Security Bulletin Advance Notice for October 2013

On Tuesday, October 8, 2013, Microsoft is planning to release eight (8) bulletins.  Four of the bulletins are identified as Critical with the remaining four bulletins rated Important.

The Critical updates address vulnerabilities in Internet Explorer, .NET Framework and Windows. The Critical update for Internet Explorer will be a cumulative update which will address the publicly disclosed issue described in Security Advisory 2887505. 

The updates to Internet Explorer and Windows will require a restart.  For those people who run into problems with .NET Framework updates, it is recommended that the update be installed separately with a restart between other updates.

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Risk of Running Windows XP After Support Ends April 2014.

As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

References

• MSRC: Advance Notification Service for October 2013 Security Bulletin Release
• TechNet: Microsoft Security Bulletin Summary for October 2013

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

2013 U.S. and Canadian Cyber Security Awareness Month #NCSAM

Cyber Security Awareness Month is observed in the United States and Canada.  The purpose is to increase public awareness of cyber security.  The theme for the 2013 National Cyber Security Awareness Month (NCSAM) is Our Shared Responsibility.

There are many areas to consider when discussing cyber security.  The area I consider most dangerous is Identity Theft.  Identity Theft occurs when someone uses your personal information without your knowledge.  With your personal information, thieves are able to open credit cards and bank accounts, set up mobile service, make online purchases and more, destroying your credit in the process.

Let's examine what we can do to protect ourselves from Identity Theft.

Prevent Identity Theft

A few items to consider to protect your personal information include:

• Only provide your Social Security Number when absolutely necessary.  
• Never publicly post your address, phone number, driver’s license number, social security number (SSN) or student ID number.
• Shred documents that contain personal information.
• Use a strong password to protect your banking, credit card as well as accounts where you make online purchases or make payments.
• Use a unique password at each site.
• Don’t give out personal information on the phone, through the mail or over the Internet unless you initiated the contact.
• Keep your computer updated with both Microsoft Security Updates as well as third-party software such as Adobe and Oracle Java products.

What cyber security tips do you have?  Share your favorites in the comments and be sure to check the additional resources provided below.

Resources:

• Canadian Twitter Accounts:
  -- Public Safety Canada, @Safety_Canada
  -- Get Cyber Safe, @getcybersafe   
• Get Cyber Safe
• Microsoft Safety and Security Center
• Stay Safe on Line:  National Cyber Security Awareness Month
• Stop | Think | Connect
• U.S. Department of Homeland Security: National Cyber Security Awareness Month 
• U.S. Twitter Accounts:
  -- NatlCyberSecAlliance @StaySafeOnline
  -- Identity Theft Resource Center, @ITRCSD
  -- STOP THINK CONNECT, @STOPTHINKCONNECT

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Sensationalist Press Got it WRONG! Microsoft Does Not Recommend Two Antivirus Programs!

A recent article published by PC Pro has taken wings and is being quoted in numerous stories implying that a second antivirus program is needed when using Microsoft Security Essentials.  The article states,

"Now, Microsoft has said it sees Security Essentials as merely the first layer of protection, advising customers to use additional, third-party antivirus - although the company stressed that wasn't because the product wasn't good enough to stand on its own." (bold added)

The above statement by PC Pro is an obvious misinterpretation of Holly Stewart's comment (bold added), 

"It’s not as efficient to have one kind of weapon," she said. "Like anything you must have that diversity. It’s a weakness to just have one."

Why PC Pro is Wrong

Starting with the obvious, Microsoft Security Essentials on Windows 7, or earlier and Windows Defender on Windows 8 are disabled when a third-party antivirus software is installed.  Thus, an active second antivirus program cannot be run along side Microsoft Security Essentials or Windows Defender.

As clearly stated in this Microsoft Malware Protection Center help topic,

"It’s not a good idea to run other antivirus or antispyware products at the same time as Microsoft Security Essentials or Windows Defender.

Using more than one real-time security product can affect your PC performance. You might also get an error code when you try to update or install, such as 0x80070643."

The use of the word "weapon" by Holly Stewart in the above quote does not mean a second antivirus software, rather, as has long been recommended by the security community, a layered approach of another weapon is needed. 

In addition to one up-to-date antivirus software, it is also critical to maintain updated third-party applications such as Adobe products and Oracle Java and install Microsoft security updates. 

