Microsoft published the Microsoft Security Bulletin Advance Notification for February 2011
GHacks.net posted a news story that Microsoft has published a workaround for the 0-day Windows vulnerability that has been has confirmed yesterday
PC World posted a news story of a new zero-day Windows XSS vulnerability
Threatpost reports that a critical bug has been found in Opera
Microsoft has updated the following security bulletin:
- MS10-001 - Critical: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270) - Version:1.1
- MS10-001 - Critical: Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270) - Version:1.1
Microsoft updated the following security bulletin:
- MS10-102 - Important: Vulnerability in Hyper-V Could Allow Denial of Service (2345316) - Version:1.1
- MS10-102 - Important: Vulnerability in Hyper-V Could Allow Denial of Service (2345316) - Version:1.1
Microsoft has released a DVD5 ISO image file with security updates for Windows released on Windows Update on January 11th, 2011.
Microsoft has released the following 29 updates:
- Update for Windows Server 2008 R2 for Itanium-based Systems (KB976902)
- Security Update for Windows Embedded Standard 7 (KB2419640)
- Update for Windows Embedded Standard 7 for x64-based Systems (KB976902)
- Security Update for Windows Server 2008 R2 x64 Edition (KB2419640)
- Security Update for Windows 7 (KB2419640)
- Update for Windows Server 2008 (KB2446496)
- Security Update for Windows XP (KB2419632)
- Security Update for Windows Server 2008 R2 Service Pack 1 Release Candidate for Itanium-based Systems (KB2419640)
- Update for Windows Server 2008 x64 Edition (KB2446496)
- Security Update for Windows Vista (KB2478935)
- Update for Windows Server 2008 for Itanium-based Systems (KB2446496)
- Security Update for Windows Server 2003 for Itanium-based Systems (KB2419635)
- Security Update for Windows Vista (KB2419640)
- Security Update for Windows Server 2003 x64 Edition (KB2419635)
- Security Update for Windows 7 Service Pack 1 Release Candidate (KB2419640)
- Security Update for Windows Server 2008 (KB2419640)
- Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2419640)
- Security Update for Windows 7 for x64-based Systems (KB2419640)
- Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2419640)
- Security Update for Windows XP x64 Edition (KB2419635)
- Update for Windows Embedded Standard 7 (KB976902)
- Security Update for Windows Vista for x64-based Systems (KB2478935)
- Security Update for Windows Vista for x64-based Systems (KB2419640)
- Security Update for Windows Server 2008 x64 Edition (KB2419640)
- Security Update for Windows Server 2008 R2 Service Pack 1 Release Candidate x64 Edition (KB2419640)
- Security Update for Windows Server 2008 for Itanium-based Systems (KB2419640)
- Update for Windows Server 2008 R2 x64 Edition (KB976902)
- Security Update for Windows Server 2003 (KB2419635)
- Security Update for Windows 7 Service Pack 1 Release Candidate for x64-based Systems (KB2419640)
- Update for Windows Server 2008 R2 for Itanium-based Systems (KB976902)
- Security Update for Windows Embedded Standard 7 (KB2419640)
- Update for Windows Embedded Standard 7 for x64-based Systems (KB976902)
- Security Update for Windows Server 2008 R2 x64 Edition (KB2419640)
- Security Update for Windows 7 (KB2419640)
- Update for Windows Server 2008 (KB2446496)
- Security Update for Windows XP (KB2419632)
- Security Update for Windows Server 2008 R2 Service Pack 1 Release Candidate for Itanium-based Systems (KB2419640)
- Update for Windows Server 2008 x64 Edition (KB2446496)
- Security Update for Windows Vista (KB2478935)
- Update for Windows Server 2008 for Itanium-based Systems (KB2446496)
- Security Update for Windows Server 2003 for Itanium-based Systems (KB2419635)
- Security Update for Windows Vista (KB2419640)
- Security Update for Windows Server 2003 x64 Edition (KB2419635)
- Security Update for Windows 7 Service Pack 1 Release Candidate (KB2419640)
- Security Update for Windows Server 2008 (KB2419640)
