Tag: vulnerabilities
October 15, 2009 by
Jason
It has by no means been a slow month as far as Microsoft security bulletins go, with no less than 13 patch packages being released by the company for a range of products. In total, the Redmond company patched no less than 34 security holes across Windows, Internet Explorer, Silverlight, Microsoft Office, Developer Tools, Forefront and SQL Server, revealed Christopher Budd, security response communications lead, Microsoft. October 2009 is also the first month in the software giant’s security patch cycle when updates were made available for the gold version of Windows 7. October 2009 marks yet another first, namely the first time that patches for Windows 7 RTM have been included into a company Security Release ISO Image.
At the bottom of this article you’ll be able to find a download link for the October 2009 Security Release ISO Image. The ISO package brings to the table all of the security updates made available for supported Windows operating systems, including Windows 7, Vista, Windows XP, Windows Server 2008 R2, etc. Read More»
Posted in Windows 7 | 1 Comment »
October 15, 2009 by
Jason On October 13th, 2009, Microsoft started serving to Windows users patches for no less than 34 vulnerabilities, releasing the most security bulletins in the company’s history. The 13 security bulletins made available are designed to offer fixes for a range of security issues affecting Windows, Internet Explorer, Silverlight, Microsoft Office, Developer Tools, Forefront and SQL Server. Microsoft underlined that, despite the large number of patches, all security updates had been thoroughly tested, and only received the green light for broad release once they met specific quality standards.
Out of the total 13 security bulletins released, eight have received Microsoft’s maximum severity rating, namely Critical, indicating that they are designed to patch severe vulnerabilities that could allow for remote code execution in the eventuality of a successful attack. The remaining six patch packages have all been deemed Important, a less severe rating. However, customers should apply the patches offered by the Redmond company immediately. The simplest way to access the security updates is through Windows Update. Users with Automatic Updates enabled will have all patches automatically downloaded to their machines.
Microsoft revealed that no less than seven security bulletins with a maximum severity rating of Critical out of the total eight also had an exploitability index of 1. The highest possible exploitability index: 1 is indicative of the fact that Microsoft considers the possibility of exploit code becoming available in the wild for the seven flaws extremely likely, perhaps even within the first 30 days since the patches were released. This just in case you needed additional incentive to deploy the security updates. Read More»
Posted in Computer | 1 Comment »
October 07, 2009 by
Jason Confronted with increasingly bulletproofed Windows operating systems, the threat environment shifted toward targeting vulnerabilities in the code designed to run on top of the platform. With security enhancements such as User Account Control, Address Space Layout Randomization, Kernel Patch Protection and driver signing, but also with the new development methodology set in place via the Microsoft Security Development Lifecycle, vulnerabilities in Windows Vista and its successor Windows 7 have become harder to exploit, in the eventuality that attackers do come across critical security holes.
The biggest advantage in terms of security Vista and Windows 7 have over precursor Windows clients is the Security Development Lifecycle. And with the threat environment changing focus onto third-party Windows applications, Microsoft is ready to share the SDL secrets with third-party developers. An illustrative example in this regard is the Microsoft Security Development Lifecycle (SDL): Developer Starter Kit.
“The Microsoft SDL – Developer Starter Kit offers content, labs, and training to help you establish a standardized approach to rolling out the Microsoft Security Development Lifecycle (SDL) in your organization—or enrich your existing development practices,” Microsoft revealed.
Read More»
Posted in Windows 7 | No Comments »
Microsoft released no less than eight security bulletins for the various supported releases of Windows client and server operating systems, including for the latest service packs of Windows Vista and Windows XP. Out of the total of patch packages impacting Windows, half feature a maximum severity rating of Critical, with the remaining four being rated as Important. The security updates are available through Windows Update since August 11, 2009, and customers are advised to deploy the patches as soon as possible in order to bulletproof their systems against attacks.
“Of note, Microsoft released MS09-043 to help protect customers from attacks on the Office Web Components vulnerability previously addressed by Security Advisory 973472. I also wanted to let you know that MS09-037 addresses five privately reported vulnerabilities in Microsoft Active Template Library (ATL). Security Advisory 973882 has been updated with a reference to MS09-037. Additionally, Microsoft has released Security Advisory 973811 to include a non-security update that enables new protection technology on the Windows platform,” revealed Christopher Budd, security response communications lead for Microsoft. Read More»
Posted in Windows Vista, Windows XP | No Comments »
A change in Windows’ complex and interconnected architecture of components can easily reverberate throughout the operating system. It is the case of the Critical Microsoft Security Bulletin MS09-010, a security update designed to deal with vulnerabilities in WordPad and Office Text Converters which could allow remote code execution in the eventuality of a successful exploit. Although the flaws reside in WordPad and Office text converters, applying the patch managed to cause installations of Service pack 3 for Windows XP to fail. Effectively, attempting to install Windows XP Service Pack 3 via Windows Server Update Services is unsuccessful and the user is returned the following errors 0×8007f00d or 0×8007f02b.
