Symantec Security Check is a free service designed to help you understand your computer's exposure to online security intrusions and virus threats. To access site click here .
Use Windows Update on a regular basis, or Schedule Automatic Updates in Windows XP, Windows 2000, or Windows Server 2003 Click here for more details. NOTE: close ALL programs before you run updates. If this is a host server your need to turn off all the services you can before you attempt any patch. Exchange Server may not work after a patch if this is not done. U.S. Department of Homeland Security US-CERT strongly encourages users to install and maintain anti-virus software and exercise caution when handling attachments. Anti-virus software may not be able to scan password protected archive files so users must use discretion when opening archive files and should scan files once extracted from an archive. Why should I run Windows update?
Why do I have to have a password?
Computerworld - Study: Weak passwords really do help hackers. Four computers
left online for 24 days were hit by 270,000 hacking attempts.
Click here for details.
Tuesday NetworkWorld - Adobe patches critical PDF vulnerability -
Adobe patched its Reader and Acrobat programs today to fix a flaw that exposed
most Windows XP users to exploits arriving in malicious PDF files. The patches
are included in updates to Reader, the for-free PDF rendering utility, and
Acrobat, Adobe's full-featured application; both have been tagged as Version
Click here for details.
10/10/2007 Wednesday McAfee - Microsoft has issued a Security Advisory on a remote command execution possibility in Internet Explorer 7 (IE7) on Windows XP and Windows 2003. The flaw lies in the way URIs and URLs are validated in IE7. A user would need to be coerced into following a malicious URI or URL presented in certain applications (e.g. Mozilla Firefox, Adobe Acrobat Reader, and Outlook are among the documented applications). IE7 users are strongly advised not to follow any unknown links specially those in unsolicited e-mails or instant text messages. Click Here for details.
Tuesday ComputerWorld - Microsoft Corp. today released six security
bulletins that patched nine vulnerabilities in Windows, Internet Explorer,
Microsoft Word, Outlook Express and SharePoint.
MS07-057, the critical update to IE, should be patched first, said Andrew Storms, director of security operations at nCircle Network Security Inc. "It's an update for every version of IE and for every supported version of Windows, so its impact is across the board," he said. Of the four vulnerabilities patched by the update, three are related to address-bar-spoofing, the practice of disguising the URL shown by a browser to trick users into thinking they're visiting a safe or legitimate site. Two of those three were publicly disclosed in February and July, the first by Polish researcher Michal Zalewski and Danish researcher Jakob Balle of Secunia, the second by Zalewski alone. Click Here for details.
iTnews - Microsoft patches 19 bugs
with 7 bulletins, all critical. The vulnerabilities being fixed include a highly
critical bug in Microsoft Exchange and a zero-day flaw in the DNS Server
Click Here for details.
09/17/2007 Monday Symantec Corp. - CUPERTINO, Calif. – Sept. 17, 2007 – The latest Internet Security Threat Report (ISTR), Volume XII released today by Symantec Corp. (Nasdaq: SYMC) concludes that cyber criminals are increasingly becoming more professional – even commercial – in the development, distribution and use of malicious code and services. While cybercrime continues to be driven by financial gain, cyber criminals are now utilizing more professional attack methods, tools and strategies to conduct malicious activity. Click here for more details.
09/11/2007 Tuesday U.S. Department of Homeland Security US-CERT - Microsoft Releases September Security Bulletins. Microsoft has released updates to address vulnerabilities in Windows, Visual Studio, Windows Services for UNIX, Subsystem for UNIX-based Applications, MSN Messenger, and Windows Live Messenger as part of the Microsoft Security Bulletin Summary for September 2007.
InfoWorld - Hackers update malware tool kit with zero-day code. Newest iteration of IcePack kit is the first to include attack code aimed at exploiting unpatched Microsoft bug. Click here for details.
eWeek - Microsoft is throttling a potentially evil paperclip this Patch Tuesday: Namely, a critical vulnerability in its Microsoft Agent—aka "Clippy"—that can open a system up to hijacking. "This one is critical, and it's like a browser fix: You surf to an evil Web site and you'll get hacked" Click here for details.
09/06/2007 Thursday NetworkWorld - Financially motivated malware attacks are on the rise, with automated software packages making it easy for unskilled hackers to earn a living by sending out spam, researchers at messaging security vendor Secure Computing say. Click here for details.
08/22/2007 Wednesday InfoWorld - The Storm malware, which first appeared in January of this year, is showing no signs of slowing down -- just this week reinventing itself as a Web site membership confirmation message. Click here for details.
U.S. Department of Homeland Security US-CERT is aware of several new propagation techniques being used by the Storm Worm Trojan to spread. The new variants arrive as either an email message claiming to contain a link to adult pictures, or as credentials for a membership-based website, asking you to login to change your temporary ID and password. The messages contain links to malicious websites that when visited, install malware on the user's system.
U.S. Department of Homeland Security US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:
* Do not follow unsolicited links.
* Install anti-virus software, and keep its virus signature files up-to-date.
* Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
eWeek - The Storm worm continues to sweep through the Internet, this time via a new series of spam e-mails that use login account confirmation details as bait to get recipients to visit malicious Web sites. Click here for details.