- Security Update for Windows Server 2008 R2 for Itanium-based Systems (KB2419640)
- Security Update for Windows 7 for x64-based Systems (KB2419640)
- Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2419640)
- Security Update for Windows XP x64 Edition (KB2419635)
- Update for Windows Embedded Standard 7 (KB976902)
- Security Update for Windows Vista for x64-based Systems (KB2478935)
- Security Update for Windows Vista for x64-based Systems (KB2419640)
- Security Update for Windows Server 2008 x64 Edition (KB2419640)
- Security Update for Windows Server 2008 R2 Service Pack 1 Release Candidate x64 Edition (KB2419640)
- Security Update for Windows Server 2008 for Itanium-based Systems (KB2419640)
- Update for Windows Server 2008 R2 x64 Edition (KB976902)
- Security Update for Windows Server 2003 (KB2419635)
- Security Update for Windows 7 Service Pack 1 Release Candidate for x64-based Systems (KB2419640)
Threatpost posted a news story that a security researcher found a way to bypassing one of the sandboxes that Adobe has implemented
Microsoft has released/updated the following 3 security advisories:
- MS10-090 - Critical: Cumulative Security Update for Internet Explorer (2416400) - Version:1.1
- Microsoft Security Advisory (2490606): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- Microsoft Security Advisory (2488013): Vulnerability in Internet Explorer Could Allow Remote Code Execution
- MS10-090 - Critical: Cumulative Security Update for Internet Explorer (2416400) - Version:1.1
- Microsoft Security Advisory (2490606): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
- Microsoft Security Advisory (2488013): Vulnerability in Internet Explorer Could Allow Remote Code Execution
Threatpost reports that Microsoft warns of a security hole in Windows Graphics Engine
PC World posted a news story that Malware authors use Microsoft's schedule to con users
PC World reports that an accidental leak may have confirmed Chinese hackers' suspicions that Internet Explorer has a critical unpatched vulnerability, a security researcher said.
PC World reports that Microsoft is warning that hackers are exploiting a Word flaw to attack systems
Neowin.net reports that the Windows Phone 7 Marketplace might actually be hacked
PC World reports that Microsoft late Wednesday confirmed that all versions of Internet Explorer (IE) contain a critical vulnerability that attackers can exploit by persuading users
PC World reports that a spate of scareware apps that trick users into buying useless hard disk repair tools appears to be part of a concerted campaign to push fake "defrag" software
Microsoft has released an ISO image with all December 2010 security updates
Microsoft has released the following security updates:
- Security Update for Microsoft Publisher 2002 (KB2284692)
- Security Update for Microsoft Office Publisher 2007 (KB2284697)
- Security Update for Windows Vista (KB2442962)
- Security Update for Windows Server 2008 Service Pack 2 (KB979688)
- Security Update for Windows XP (KB2443105)
- Security Update for Windows 7 (KB2442962)
- Security Update for Windows Server 2003 x64 Edition (KB2443105)
- Security Update for Windows Server 2008 R2 x64 Edition (KB2442962)
- Security Update for Windows Server 2003 (KB2440591)
- Security Update for Windows Server 2008 R2 x64 Edition (KB2423089)
- Security Update for Windows Server 2008 Service Pack 2 x64 Edition (KB979688)
- Security Update for Windows XP x64 Edition (KB2440591)
- Security Update for Windows Server 2008 (KB2442962)
- Security Update for Windows Server 2008 x64 Edition (KB2442962)
- Security Update for Windows Media Encoder 9 Series for Windows XP and Windows Server 2003 (KB2447961)
- Security Update for Windows Vista for x64-based Systems (KB2442962)
- Security Update for Windows Embedded Standard 7 (KB2442962)
- Security Update for Windows 7 Service Pack 1 Release Candidate for x64-based Systems (KB2296199)
- Security Update for Windows Media Encoder 9 Series for Windows Vista for x64-based Systems (KB2447961)