“This can happen if the workaround for MS09-010 was applied to the client machines adding deny permission to file C:\program files\windows nt\accessories\mswrd8.wpc. This causes the WSUS installation to fail because we’re unable to access the file and update it. When trying to install SP3 manually (not using the Quiet switch), it causes an error reading the file above, prompting for a source to update the file or to skip the file. Since WSUS installs SP3 in quiet mode, the installation fails because it never prompts the user for file it’s trying to update,” explained Joao Madureira, WSUS support engineer. Read More»
Posted in Windows XP | No Comments »
The release of proof-of-concept exploit code for an unresolved critical bug that allows for remote arbitrary code execution on the latest stable version of Mozilla Firefox has put developers on alert. A fix will be included in the 3.0.8 version of the browser, which is scheduled for release in a few days.
The vulnerability is described on SecurityFocus as a “Boundary Condition Error” and allows an attacker to execute potentially malicious code by calling a malformed XML file from a Web page. Parsing a specially crafted “root” XML tag in an XSL file results in a memory-corruption error.
These drive-by types of attacks have become the weapon of choice for many of today’s malware distributors. Cross-site scripting (XSS) weaknesses are used to inject rogue exploit-serving IFrames into legitimate pages. These exploits target vulnerabilities in popular software such as Adobe Reader, Flash Player, or the browsers themselves. Read More»
Posted in Firefox | No Comments »
Symantec Security Response encourages all users and administrators to adhere to the following basic security “best practices” to prevent the virus attack to your computer:
1. Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.
2. Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
3. Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application. Read More»
Posted in Computer, Software | No Comments »
February 27, 2009 by
Jason Microsoft is not only serving Critical security updates designed to patch vulnerabilities in pre-release versions of Windows 7, but also refreshes meant to boost the operating system’s compatibility level. With Win 7, the Redmond company placed a strong focus on delivering backwards compatibility with Vista-tailored software and hardware products, and even went as far as labeling the next iteration of the Windows client with version 6.1, while its precursor was just 6.0. Still, compatibility, just as security, is an ongoing effort, and Microsoft is ready to start improving Windows 7 as early as Beta Build 7000.
In this regard, the software giant made available for download the first compatibility update for Windows 7 Beta and Windows Server 2008 R2 Beta. “Install this update to resolve issues with non-compatible applications for Windows 7 Beta,” Microsoft informed, indicating that the bits were also delivered through Windows Update, even if also available via the Download Center. It is important to note that in Windows 7 refreshes aimed to improve compatibility will be delivered under the same model as in Windows Vista. Read More»
Posted in Windows 7 | No Comments »
December 28, 2008 by
Jason This December Microsoft has prioritized the update releases for Windows Embedded operating system. In this context, the company delivered the patches for security vulnerabilities in the platforms, but did not offer the package of optional refreshes. The explanation offered by the Redmond company indicated that the work poured into the finalization of Windows XP Embedded Service Pack 3 and Windows Embedded Standard 2009 caused the optional updates for December to be discontinued, according to Gina Bentley, the Servicing and Support program manager for the Vertical Industries and Embedded Windows (VIEW) group.
“We are putting the final touches on the December Security roll-ups to bring these products up to date with all security releases since they went into code freeze,” Bentley explained on December 12. “We want you to have everything you need to start creating your new device images built with Windows Embedded Standard 2009! We gave extra consideration to this roll-up release, and that, combined with holiday schedules, means that we opted to take a break and not release an Optional Update package for December.” Read More»
Posted in Windows XP | 1 Comment »
Microsoft has yet to finish with the delivery process of Windows Vista SP1, and the company is already hammering away at the service pack plugging security holes. According to the Redmond company, Vista SP1 is affected by multiple vulnerabilities that will be addressed with April’s security bulletin releases, scheduled to be issued on April 8, 2008. Out of the total of eight security bulletins planned of the coming week, no less than six impact various editions of the Windows operating system, and Vista SP1 did not manage to escape unscathed.
“As part of our regularly scheduled bulletin release, we’re currently planning to release five Microsoft Security Bulletins rated Critical and three that are rated as Important. These updates may require a restart and will be detectable using the Microsoft Baseline Security Analyzer. As we do each month, the Microsoft Windows Malicious Software Removal Tool will be updated. Read More»
Posted in Windows Vista | No Comments »
Loading ...
