Wiz's Computer and Website Security Blog

On Monday, November 2, 2009, Microsoft began using Automatic Windows Updates to forcibly push out a re-release of a critical patch for its Internet Explorer browsers. Monday's hotfix, named KB976749, targeted MS09-054, originally released on October 13, 2009. That update patched four vulnerabilities, all "critical," in Internet Explorer. It was the third fix released for last month's Windows Updates! Whew!

Microsoft Knowledge base article KB976749 outlines the two issues, one that scrambles Web page elements, while the other spawns a "Type Mismatch" script error on sites that use VBScript, or a mix of VBScript and JavaScript. That article is titled: "An update is available for Internet Explorer that resolves issues that occur after you apply security update 974455 (MS09-054)."

The following warning appears on the aforementioned page:

Important Do not install this update if you have not installed security update 974455. If you install this update without first installing security update 974455, Internet Explorer may not work correctly. If this occurs, uninstall this update, install security update 974455, and then reinstall this update.

This update affects all versions of Internet Explorer, from 5.01 through 8.x. So, if you applied last month's Windows Updates (Oct 13, 2009) and allowed the IE patch to be installed, you will need to install this patched patch.

Many people will have already received this update automatically by the time I published this blog article. It requires a reboot to install the patch and you will be logged off and your PC will restart automatically, unless you intercept the pop-under notice giving you a 15 minute warning before shutdown (Maybe it was 20 minutes to start. When I first noticed it the timer said 15 minutes). Even Power Users and probably Limited Users are affected by the automatic installation and reboot process, if your PC is set to install Windows Updates automatically.

BTW: The "Restart later" button was grayed out for me, so I was forced to save all work in progress, close open applications to avoid data loss, then use "Restart Now" to let the inevitable update complete. The aggravating part of this process was that I don't browse at all with Internet Explorer! I only open it to obtain Windows Updates, after logging into a Administrator level account, or to check layouts of websites I design and maintain. I do all daily browsing on Mozilla's Firefox, using latest version. I operate as a Power User and was forced to allow the installation and forced reboot. Not much finesse on Microsoft's part.

Note, that if this patch causes you more problems that it solves, you can uninstall it via Control Panel > Add/Remove Programs, with the Show Updates option checked. After rebooting you will be rolled back to the previous state of "patchedness."

Note also that one can only avoid these forced installation/reboot routines by disabling Automatic Windows Updates. Anything less will allow critical patches to be downloaded and installed if you are browsing on a less privileged account type. People who (foolishly, in my opinion) insist on using Administrator level accounts will at least see the gold shield tray icon notification that an update is available. or has been downloaded. By the time a Power User sees the shield, the countdown timer has starting its countdown to a forced restart.

Posted by Wiz at 5:38 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

July 25, 2009

There are some new vulnerabilities to be alerted to that are being exploited in the wild right now and may impact you. Some affect Windows computers, while others are cross platform (Linux, Mac, Solaris). Foremost among the vulnerable software are Internet Explorer, Visual Studio components and three Adobe programs.

First off, Microsoft just announced that they will be releasing two out-of-cycle security patches on Tuesday, July 28, 2009. This is very rare for Microsoft, who mainly stick to a Patch Tuesday happening just once a month schedule. The two vulnerabilities are being actively exploited in the wild and cannot wait until August 11 to be fixed. Too many PCs would be compromised by then.

If you have followed Microsoft's recommendation and set your Windows PCs to download and install Windows Updates Automatically, you will receive them sometime during the day of July 28, 2009, depending on where you are located. For folks living in the Eastern US time zone these updates will probably show up around 2 PM. If you are going to be away from your PC during that afternoon you should save any work in progress, because Windows Update will reboot your computer without interaction, if required to install those updates, after popping up a pending shutdown alert. If you aren't there to dismiss that alert your PC will be automatically rebooted to finish installing these critical patches.

Adobe has three products being exploited by cyber criminals this week. They are Adobe's Acrobat, Reader and Flash Player. This time the exploit lies in the way in which Adobe Reader and Acrobat are set to automatically run embedded Flash code whern a person opens a .pdf document (pdf = Portable Document Format) in any current version of Reader or Acrobat. In case you were wondering, Acrobat is an expensive program used to create pdf documents. Reader opens them for reading and printing. Flash is active content for interactive forms and video presentations on web pages, or for embedding into pdf files. YouTube videos are encoded using Adobe Flash and are viewed in Flash Player.

Adobe will be releasing patches on two days this month. An update for Flash Player v9 and v10 for Windows, Macintosh, and Linux will be available by July 30, 2009. They expect to provide an update for Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX by July 31, 2009. While you patiently wait for those patches you can protect you computers from getting hacked from hostile pdf documents by applying two officially recommended workarounds.

