Forums | Albums | Social Groups

Go Back   UGL - We live the Unreal Life! > PC Support Section > Computer Help

Computer Help Computer updates and Info

Reply
 
Thread Tools Display Modes
Old 02-12-2010, 03:12 PM   #1
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default Window Update Info you need to KNOW

Microsoft released a record 13-patch security update for its February Patch Tuesday, repairing a total of 26 vulnerabilities in Windows and Office.

Of the 13 patches Microsoft released Tuesday, five are rated critical, seven are given the slightly less severe ranking of "important," and one is deemed "moderate."
The majority of bulletins -- 11-- addressed security vulnerabilities in Windows, while the remaining two affect older versions of Microsoft Office. Altogether, the monster patch plugged security critical holes in SMB client, ActiveX, Windows Shell Handler, Windows TCP/IP and Microsoft DirectShow.

Microsoft researchers say that one of the top priorities for users patching their systems should be a critical vulnerability in DirectShow. Hackers could infect victims with malware by hosting a malicious AVI file on a Web site, and then entice a user to visit the site with a malicious link embedded in an e-mail or IM message, typically through some social engineering scheme.
Meanwhile, experts also say that some of the most critical vulnerabilities addressed by patch MS10-009, occur in the Windows TCP/IP. Hackers could exploit the vulnerabilities to launch malware by sending infected packets to a computer with IPv6 enabled. The attackers could then crash a user's system in addition to stealing financial and personally identifying data.
"Even if an attacker isn't able to gain remote code execution, they may just be able to crash the system," said Joshua Talbot, security intelligence manager for Symantec (NSDQ:SYMC) security response. "That could have some severe implications for critical infrastructure."
Security experts say that the flaw enables hackers to launch malicious attacks on victim's computers by embedding code inside MS Office files or on Web sites. "Simply browsing an infected Web site will compromise unsuspecting users -- not great for all the holiday shoppers looking to get a jump on their shopping," said Andrew Storms, director of security operations for nCircle, in an e-mail. "The novelty value of this bug is likely to attract researchers. A lot of people will try to be the first to publicly post exploit code."
Talbot also highlighted several bugs in the Server Message Block Server, repaired by Microsoft bulletin MS10-012, which allows hackers to launch malicious attacks by creating a malicious SMB packet and sending it to a vulnerable computer. While the vulnerability is mitigated by the fact that it requires authentication, Talbot pointed out that attackers could exploit the flaw by easily bypassing guest account restrictions.
"SMB servers are often used for data repositories to share files throughout companies. This could be a particularly interesting target for attackers to steal information," Talbot said.

And not just for insiders, he added. "If (victims) didn't' have proper firewalling, an attacker could reach the server via the Internet. It's common for corporations to have laptops and employees that use unsecured wireless. All it takes is one attacker sitting on that wireless network."

Microsoft also released a critical patch for a vulnerability in the Windows Shell Handler affecting Windows 2000, Windows XP and Windows Server 2003, which attackers could exploit by sending a malicious link that appears to the ShellExecute API to be valid. In
addition, Redmond issued a cumulative critical patch for ActiveX Killbit flaws.
While so far there are no in-the-wild attacks exploiting the vulnerabilities, proof-of-concept exploit code exists for two vulnerabilities addressed by Microsoft bulletin MS10-015, addressing errors designated as "important" in the Windows Kernel that could enable elevation of privileges if an attacker logged onto the system then ran a malicious application.

