14 Ağustos 2012 Salı

Security Bulletin Advance Notice for August 2012

To contact us Click HERE
Tweet This

Security Bulletin
On Tuesday, August 14, 2012, Microsoft is planning to release nine (9) bulletins, of which five bulletins are identified as Critical and the remaining four as Important.  All but one bulletin are related to Remote Code Execution and will require a restart.

The Critical security bulletins address ten vulnerabilities in Microsoft Windows, Internet Explorer, Exchange, SQL Server, Server Software, and Developer Tools. The bulletin for Exchange will address the issue first described in Security Advisory 2737111. The four bulletins that have been rated as Important will address vulnerabilities in Windows and Microsoft Office.

As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

References

  • MSRC Blog:  Advance Notification Service for August 2012 Security Bulletin Release
  • TechNet: Microsoft Security Bulletin Advance Notification for August 2012


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Gönderen zaman: Hiç yorum yok:

Gauss: Kaspersky Discovery, Analysis and Removal Tool

To contact us Click HERE
Tweet This

First came Stuxnet, Duqu and then Flame.  The latest is Gauss.  Although Gauss is less sophisticated than Flame, it is a data-stealing banking trojan having already obtained data from the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. Citibank and PayPal users are also reported as being targeted.


As described on Securelist in  Gauss: Nation-state cyber-surveillance meets banking Trojan:
"In 140 chars or less, “Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation”. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations "

The majority of Kaspersky customers who have been found to be infected with Gauss are located in Lebanon. Others are in Israel and Palestine with a few in the U.S., UAE, Qatar, Jordan, Germany and Egypt.

A quick check to determine if your computer is infected with Gauss is available from CrySyS at http://gauss.crysys.hu. The free Kaspersky Virus Removal Tool can be used to remove Dauss from your computer.  


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Gönderen zaman: Hiç yorum yok:

Microsoft August 2012 Security Bulletin Release

To contact us Click HERE
Tweet This


Microsoft released nine (9) bulletins, of which five bulletins are identified as Critical and the remaining four as Important.  All but one bulletin are related to Remote Code Execution and will require a restart.

The bulletins address twenty-six vulnerabilities in Microsoft Windows, Internet Explorer, Exchange Server, SQL Server, Server Software, Developer Tools, and Office.

NoteMS12-043 (Microsoft XML Core Services) was re-released again this month with additional updates for Microsoft XML Core Services 5.0. The re-release does not affect the previous updates for versions 3.0, 4.0, and 6.0.

Security Bulletins

Bulletin NumberBulletin TitleBulletin KB
MS12-052Cumulative Security Update for Internet Explorer 2722913
MS12-053Vulnerability in Microsoft Windows 2723135
MS12-054Vulnerabilities in Microsoft Windows 2733594
MS12-055Vulnerability in Microsoft Windows 2731847
MS12-056Vulnerability in Microsoft Windows 2706045
MS12-057Vulnerability in Microsoft Office 2731879
MS12-058Vulnerabilities in Microsoft Windows 2733829
MS12-059Vulnerability in Microsoft Office 2733918
MS12-060Vulnerabilities in Microsoft Windows 2720573

Support

The following additional information is provided in the Security Bulletin:
  • The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
  • Security solutions for IT professionals: TechNet Security Troubleshooting and Support
  • Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
  • Local support according to your country: International Support

References

  • MSRC: August 2012 Bulletin Release
  • TechNet: Microsoft Security Bulletin Summary for August 2012
  • Security and Safety Center:  Microsoft security updates for Augsut 2012 




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Gönderen zaman: Hiç yorum yok:

Adobe Reader and Acrobat Critical Security Upates

To contact us Click HERE
Tweet This

Adobe
Adobe released critical security updates addressing vulnerabilities in Adobe Reader and Adobe Acrobat.

The updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system.


Acrobat and Reader users can update to the latest version using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from http://www.adobe.com/products/reader/.  Even better to use is the FTP download site:  ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.1.4/ with no risk of add-ons.


Release Details

  • Release date: August 14, 2012
  • Vulnerability identifier: APSB12-16
  • Priority rating:  Critical
  • CVE numbers: CVE-2012-1525, CVE-2012-2049, CVE-2012-2050, CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, CVE-2012-4160, CVE-2012-4161, CVE-2012-4162
  • Platform: Windows and Macintosh

Affected software versions

  • Adobe Reader X (10.1.3) and earlier 10.x versions for Windows and Macintosh
  • Adobe Reader 9.5.1 and earlier 9.x versions for Windows and Macintosh
  • Adobe Acrobat X (10.1.3) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.5.1 and earlier 9.x versions for Windows and Macintosh

References

  • Security Advisory: Security updates available for Adobe Reader and Acrobat
  • PSIRT Blog: Adobe Security Bulletins Posted



Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Gönderen zaman: Hiç yorum yok:

Critical Security Update for Adobe Flash Player

To contact us Click HERE
Tweet This


Adobe Flash Player was updated to address critical security vulnerabilities.  These updates address a vulnerability that could cause the application to crash and potentially allow an attacker to take control of the affected system.


There are reports that the vulnerability is being exploited in the wild in limited targeted attacks, distributed through a malicious Word document. The exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.

Update Information

The newest version for Windows, Macintosh and Linux is 11.3.300.271.

Release date: August 14, 2012
Vulnerability identifier: APSB12-18
Priority: Critical
CVE number: CVE-2012-1535
Platform: Windows, Macintosh and Linux

Flash Player Update Instructions


Flash Player for Windows, Macintosh, Linux and Solaris

Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.
  • Flash Player For Internet Explorer:  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_active_x.exe
  • Non-IE (Opera, Firefox, Etc.):  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_plugin.exe
  • Flash Player Uninstaller:  http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe


    Notes:
    • Beginning with Adobe Flash Version 11.3, the universal 32-bit installer will include the 32-bit and 64-bit versions of the Flash Player.  
    • If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box.  It is not needed for the Flash Player update.
    • Uncheck any toolbar offered with Adobe products if not wanted.
    • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
    • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
    Adobe Flash Player for Android

    Adobe Flash Player for Android is not affected by the vulnerability addressed in this update.

    The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.


    References


    • Adobe Priority Ratings
    • Adobe Security Advisory: Security update available for Adobe Flash Player
    • Adobe PSIRT Blog: Adobe Security Bulletins Posted





    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...
    Gönderen zaman: Hiç yorum yok:
    Kaydol: Yorumlar (Atom)