Forums | Albums | Social Groups

Go Back   UGL - We live the Unreal Life! > PC Support Section > Computer Help

Computer Help Computer updates and Info

Reply
 
Thread Tools Display Modes
Old 02-19-2010, 08:47 AM   #11
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

http://www.microsoft.com/security/po...in32%2fAlureon

The rootkit that gets ticked off when KB977165 is applied
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 02-19-2010, 08:51 AM   #12
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Microsoft Confirms Blue Screen of Death Tied to Malware


http://www.eweek.com/c/a/Security/Mi...alware-459011/
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 03-02-2010, 01:00 PM   #13
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).
Windows 2000, Windows XP and Windows Server 2003 are impacted by the bug, said Microsoft, and any supported versions of Internet Explorer (IE) on those operating systems.
Until a patch is ready, users can protect themselves by not pressing the F1 key if a Web site tells them to, said Microsoft.


Source Link http://www.computerworld.com/s/artic..._in_Windows_XP
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 03-05-2010, 05:50 PM   #14
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Advanced troubleshooting for general start up problems in Windows XP

http://support.microsoft.com/kb/308041


Advanced troubleshooting for shutdown problems in Windows XP


http://support.microsoft.com/kb/308029/en-us
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 03-20-2010, 08:18 AM   #15
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Windows XP Mode Needs No Virtualization Hardware

Microsoft's Windows XP Mode, designed to provide SMBs that upgraded to Windows 7 with last-ditch compatibility for proprietary applications that need Windows XP, no longer requires hardware virtualization technology to run. Originally announced as part of Microsoft's partnership agreement with Citrix Systems, the change could make the application more appealing to businesses keeping a tight rein on their IT budgets. Recent virtualization announcements by Microsoft, Citrix and VMware highlight how competitive the virtualization arena has become in a relatively short time frame.


Windows XP Mode no longer requires hardware Virtualization technology to run, Microsoft emphasized in a March 18 post on its official Windows blog, the same day it announced a new partnership with Citrix Systems.
"This change makes it extremely easy for businesses to use Windows XP Mode to address any application incompatibility roadblocks they might have in migrating to Windows 7," wrote Microsoft spokesperson Brandon LeBlanc. "Windows XP Mode will of course continue to use hardware virtualization technology such as Intel VT (Intel Virtualization Technology) or AMD-V if available."

The update can be downloaded from this Microsoft site. In theory, at least, a reduction in the amount of virtualization hardware would translate into streamlined IT budgeting and deployment for smaller companies that need Windows XP Mode for a few applications.

Source Link
http://www.eweek.com/c/a/Midmarket/M...rdware-745978/
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 03-28-2010, 09:33 AM   #16
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Internet 8 Hacked on Win 7 Info

http://www.informationweek.com/blog/..._cracks_i.html

Despite the security measures included in Windows 7, two security researchers were able to defeat the security provided to users running Internet Explorer 8 on top of Microsoft's latest operating system.

The researchers managed to surf their way through Windows 7's Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) anti-hacking defenses on a completely up-to-date and fully patched 64-bit version of Windows 7 running IE8. If you find that news sobering, consider how (relatively) quickly the Dutch hacker, Peter Vreugdenhil, was able to develop a working exploit. From Ryan Naraine at the Threatpost blog:

