Out of the 13 advisories this month, administrators are advised to patch MS10-006, MS10-009, MS10-013, MS10-015, and MS09-012 immediately. Machines with Microsoft Office installed should also be patched for MS10-003 and MS10-004 as soon as possible. The remainder of the patches should be applied after environment testing, or to environments that have the specifically affected software deployed.

As always, eEye suggests that users roll out Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity.

via eEye Digital Security .

  • Share/Bookmark
Tags Tags: , ,
Categories: Security
Posted By: jmiles
Last Edit: 10 Feb 2010 @ 12 49 AM

EmailPermalinkComments (0)

There are several practical workarounds in this bulletin.  Primarily, enable Protected Mode in the Internet zone and make sure to move any questionable sites out of the Trusted zone.

via Microsoft Security Advisory 980088: Vulnerability in Internet Explorer Could Allow Information Disclosure.

  • Share/Bookmark
Tags Tags:
Categories: Security
Posted By: jmiles
Last Edit: 04 Feb 2010 @ 07 25 AM

EmailPermalinkComments (0)

This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer… The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates input parameters, and filters HTML attributes.

EEye recommends immediate installation of the patch.

via eEye Digital Security .

  • Share/Bookmark
Tags Tags: , ,
Categories: Security
Posted By: jmiles
Last Edit: 22 Jan 2010 @ 06 28 AM

EmailPermalinkComments (0)
 21 Jan 2010 @ 8:08 AM 

Microsoft is investigating reports of limited, targeted attacks against customers of Internet Explorer 6, using a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable.

via Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution.

  • Share/Bookmark
Tags Tags:
Categories: Security
Posted By: jmiles
Last Edit: 21 Jan 2010 @ 08 08 AM

EmailPermalinkComments (1)

“The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability.  This attack is especially deadly on older systems that are running XP and Internet Explorer 6.”

via FOXNews.com – Google Hack Leaked to Internet; Security Experts Urge Vigilance.

  • Share/Bookmark
Tags Tags: ,
Categories: Security
Posted By: jmiles
Last Edit: 20 Jan 2010 @ 06 54 AM

EmailPermalinkComments (0)
 09 Dec 2009 @ 6:28 AM 

Out of the 6 patches this month, three are client-side specific, and 3 are remote network vulnerabilities. Administrators should patch MS09-072, MS09-0071, and MS09-073 immediately. The remainder of the patches should be applied after environment testing, or to environments that have the specifically affected software deployed.

via Security bulletin from eEye Digital Security .

  • Share/Bookmark
Tags Tags: , ,
Categories: Security
Posted By: jmiles
Last Edit: 09 Dec 2009 @ 06 28 AM

EmailPermalinkComments (0)
 23 Nov 2009 @ 10:49 PM 

Sounds like it is time to upgrade to IE 8; I have had no problems with IE 8, using it over the last several months:

Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that … Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected.

The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.

At this time, we are aware of no attacks attempting to use this vulnerability against Internet Explorer 6 Service Pack 1 and Internet Explorer 7.

via Microsoft Security Advisory 977981: Vulnerability in Internet Explorer Could Allow Remote Code Execution.

  • Share/Bookmark
Tags Categories: Security Posted By: jmiles
Last Edit: 23 Nov 2009 @ 10 49 PM

EmailPermalinkComments (0)
\/ More Options ...
Change Theme...
  • Users » 4
  • Posts/Pages » 220
  • Comments » 11
Change Theme...
  • VoidVoid
  • LifeLife
  • EarthEarth
  • WindWind « Default
  • WaterWater
  • FireFire
  • LightLight

About Jim Miles



    No Child Pages.

Contact



    No Child Pages.

Case Studies



    No Child Pages.

Prioritized Approach to PCI



    No Child Pages.