UPDATE:
August 2, 2009

Both Microsoft and Adobe did release the promised, out-of-band, critical updates, fixing the reported vulnerabilities in Microsoft's Internet Explorer and Visual Studio ATL and in Adobe's Flash, Reader and Acrobat. If you have not already done so, please run the Secunia Online Software Inspector, to see what insecure software is installed on your computers. Download links are provided in its report.

Note: If you are a programmer and have written any code that utilizes the Microsoft Visual Studio ATL, you may need to make changes to get those controls working again. See this MSDN page for more information about how the security update of 7/28/09 will impact your code.

Details about the Adobe vulnerabilities and their workarounds are in my extended content.

Continue reading "Microsoft and Adobe to release out-of-band patches" »

Posted by Wiz at 6:29 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This article is in regard to Microsoft Security Advisory 961051: Vulnerability in Internet Explorer Could Allow Remote Code Execution, which was published on December 10, 2008 and last updated on December 15, 2008.

In the above Security Advisory Microsoft revealed that a critical vulnerability was reported in all versions of Internet Explorer, from versions 5 through 8 beta. There are already exploits in the wild compromising computers around the World, but it seems to have begun in China. In fact, these exploits began occurring the same day the last Windows Updates were pushed out, making this a zero-day exploit. The exploit code is being hosted mostly on exploited Windows IIS web servers and is installed by exploiting SQL Injection vulnerabilities that have not been patched by system administrators. From what I've been reading there are a lot of Windows-based servers that are not keeping up with critical patches!

The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.

Users who operate from less privileged accounts will be less impacted than those operating as computer administrators. Also, using "Protected Mode" in Internet Explorer 7 and Internet Explorer 8 Beta 2 in Windows Vista limits the impact of the vulnerability.

Microsoft and other security sources have recommended several temporary workarounds to mitigate this vulnerability, including disabling automatic processing of ActiveX Controls in the Internet and Intranet zones. If you have ever changed the settings for ActiveX to "Prompt" you know that the browser will literally drive you nuts with pop-ups asking for permission to run an ActiveX Control. In these cases it is best to just disable ActiveX completely and wait for a patch to be released, then re-enable it. In any case, if you have applied any of the temporary workarounds listed in kb961051, you should undo them after applying the upcoming patch.

In response to the urgency of this vulnerability, Microsoft is releasing an "out-of-band" patch on December 17, 2008. This is the second unscheduled patch released this calendar year and both are in regards to zero-day exploits in the wild. If your computer is set to download and install Windows Updates automatically this will happen sometime on December 17. If you perform your Windows Updates manually, begin checking for "Express"updates during the afternoon (USA) of December 17, 2008. The official release time for the USA and Canada is 1 PM Eastern Standard Time, which is 6:00 PM or 18:00 Hours GMT.

This patch may require you to restart your computer, but definitely Internet Explorer.

Computers that are protected with Trend Micro Internet Security or Security Pro 2009 are already protected against this "web threat." This is because those products include constantly updated protection from hostile codes in compromised (or purposely hostile) web pages.

Posted by Wiz at 7:30 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Today, July 8, 2008, is Patch Tuesday for supported Microsoft operating systems, so I dutifully visited Microsoft Updates manually and installed the DNS patch referred to in this bulletin: Microsoft Security Bulletin MS08-037 – Important: Vulnerabilities in DNS Could Allow Spoofing (953230). This is rated as an "important" patch by Microsoft. Applying this patch is supposed to protect one's PC from DNS spoofing attacks.

However, the patch appears to be overzealous in its implementation. After restarting Windows I was unable to access the Internet whatsoever! I had to use System Restore to rollback to just before I installed this patch, then I was able to get back online and write this article.

I recommend that my readers use caution before installing this patch today. First, be sure you have System Restore turned on. Even then you could wait until tomorrow in case Microsoft discovers the problem and patches the patch!

I don't know if this loss of connectivity was caused by the patch itself, or by a bad interaction with one of my security applications. Therefore, I am going to list my operating system and security program details, in case any of you have a similar setup. This might save you from having to run System Restore, or reinstalling Windows if you have System Restore turned off.

My setup:
OS: Windows XP Professional with Service Pack 3
All previous Windows Updates were installed; I am fully up to date.
No viruses, no spyware, no hostile LSPs are present after multiple scans.
I operate as a Power User, not an Administrator, except to run Windows Updates, install drivers, or uninstall applications requiring administrator privileges.

