Adobe Flash Player v10.2 Release Includes Critical Update

Adobe has released Flash Player 10.2, with the version identified as 10.2.152. Flash Player 10.2.152 includes security enhancements described in Security Bulletin APSB11-02.  With this version, support ends for Microsoft Windows 2000 and Macintosh PowerPC-based computers.

The enhancements included in the updated Flash Player include the following:

1. Stage Video hardware acceleration
   A new method for video playback in Flash Player  allows developers to leverage complete hardware acceleration of the video rendering pipeline, enabling best-in-class high definition (HD) playback performance.  Stage Video dramatically decreases processor usage enabling higher frame rates and reduced memory usage to deliver HD quality video on a broad range of devices. 

2. Support for full screen mode with multiple monitors
   Full screen content will remain in full-screen on secondary monitors, allowing users to watch full-screen content while working on another display.

3. Internet Explorer 9 hardware accelerated rendering support
   Flash Player takes advantage of harware accelerated graphics in Internet Explorer 9, utilizing hardware rendering surfaces to improve graphics performance and enable seamless composition.

4. Native custom mouse cursor: 
   Developers can define custom native mouse cursors, enabling user experience enhancements and improved performance.

5. Sub-pixel text rendering
   Improved readability of text in Flash Player, especially for complex character-based languages. 

Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, the direct download links are as follows:

• IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
• Non-IE (Opera, Firefox etc) http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

If you use the Adobe Flash Player Download Center, be careful to UNCHECK the box shown below. It is not needed for the Flash Player update. 

1 MB

Free McAfee® Security Scan Plus (optional) 

In addition, any toolbar offered with Adobe products can be unchecked if not wanted.


Verify Installation:
To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.

Do this for each browser installed on your computer.

Reference::

• Flash Player 10.2 Release Notes
• Security Bulletin APSB11-02

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Windows 7 Service Pack 1 Resources

Windows 7 Service Pack 1 has been released to Windows Update!  Although Windows 7 SP1 does not include new features but rather is a collection of security patches and non-security fixes, it also includes client-side support for RemoteFX and Dynamic Memory.  RemoteFX and Dynamic Memory are two new virtualization features enabled in Windows Server 2008 R2 SP1. 

Even if you have all offered security updates installed on your computer, you should still install the Service Pack.  The Service Pack will, at some point, be affected by the Microsoft Support Lifecycle for Windows 7 and future updates.  The additional changes in SP1 address minor usability issues as listed below:

Changes specific to Windows 7 include the following:

• Additional support for communication with third-party federation services 
• Improved HDMI audio device performance
• Corrected behavior when printing mixed-orientation XPS documents

Changes common to both Windows 7 and Windows Server 2008 R2 SP1:

• Change to behavior of “Restore previous folders at logon” functionality
• Enhanced support for additional identities in RRAS and IPsec
• Improved Support for Advanced Format (512e) Storage Devices

Additional details on the above changes are available in the the document "Notable Changes in Windows 7 and Windows Server 2008 R2 Service Pack 1.doc" available for download from Download details: Documentation for Windows 7 and Windows Server 2008 R2 Service Pack 1 (KB976932).

If you are now ready to install Windows 7 SP1, please take the following steps first:

1. Make sure your computer is malware free.  Run an updated scan with your antivirus and anti-malware software program.
2. Check Windows Update to ensure all Important updates have been installed.  Note that KB 976902, is a Pre-requisite for SP1: Description of the Windows 7 and Windows Server 2008 R2 installation software feature update 
3. If you installed any of the pre-release versions of SP1, uninstall them before installing the final release version of SP1. 
4. Back up important files to an external location (USB, CD, DVD, etc.)
5. Some security programs may interfere with the installation.  Thus, it is suggested that you temporarily disable them.   If you are unsure how to disable your security software, see the instructions in How to disable your security applications  at the Tech Support Forum. 
6. If you are using a laptop, be sure to be plugged in to an electrical outlet.