Along with "safe surfing", having one or two secondary security applications, such as my favorite Malwarebytes Antimalware and WinPatrol to supplement the work of your antivirus software program is generally recommended.

Microsoft Strategy Works!  

As illustrated in the Microsoft Malware Protection Center report, Evaluating our protection performance and capabilities, 99.9% of computers using Microsoft real-time protection reported no infections on the average day of August, 2013.  With results like that, it is clear that the change in focus by Microsoft to prevalent threats is obviously working.

Thus, PC Pro, Microsoft Security Essentials is not designed to be at the bottom of the antivirus rankings.  It is designed to target prevalent threats to consumer's computers, as illustrated in the change log for 1.159.819.0, released today.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Security Advisory 2887505 and Microsoft Fix it

Microsoft released Security Advisory 2887505 which relates to an issue with Internet Explorer.

It is important to note that there are a limited number of targeted attacks which are specifically directed at Internet Explorer 8 and 9. The issue, however, could potentially affect all supported versions of IE.

As described by Dustin Childs in the below-referenced MSRC Blog post,

"This issue could allow remote code execution if an affected system browses to a website containing malicious content directed towards the specific browser type. This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message."

Mitigations

Microsoft has made available a Fix it solution for users of Internet Explorer.  Additional mitigations include the following advice, also from the MSRC Blog post:

• Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
  This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
  This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

Below are the links to both apply and uninstall the Fix it solution.  Note:  The Fix it solution applies only 32-bit versions of Internet Explorer.
 

Apply Fix it	Uninstall Fix it
Microsoft Fix it 51001	Microsoft Fix it 51002

Another option is to install the Enhanced Mitigation Experience Toolkit (EMET), described in the "workarounds" section of the Tech Net Advisory.

If you have Windows Vista or Windows 7 installed, you should have updated to IE9 or IE10.  In the event you haven't, it is strongly advised that you update!

References:

• Microsoft KB Article 2887505: Microsoft Security Advisory: Vulnerability in Internet Explorer could allow remote code execution
• MSRC: Microsoft Releases Security Advisory 2887505
• Security Research & Defense: CVE-2013-3893: Fix it workaround available
• Tech Net Advisory: Microsoft Security Advisory (2887505): Vulnerability in Internet Explorer Could Allow Remote Code Execution

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Firefox 24.0 Released With Critical Security Updates

Mozilla sent Firefox Version 24.0 to the release channel.  At the the time of this posting, there is no indication of security fixes included.  An update will be made if or when that information has been provided.

Update:  The security fixes included in version 24.0 have finally been posted.  It is advised that this update be installed ASAP.

Version 24.0 includes seventeen security updates of which seven are critical, four high, and six moderate.
 

Fixed in Firefox 24

MFSA 2013-92 GC hazard with default compartments and frame chain restoration
MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
MFSA 2013-90 Memory corruption involving scrolling
MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
MFSA 2013-87 Shared object library loading from writable location
MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers
MFSA 2013-85 Uninitialized data in IonMonkey
MFSA 2013-84 Same-origin bypass through symbolic links
MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
MFSA 2013-81 Use-after-free with select element
MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
MFSA 2013-78 Integer overflow in ANGLE library
MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)

What’s New

• NEW -- Support for new scrollbar style in Mac OS X 10.7 and newer
• NEW -- Implemented Close tabs to the right
• NEW -- Social: Ability to tear-off chat windows to view separately by simply dragging them out
• CHANGED -- Accessibility related improvements on using pinned tabs (see 577727)
• CHANGED -- Removed support for Revocation Lists feature (see 867465)
• CHANGED -- Performance improvements on New Tab Page loads (see 791670)
• FIXED -- Replace fixed-ratio audio resampler in webrtc.org capture code with Speex resampler and eliminate pseudo-44000Hz rate ( see 886886)
• FIXED -- 24.0: Security fixes can be found here

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

If you do not use the English language version, Fully Localized Versions are available for download.

References

• Common questions after updating Firefox
• Security Updates
• Mozilla Firefox Release Notes
• Bug Fixes 

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Oracle Java Update

Oracle released the Java SE 7u40 today.  In addition to bug fixes and enhancements, the update includes the following:

• advanced monitoring and diagnostic capabilities that enable developers to gather detailed runtime information and perform efficient data analysis without impacting system performance; 
• a new security policy that gives system administrators greater control over Java running on desktops; 
• improved performance and efficiencies for Java on ARM servers and support for Mac OS X retina displays.