So far, security researchers say they have seen no attacks exploiting the issue.
Despite that fact, Microsoft researchers advised users to upgrade their aging legacy systems to protect themselves from possible threats that may emerge after the patches are released. Many of the most critical patches repaired vulnerabilities in aging Windows systems, such as Windows 2000, XP and Server 2003. "We encourage customers to upgrade to the latest versions of both Windows and Office. As this bulletin release shows, the latest versions are less impacted overall due to the improved security protections built into these products," Microsoft said in a company
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 02-12-2010, 03:16 PM   #2
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Microsoft Pulls Security Update Blamed For Windows XP Blue Screen Of Death

Info Link here>>>>
http://www.crn.com/security/22290020...PSKH4ATMY32JVN

By Steven Burke, ChannelWeb
12:25 PM EST Fri. Feb. 12, 2010

Microsoft has stopped serving a security patch that has apparently triggered the infamous Microsoft Blue Screen of Death for a number of Windows XP users. "We are still investigating this but I wanted to provide some additional clarity on what I mean when I said we stopped offering the update via Windows Update," said Jerry Bryant, senior security communications manager lead in a post in The Microsoft Security Response Center. "To be more precise, we basically turned off the Automatic Update system for this bulletin. This means that computers that have our recommended setting to automatically look for, download, and install high priority updates, will not pull this update down."
The Windows XP Blue Screen of Death issues surfaced after Microsoft released a record 13-patch security update for its February Patch Tuesday repairing what it called 26 vulnerabilities in its Windows operating system and Office productivity software.
The decision to stop serving the suspected patch came after a flurry of complaints from Windows XP users that had updated their systems.
"When my wife downloaded Windows update it shut the Acer Aspire down and only the blue screen comes up," complained a user on the Microsoft Answers forum. "We can only see the Safemode screen and thats (sic) about all. We tried to reboot with the proper
disk and nothing happens when we hit Enter. HELP!!!!!!!!!!!!!!!!! Jack."
"I am glad to see that I am not the only one having the same problem," wrote another frustrated user. "I had to go to work and use my MACINTOSH (sic) to get on line to find out what is going on with the XP updates last night. I got the exact same page fault error!!! I am this much closer to switching over to a MACINTOSH for good."
At least one user that had his system crippled is considering moving to Windows 7.
"Impossible to get it to boot by any means," wrote the user. "Have turned off Auto Update on all other PCs - fortunately only the one (my main one) is effected (sic). I'll be really annoyed if I have to do a clean install (as I have so much software and updates and patches on it). If I have to do that I may as well go for Win 7 :-(."
Kevin Hau, a moderator in the Microsoft Answer forum, advised users that the patch that needs to be uninstalled to resolve the Blue Screen issue is KB977165.
"We have found that there is only one patch that requires un-installation to resolve the blue screen issue," wrote Hau. "KB977165 is the patch in question, the other patches do not seem to cause the blue screen behaviour and do not need to be uninstalled."
Hau advised users to:
1. Boot from your Windows XP CD or DVD and start the recovery console.
2. Once you are in the Repair Screen, type this command: CHDIR $NtUninstallKB977165$\spuninst.
3. Type this command: BATCH spuninst.txt.
4. When complete, type this command: exit.
One user this morning was still having problems after attempting the fix.
"Since my first restart after performing the recent Microsoft update, I can't boot up--so pretty sure I have the bug attributed to KB977165 in the update," wrote the user. "I've gotten to my recovery screen, but when I type in-- CHDIR $NtUninstallKB977165$\spuninst -- it responds "path or file directory not valid". I've tried all the KBs that came w/ the update and I'm getting the same response. What could I be doing wrong?"
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 02-12-2010, 03:21 PM   #3
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Microsoft Drops Anti-Piracy Cop Into Windows 7

Info Link Here >>> http://www.informationweek.com/news/...leID=222900212

Microsoft will introduce an update to Windows 7 in the coming days that will allow it to ensure users are running genuine copies of the operating system and have not used any activation exploits, or hacks, to defeat the company's validation process.
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 02-12-2010, 03:25 PM   #4
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Microsoft details Windows 7 memory leaks, hangs, freezes