Should you run into difficulties, the following documents and Knowledge Base articles have been published:

• Troubleshoot problems installing a service pack for Windows 7 and Windows Server 2008 R2
• Error 0x800F0A12:  Windows 7 and Windows Server 2008 R2 Service Pack 1 (SP1) installation error: 0x800F0A12
• Error 0x800f081f:  You receive exit code 0x800f081f when attempting to install SP1 for Win7/R2
• KB 2505743: Steps to follow before you install Windows 7 Service Pack 1 from the Microsoft Download Center 
• KB 2483139: Windows 7 Service Pack 1 language packs are available for computers that are running Windows 7 Ultimate Service Pack 1 or Windows 7 Enterprise Service Pack 1
• KB 2498452: You do not have the option of downloading Windows 7 SP1 when you use Windows Update to check for updates
• KB 2492938: Some programs have compatibility issues with Service Pack 1 for Windows 7 and for Windows Server 2008 R2
• KB 2502370: "The following updates might need to be reinstalled" message when you try to install SP1 for Windows 7 or for Windows Server 2008 R2
• KB 2506014: Error when you install an update for Windows: "Error Code FFFFFFFE"
• KB 2510090: Installation of the Service Pack 1 update package for Windows 7 and Windows Server 2008 R2 fails with "Service pack installation can't continue"

Additional information is available at these Microsoft sites:

• Windows 7 SP 1-- Microsoft Download Center
• Information about Service Pack 1 for Windows 7 and for Windows Server 2008 R2
• System Readiness Tool (Can help fix problems that might prevent Windows updates and service packs from installing.)

Clubhouse Tags: Clubhouse, Security, Information, Service Pack, SP1, Windows 7,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Internet Explorer 9, Privacy and Security Enhancements

Within days of IE9 RC (Release Candidate) being made available for download, over two million user-initiated downloads occurred. If you installed the IE9 Beta, you may have already been offered the RC via Windows Update.  If it has not been offered to you yet, you may want to check for updates or you can download it yourself from Beauty of the Web.  It is not necessary to uninstall the Beta.  As you may recall, IE9 is not compatible with Windows XP. 

You can learn about the Beauty of the Web from many sources. I prefer to direct your attention to the security and privacy enhancements in IE9 RC.  You can locate most of the security and privacy features via the Tools menu, represented by the gear icon.

Safety Menu

Tracking Protection Lists (TPLs) 

Accessible via Tools > Safety

Tracking Protection in IE9 provides control of what data is shared as you navigate from one website to another.  This is accomplished by adding Tracking Protection Lists (TPLs) to Internet Explorer. Anyone, and any organization, on the Web can create and publish Tracking Protection Lists.

The default installation of IE9 does not include TPLs.  Rather, Microsoft has left the option available to add lists created by others.  By installing a TPL, third party content, images, ads, and analytics are blocked for the sites included in the list.  Tracking Protection is not on by default. Thus, after turning on Tracking Protection, it will remain on until you turn it off.

Although having TPLs enabled will block third-party content, this feature also includes the ability to include “OK to Call” addresses.  This is to ensure you can access these sites even if one of their lists has the site identified as “Do Not Call.”


Before you start adding Tracking Protection Lists, make certain that you understand how they work. I consider Ed Bott's article, Privacy protection and IE9: who can you trust? a "must read" if you are going to use TPLs. If you get nothing else from the article, at least note:

"So who can you trust? That question is especially important when you take into account the design of this feature in the IE9 RC. You can install multiple TPLs, and an Allow rule on any list trumps a Block rule on another list. So if you’re the owner of a big network of web properties, and you see a site visitor arrive using IE9, wouldn’t you want to helpfully offer that visitor the option to install a Tracking Protection List that whitelists all your domains? All in the interests of improved user experience, of course." {Emphasis added}

Then see the following quote from further in the article:

"As you can see from the table, TRUSTe’s current TPL represents advertisers, not consumers. TRUSTe’s TPL, unlike any of the others, consists exclusively of Allow rules for entire domains. Remember: Allow rules trump Block rules. So, if your domain is one of the nearly 4000 on the current version of the TRUSTe list, you’ve got a Get Out of Jail free card in IE9 with any user who installs the TRUSTe list."

As Ed pointed out, "Remember:  Allow rules trump Block rules."  Be selective about the TPLs you install or you will be counter-acting the tracking you are attempting to block. 

The currently available TPLs are available from Internet Explorer 9 Tracking Protection Lists.  From that site, click "Add TPL" for the desired list(s):

Active X Filtering 

Accessible via Tools > Safety

ActiveX controls are small programs, or add-ons, that are used to provide multimedia effects, animation, collecting data, and other interactive features on web sites. Some websites require you to install ActiveX controls to see the site or perform certain tasks on it.