If Java is still installed on your computer, it is recommended that this update be installed.

For those people who have desktop applications that require Java and cannot uninstall it, Java can now be disabled in Internet Explorer.  See Microsoft Fix it to Disable Java in Internet Explorer.

Java Security Recommendations

1)  In the Java Control Panel, at minimum, set the security to high.
2)  Keep Java disabled until needed.  Uncheck the box "Enable Java content in the browser" in the Java Control Panel.

(Image via Sophos Naked Security Blog)

3)  If you use Firefox, install NoScript and only allow Java on those sites where it is required.

Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml

Download Information

Download link:   Java SE 7 Update 40

Verify your version:  http://www.java.com/en/download/testjava.jsp

Notes:

• UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.
• Starting with Java SE 7 Update 21 in April 2013, all Java Applets and Web Start Applications should be signed with a trusted certificate.  It is not recommended to run untrusted/unsigned Certificates.  See How to protect your computer against dangerous Java Applets

Critical Patch Updates

Starting with the October 2013 Critical Patch Update, security fixes for Java SE will be released under the normal Critical Patch Update schedule. A pre-release announcement will be published on the Thursday preceding each Critical Patch Update release.


For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:

• 15 October 2013
• 14 January 2014
• 15 April 2014
• 15 July 2014

References

• Critical Patch Updates, Security Alerts and Third Party Bulletin
• Oracle Blog
• Release Notes
• Java, The Never-Ending Saga  

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Microsoft Security Updates for September 2013

Microsoft released thirteen (13) bulletins.  Four of the bulletins are identified as Critical with the remaining nine bulletins rated Important.

The updates address 47 unique CVEs in Microsoft Windows, Office, Internet Explorer and SharePoint. The updates to Windows require a restart.



Critical:

• MS13-067 -- Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052)
• MS13-068 -- Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2756473)
• MS13-069 -- Cumulative Security Update for Internet Explorer (2870699)
• MS13-070 -- Vulnerability in OLE Could Allow Remote Code Execution (2876217)

Important:

• MS13-071 -- Vulnerability in Windows Theme File Could Allow Remote Code Execution (2864063)
• MS13-072 -- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)
• MS13-073 -- Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2858300)  
• MS13-074 -- Vulnerabilities in Microsoft Access Could Allow Remote Code Execution (2848637) 
• MS13-075 -- Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2878687) 
• MS13-076 -- Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2876315) 
• MS13-077 -- Vulnerability in Windows Service Control Manager Could Allow Elevation of Privilege (2872339) 
• MS13-078 -- Vulnerability in FrontPage Could Allow Information Disclosure (2825621) 
• MS13-079 -- Vulnerability in Active Directory Could Allow Denial of Service (2853587)  

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.

Support

The following additional information is provided in the Security Bulletin:

• The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
• Security solutions for IT professionals: TechNet Security Troubleshooting and Support
• Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
• Local support according to your country: International Support

References

• MSRC: Lovely tokens and the September 2013 security updates
• TechNet: Microsoft Security Bulletin Summary for September 2013

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Critical Adobe Flash Player, AIR and Shockwave Player Updates

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

With today's Windows Update, Internet Explorer 10 and 11 in Windows 8 and Windows 8.1 Preview are also updated.  Windows RT must obtain the update from Windows Update.

Update Information

The newest versions are as follows:

Windows and Macintosh:  11.8.800.168
Linux: 11.2.202.310
Android 4x: 11.1.115.81
Android 3x:  11.1.111.73

Adobe AIR:  3.8.1430

Release date: September 10, 2013
Vulnerability identifier: APSB13-21
CVE number: CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324
Platform: All Platforms

Flash Player Update Instructions

Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install Google Drive.

It is recommended that you either use the auto-update mechanism within the product when prompted, or my preference, the direct download links.

• Non-IE (Opera, Firefox, Etc.):  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_plugin.exe
   
• Windows XP, Vista and 7:
  Flash Player For Internet Explorer 7, 8, 9, 10:  http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_active_x.exe
  
  Windows 8 and 8.1:
  Flash Player for Internet Explorer 10 and 11: Microsoft updated Security Advisory 2755801.  If you do not have Automatic Updates enabled, the Flash Player update can be downloaded from Microsoft Security Advisory: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10: July 9, 2013.
  
