverlight, Microsoft Office, Developer Tools, Forefront and SQL Server. Microsoft underlined that, despite the large number of patches, all security updates had been thoroughly tested, and only received the green light for broad release once they met specific quality standards.
Out of the total 13 security bulletins released, eight have received Microsoft’s maximum severity rating, namely Critical, indicating that they are designed to patch severe vulnerabilities that could allow for remote code execution in the eventuality of a successful attack. The remaining six patch packages have all been deemed Important, a less severe rating. However, customers should apply the patches offered by the Redmond company immediately. The simplest way to access the security updates is through Windows Update. Users with Automatic Updates enabled will have all patches automatically downloaded to their machines.
Microsoft revealed that no less than seven security bulletins with a maximum severity rating of Critical out of the total eight also had an exploitability index of 1. The highest possible exploitability index: 1 is indicative of the fact that Microsoft considers the possibility of exploit code becoming available in the wild for the seven flaws extremely likely, perhaps even within the first 30 days since the patches were released. This just in case you needed additional incentive to deploy the security updates. Read More»
Posted in Computer | 1 Comment »
September 17, 2009 by
Jason
Internet Explorer 8 includes a security feature that shuts down misbehaving applications before they can harm your system.
This capability, known as Data Execution Prevention (DEP), runs by default when IE 8 is installed on XP SP3 and Vista SP1 or later, but it may not always be clear to you why DEP has put the brakes on one of your PC’s applications.
DEP is the best reason I know for updating to Internet Explorer 8 and Vista SP1. For many years, Microsoft has included DEP which is also called No-Execute (NX) only in parts of Windows. For example, DEP is available in IE 7 but is off by default to avoid conflicts with old, incompatible programs.
DEP is now a key part of Vista and Internet Explorer 8. When I try to install older software on newer machines, I must configure Data Execution Prevention to allow the software installer to run with DEP disabled.
To open the Data Execution Prevention dialog in XP, open Control Panel, choose System, and then select the Advanced tab. Click the Settings button in the Performance section and select the Data Execution Prevention tab. In Vista, choose Performance Information and Tools, click Advanced Tools in the left pane, select Adjust the appearance and performance of Windows, and click the Data Execution Prevention tab. Read More»
Posted in Internet | No Comments »
Microsoft released no less than eight security bulletins for the various supported releases of Windows client and server operating systems, including for the latest service packs of Windows Vista and Windows XP. Out of the total of patch packages impacting Windows, half feature a maximum severity rating of Critical, with the remaining four being rated as Important. The security updates are available through Windows Update since August 11, 2009, and customers are advised to deploy the patches as soon as possible in order to bulletproof their systems against attacks.
“Of note, Microsoft released MS09-043 to help protect customers from attacks on the Office Web Components vulnerability previously addressed by Security Advisory 973472. I also wanted to let you know that MS09-037 addresses five privately reported vulnerabilities in Microsoft Active Template Library (ATL). Security Advisory 973882 has been updated with a reference to MS09-037. Additionally, Microsoft has released Security Advisory 973811 to include a non-security update that enables new protection technology on the Windows platform,” revealed Christopher Budd, security response communications lead for Microsoft. Read More»
Posted in Windows Vista, Windows XP | No Comments »
The July 2009 Security Release ISO Image is now available for download from Microsoft, having been offered concomitantly with the company’s monthly patch cycle releases. In addition to serving each month’s security bulletins through Windows Update, the software giant is also packaging the patches aimed for the supported Windows client and server operating system as an ISO image. In this context, customers can now access Windows-related security updates, including for Windows Vista Service Pack 2 and Windows XP SP3 that went live on July 14, 2009, through the DVD5 ISO image package.
“This month we are releasing six bulletins. Three of those affect Windows and are rated Critical. All three of those also have an Exploitability Index rating of ‘1’ which means that we believe that consistent exploit code in the wild is highly likely within the first 30 days,” revealed Jerry Bryant, Microsoft security program manager. “The remaining three bulletins are all rated Important and affect Microsoft Office Publisher, Microsoft ISA Server, and both Virtual PC and Virtual Server. The first two also have Exploitability Index ratings of ‘1’ so please consider this while doing your risk assessment. In total, we are addressing nine vulnerabilities this month.” Read More»
Posted in Windows Vista, Windows XP | No Comments »
Loading ...