With Active X filtering turned on, you can choose which websites are allowed to run ActiveX controls. If you visit a site that has not been approved, the browser will not prompts to install or enable them.  Instead, when you reach a site with Active X being filtered, as identified by the circle with a line through it, click the indicator and select the option to Turn off Active X filtering.

Conversely, if you end up at a site with a lot of flash, rotating images, use Active X filtering to reverse the process:

SmartScreen Filter 

Accessible via Tools > Safety

The features of the SmartScreen^® continue to include Anti-Phishing, Application Reputation and Malvertising Protection.  With additional information being collected, the features of Application Reputation have been improved. 

Application Reputation:

With Application Reputation, the SmartScreen Filter in IE9 is collecting additional information than it did in IE8.  The most significant change is that it will send information about the downloaded program, including a file identifier (a “hash”), results from installed antivirus tools, and the program’s digital certificate information.

The check of the file identifier by SmartScreen download reputation will result in IE9 removing warnings for commonly downloaded programs.  As illustrated below, warnings will be provided in the download manager for programs that are higher risk. Conversely, there will not be a warning for a well known program.

(Click image to see full-size)

Anti-Phishing and Malvertising Protection:

Most people are familiar with the term "phishing", generally in the form of an e-mail that appears to be from a legitimate site (bank, credit card company, or online merchant). Instead of being linked to the legitimate website, the links in the e‑mail message are directed to a fraudulent website where personal information, such as an account number or password is requested. This information is then typically used for identity theft.

The term malvertising was derived from "malicious advertising".  The advertisement could be in the form of a Flash-based ad banner or malicious content in frames that presents fake alerts (such as fake/rogue anti-virus warnings that your computer is infected).  Although the actual site being visited is safe, the malicious advertisement that is rotated in by an ad service is not.

With SmartScreen activated in IE9, in the event you click a link in an e-mail that goes to a known phishing site or attempt to go to a website where a malicious advertisement has been reported as unsafe, IE9 will block the ad and provide a warning that the website is hosting malicious content.  Although not fully appreciated in the partial screen copy from the demo sample provided by Microsoft, the complete background of page is a bright red.


Along with the warning, the address bar includes the security warning symbol next to the wording "Unsafe website".  Clicking the symbol provides the following additional information:

Suggested Sites 

Accessible via Tools > File

If you use Suggested Sites, be aware that Internet Explorer 9 is collecting some additional data on images and videos that are included on the sites visited (including the URLs of the images or videos).  The purpose of the additional information is to help determine which images and videos are popular and improve the Suggested Sites recommendations.

Additional details are available in the Internet Explorer 9 privacy statement.


User input by the many Beta testers had an influence on the Release Candidate.  The changes that were made to the IE9 Release Candidate based on Beta feedback are discussed at the IEBlog in User Experiences – Listen, Learn, Refine.


If you are anxious to upgrade to the IE9 Release Candidate, be sure you have the required updates installed.


Required Updates for Windows Vista

• KB971512: Windows Graphics, Imaging, and XPS Library Updates
• KB2117917: Beta Platform Update Supplement
  
  Required Updates for Windows 7

• KB2028551: Resolves Issues Printing XPS Containing Visual Brushes
• KB2028560: Performance Improvements for the Graphics Platform
• KB2120976: Addresses Streaming Issues with Media Foundation

Microsoft References:

• Beauty of the Web
• Internet Explorer 9 Home
• Internet Explorer 9 Tracking Protection Lists

Recommended Articles by Ed Bott:

• IE9 Release Candidate review: will Microsoft’s big browser bet pay off?
• IE9 FAQ: how to install, uninstall, and tweak the IE9 RC
• Internet Explorer 9 Tracking Protection: how it works
• Part 1 – IE9 and Tracking Protection: Microsoft disrupts the online ad business
• Part 2 – Privacy protection and IE9: who can you trust?

Clubhouse Tags: Clubhouse, Microsoft, Internet Explorer, IE9, Windows Vista, Windows 7, Information, Windows

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Oracle Java Security Update

Oracle Java released an critical security update to Java Runtime Environment (JRK).  The full internal version number for this update release is 1.6.0_24-b07 (where "b" means "build"). The external version number is 6u24.