Info Link Here >>> http://arstechnica.com/microsoft/new...gs-freezes.ars


Microsoft has been tracking some odd issues that occur on Windows 7 and Windows Server 2008 R2. These bugs are not typically fixed via Windows Update, because these hotfixes should only be applied to systems that are experiencing specific problems. So if you are not severely affected by either of them, wait for the relevant service packs. Here are the four most prominent issues, listed in order of decreasing severity.
The first manifests itself when the computer crashes after it runs for some time, with the user seeing the following BSOD (the four parameters vary depending on the computer):
STOP: 0x0000000A (parameter1, parameter2, parameter3, parameter4)
IRQL_NOT_LESS_OR_EQUAL
Microsoft explains that the issue occurs because Power Manager opens an Advanced Local Procedure Call (ALPC) port and closes another port instead of closing the ALPC one, resulting in a successive memory leak, leading to an eventual crash. If you're affected, this is for you: Hotfix Request.
Few users realize the second issue is a bug. As described in KB958685, it affects all versions of Vista, Windows Server 2008, and Windows 7. If the user puts the notebook to sleep while its lid is still open and then afterwards closes the lid while the computer is still asleep, Windows will only display a blank screen and a mouse pointer upon wake. This continues until a key is pressed or the mouse is clicked. You can wait for the next software update that contains this hotfix (SP1 on Windows 7 and Windows Server 2008 R2, SP2 on Vista) or you can click this: Hotfix Request.
The third issue is described in KB978789 and specifically applies to computers with chipsets from the Intel 5 Series or the Intel 3400 Series families coupled with Windows 7 Home Premium, Professional, or Ultimate. Using a USB bulk storage device that has pending control and bulk traffic with such a Windows-based computer will result in the device becoming unresponsive, with the iPhone mentioned as a culprit.
Microsoft doesn't have a hotfix for this problem, suggesting that the user contact the computer/motherboard manufacturer for a BIOS update.
The last problem is explained in KB975360 and affects all editions of Windows 7. It is only evident with computers that have a quad-core processor and support multitouch, and involves the Microsoft Rebound game from the Microsoft Touch Pack for Windows 7 not responding if you try to launch it. Since this is entirely a Microsoft problem, here's the solution: Hotfix Request.
Microsoft is expected to offer SP1 for Windows 7 and Windows Server 2008 R2 this fall.

__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 02-12-2010, 03:27 PM   #5
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Good Source for all Window issues

ChannelWEB

http://www.crn.com/index.jhtml;jsess...PSKH4ATMY32JVN
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 02-13-2010, 10:33 AM   #6
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Did Aurora Fixes Lead To Windows XP Blue Screen of Death?


By Rob Wright, ChannelWeb
5:47 PM EST Fri. Feb. 12, 2010

Did Microsoft's rush to fix Internet Explorer vulnerabilities that surfaced with the Google China 'Aurora' hack lead to a rash of Windows XP "Blue Screen Of Death" issues?
That's the question that has been raised by the chief security officer for Q1 Labs, a security information event management (SIEM) software
Chris Poulin, the chief security officer for Q1 Labs, a Waltham, Mass. SIEM vendor that doubled its customer base last year, suspects that Microsoft "didn't have time to do the QA (Quality Assurance) they usually do" when they issued what amounted to a a record 13-patch security update for its February 9 Patch Tuesday on repairing what it called 26 vulnerabilities in its Windows operating system and Office productivity software.

Microsoft released the patch that triggered the Windows XP Blue Screen of Death with the "same patches that patched up the Aurora vulnerability," Poulin said. "So there was a rush to market. When you hurry up your QA process you are bound to miss something."
"There's a scramble that happens when you are under the gun," said Poulin. "I'm sure there were a lot of Microsoft executives sweating after Aurora."
Microsoft did not respond to repeated requests for comment.
The highly publicized and sophisticated Aurora hack last month from China has sparked widespread fear among users because it targeted 34 of what should be the most cybersecurity savvy high tech companies including Google.

Poulin even suspects that Microsoft itself may have been hit by the Aurora hack. "If you are Microsoft you wouldn't admit it," he said. "If it was your product you would be a little bit hesitant to stand up and say 'Not only did our product allow you to be hacked. We allowed ourselves to be hacked and we didn't' detect it.'"

