Virus Security Information Page

              MSNBC News

Symantec Security Check 

    ISC Logo       

Symantec Security Check is a free service designed to help you understand your computer's exposure to online security intrusions and virus threats. To access site click here .

Use Windows Update on a regular basis,  or Schedule Automatic Updates in Windows XP, Windows 2000, or Windows Server 2003  Click here for more details.  NOTE:  close ALL programs before you run updates.  If this is a host server your need to turn off all the services you can before you attempt any patch. Exchange Server may not work after a patch if this is not done.  U.S. Department of Homeland Security US-CERT strongly encourages users to install and maintain anti-virus software and exercise caution when handling attachments. Anti-virus software may not be able to scan password protected archive files so users must use discretion when opening archive files and should scan files once extracted from an archive.  Why should I run Windows update?
 

12/12/2006 Tuesday MSNBC/AP - Microsoft Corporation put out three software patches that fix problems carrying a "critical" rating, the company's highest threat level.  All three could let an attacker remotely run code on a victim's computer. The patches close holes in Microsoft's Internet Explorer Web browser, its Windows Media Player program and its Visual Studio 2005 development software.  Click here for details.  Microsoft security updates for December 2006 Click here for details.
 

11/14/2006 Tuesday - eWeek - Unpatch Day: Pay Attention to MS06-070 - Microsoft's Patch Tuesday express has dropped off six security bulletins covering at least nine vulnerabilities (not counting those silently fixed thingies). The IE and XML Core Services bugs are getting all the attention but security experts are most nervous about MS06-070, which covers a nasty, wormable flaw in Workstation Service. Click here for details. - Microsoft on Nov. 14 released a critical cumulative update for its flagship Internet Explorer browser to fix a flaw that was being used in targeted zero-day attacks since early October. Click here for details.
 

11/03/2006 Friday Microsoft Security Advisory (927892) - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution. Update 11/04/2006 This is now a zero day with exploits in the wild.  Click here for details.

10/10/2006 Tuesday InfoWorld - IDG News Service Microsoft patches Windows, Office, .Net Six of the 11 updates are rated critical.  Microsoft has issued 11 security updates, fixing critical vulnerabilities in its Windows and Office software.  Six of the updates are for Windows, including a patch for a nasty bug in the operating system's graphical user interface, which is currently being targeted by attackers. Four updates are for Office, and the final update is for the .Net framework, considered to be less severe than the worst of the Windows and Office bugs.  Click here for details.  Microsoft TechNet - Microsoft Security Bulletin Summary for October, 2006 - Click here for details.  MSNBC-AP-SEATTLE-Microsoft Corp. on Tuesday released six patches to fix software flaws that carry its highest threat rating, including three for defects that attackers were already trying to exploit.  Click here for details.

09/28/2006 Thursday Microsoft Security Advisory (926043) Vulnerability in Windows Shell Could Allow Remote Code Execution - Microsoft is investigating new public reports of a vulnerability in supported versions of Microsoft Windows. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. We are also aware of proof of concept code published publicly. We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. We will continue to investigate these public reports.  Click here for details.  U.S. Department of Homeland Security - US Cert - Technical Cyber Security Alert TA06-270A - The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability. An attacker could exploit this vulnerability through Microsoft Internet Explorer (IE) or any other application that hosts the WebViewFolderIcon control. More information is available in Vulnerability Note VU#753044.
 

09/27/2006 Wednesday MSNBC -  REUTERS - LOS ANGELES - Microsoft releases security patch for Explorer - Microsoft Corp. on Tuesday released a security patch to fix a "critical" hole in its Internet Explorer Web browser that the world's biggest software maker said could allow an attacker to take control of a user's computer.  Click here for details.

MSNBC-AP-Microsoft Puts Out Fix for Explorer Flaw - The Redmond-based software maker said it was putting out the fix ahead of the next scheduled security fix release date on Oct. 10 because of the severity of the problem. The flaw carries Microsoft's highest "critical" rating.  Click here for details.

09/12/2006 Tuesday MSNBC -  REDMOND, Wash. - Microsoft Corp. on Tuesday released several security fixes for its Windows operating system and Office software, and re-released two previous patches.  Click here for details.
 

08/09/2006 Wednesday InfoWorld - The U.S. Department of Homeland Security (DHS) warned Wednesday that a recently patched Microsoft Corp. Windows vulnerability could put the nation's critical infrastructure at risk.  Click here for more details.

08/08/2006 Tuesday InfoWorld - Microsoft issued nine security updates addressing critical flaws in its Office and Windows products. The updates patch two worrisome PowerPoint flaws that could allow attackers to seize control of a PC, the company said Tuesday. Click here for more details.

MSNBC - REDMOND, Wash. - Microsoft Corp. on Tuesday released 12 security fixes for its Windows operating system and Office business software.  Seven of the patches are to fix Windows flaws that carry the company's highest danger rating.  Click here for more details.

U.S. Department of Homeland Security US-CERT Cyber Security Alert SA06-220A Critical vulnerabilities in Microsoft Windows, Office, Works Suite, and Internet Explorer may allow an attacker to take control of your computer.  Click here for more details.
 

07/11/2006 Tuesday MSNBC - REDMOND, Wash. - Microsoft Corp. on Tuesday released four security fixes to patch flaws in its Windows operating system. Two of the vulnerabilities carried the highest danger rating. All of the patches are to fix weaknesses in Windows that could allow an attacker to take control of a person's computer. Click here for more details.

U.S. Department of Homeland Security US-CERT Cyber Security Alert SA06-192A Microsoft Windows, Office, and IIS Vulnerabilities. Click here for more details.
 

06/14/2006 Wednesday NetworkWorld/Computerworld  By Jaikumar Vijayan - Exploits for Microsoft flaws circulating.  Security firms are warning about the availability of attack code targeting some of the flaws for which Microsoft released patches Tuesday.  Most of the exploits target flaws that were previously known but for which patches became available only as part of Microsoft's June monthly security update. But at least two publicly available exploits are directed at newly disclosed flaws in the company's products.  Click here for more details.
 

06/13/2006 Tuesday InfoWorld - Microsoft aims patch bevy at client weakness...Microsoft released its largest collection of security patches in more than a year.

The monthly security update includes 21 vulnerabilities on 12 updates, the most since February 2005.

Jonathan Bitle, product manager with Qualys Inc, said the update is so large because hackers are exploiting "client side" weaknesses instead of automated services that run in an operating system. That type of attack relies on PC users' tendency to open e-mail attachments and other files from unknown senders. Click here for more details.

Microsoft Security updates summary for June 2006 Published: June 13, 2006  Click here for more details.

05/10/2006 Tuesday MSNBC/Reuters -  Microsoft warns of two ‘critical’ security flaws Holes in Windows, Exchange software could let attackers take control of PC - Microsoft Corporation Tuesday warned of a "critical" security flaw in its Windows operating system and another in its business Exchange software that could allow attackers to take control of a computer.  Click here for more details.
 

04/11/2006 Tuesday MSNBC -  Microsoft Corporation  released three critical patches Tuesday for its Windows operating system, including one to fix an Internet Explorer browser flaw that had already been exploited in some Internet attacks.  Click here for more details.  IT professionals and systems administrators – Go to Microsoft TechNet for detailed information about these updates.  Click here for to access this site.
 

03/23/2006 Thursday Microsoft Security Advisory (917077) - Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution.  Microsoft has confirmed new public reports of a vulnerability in Microsoft Internet Explorer. Based on our investigation, this vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user.  Note that the default security level for a user on a Windows XP system is administrator with full rights to do anything on that system.  Click here for more details.  U.S. Department of Homeland Security US-CERT Vulnerability Note VU#876678 - Microsoft Internet Explorer (IE) fails to properly handle the createTextRange() DHTML method, possibly allowing a remote, unauthenticated attacker to execute arbitrary code.  Click here for more details.

03/14/2006 Tuesday Microsoft - Vulnerabilities in Microsoft Office and Microsoft Works Could Allow Remote Code Execution.

Summary

Who should read this document: Customers who use Microsoft Office and Microsoft Works

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

Caveats: None

On vulnerable versions of Office, if a user is logged on with administrative user rights [standard for XP users], an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

NOTE: Make sure you have the CD used to install the software before you attempt this update. You may need it to perform the update.  To run Microsoft Office updates Click here Microsoft Internet Explorer only.

03/14/2006 Tuesday US Department of Homeland Security - US-CERT - There are critical vulnerabilities in some features of Microsoft Office and Excel. If an attacker can convince you to open a malicious Office file, he or she may be able to take control of your computer or cause it to crash. Microsoft Security Bulletins for March 2006 provides updates that address these vulnerabilities. For more technical information, see US-CERT Technical Cyber Security Alert TA06-073A.

01/05/2006 Thursday InfoWorld - Microsoft released a patch for the Windows WMF (Windows Meta File) flaw at 5 p.m. Eastern time Thursday in response to what it described as “strong consumer sentiment” for an early fix to the problem.  NOTE: Users of all versions of Windows NT 4.0 should upgrade their operating systems because those versions are no longer supported by Microsoft.    RUN WINDOWS UPDATE NOW ! ! !   Click here for details.

01/04/2006 Wednesday eWeek - Ryan Naraine - Another unofficial patch for the Windows Metafile flaw is making the rounds.

Security vendor ESET, makers of the NOD32 anti-virus program, on Wednesday shipped an interim patch for the bug, almost a week before Microsoft Corp. is scheduled to release a properly tested security update.

Rick Moy, vice president of marketing and sales for ESET said the widespread use of Microsoft's operating system means that a "very large user base [is] susceptible" to the zero-day vulnerability.  Click here for details.

01/04/2006 Wednesday eWeek - Ryan Naraine - A cryptographically signed version of Microsoft Corp.'s patch for the Windows Metafile vulnerability accidentally leaked onto the Internet late Tuesday, adding a new wrinkle to the company's round-the-clock efforts to stop the flow of malicious exploits.

The MSRC (Microsoft Security Response Center) acknowledged that a slip-up caused "a fast-track, pre-release version of the update" to be posted to a security community site and urged users to "disregard" the premature update.  Click here for details.

01/03/2006 Tuesday eWeek - Ryan Naraine - Microsoft Corp. has slapped a 'buyer beware' tag on a third-party patch for the zero-day Windows Metafile flaw and promised that its own properly tested update will almost certainly ship Jan. 10.
The company's latest guidance comes days after an unofficial hotfix from reverse-engineering guru Ilfak Guilfanov got rare blessings from experts at the SANS ISC (Internet Storm Center) and anti-virus vendor F-Secure Corp.  Click here for details.

 

©2000-2006 Internet Partners, Inc.
1800 NW 167th Place Suite 160 - Beaverton, Oregon 97006-8132
+1 503 690 2700    FAX +1 503 690 9700