The update addresses the security issue in CVE-2010-4476 which allows unauthenticated network attacks.  The update also includes non-security fixes.

Although Java is not required (See Do You Need Java?), if you do have Java installed on your computer, it is advisable to install the latest update. 

Download Update: Java SE Runtime Environment 6u24


Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Please check add/remove programs to ensure that you have uninstalled all prior (and vulnerable) versions of SunJava.

References:

• Java SE 6 Update 24 Release Notes
• Oracle Java SE and Java for Business Critical Patch Update Advisory - February 2011
• Oracle Security Alert for CVE-2010-4476

Clubhouse Tags: Clubhouse, Updates, Java, Security, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

WinPatrol 2011

Scotty, the Windows Watchdog, has changed over the years to keep up with the changes in the Windows operating systems he monitors.  In addition to fixing a couple of bugs with 64-bit operating systems, with the release of WinPatrol 2011, Scotty is monitoring additional information in Active Tasks.

Whether it be a malware infection or a recently installed program that is causing problems, the additional information now available in Active Tasks and the corresponding Recent tab will be very helpful in narrowing the source of the problem.

To view the active DLL's which are connected to running Tasks, check "Show All Active Files".  Click the First Detected column to sort by the date WinPatrol detected the addition of the file.

(Click image to view full size)

In the case of the .dll highlighted above, it is a legitimate file.  However, in the event the file was causing problems, locate the file on the Recent tab and select Kill Task.  On the other hand, if research showed that that the file was in fact malware, right-click the selected file and select "Delete on Reboot".

 

(Click image to view full size)

Long-time users of WinPatrol know the benefits of WinPatrol PLUS, which include the following features, not available in the free version:

• Access to WinPatrol PLUS Knowledgebase (24/7)
• Real-time Infiltration Detection
• Increased PLUS Performance
• Automatically respond and/hide specific alerts.
• Review and Remove ActiveX components
• Custom Registry Monitoring and Reg Locking
• Access to WinPatrol Cloud results 

See the other changes in WinPatrol 2011 at Bits from Bill: Time to Install WinPatrol 2011.

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, WinPatrol, 

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Critical Security Updates to Adobe Products

Patch Tuesday was hit hard with not only Microsoft security updates but also critical updates released by Adobe for Adobe Reader/Acrobat, Adobe Flash Player and Adobe Shockwave Player.  Also released were important updates for Adobe's ColdFusion product.

The updates are for all platforms and are for remote code execution and cross-site scripting (XSS).  Details are in the respective security bulletins.


Security updates available for Adobe Reader and Acrobat

Release date: February 8, 2011
Vulnerability identifier: APSB11-03
CVE Numbers: CVE-2010-4091, CVE-2011-0562, CVE-2011-0563, CVE-2011-0564, CVE-2011-0565, CVE-2011-0566, CVE-2011-0567, CVE-2011-0568, CVE-2011-0570, CVE-2011-0585, CVE-2011-0586, CVE-2011-0587, CVE-2011-0588, CVE-2011-0589, CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0594, CVE-2011-0595, CVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0600, CVE-2011-0602, CVE-2011-0603, CVE-2011-0604, CVE-2011-0605, CVE-2011-0606

Summary

Critical vulnerabilities have been identified in Adobe Reader X (10.0) for Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. Risk for Adobe Reader X users is significantly lower, as none of these issues bypass Protected Mode mitigations.

Acrobat and Reader users can update to the latest version using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from here.

Direct link for the 10.1 update:  http://www.adobe.com/support/downloads/thankyou.jsp?ftpID=4943&fileID=4617

FTP Links for supported versions:

http://ftp://ftp.adobe.com/pub/adobe/reader/win/8.x/8.2.6/misc/AdbeRdrUpd826_all_incr.msp
http://ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.4.2/misc/AdbeRdrUpd942_all_incr.msp
http://ftp://ftp.adobe.com/pub/adobe/reader/win/10.x/10.0.1/misc/AdbeRdrUpd1001_Tier1.msp

As usual, the caution to UNCHECK the box shown below. It is not needed for the update!

Free McAfee® Security Scan Plus (optional)

Free Google Toolbar (optional)

Search Google from any web page, block pop-ups
Learn more | Privacy policy | License

Free McAfee® Security Scan Plus (optional)

The next quarterly security updates for Adobe Reader and Acrobat is scheduled for June 14, 2011.




