Earlier this week, an issue impacting Internet Explorer affected a small number of customers. The potential exists, however, that more customers could be affected. As a result, today we have released a Fix it that is available to address that issue. This is an easy, one-click solution that will help protect your computer right away. It will not affect your ability to browse the web, and it does not require a reboot of your computer.
Then, on this Friday, Sept. 21, we will release a cumulative update for Internet Explorer through Windows Update and our other standard distribution channels. We recommend that you install this update as soon as it is available. If you have automatic updates enabled on our PC, you won’t need to take any action – it will automatically be updated on your machine. This will not only reinforce the issue that the Fix It addressed, but cover other issues as well.
Today’s Advance Notification Service (ANS) provides additional details about the update we are releasing on Friday – MS12-063. We are planning to release this bulletin as close to 10 a.m. PDT as possible. This cumulative update for Internet Explorer has an aggregate severity rating of Critical. It addresses the publicly disclosed issue described in Security Advisory 2757760 as well as four other Critical-class remote code execution issues.
This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerabilities by modifying the way that the Remote Desktop Protocol processes packets in memory and the way that the RDP service processes packets. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Continue reading “MS12-020: Critical RDP security issue”
Microsoft has released a beta for the Security Compliance Manager 2.5 (SCM 2.5)
In addition to key features from the previous version, SCM 2.5 Beta 2 offers new Exchange Server 2007 and 2010 baselines! Additional SCM 2.5 client product baselines are included in the beta download, including Windows 7 SP1, Windows Vista SP2, Windows XP SP3, and Office 2010 SP1, and Internet Explorer 8.
Learn more about Security Compliance Manager.
Here’s an overview of the new patches released this month by Microsoft.
Have fun reading it and good luck installing it on your enviroment. Continue reading “Overview security patches June 2011”
Just a informative video about coordinated vulnerability disclosures.
Take a look and decide for yourself what you want to do when and if you find/report a bug or problem in software. Continue reading “Coordinated Vulnerability Disclosure”
The Microsoft Security Update Guide is a valuable source of in-depth information and tools that can help you protect your IT infrastructure while creating a safer, more secure computing and Internet environment. We developed this guide to help IT professionals better understand and maximize Microsoft security update release information, processes, communications, and tools.
An incredibly large number of sites have been hacked in the last day with a malware script pointing to http://ww.robint.us/u.js. Not only small sites, but some big ones got hit as well:
http://www.intljobs.org (still hacked)
http://www.servicewomen.org (still hacked) Continue reading “Large scale attack on IIS/ASP websites”
Microsoft is investigating new public reports of a vulnerability in the Windows kernel. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-band security update, depending on customer needs.
Read more about this vulnerability here.
*** UPDATE January 22 2010 ****
Download information for the patch.
This is an advance notification of one out-of-band security bulletin that Microsoft is intending to release on January 21, 2010. The bulletin will be for Internet Explorer to address limited attacks against customers of Internet Explorer 6, as well as fixes for vulnerabilities rated ‘Critical’ that are not currently under active attack.
See the Microsoft Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx.