Advance Notice: Security Updates for Java SE

The Sun Security Blog published the following update announcement:

"On November 3, 2009, Sun will release the following security updates:

• JDK and JRE 6 Update 17
• JDK and JRE 5.0 Update 22
• SDK and JRE 1.4.2_24
• SDK and JRE 1.3.1_27

The following Sun Alerts corresponding to these updates will be released following the availability of these updates.

• 269868
• 269869
• 269870
• 270474
• 270475
• 270476"

Sun Security Blog



Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Firefox and Opera Browser Updates

Browser updates were released yesterday for Mozilla Firefox and today for Opera. Details and download links for both browsers follow:

Firefox 3.5.4

In addition to the security fixes listed below, the update to Firefox fixed several stability issues, added the ability to re-submit crash reports and addressed the issue where after using Clear Recent History some SSL sites would not load all images and styles without pressing reload.

To get the update, click Help -> check for updates.

Security Issues:

• MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
• MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
• MFSA 2009-62 Download filename spoofing with RTL override
• MFSA 2009-61 Cross-origin data theft through document.getSelection()
• MFSA 2009-59 Heap buffer overflow in string to number conversion
• MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
• MFSA 2009-56 Heap buffer overflow in GIF color map parser
• MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
• MFSA 2009-54 Crash with recursive web-worker calls
• MFSA 2009-53 Local downloaded file tampering
• MFSA 2009-52 Form history vulnerable to stealing

Release Notes and Download: http://en-us.www.mozilla.com/en-US/firefox/3.5.4/releasenotes/


Opera 10.01

Opera users can obtain the update to version 10.01 by clicking "Help -> check for updates and following the prompts.

New users can download Opera from http://www.opera.com/browser/download/
Features: http://www.opera.com/browser/features/




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Windows 7 Launch = Success!

Hello, Windows 7!

Windows 7 Default Desktop, designed by Chuck Anderson

Although the Windows 7 launch events were scaled down from the Windows Vista launch, there was no less enthusiasm on the part of Microsoft employees, partners and Windows fans. If you missed the launch event, it is available at Microsoft PressPass.

The full video is 54:02 in length, but worth the time. I particularly enjoyed the demonstration by Brad Brooks, corporate vice president located around the 29 minute mark. Of course, Kylie, the little girl who won hearts around the world, made everyone smile when she introduced Steve Ballmer.

Kylie, from the Windows commercials, introduces
Microsoft CEO Steve Ballmer at the launch event
in New York City on Oct. 22.
(Silverlight Required)

If you are in the market for a new PC, check what is available in Brandon’s Guide to Awesome New Windows 7 PCs. From there, move on to the refreshed Windows 7 web site, being sure not to miss the 7 days of Windows 7 savings .

Edit Note: As pointed out in the comments, if available in your country, the URL link for the "7 days of Windows 7 savings" offers will vary. The above link is to the U.S. site.

Clubhouse Tags: Clubhouse, Windows 7, Microsoft, News, Tips, Information


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

How Would YOU Change the World?

To celebrate the launch of Windows 7, Microsoft wants to discover creative ways that a PC running Windows can help an organization make an even greater impact in the community

Do you have an idea how you could use Windows 7 to help your local community? Submit a short video explaining or illustrating how you would use Windows to help a community organization. Why? Because the 7 people with the best submissions (selected by Microsoft judges) will each win a new PC running Windows 7. In addition, each winner's chosen (eligible) community organization will receive a $7,000 grant.

Find the rules, get additional information and submit your video at 7 Ways to Change the World. The deadline for submission is November 11, 2009.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Ok, I can hear the groans from here. You have a great idea and a worth-while community organization that could really benefit from that grant but you have never created a video before. Take my word for it, even an amateur can create a video with Windows Live Movie Maker.

For simple instructions check out the videos the Windows Live Team created and soon you will be on your way. Don’t take too long though, the deadline for submitting your video to 7 Ways to Change the World is November 11, 2009.

Windows Live Movie Maker Videos:

• Getting started with Windows Live Movie Maker
• Using AutoMovie
• Easily create beautiful videos using AutoMovie
• Three ways to share your video creation (YouTube, burn to DVD, save as HD)
• Add photos and videos to Movie Maker to get started
• Add transitions or visual effects
• Edit video clips to include the best footage in your movie
• Add and edit music
• Why we like the storyboard
• Add a title, captions and credits
• Publish to YouTube

Windows Live Movie Maker References:

• Download Link: http://download.live.com/
• The new Windows Live Movie Maker
• Hands on with Windows Live Movie Maker
• Podcast: Windows Live Movie Maker

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Clubhouse Tags: Clubhouse, Microsoft, Windows 7, Windows Live, Movie Maker, family, story, tips

Read More

Windows 7 Launch Events and Deals!

Windows 7 Launch Events

Finally the event that people from around the globe have been waiting – the official launch of Windows 7! Live streaming video, event photos, video highlights and more will be available starting at 8 AM Pacific (11 AM Eastern) at PressPass where you can “Watch the New York City Windows 7 Launch Party LIVE”.

Live coverage will also be provided by WinPatrol developer and fellow Microsoft MVP, Bill Pytlovany. He will be joined by the PC Pitstop Pit Crew. Join them tomorrow at: “Live Coverage – Windows 7 Launch Event in NYC”.

Watch for Windows 7 Launch Party invites in your area or host your own Windows 7 Meetup!. Brandon LeBlanc provided additional details in the Windows 7 Team Blog: Windows 7’s Big Day Tomorrow + New Offers Announced!

7 Days of Windows 7

Microsoft worked with their partners to introduce a series of limited-time offers that will include deals on hardware, Microsoft worked with their partners to introduce a series of limited-time offers that will include deals on hardware, software, upgrades, support, and other options. Brandon reported at the Windows 7 Team Blog that new offers will be released daily. The deals will be available for the next 7 days on Windows.com (site live tomorrow). The limited-time offers will also be available through participating retail and OEM partner sites.

Following are the Day 1 offers posted on the Windows Team Blog that will be included in Day 1:

• Best Buy Bundle: HP Laptop, Desktop PC with monitor, Netbook, wireless router and set-up by Geek Squad for $1,199.
• Dell: Save more than $100 on a Dell Studio XPS13
• Gateway: All-in-one Acer Gateway ZX6800 23" for $880

Buy a PC - Get a Discounted Upgrade for another PC:

Buy a PC with Windows 7 Home Premium, Professional or Ultimate and purchase a discounted copy of Windows 7 Home Premium, Professional, or Ultimate to upgrade an existing Windows PC.

This offer will run through January 2nd, 2010 and be available in Germany, UK, Czech Republic, Greece, Slovakia, Poland, Latvia, Hungary, U.S., Canada, Denmark, France, New Zealand, Australia.

Windows 7 Family Pack:

The Windows 7 Family Pack is also available today while supplies last. Customers can buy 3 licenses of Windows 7 Home Premium for one low price – for the U.S. it’s available for $149.99.

The Windows 7 Family Pack is available in the U.S., Japan, Canada, Germany, UK, France, Netherlands, Switzerland, Austria, Ireland, Luxembourg, Sweden.

Windows 7 Student Offer:

If you are a student (an .edu email address is required), you can upgrade to Windows 7 at the LOWEST PRICE offered, $29.99 in the U.S.

This offer runs through January 3rd, 2010 for US, Canada, France, Germany, Korea, Mexico and UK and March 31st, 2010 for Australia.

See Microsoft Student for details.

Clubhouse Tags: Clubhouse, Windows 7, Microsoft, News, Tips, Information


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Firefox Add-ons Blocklist

Yesterday I told you about MS09-054: IE and Firefox Attack Surface and included recommendations for protecting your computer. Before posting that article, I made the changes to both Firefox and Internet Explorer on my computers.

Today, when I returned from running errands, I discovered the following Firefox pop-up message, "Add-ons may be causing problems"

Following the "More information" link illustrated at the bottom of the above image, led me to a Mozilla page which lists blocklisted add-ons that should no longer be used with Mozilla products.

Take a couple minutes to confirm that you do not have the following add-ons active on your computer:

• Internet Download Manager, v2.1-3.3 for Firefox 3.0a1 and newer. Reason: caused startup crashes (see bug 382356).
• Free Download Manager, v1.0-1.3.1 for Firefox 3.0a1 and newer. Reason: high crash volume (see bug 408445).
• Yahoo Application State Plugin, v1.0.0.5 and older for Firefox 3.0a1 and newer. Reason: high crash volume (see bug 419127).
• Vietnamese Language Pack, v2.0 for all applications. Reason: corrupted files (see bug 432406).
• Apple QuickTime Plugin, v7.1.*, for all Firefox 3 versions on Windows. Reason: remote code execution in multiple versions (see bug 430826).
• Crawler Toolbar, for Firefox 3.0a1 and newer. Reason: high crash volume (see bug 441649).
• Daemon Tools Toolbar, versions older than 1.0.0.5, for all applications. Reason: high crash volume (see bug 459850).
• AVG SafeSearch, versions older than 8.0, for Firefox 3.1a1 and newer. Reason: breaks a core navigation method (see bug 479095).
• Microsoft .NET Framework Assistant and Windows Presentation Foundation, all versions, for all applications. Reason: remote code execution vulnerability (see bug 522777).

Compliments to the Mozilla developers for providing this service.

Clubhouse Tags: Clubhouse, Firefox, Tips, Security, Windows Vista, Windows 7, Information, How-To

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

MS09-054: IE and Firefox Attack Surface

The Security Research & Defense blog provided additional information on the attack surface for the IE Security Bulletin MS09-059, Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467). As explained:

“A browse-and-get-owned attack vector exists. All that is needed is for a user to be lured to a malicious website. Triggering this vulnerability involves the use of a malicious XBAP (XAML Browser Application). Please not that while this attack vector matches one of the attack vectors for MS09-061, the underlying vulnerability is different. Here, the affected process is the Windows Presentation Foundation (WPF) hosting process, PresentationHost.exe.

While the vulnerability is in an IE component, there is an attack vector for Firefox users as well. The reason is that .NET Framework 3.5 SP1 installs a “Windows Presentation Foundation” plug-in in Firefox”

In other words, if you happen upon a malicious website, with the Windows Presentation Foundation (WPF) plug-in enabled in Firefox, your computer is vulnerable.

Recommendations:

Internet Explorer

Although XBAP is disabled in IE8 on Win2k8 and Win2k3, that is not the case for IE7 or other operating systems. To disable this setting, edit the security settings in the Internet Zone as follows:

Launch Internet Explorer --> Click Tools --> Security Tab --> in Internet, click Custom level. Under .NET Framework --> XAML browser applications, Change the setting to Disable:

Firefox:

The WPF plug-in was installed in Firefox with .NET Framework 3.5. To disable the plug-in, do the following:

Click Tools --> Add-ons --> Click the Plugins Tab.
Select “Windows Presentation Foundation”, and click “Disable”.

To uninstall the “Windows Presentation Foundation” plug-in from Firefox, see to Microsoft KB Article 963707, How to remove the .NET Framework Assistant for Firefox.

References:

• Microsoft KB Article 963707, How to remove the .NET Framework Assistant for Firefox
• Security Bulletin MS09-059, Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)
• Security Research & Defense: MS09-054: Extra info on the attack surface for the IE security bulletin
• ZDNet.com: Microsoft exposes Firefox users to drive-by malware downloads

Clubhouse Tags: Clubhouse, IE8, IE7, Firefox, Internet Explorer, Tips, Security, Windows Vista, Windows 7, Information, How-To

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Adobe Reader and Acrobat Critical Update

Adobe has released a Security bulletin addressing 28 vulnerabilities in Adobe Reader and Acrobat. The updates are identified as critical. Details are available in Adobe Security Bulletin apsb09-15.

Should you wish to switch to an alternate PDF reader, there are a number of open source readers available from http://pdfreaders.org/.

Warning: Hat tip from my friend Randy. The Google Toolbar is not required as part of the installation. If you do not want the toolbar, uncheck that option when installing the update.

Affected software versions

• Adobe Reader 9.1.3 and earlier versions for Windows, Macintosh, and UNIX
• Adobe Acrobat 9.1.3 and earlier versions for Windows and Macintosh

Adobe Reader Update Locations:

• Windows: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
  
  
• Macintosh: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh
  
  
• UNIX: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix.