The Aurora hack has some pundits even questioning whether users should ditch IE because of the Google China Aurora hack.
Microsoft has responded to the flurry of complaints from Windows XP users that have seen their systems crippled by the Blue Screen of Death by pulling a security patch.

"We basically turned off the Automatic Update system for this bulletin," wrote Jerry Bryant, senior security communications manager lead in a post in The Microsoft Security Response Center. "This means that computers that have our recommended setting to automatically look for, download, and install high priority updates, will not pull this update down."
maker.
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 02-13-2010, 02:32 PM   #7
PDragon
DragonLord
 
PDragon's Avatar
 
Join Date: Feb 2010
Posts: 19
Default

Great Info. Luckily no blue screens for me :)
P.S. I Fragged you in the Kingdom!!! Ha Ha. Check out the war room!
PDragon is offline   Reply With Quote
Old 02-14-2010, 07:55 PM   #8
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

LOL I got ya with the wrong button win


OK some Microsoft update info

They are pushing this down and I hope they got it fixed this time.
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)


http://www.microsoft.com/technet/sec.../MS10-015.mspx
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 02-15-2010, 09:52 AM   #9
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Microsoft Investigates Windows Blue Screen of Death Reports

http://www.eweek.com/c/a/Security/Mi...eports-209762/




Microsoft is looking into user reports of a problem that causes the so-called Blue Screen of Death. The initial investigation suggests a link to a Windows security update issued as part of Patch Tuesday.

According to Microsoft, the problem appears to be related to MS10-015, but the company has not determined if the problem is specific to MS10-015 or if it is an interoperability problem with another component or third-party Software. The bulletin addresses two Windows Kernel privilege escalation bugs, and was among 13 issued Feb. 9 to plug a total of 26 security holes.

Reports of the issue began trickling in on Windows support forums after the Patch Tuesday updates were rolled out. The claims mostly involve Windows XP. One of the user-proposed solutions is to boot from the XP installation CD, launch the recovery console and enter a series of commands detailed here.

Our teams are working to resolve this as quickly as possible," Jerry Bryant, senior security communications manager lead at Microsoft, wrote on the Response Center blog. "We also stopped offering this update through Windows Update as soon as we discovered the restart issues. However, those using enterprise deployment systems such as SMS or WSUS will still see and be able to deploy these packages."
Bryant added, "At this time, we are not aware of any issues with the other updates that were released this month and we continue to encourage customers to install them as soon as possible in order to help ensure that they [are] protected from the vulnerabilities they address."
If users choose not to install MS10-015, they can disable the NTVDM subsystem as a workaround for CVE-2010-0232. Exploitation requires the attacker to have valid log-on credentials and be able to log on locally, according to Microsoft's advisory.
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Old 02-17-2010, 11:02 AM   #10
Doz
Maniac Drummer
 
Doz's Avatar
 
Join Date: Feb 2008
Location: Florida
Posts: 3,017
Default

Another good site about Windows updates

http://blogs.technet.com/msrc/


Another site Microsoft tells you to go if you have problems

http://onecare.live.com/site/en-us/default.htm
__________________
I am a USAF Veteran and LoveUSA

Doz is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 14 (0 members and 14 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Apple Info for iPhone and iPad Doz Computer Help 26 10-28-2017 04:14 PM
Do not use IE7, 8 or IE9 until Microsoft fixes info Doz General what nots 3 12-15-2012 09:45 PM
Warning: Urgent Microsoft update may be Firefox malware Doz How To Fix It 2 06-28-2011 08:56 PM
How to Fix Windows Update Greyed out Doz How To Fix It 0 04-13-2011 08:13 AM
Access the Windows Update Catalog Doz Computer Help 1 12-29-2009 04:53 PM


All times are GMT -5. The time now is 08:09 PM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.