Tuesday U.S. Department of Homeland Security US-CERT - Cyber Security Alert
SA07-226A - Vulnerabilities in Microsoft Windows, Windows Media Player, Office,
and Office for Mac may allow an attacker to access your computer, install and
run malicious software on your computer, or cause it to crash. Run Windows
Click here for details. eWeek - Patch Tuesday brings with
it a host of security issues with Vista, issues with virtualization and a fun
time for system administrators who deal with clients using some wildly popular
Microsoft applications: Internet Explorer and Excel. Microsoft released nine
security patches for 14 vulnerabilities, with six of the updates rated critical,
in its biggest patch release since February.
08/08/2007 Wednesday Computer World - Leaked Vista hotfix packs now official, ready to download. Microsoft also confirms Vista SP1 and XP SP3 now in hands of testers. Click here for details.
Tuesday U.S. Department of Homeland Security US-CERT - Microsoft has
released updates that address critical vulnerabilities in Microsoft Windows,
Windows Secure Channel, Internet Explorer, Win32 API, Windows Mail and Outlook
Express. Exploitation of these vulnerabilities could allow a remote,
unauthenticated attacker to execute arbitrary code or cause a denial of service
on a vulnerable system.
05/08/2007 Tuesday U.S. Department of Homeland Security US-CERT - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Office, Exchange, Cryptographic API Component Object Model (CAPICOM), and BizTalk. Click here for details.
Friday U.S. Department of Homeland Security US-CERT - Microsoft has
released a security advisory regarding a vulnerability in the Domain Name System
(DNS) Server Service. This vulnerability affects Microsoft Windows 2000 Server
Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003
Service Pack 2. Click
here for details. eWeek - Microsoft is investigating
attacks exploiting a vulnerability in the Windows Server Domain Name System
Service, as well as two types of hacks targeting Vista's OEM BIOS activation
here for details. InfoWorld - Microsoft warns of dangerous
flaw in DNS server. 'Highly critical' vulnerability in several Microsoft server
products could allow attackers to run unauthorized code.
Click here for details.
Friday InfoWorld - Microsoft patching five flaws, two critical - The
software giant returns to its monthly security update schedule, announcing plans
to ship fixes for five vulnerabilities including four issues in Windows -- one
of which it ranked as critical.
Some industry watchers are already questioning why Microsoft's April 2007 Patch Tuesday distribution fails to address at least three known vulnerabilities in its popular Office software, including a code execution in Word that has been exploited and reported publicly since at least mid-February. Click here for details.
Monday InfoWorld - Microsoft issues emergency Windows patch. The patch fixes
a flaw in the processing of .ani animated cursor files that hackers have been
exploiting heavily since last week.
Click here for details. Microsoft - A security issue has been
identified that could allow an attacker to compromise your Windows-based system
and gain control over it. You can help protect your computer by installing this
update from Microsoft. After you install this item, you may have to restart your
here for details. InfoWorld - ANI Exploit Tries the
'Hot Pictures of Britiney Speers' Shtick - Spam promising "Hot Pictures of
Britiney Speers [sic]" is linking to sites hosting the Windows ANI exploit,
Websense discovered today. The e-mail, coming from "Nude BritineySpeers.com," is
written in HTML and contains text that allows it to skirt anti-spam rules in the
HTML comments. The come-on is from a server hosted in Russia that Websense says
is the same one used previously by groups to install rootkits, password-stealing
Trojans and other malware.
Click here for details. UPDATE - 04/10/2007
Tuesday InfoWorld - By Jeremy Kirk, IDG News Service - Over 2,000 sites
exploit .ani security flaw. The number of Web sites exploiting the problem will
continue to rise unless patches are immediately applied.
Click here for details.
04/02/2007 Monday MSNBC/REUTERS - SAN FRANCISCO - Microsoft Corp. plans to patch a security hole in Windows on Tuesday related to an animated cursor that hackers have used to launch attacks after users click on links to malicious Web sites. Click here for details.
02/14/2007 Wednesday InfoWorld - Microsoft fixes critical flaw in security products Half of the 12 updates are listed as 'critical' as they plug major security holes in MS software, including Word, Office, and Explorer. Click here for details. eWeek - Microsoft Patches 20 Security Vulnerabilities - The software giant matches its all-time high for monthly security fixes, issuing a dozen bulletins that aim to patch 20 holes in its products, including 14 critical issues in Windows, Office, IE and even its own anti-virus tools. Click here for details.
Friday REUTERS - Storm Worm hits computers around the world - most users
would not notice the malware, or trojan, which creates a back door to the
computer that can be exploited later to steal data.
Click here for more details.
01/10/2007 Wednesday - MSNBC/AP - REDMOND, Wash. - Microsoft Corp. released three security patches for its prevalent Office line of software and one for the Windows operating system on Tuesday, fixing holes that could let an outsider take control of an unwitting victim's computer. Click here for more details.
Monday - the Month of Apple Bugs This initiative aims to serve as an effort
to improve Mac OS X, uncovering and finding security flaws in different Apple
software and third-party applications designed for this operating system. A
positive side-effect, probably, will be a more concerned (security-wise)
user-base and better practices from the management side of Apple. Also, we want
to develop and provide tools and documented techniques to aid security research
in this platform. If nothing else, we had fun working on it and hope
people-with-a-brain out there will enjoy the results. Click
here for details
©2000-2007 Internet Partners, Inc.