- Security Update for Windows Server 2008 R2 Service Pack 1 Release Candidate for x64 Edition (KB2296199)
- Security Update for Windows Server 2003 x64 Edition (KB2440591)
- Security Update for 32-bit Windows Media Encoder 9 Series for Windows XP SP2 x64 Edition and Windows Server 2003 SP2 x64 Edition (KB2447961)
- Security Update for 32-bit Windows Media Encoder 9 Series for Windows Vista for x64-based Systems (KB2447961)
- Security Update for Windows Media Encoder 9 Series for Windows XP SP2 x64 Edition and Windows Server 2003 SP2 x64 Edition (KB2447961)
- Security Update for Windows Embedded Standard 7 (KB2423089)
- Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2423089)
- Security Update for Windows Media Encoder 9 Series for Windows Server 2008 for x64 Edition (KB2447961)
- Security Update for Windows XP x64 Edition (KB2423089)
- Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2442962)
- Security Update for Windows Server 2003 (KB2443105)
- Security Update for Windows Server 2003 for Itanium-based Systems (KB2443105)
- Security Update for Windows Vista Service Pack 2 for x64-based Systems (KB979688)
- Security Update for 32-bit Windows Media Encoder 9 Series for Windows Server 2008 for x64 Edition (KB2447961)
- Security Update for Windows Server 2003 for Itanium-based Systems (KB2440591)
- Security Update for Microsoft Publisher 2002 (KB2284692)
- Security Update for Microsoft Office Publisher 2007 (KB2284697)
- Security Update for Windows Vista (KB2442962)
- Security Update for Windows Server 2008 Service Pack 2 (KB979688)
- Security Update for Windows XP (KB2443105)
- Security Update for Windows 7 (KB2442962)
- Security Update for Windows Server 2003 x64 Edition (KB2443105)
- Security Update for Windows Server 2008 R2 x64 Edition (KB2442962)
- Security Update for Windows Server 2003 (KB2440591)
- Security Update for Windows Server 2008 R2 x64 Edition (KB2423089)
- Security Update for Windows Server 2008 Service Pack 2 x64 Edition (KB979688)
- Security Update for Windows XP x64 Edition (KB2440591)
- Security Update for Windows Server 2008 (KB2442962)
- Security Update for Windows Server 2008 x64 Edition (KB2442962)
- Security Update for Windows Media Encoder 9 Series for Windows XP and Windows Server 2003 (KB2447961)
- Security Update for Windows Vista for x64-based Systems (KB2442962)
- Security Update for Windows Embedded Standard 7 (KB2442962)
- Security Update for Windows 7 Service Pack 1 Release Candidate for x64-based Systems (KB2296199)
- Security Update for Windows Media Encoder 9 Series for Windows Vista for x64-based Systems (KB2447961)
- Security Update for Windows Server 2008 R2 Service Pack 1 Release Candidate for x64 Edition (KB2296199)
- Security Update for Windows Server 2003 x64 Edition (KB2440591)
- Security Update for 32-bit Windows Media Encoder 9 Series for Windows XP SP2 x64 Edition and Windows Server 2003 SP2 x64 Edition (KB2447961)
- Security Update for 32-bit Windows Media Encoder 9 Series for Windows Vista for x64-based Systems (KB2447961)
- Security Update for Windows Media Encoder 9 Series for Windows XP SP2 x64 Edition and Windows Server 2003 SP2 x64 Edition (KB2447961)
- Security Update for Windows Embedded Standard 7 (KB2423089)
- Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2423089)
- Security Update for Windows Media Encoder 9 Series for Windows Server 2008 for x64 Edition (KB2447961)
- Security Update for Windows XP x64 Edition (KB2423089)
- Security Update for Windows Embedded Standard 7 for x64-based Systems (KB2442962)
- Security Update for Windows Server 2003 (KB2443105)
- Security Update for Windows Server 2003 for Itanium-based Systems (KB2443105)
- Security Update for Windows Vista Service Pack 2 for x64-based Systems (KB979688)
- Security Update for 32-bit Windows Media Encoder 9 Series for Windows Server 2008 for x64 Edition (KB2447961)
- Security Update for Windows Server 2003 for Itanium-based Systems (KB2440591)
Microsoft has released a security update for Works 9
Microsoft published the Security Bulletin Advance Notification for December 2010
Threatpost reports that researchers at Verizon Business found a way to bypass Internet Explorer Protected Mode
A new version of Avast! Free Edition has been released
Threatpost reports that Microsoft Research has developed a new tool called Zozzle that can detect JavaScript-based malware at a very high effectiveness rate
Hardware 2.0 reports that a virus definition update for AVG 2011 Free edition seems to be causing problems for Windows 7 64-bit users
Threatpost reports that creators of some exploit kits are beginning to include less well-known, underground malware-checking services as part of their offerings to buyers of their kits
Threatpost reports that a new version of the GpCode ransomware popped up
PC World reports that a security firm claims a Windows kernel bug lets attackers evade Windows UAC security.
InformationWeek posted a news story that the Alureon malware has been updated to compromise Microsoft's 64-bit operating systems by defeating driver-signing security.
InformationWeek reports that a developer has released a free software development kit for a new Trojan horse considered to be similar to the Zeus banking Trojan
Threatpost reports that Adobe has released an emergency patch for several critical vulnerabilities in Adobe Reader, including the recent Adobe Flash bug and a separate flaw that was disclosed earlier this month
Threatpost posted a news story that the TDL4 rootkit bypasses the Windows code-signing protection
PC World reports that Trend Micro has released a tool that administrators can use to scan dozens of computers for Stuxnet
PC World posted a news story that BitDefender is warning about a new software spy that seeks and shares data.
Microsoft updated the following security bulletin:
- MS10-086 - Moderate: Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255) - Version:1.1
- MS10-086 - Moderate: Vulnerability in Windows Shared Cluster Disks Could Allow Tampering (2294255) - Version:1.1
Ars Technica reports that an exploit kit for Internet Explorer has been released
Microsoft published the following security bulletins:
- MS10-089 - Important: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074) - Version:1.0
- MS10-088 - Important: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386) - Version:1.0
- MS10-087 - Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) - Version:1.0
- MS10-054 - Critical: Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214) - Version:1.3
- MS10-089 - Important: Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074) - Version:1.0
- MS10-088 - Important: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386) - Version:1.0
- MS10-087 - Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) - Version:1.0
- MS10-054 - Critical: Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214) - Version:1.3
PC World posted a news story that Malware spreads by taking advantage of the Windows AutoRun function in 1 out of 8 attacks, according to security software firm Avast.
Microsoft published the Microsoft Security Bulletin Advance Notification for November 2010
Microsoft published the following security bulletin updates:
- MS10-079 - Important: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194) - Version:1.2
- MS10-070 - Important: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) - Version:2.2
- Microsoft Security Advisory (2458511): Vulnerability in Internet Explorer Could Allow Remote Code Execution
- MS10-079 - Important: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194) - Version:1.2
- MS10-070 - Important: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) - Version:2.2
- Microsoft Security Advisory (2458511): Vulnerability in Internet Explorer Could Allow Remote Code Execution
PC World reports that Microsoft has issued a warning and guidance to guard against a newly-discovered exploit that impacts Internet Explorer 6, 7, and 8.