Acrobat Update Locations:

• Windows Acrobat Standard and Pro: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
  
  
• Windows Acrobat Pro Extended: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows
  
  
• Windows Acrobat 3D: http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows
  
  
• Macintosh Acrobat Pro: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

Reference: Adobe Security Bulletin apsb09-15

Clubhouse Tags: Clubhouse, Security, Updates, Vulnerabilities, Adobe

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Microsoft Security Bulletin: 13 October 2009

Microsoft released 13 new bulletins which address 34 vulnerabilities in Windows, Internet Explorer and Microsoft Office.

Microsoft is also re-releasing MS08-069, vulnerability in Microsoft XML Core Services could allow remote code execution (955218) to add detection for Windows 7 and Windows Server 2008 R2. Although this component does not ship with these platforms but many applications install it in order to use its functionality.

There was a change in the severity rating since the advance notification for several versions of Windows in the .NET bulletin (MS09-061). Microsoft elevated the severity from Important to Critical. This is not a regular practice, however, it was determined that this was the appropriate rating for these products when certain versions of the .NET Framework are installed on them.

The Malicious Software Removal Tool (MSRT) adds one new family this month: Win32/FakeScanti.

Critical

• MS09-050: Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)
• MS09-051: Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)
• MS09-052: Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)
• MS09-054: Cumulative Security Update for Internet Explorer (974455)
• MS09-055: Cumulative Security Update of ActiveX Kill Bits (973525)
• MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)
• MS09-061: Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)
• MS09-062: Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)

Important

• MS09-053: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
• MS09-056: Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)
• MS09-057: Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)
• MS09-058: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)
• MS09-059: Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)

References

• Microsoft Malware Protection Center blog: Scanti-ly Clad – Another Rogue Stripped by MSRT
• MSRC: October 2009 Security Bulletin Release
• TechNet: Microsoft security bulletin summary for October 2009
• Security Research & Defense blog:
• Assessing the risk of the October security bulletins
• MS09-051: A note on the affected platforms
• MS09-050: Exploit timeline for SMB2 RCE vulnerability
• MS09-054: Extra info on the attack surface for the IE security bulletin
• MS09-061: More information about the .NET security bulletin
• Microsoft Malware Protection Center blog: Scanti-ly Clad – Another Rogue Stripped by MSRT
  

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information

Read More

Advance Notice: October 2009 Microsoft Security Bulletin Release

On October 13, 2009, Microsoft is planning to release 13 bulletins (eight critical and five important), addressing 34 vulnerabilities. The affected products include Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server. Most of these updates require a restart.

According to the Advance Notification, of the 13 bulletins only one is designated Critical for Internet Explorer 8 on Windows 7. Four bulletins are designated Important for Windows 7. The full version of the Microsoft Security Bulletin Advance Notification for this month can be found at the TechNet link below.

Critical, Windows 7 (32 and 64 Bit):

• Bulletin 5, an update for Windows Internet Explorer 8.

Important, Windows 7 (32 and 64 Bit):

• Bulletins 6, 7, 10 and 12 are updates for Windows

Microsoft is additionally closing out two current security advisories:

• Vulnerabilities in SMB Could Allow Remote Code Execution (975497)
• Vulnerabilities in the FTP Service in Internet Information Services (975191)

References:

• MSRC: October 2009 bulletin Release
• TechNet: Microsoft Security Bulletin Advance Notification for October 2009

Clubhouse Tags: Clubhouse, Security, Updates, Microsoft, Information

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

European Commission to Market Test Browser Option in Windows 7

At a Press Conference today in Brussels, the European Commission announced (finally):

"I am pleased to announce that the Commission will formally market test proposals made by Microsoft to address the Commission's concerns regarding the tying of Internet Explorer to the Windows PC operating system."

Brad Smith, General Counsel, Microsoft Corporation, welcomed the European Commission announcement to move forward with formal market testing of Microsoft’s web browser proposal in Europe. An example of what to expect in the Web browser ballot is shown in the image below.

Click for larger image

Ideally, Europeans will be given the opportunity to select multiple browsers. This compromise is a major improvement over the prior option necessitating the separate downloading of a browser. The video and statement by Mr. Smith is available at Microsoft PressPass.

Clubhouse Tags: Clubhouse, Information, News, IE8

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More