Apply the Critical Security Updates for Internet Explorer Vulnerabilities (MS10-002 – Critical)

January 29, 2010 by admin
Filed under Protection Tools

This cumulative security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. This security update is rated Critical for all supported releases of Internet Explorer.

Executive Summary

This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8 (except Internet Explorer 6 for supported editions of Windows Server 2003). For Internet Explorer 6 for supported editions of Windows Server 2003 as listed, this update is rated Moderate.

The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates input parameters, and filters HTML attributes.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 979352.

Recommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

[ Download MS10-002 ]

Tags: could allow remote code execution, Download, executive summary, explorer 6 internet, internet explorer 5, internet explorer 6 service pack 1, internet explorer 7, internet explorer 8, internet explorer users, microsoft, microsoft security advisory, security, updates, vulnerabilities, vulnerability, windows

New Free SUPERAntiSpyware Online Scanner/Remover!

November 3, 2009 by admin
Filed under Removal Tips,Tools and Videos

Leave a Comment

IMGSASHeader

Follow the instructions below to initiate the SUPERAntiSpyware Online Scan. The scanner will detect AND remove over 1,000,000 spyware/malware infections. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled.

The SUPERAntiSpyware Online Safe Scan is free for personal use.

How To Use :

1. Start the Scan

Click on the button to start the scanner download process.

2. Download the Scanner

Click the RUN button when prompted. If you are using a browser other than Internet Explorer then prompt may be different.

3. Wait for the Scanner to Download

The scanner will download in just a few seconds.

4. Run the Scanner

Click the RUN button when prompted. This will start the scanner.

5. Do the scanner and removal

Click the “Click here to Start” button and then “Check for Updates” to update the Definition then click on “Scan your Computer” button to start the scanning process.

SASinterface

Tags: Free, Malware, Online, Removal, Scanner, Spyware, spyware malware, superantispyware, updates, Virus

Microsoft user? Adobe user? Update your systems now

October 14, 2009 by admin
Filed under Security News

Leave a Comment

As part of its regular “Patch Tuesday” cycle, Microsoft has released a number of fixes for a number of its widely deployed products to patch critical security vulnerabilities.

Eight of the critical patches, addressing vulnerabilities in Windows, Microsoft Office, Internet Explorer, Silverlight, SQL Server, Forefront, Visual Studio, and other products, aim to stop hackers dead in their tracks from launching malicious attacks remotely.

A further five of the patches are classified as “important.”

In total, 34 security holes are fixed in what is Microsoft’s largest ever bundle of Patch Tuesday security updates.

Microsoft’s security response center has also released a chart, showing the severity of each vulnerability. “Red” means “critical” – in other words, that’s as bad as thing gets.

So the amount of “red” you see below should be a good indication of how serious these vulnerabilities are. If any more underlining of the importance were necessary, bear in mind that functioning code which exploits some of the vulnerabilities addressed by Microsoft’s patches has already been published.

You can learn much more about the patches in an advisory posted on Microsoft’s website.

Meanwhile, Adobe has also issued advice regarding critical vulnerabilities in Adobe Reader and Adobe Acrobat. Unlike the patches released by Microsoft, Adobe’s fixes cover Windows, Apple Mac OS X, and Unix/Linux.

In total, the Adobe fixes patch a stonking 29 vulnerabilities. Sophos has already seen malware which exploits some of the vulnerabilities affecting the Adobe PDF file format.

Over on his blog, Chet has some interesting things to say about these latest patches – looking in greater detail at some of the vulnerabilities, and questioning whether Adobe could learn a thing or two from Microsoft when it comes to responding to flaws in their code.

Whether you agree with Chet or not, one thing is clear – if you’re an affected Microsoft or Adobe user, you need to roll these patches out as a matter of priority.

by Graham Cluley, Sophos

Tags: adobe, Exploit, fix, Fixes, hack, Malware, microsoft, security, Sophos, updates, vulnerability, windows

Microsoft IIS web server under attack from hackers

September 8, 2009 by admin
Filed under Security News

Leave a Comment

it_photo_82474_33

Microsoft has updated a security advisory concerning vulnerabilities in its Internet Information Services (IIS) web server, confirming that “limited” attacks were using publicly available exploit code.

The attacks are targeting flaws in the FTP service in Microsoft IIS 5.0 and could allow remote execution attacks or denial of service (DoS) attacks in IIS 5.0 as well as 5.1, 6.0 or 7.0.

Microsoft said it was aware that detailed exploit code had been published for the vulnerabilities, and was “actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.”

Microsoft said in the advisory: “These vulnerabilities were not responsibly disclosed to Microsoft and may put computer users at risk.”

Tomorrow’s Patch Tuesday has come too soon to fix the IIS vulnerabilities in question, but Microsoft said it would take the appropriate action, which could mean a security update released for a future Patch Tuesday or an out-of-cycle security update.

By Asavin Wattanajantra from itpro.co.uk

Tags: attack, DOS, hackers, microsoft, Microsoft IIS, security, server, updates, vulnerability, windows

16 July 2009 Microsoft Security Updates

July 16, 2009 by admin
Filed under Security News

1 Comment

Six security bulletins were released by Microsoft for July, which covers one of the two vulnerabilities exploited by cybercriminals in the last 2 weeks.

The Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution was used in a zero-day attack last week that involved around 967 compromised Chinese websites. A script that triggered the exploit was inserted in the said websites, which when successfully executed drops WORM_KILLAV.AI into the affected system. The security advisory MS09-032 already addresses the vulnerability used in this attack.

Here is the full list of security advisories issued for this month:

(MS09-028) Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)
(MS09-029) Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
(MS09-030) Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)
(MS09-031) Vulnerabilities in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)
(MS09-032) Cumulative Security Update of ActiveX Kill Bits (973346)
(MS09-033) Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (969856)

The Office Web Components ActiveX vulnerability is the other vulnerability used in a malware attack this month. Similar to the zero-day attack, a script that triggers the exploit was inserted in compromised websites. This placed any visitor of the compromised websites who hasn’t updated their system at risk of being affected by TROJ_DLOADR.DOF, which drops a rootkit component detected as TROJ_ROOTKIT.DOF, and downloads TROJ_DLOADR.UIG and TROJ_INJECT.AKI. A patch for the said vulnerability hasn’t been issued, but Microsoft provided a workaround, to protect users while an update is being developed.

Meanwhile, users are advised to update their systems as soon as possible.

by JM Hipolito from tendmicro

Tags: microsoft, security, tendmicro, updates, vulnerability, windows

How To Remove Conficker Worm And Protect Yourself Step By Step With VirusExperts.org Removal Package

April 21, 2009 by admin
Filed under Protection Tools, Removal Tips,Tools and Videos

Leave a Comment

There is a lot of tools that can remove Conficker worm but when conficker changed to more than one version A,B,C and E, some of tools not effected so we collected the best tools to remove and protect from conficker worm.

Tags: autorun, Conficker, Downadup, Downup, enigma software, kaspersky, Kido, microsoft, Protection Tools, updates, Virus, windows, worms