Thread Post reports that Mozilla is working on a patch for the recently disclosed critical bug in Firefox
Microsoft has published the following security bulletin update:
- MS10-077 - Critical: Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841) - Version:1.2
- MS10-077 - Critical: Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841) - Version:1.2
Microsoft updated the following security bulletin:
- MS10-085 - Important: Vulnerability in SChannel Could Allow Denial of Service (2207566) - Version:2.0
- MS10-085 - Important: Vulnerability in SChannel Could Allow Denial of Service (2207566) - Version:2.0
PC World posted a news story that Adobe has released PDF Reader 10, which features boosted security and a minimal browser interface
Microsoft has updated the following security bulletins:
- MS10-082 - Important: Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111) - Version:1.1
- MS10-079 - Important: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194) - Version:1.1
- MS10-077 - Critical: Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841) - Version:1.1
- MS10-072 - Important: Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) - Version:1.1
- MS10-071 - Critical: Cumulative Security Update for Internet Explorer (2360131) - Version:1.1
- MS10-070 - Important: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) - Version:2.1
- MS10-082 - Important: Vulnerability in Windows Media Player Could Allow Remote Code Execution (2378111) - Version:1.1
- MS10-079 - Important: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194) - Version:1.1
- MS10-077 - Critical: Vulnerability in .NET Framework Could Allow Remote Code Execution (2160841) - Version:1.1
- MS10-072 - Important: Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048) - Version:1.1
- MS10-071 - Critical: Cumulative Security Update for Internet Explorer (2360131) - Version:1.1
- MS10-070 - Important: Vulnerability in ASP.NET Could Allow Information Disclosure (2418042) - Version:2.1
Threatpost reports that Microsoft has released a new fuzzing tool designed specifically to find mistakes in regular expressions in application code that could be vulnerable to attack
Microsoft published the Security Bulletin Summary for October 2010
Microsoft has released a DVD5 ISO image file with all security updates for Windows released on Windows Update today
Here another round of Microsoft updates:
- Definition Update for Microsoft Office 2010 (KB982726), 64-Bit Edition
- Definition Update for Microsoft Office 2010 (KB982726), 32-Bit Edition
- Microsoft Office 2008 for Mac 12.2.7 Update
- Microsoft Office 2004 for Mac 11.6.1 Update
- Update for Windows Server 2003 for Itanium-based Systems (KB2345886)
- Update for Windows Vista for x64-based Systems (KB2345886)
- Update for Windows Server 2008 R2 for Itanium-based Systems (KB2345886)
- Update for Windows Vista (KB2345886)
- Update for Windows Server 2003 (KB2345886)
- Update for Windows 7 for x64-based Systems (KB2345886)
- Update for Windows Server 2008 x64 Edition (KB2345886)
- Update for Windows Embedded Standard 7 (KB2345886)
- Update for Windows Server 2008 R2 x64 Edition (KB2345886)
- Update for Windows Server 2008 for Itanium-based Systems (KB2345886)
- Update for Windows 7 (KB2345886)
- Definition Update for Microsoft Office 2010 (KB982726), 64-Bit Edition
- Definition Update for Microsoft Office 2010 (KB982726), 32-Bit Edition
- Microsoft Office 2008 for Mac 12.2.7 Update
- Microsoft Office 2004 for Mac 11.6.1 Update
- Update for Windows Server 2003 for Itanium-based Systems (KB2345886)
- Update for Windows Vista for x64-based Systems (KB2345886)
- Update for Windows Server 2008 R2 for Itanium-based Systems (KB2345886)
- Update for Windows Vista (KB2345886)
- Update for Windows Server 2003 (KB2345886)
- Update for Windows 7 for x64-based Systems (KB2345886)
- Update for Windows Server 2008 x64 Edition (KB2345886)
- Update for Windows Embedded Standard 7 (KB2345886)
- Update for Windows Server 2008 R2 x64 Edition (KB2345886)
- Update for Windows Server 2008 for Itanium-based Systems (KB2345886)
- Update for Windows 7 (KB2345886)