  
• Flash Player Uninstaller:  http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe

Notes:

• If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
• Uncheck any toolbar offered with Adobe products if not wanted.
• If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
• The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.

Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player 12.0.3.133 and earlier versions on the Windows and Macintosh operating systems.

This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.

Although I have yet to need Shockwave Player on this computer, there are still many people who use it.  If you have Shockwave Player installed, please update to the latest version.

Release date: September 10, 2013
Vulnerability identifier: APSB13-23

CVE number: CVE-2013-3359 and CVE-2013-3360
Platform: Windows and Macintosh

The newest version  12.0.4.144 is available here: http://get.adobe.com/shockwave/.  As usual, watch for any pre-checked add-ons not needed for the update.

References

• Adobe Priority Ratings
• Adobe Security Advisory: Security updates available for Adobe Flash Player
• AIR Download Center
• PSIRT Blog
• Release Notes:  Flash Player® 11.8 AIR® 3.8

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Adobe Reader Security Updates

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.03) and earlier versions for Windows and Macintosh.

Adobe identifies this update as a regular quarterly update that provides security mitigations, feature enhancements, and bug fixes.  Note, however that the updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.


Release date: September 10, 2013
Vulnerability identifier: APSB13-22
CVE numbers: CVE-2013-3351, CVE-2013-3352, CVE-2013-3353, CVE-2013-3354, CVE-2013-3355, CVE-2013-3356, CVE-2013-3357, CVE-2013-3358
Platform: Windows and Macintosh

Update or Complete Download

Update checks can be manually activated by choosing Help > Check for Updates.

• Adobe Reader XI (11.0.04) for Windows is available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.
• Adobe Reader XI (11.0.04) for Macintosh is available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.
• Adobe Reader for Linux is not updated. 

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

Enable "Protected View"

Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

To enable this setting, do the following:

• Click Edit > Preferences > Security (Enhanced) menu. 
• Change the "Off" setting to "All Files".
• Ensure the "Enable Enhanced Security" box is checked. 

Image via Sophos Naked Security Blog

If you are looking for a replacement for Adobe Reader, consider Replacing Adobe Reader with Sumatra PDF.

References

• PSIRT Blog
• Release Notes | Acrobat, Reader
• Security Bulletin
• System Requirements

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Security Bulletin Advance Notice for September, 2013

On Tuesday, September 10, 2013, Microsoft is planning to release fourteen (14) bulletins.  Four of the bulletins are identified as Critical with the remaining ten bulletins rated Important.

The Critical updates will address issues in Internet Explorer, Outlook, SharePoint and Windows. The updates to Windows will require a restart.

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Risk of Running Windows XP After Support Ends April 2014.

As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

References

• MSRC: Advance Notification Service for September 2013 Security Bulletin Release
• TechNet: Microsoft Security Bulletin Summary for September 2013

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Microsoft Account Aliases and Primary Email Account

When Microsoft announced in April the ability to sign in with any alias that you have connected to your account, it took second place to the addition of two-factor authentication.  As a result, the simplified process of adding and managing aliases may have been missed.

The change to Outlook.com in April provided the ability to sign in with any alias that has been added to your account as well as simplifying the process of adding and managing aliases.

With the change today, "Rename" is being replaced with the ability to make any of your aliases a primary alias.  Because it is possible to sign in with any alias, there is little need to use the option to change your primary alias, unless you want a different email name to show on your Microsoft devices. 

You can set up or manage aliases at https://account.live.com/names/Manage.

If you are confused between alias accounts and the old linked accounts, see Managing Formerly Linked Microsoft Accounts.

References

• A better way to manage aliases and primary email address for your Microsoft account
• Use aliases to add email addresses to your account

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Managing Formerly Linked Microsoft Accounts

Microsoft announced in June that starting in late July, the linked accounts feature was being eliminated from Outlook.com.  Linked accounts should not be confused with aliases.  

• An alias is an additional email address created within your primary account.  Alias addresses use the same inbox, contact list, and account settings as the primary account. 
• Linked accounts were completely separate e-mail accounts that were linked to your primary account with their own inbox, contact list and account settings.  After being linked, the linked accounts were easily accessible via a drop-down link from your account.

With the account(s) you had previously linked now only accessible by separately logging into those accounts, if you haven't done so yet, you may want to set up mail forwarding. 