“I started with a bypass for ALSR which gave me the base address for one of the modules loaded into IE. I used that knowledge to do the DEP bypass,” he added. Vreugdenhil, who won a $10,000 cash prize and a new Windows machine, said he uses fuzzing techniques to find software vulnerabilities. “I specifically looking through my fuzzing logs for a bug like this because I could use it to do the ASLR bypass, he said.
After finding the IE 8 vulnerability, Vreugdenhil said it took about two weeks to write an exploit to get around the ASLR+DEP mitigations.
"Fuzzing" techniques include using tools that throw random data (essentially junk) at software inputs to see what happens.
Vreugdenhil published a brief paper [.PDF] explaining how he bypassed both ASLR and DEP.
The demonstration took place at the CanSecWest Vancouver security conference, underway now. It's part of a contest funded by intrusion-prevention provider Tipping Point. More than $100,000 in prizes are earmarked for hackers who can break into leading Internet browsers and mobile platforms for the iPhone, Blackberry, Symbian, and Andriod.
IE 8 running on Windows 7 wasn't the only browser to fall at the conference so far. The iPhone, Safari, and Mozilla Firefox also fell to exploits designed to take advantage of zero-day vulnerabilities in all of those systems.
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 06-10-2010, 06:38 PM   #17
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Bulletin IDVulnerability TitleCVE IDExploitability Index AssessmentKey Notes
MS10-032
Win32k Window Creation Vulnerability
CVE-2010-0485
1 - Consistent exploit code likely
(None)
MS10-039
Help.aspx XSS Vulnerability
CVE-2010-0817
1 - Consistent exploit code likely
This vulnerability was first reported in Microsoft Security Advisory 983438
MS10-038
Excel Object Stack Overflow Vulnerability
CVE-2010-0822
1 - Consistent exploit code likely
(None)
MS10-038
Excel Record Memory Corruption Vulnerability
CVE-2010-0824
1 - Consistent exploit code likely
(None)
MS10-038
Excel Record Memory Corruption Vulnerability
CVE-2010-1245
1 - Consistent exploit code likely
(None)
MS10-038
Excel RTD Memory Corruption Vulnerability
CVE-2010-1246
1 - Consistent exploit code likely
(None)
MS10-038
Excel Memory Corruption Vulnerability
CVE-2010-1247
1 - Consistent exploit code likely
(None)
MS10-038
Excel HFPicture Memory Corruption Vulnerability
CVE-2010-1248
1 - Consistent exploit code likely
(None)
MS10-038
Excel Memory Corruption Vulnerability
CVE-2010-1249
1 - Consistent exploit code likely
(None)
MS10-038
Excel EDG Memory Corruption Vulnerability
CVE-2010-1250
1 - Consistent exploit code likely
(None)
MS10-038
Excel ADO Object Vulnerability
CVE-2010-1253
1 - Consistent exploit code likely
(None)
MS10-038
Mac Office Open XML Permissions Vulnerability
CVE-2010-1254
1 - Consistent exploit code likely
(None)
MS10-035
Uninitialized Memory Corruption Vulnerability
CVE-2010-1259
1 - Consistent exploit code likely
(None)
MS10-035
Memory Corruption Vulnerability
CVE-2010-1262
1 - Consistent exploit code likely
(None)
MS10-036
COM Validation Vulnerability
CVE-2010-1263
1 - Consistent exploit code likely
(None)
MS10-033
Media Decompression Vulnerability
CVE-2010-1879
1 - Consistent exploit code likely
(None)
MS10-035
Cross-Domain Information Disclosure Vulnerability
CVE-2010-0255
2 - Inconsistent exploit code likely
This vulnerability was first reported in Microsoft Security Advisory 980088
MS10-032
Win32k Improper Data Validation Vulnerability
CVE-2010-0484
2 - Inconsistent exploit code likely
(None)
MS10-037
OpenType CFF Font Driver Memory Corruption Vulnerability
CVE-2010-0819
2 - Inconsistent exploit code likely
(None)
MS10-038
Excel Record Parsing Memory Corruption Vulnerability
CVE-2010-0821
2 - Inconsistent exploit code likely
(None)
MS10-038
Excel Memory Corruption Vulnerability
CVE-2010-0823
2 - Inconsistent exploit code likely
(None)
MS10-038
Excel Record Stack Corruption Vulnerability
CVE-2010-1251
2 - Inconsistent exploit code likely
(None)
MS10-038
Excel String Variable Vulnerability
CVE-2010-1252
2 - Inconsistent exploit code likely
(None)
MS10-032
Win32k TrueType Font Parsing Vulnerability
CVE-2010-1255
2 - Inconsistent exploit code likely
(None)
MS10-040
IIS Authentication Memory Corruption Vulnerability
CVE-2010-1256
2 - Inconsistent exploit code likely
(None)
MS10-033
MJPEG Media Decompression Vulnerability
CVE-2010-1880
2 - Inconsistent exploit code likely
(None)
MS10-041
XML Signature HMAC Truncation Authentication Bypass Vulnerability
CVE-2009-0217
3 - Functioning exploit code unlikely
This is a spoofing and tampering vulnerability
MS10-035
toStaticHTML Information Disclosure Vulnerability
CVE-2010-1257
3 - Functioning exploit code unlikely
This vulnerability also affects MS10-039
MS10-039
toStaticHTML Information Disclosure Vulnerability
CVE-2010-1257
3 - Functioning exploit code unlikely
This vulnerability also affects MS10-035
MS10-039
SharePoint Help Page Denial of Service Vulnerability
CVE-2010-1264
3 - Functioning exploit code unlikely
(None)
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 08-10-2010, 05:16 PM   #18
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Microsoft security updates for August 2010

As part of Microsoft's routine, monthly security update cycle, we released 14 new security updates on August 10, 2010.
Latest Security Updates