Security update available for Adobe Flash Player

Release date: February 8, 2011
Vulnerability identifier: APSB11-02
CVE Numbers: CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0607, CVE-2011-0608

Summary

Critical vulnerabilities have been identified in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.2.152.26.

Edit Note:  As of this update, Adobe is discontinuing support for Flash Player version 9.  See Flash Player 9 no longer supported.


Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, the direct download links are as follows:

• IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
• Non-IE (Opera, Firefox etc) http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe

If you use the Adobe Flash Player Download Center, be careful to UNCHECK the box shown below. It is not needed for the Flash Player update. 

1 MB

Free McAfee® Security Scan Plus (optional) 

In addition, any toolbar offered with Adobe products can be unchecked if not wanted.


Verify Installation:
To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.

Do this for each browser installed on your computer.

You may also want to verify the version of Adobe AIR installed on your system in the Adobe AIR TechNote.

Security update available for Shockwave Player

Release date: February 8, 2011
Vulnerability identifier: APSB11-01
CVE number: CVE-2010-2587, CVE-2010-2588, CVE-2010-2589, CVE-2010-4092,
CVE-2010-4093, CVE-2010-4187, CVE-2010-4188, CVE-2010-4189, CVE-2010-4190,
CVE-2010-4191, CVE-2010-4192, CVE-2010-4193, CVE-2010-4194, CVE-2010-4195,
CVE-2010-4196, CVE-2010-4306, CVE-2010-4307, CVE-2011-0555, CVE-2011-0556,
CVE-2011-0557, CVE-2011-0569

Summary

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.9.615 and earlier
versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an
attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected
system.

Download for Windows:  http://www.adobe.com/shockwave/download/


Note:  Please remember to uncheck any unwanted 3rd party toolbars/programs during installation. Also please do not confuse this with Adobe Flash Player which is a different program.

How to disable the auto-update setting in Shockwave:  http://kb2.adobe.com/cps/166/tn_16683.html
(This must be set every time Shockwave Player is updated if you do not want auto-updating.)


References:

• Adobe Reader/Acrobat:  Security Bulletin (APSB11-03)
• Adobe Flash Player:  Security Bulletin (APSB11-02)
• Adobe Shockwave Player:  Security Bulletin (APSB11-01)

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Security Bulletin Release for February, 2011

Microsoft released twelve (12) security bulletins addressing 22 issues in Microsoft Windows, Internet Explorer, Office, Visual Studio, and IIS.  Three bulletins are rated Critical, the remaining nine are rated Important.  

The updates addressed two Security Advisories:  Security Advisory 2490606 (public vulnerability affecting Windows Graphics Rendering Engine) and Security Advisory 2488013 (public vulnerability affecting Internet Explorer).

Important Note:  If you installed Microsoft Fix it Solutions for two either or both of the two Security Advisories, they need to be disabled prior to installing the updates.  As noted in Microsoft Fix it Available for Security Advisory 2488013, it is particularly important that the Microsoft Fix it be disabled.

Disable: Microsoft Fix it 50593 (Security Advisory 2490606)
Disable: Microsoft Fix it 50592 (Security Advisory 2488013)

Also included is an update to Security Advisory 967940, "Update for Windows Autorun,".  As explained in the MSRC Blog, the purpose of the update is

"to change how earlier versions of Windows handle security when reading "non-shiny" storage media. ("Shiny" storage media would include CD-ROMs and DVDs.) Windows 7 already disables Autorun for devices such as USB thumb drives, which prevents malware lurking on such drives from loading itself onto computers without user interaction. With the change to the Advisory, earlier versions of Windows that receive their updates automatically via Windows Update "AutoUpdate" will now gain that security-conscious functionality as well. We believe this is a huge step towards combating one of the most prevalent infection vectors used by malware such as Conficker."

Microsoft also released an updated Malicious Software Removal Tool this month.

The three critical updates are described as follows:

• MS11-003. This bulletin resolves three critical-level and moderate-level vulnerabilities affecting all versions of Internet Explorer. Due to existing mitigations, this bulletin is only rated at Moderate severity for all versions of Windows Server, has an Exploitability Index rating of 1, and will deprecate Security Advisory 2488013.
  