Mail Forwarding

Forwarding email to your primary Outlook.com email account is not limited to Hotmail, MSN, Live or Outlook.  You can also send and receive email from Google, Yahoo! Mail Plus, or other services that use POP.

The only caveat for Microsoft services is that it is necessary to sign in to your forwarded account at least once every 365 days to prevent the system from closing the account. 

The basic steps for setting up mail forwarding from one Microsoft account to another are straight-forward:

1. Sign in to the previously linked account that you want to forward to your primary account.
2. Click the Options icon located in the upper-right corner and select "More mail settings".
3. Select "Email forwarding" from the Managing your account column on the left.
4. Select "Forward your mail to another email account".
5. Enter the email address for the main account. 
6. Decide if you want to "Keep a copy of forwarded messages in your Outlook inbox".
7. Click Save.
   
   
   
   
   

Caught in a loop?

In order to set up mail forwarding, you need to log out from your primary account and log in to the secondary account.  What if you discover that typing mail.live.com in the address bar takes you right back to the email account you thought you had just logged out from?  This is because you are not completely logged out of that account, most likely because you checked the box "Keep me signed in".

In order to solve this problem, it is necessary to completely clear all live.com cookies.  If you use a cookie manager program, there are ~5 cookies to be deleted.

The first is the cookie with the name of the mail server; e.g., blu###.mail.live.com, where ### is a letter or number(s).  The other cookies to remove are the following:   

home.live.com
live.com
login.live.com
mail.live.com

To manage cookies in Internet Explorer 10, see Delete and manage cookies in Internet Explorer.  Click the down arrow for IE9 or IE8:

To manage cookies in alternate browsers, see the instructions at the respective sites:

• Firefox
• Google Chrome
• Opera
• Safari

Tip:  An easier way to access your other account is to use an alternate browser that you do not use to log in to your e-mail and it doesn't have the "Keep me signed in" box checked, use that browser to login to your live.com account and set up e-mail forwarding.

Remember when you are able to log in to the e-mail account that you want to manage, don't check the "Keep me signed in" box!

Additional information  on setting up mail forwarding is provided in this Microsoft help document at Set up your Gmail, Yahoo! Plus, or Microsoft email accounts in Outlook.com.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Firefox 23.0.1 Released

Mozilla sent Firefox Version 23.0.1 to the release channel.  As of this posting, it appears that the released update was to fix the issues shown below. However, based on the update notice, it is strongly suggested that the update be applied.

What’s New

• FIXED -- 23.0.1 - Rendering glitches on H.264 video only in FF23 on Vista (901944)
• FIXED -- 23.0.1 - Spellchecking broken with non-ASCII characters in profile path (902532)
• FIXED -- 23.0.1 - Audio static/"burble"/breakup in Firefox to Firefox WebRTC calls (901527)

Update

To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

If you do not use the English language version, Fully Localized Versions are available for download.

References

• Common questions after updating Firefox
• Security Updates
• Mozilla Firefox Release Notes
• Bug Fixes 

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More

Microsoft Security Updates for August, 2013

Microsoft released eight (8) bulletins.  Three of the bulletins are identified as Critical with the remaining five bulletins rated Important.

The bulletins address 23 vulnerabilities in Microsoft Windows, Internet Explorer and Exchange. The updates will require a restart.

Bulletin ID	Bulletin Title	KB No.
MS13-059	Cumulative Security Update for Internet Explorer	2862772
MS13-060	Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution	2850869
MS13-061	Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution	2876063
MS13-062	Vulnerability in Remote Procedure Call Could Allow Elevation of Privilege	2849470
MS13-063	Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege	2859537
MS13-064	Vulnerability in Windows NAT Driver Could Allow Denial of Service	2849568
MS13-065	Vulnerability in ICMPv6 could allow Denial of Service	2868623
MS13-066	Vulnerability in Active Directory Federation Services Could Allow Information Disclosure	2873872

Users of Windows XP are reminded that support ends for Windows XP on April 8, 2014.  See Tim Rains article, The Countdown Begins: Support for Windows XP Ends on April 8, 2014.

Support

The following additional information is provided in the Security Bulletin:

• The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
• Security solutions for IT professionals: TechNet Security Troubleshooting and Support
• Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center
• Local support according to your country: International Support

References

• MSRC: Leaving Las Vegas and the August 2013 security updates
• TechNet: Microsoft Security Bulletin Summary for August 2013

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Read More