  • MS10-047 - addresses vulnerabilities in Microsoft Windows (KB 981852)
  • MS10-048 - addresses vulnerabilities in Microsoft Windows (KB 2160329)
  • MS10-049 - addresses a vulnerability in Microsoft Windows (KB 980436)
  • MS10-050 - addresses a vulnerability in Microsoft Windows (KB 981997)
  • MS10-051 - addresses a vulnerability in Microsoft XML (KB 2079403)
  • MS10-052 - addresses a vulnerability in Windows Media Player (KB 2115168)
  • MS10-053 - addresses vulnerabilities in Internet Explorer (KB 2183461)
  • MS10-054 - addresses vulnerabilities in Microsoft Windows (KB 982214)
  • MS10-055 - addresses a vulnerability in Windows Server (KB 982665)
  • MS10-056 - addresses vulnerabilities in Microsoft Office (KB 2269638)
  • MS10-057 - addresses a vulnerability in Microsoft Office (KB 2269707)
  • MS10-058 - addresses vulnerabilities in Microsoft Windows (KB 978886)
  • MS10-059 - addresses a vulnerability in Microsoft Windows (KB 982799)
  • MS10-060 - addresses a vulnerability in .NET Framework (KB 983539)
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 08-27-2010, 07:49 AM   #19
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Windows DLL exploits boom; hackers post attacks for 40-plus apps


Computerworld - Some of the world's most popular Windows programs are vulnerable to attacks that exploit a major bug in the way they load critical code libraries, according to sites tracking attack code. Among the Windows applications that are vulnerable to exploits that many have dubbed "DLL load hijacking" are the Firefox, Chrome, Safari and Opera browsers; Microsoft's Word 2007; Adobe's Photoshop; Skype; and the uTorrent BitTorrent client.
"Fast and furious, incredibly fast," said Andrew Storms, director of security operations for nCircle Security, referring to the pace of postings of exploits that target the vulnerability in Windows software. Called "DLL load hijacking" by some, the exploits are dubbed "binary planting" by others.


Source link = http://www.computerworld.com/s/artic...r_40_plus_apps



Site to see the list of programs affected

source link = http://www.corelan.be:8800/index.php...official-list/




Tools program info


Storms was referring to the release earlier today of exploit code by HD Moore, the creator of the Metasploit open-source hacking toolkit.
Moore also issued an auditing tool that records vulnerable applications, information which can then be used to launch the exploit code that Moore crafted and added to Metasploit.


Microsoft = http://support.microsoft.com/kb/2389418
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 09-15-2010, 08:30 PM   #20
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Microsoft to Patch 13 Security Holes in Windows, Office

Microsoft's September batch of security patches will include fixes for 13 documented vulnerabilities affecting Windows, Internet Information Services (IIS), and Microsoft Office.

According to the company's advance notification for this month's Patch Tuesday, there will be a total of 9 bulletins (four rated critical) addressing flaws in all versions of Windows, including Windows 7 and Windows Server 2008.

The Microsoft Office bulletins will cover security holes in Microsoft Office XP, Microsoft Office 2003 and Microsoft Office 2007. It is likely these will include fixes for the DLL load hijacking attack vector that affects hundreds of Windows applications.

Seven of the nine bulletins address flaws that could lead to "remote code execution" attacks so it's important for affected Windows users to pay close attention to this patch batch.



Microsoft plugs Eleven Vulnerabilities with Patch Tuesday Update


Microsoft issued nine security bulletins on Tuesday, fixing eleven vulnerabilities in products ranging from Windows, to Microsoft Office, to Internet Information Services.

The patch release, part of the company's monthly Patch Tuesday release included a fix for a previously undisclosed vulnerability in the Microsoft Print Spooler Service that was exploited by the Stuxnet worm earlier this year. That patch, MS10-061, was rated critical for systems running Windows XP, according to a post on the blog of Microsoft's Security Response Center (MSRC).

A second critical update, MS10-062, patches a vulnerability in the MPEG-4 codec used by Windows XP, Windows Vista and Windows Server 2003 and 2008. That vulnerability, if left unpatched, could allow a remote attacker to use a specially crafted media file to take control of a vulnerable system, Microsoft warned.

MS10-064, could allow for remote code execution on editions of Microsoft Outlook 2002 and could be triggered by a specially crafted e-mail message sent to an affected version of Microsoft Outlook that is connected to an Exchange server with Online Mode.

That vulnerability also affects supported editions of Microsoft Outlook 2003 and Microsoft Outlook 2007, but does not allow for remote code execution and is rated "Important."

__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 21 (0 members and 21 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apple Info for iPhone and iPad Doz Computer Help 26 10-28-2017 04:14 PM
Do not use IE7, 8 or IE9 until Microsoft fixes info Doz General what nots 3 12-15-2012 09:45 PM
Warning: Urgent Microsoft update may be Firefox malware Doz How To Fix It 2 06-28-2011 08:56 PM
How to Fix Windows Update Greyed out Doz How To Fix It 0 04-13-2011 08:13 AM
Access the Windows Update Catalog Doz Computer Help 1 12-29-2009 04:53 PM


All times are GMT -5. The time now is 06:17 AM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.