• MS11-006. This bulletin addresses one Critical-level vulnerability affecting Windows XP, Vista, Server 2003, and Server 2008. Newer versions of our operating system are unaffected. The vulnerability involves Windows Shell Graphics and could if exploited lead to remote code execution. This has an Exploitability Index rating of 1 and will deprecate Security Advisory 2490606 which we released on January 4^th. Since that time, we have not seen any attacks against this issue.
  
•  MS11-007. This bulletin addresses one privately reported vulnerability affecting all supported versions of Windows and involving the OpenType Compact Font Driver. It's rated Critical for Windows Vista, Windows 7, Server 2008 and Server 2008 R2; it's rated Important for Windows XP and Server 2003. This issue has an Exploitability Index rating of 2.

For complete details, see the references listed below.


References:

• MSRC: February 2011 Security Bulletin Release
• TechNet: Microsoft Security Bulletin Summary for February 2011

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Safer Internet Day

It's more than a game, it's your life

Safer Internet Day is organized by Insafe and co-sponsored by the European Union.  The purpose is to promote safer and more responsible use of online technology and mobile phones, especially among children and young people across the world.



As parents, the most important that you can do is talk to your children.  Be aware of an make sure they know the dangers that exist on the Internet -- cyberbullying in particular.  Cyberbullying is not something that only  happens to other people's children.  It can have serious consequences.  For additional information see Stop Cyberbullying and Help protect your kids from cyberbullying.

Other things parents need to do include

• Know what sites your children are visiting.  
• Know who your their friends are -- both online and offline.  
• Set time limits to their online time.

For young children consider Kid-Safe Cool Applications and Websites. 

The European Union has a wealth of information available for both parents and children with materials available in numerous languages.  See How to stay safe online? Resources for parents and children.

Microsoft online gaming resources available at GetGameSmart.com:

• Safer Online Gaming brochure
• Get Game Smart Family PACT
• Xbox 360 / Kinect Safer Family Gaming Guide

References:

• European Union:  Safer Internet Programme: Empowering and Protecting Children Online
• Insafe:  Safer Internet Day
• Microsoft:  GetGameSmart.com

Clubhouse Tags: Clubhouse, Family Safety, Games, Kinect, Windows, XBox,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Adobe Critical Security Update Scheduled

Adobe is joining Microsoft in issuing security updates on Tuesday, February 8, 2011.  Adobe has categorized the scheduled updates as critical.  The updates are for all platforms:

• Adobe Reader X (10.0) for Windows and Macintosh
• Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX
• Adobe Acrobat X (10.0) for Windows and Macintosh, and Adobe Acrobat 9.4.1 and earlier versions for Windows and Macintosh

Vulnerability identifier: APSB11-03
Platform: All Platforms


Reference:

• Prenotification Security Advisory:   Adobe Security Bulletin APSB 11-03

Clubhouse Tags: Clubhouse, Security, Updates, Vulnerabilities, Information,

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Security Bulletin Advance Notification for February, 2011

On Tuesday, February 9, 2011, Microsoft is planning to release twelve (12) security bulletins addressing 22 issues in Microsoft Windows, Internet Explorer, Office, Visual Studio, and IIS.  Three bulletins are rated Critical, the remaining nine are rated Important.  

The scheduled updates will be addressing Security Advisory 2490606 (public vulnerability affecting Windows Graphics Rendering Engine) and Security Advisory 2488013 (public vulnerability affecting Internet Explorer).

Important Note:  If you installed Microsoft Fix it Solutions for two either or both of the two Security Advisories, they need to be disabled prior to installing the updates.  As noted in Microsoft Fix it Available for Security Advisory 2488013, it is particularly important that the Microsoft Fix it be disabled.

Disable: Microsoft Fix it 50593 (Security Advisory 2490606)
Disable: Microsoft Fix it 50592 (Security Advisory 2488013)

References:

• MSRC Blog: Advance Notification Service for February 2011 Security Bulletins
• TechNet: Advance Notification Service for the February 2011 Security Bulletin Released
• Microsoft Fix it: Vulnerability in Internet Explorer could allow remote code execution
• Microsoft Security Advisory (2488013) 
• Microsoft Fix it: Vulnerability in Graphics Rendering Engine could allow remote code execution
• Microsoft Security Advisory (2490606)

Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information, 

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More