My security is provided by the following applications:
Avira AntiVir Free current version and up to date (no problems)
Trend Micro Web Protection Add-on v 1.2 (90 day trial - works perfectly)
>> ZoneAlarm Personal Firewall Causes this problem! (See extended comments)
Spybot Search and Destroy 1.5.2, without Tea Timer (no resident module)

Everything returned to normal as soon as I restored my PC to just before I installed Windows Update MS08-037, a.k.a: Kb953230. Knowledge Base article Kb953230 is found here and has a list of known problems that users are experiencing after installing this flawed update. They need to go back to the drawing board with this patch. I recommend that you read the aforementioned article before installing the patch on your computer.

I'll add information as a follow-up, once I learn the exact cause of my loss of Internet connectivity, as relates to patch #MS08-037.

The cause and solution for my loss of Internet connectivity after applying MS patch MS08-037 has been found and is detailed in my extended comments.

Wiz

Continue reading "Windows Update MS08-037 broke my Internet connectivity today" »

Posted by Wiz at 2:12 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

On March 20, 2008, I published an article on my blog about the release of Windows Vista Service Pack 1 and problems it was causing for some customers. Today, I learned some specifics about one of the pieces of hardware which is especially problematic for SP1 upgraders. That hardware is the Intel 945G Express series chipset that is found in thousands of computers that are being distributed and have been for the last year or so. I was building computers with Intel motherboards containing the 945G chipsets last summer. Most of these computers were loaded with XP Professional, but many were getting Vista Business installed. They all worked fine with the initial release of Vista, but that has come to a sudden halt, with the release of Vista SP1, for those machines.

The 945G Express chipset driver versions between numbers 7.14.10.1322 and 7.14.10.1403 won't work with Vista SP1, according to Microsoft. These chipsets are found in Asus and Intel OEM motherboards, and major name brands, like Gateway, Lenovo, Hewlett-Packard and others. The 945G Express chipset includes Intel's GMA 950 graphics core, which also won't work with Vista SP1 if those drivers are used. Intel has released updated drivers for the 945G Express chipsets, to the manufacturers of the motherboards and computer builders using them. You should visit the support website for your computer builder, or motherboard, to update all of your hardware to the latest drivers before even attempting to install SP1. Note, that in the case of certain drivers, Microsoft itself may release updated versions that are compatible with Vista SP1, via Automatic Windows Updates, or manual Microsoft Updates. If all else fails and your motherboard is made by Intel, go to their website, input your motherboard part number and look for the latest Vista drivers. The Intel 945G chipset information page is here.

Admittedly, this is a bunch of techno-babble to most people, but, if you attempted to upgrade to Vista SP1 and your motherboard hardware has all yellow exclamation marks next to each chipset, in Device Manager, you will want to understand what is causing it and where to start looking for solutions.

Posted by Wiz at 10:33 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

On Tuesday, March 18, 2008, Microsoft released the first service pack, SP-1, for general dispersion, via Windows Updates. Microsoft describes the improvements contained in this service pack, as follows:

"In addition to all previously released updates, SP1 contains changes focused on addressing specific reliability and performance issues, supporting new types of hardware, and adding support for several emerging standards. SP1 also continues to make it easier for IT administrators to deploy and manage Windows Vista. Service Packs are not intended to be a vehicle for releasing significant new features or functionality; however some existing components do gain slightly enhanced functionality in SP1 to support industry standards and new requirements."

For most users the update to Vista SP-1 has been going smoothly, but there are others who are not so fortunate. Those folks are experiencing driver failures after rebooting from the upgrade process. Let's look into what is going wrong and what can be done to either prevent, or correct this problem.

Microsoft has been testing SP-1 for quite a while now and already knows about which hardware device drivers will experience trouble after the upgrade. For this reason Microsoft has been releasing its own driver updates for some of the most widely deployed chipsets which are at risk of failing during the upgrade to SP-1. Among those chipsets and drivers is the widely used Realtek AC97 audio device. Also listed as needing updated drivers are the following: SigmaTel, Creative Audigy and Conexant HD Audio. An Intel display driver also needs to be updated. I recommend visiting the Microsoft Support page describing these affected devices. On that page you are urged to visit the manufacturer's websites to search for updated drivers. This is always your best first option regarding device drivers. However, in the case of the Realtek drivers, Microsoft has written and made available its own upgraded driver and is making it available via Microsoft Updates.

When you run Microsoft Updates it will first check your installed hardware to see if any devices are on the list of affected hardware. If so, you will be offered an optional hardware update to fix that driver, in preparation for the installation of SP-1. Note, that these devices may be functionally perfectly under the initial release of Windows Vista. However, until you update the affected drivers you will not be offered the update to service pack 1. This is to protect your computer from device failures upon installing SP-1 and rebooting. Some of you may be tempted to go to the Microsoft download site and install the service pack manually. If you haven't taken care of the driver compatibility issues you will experience problems, such as are described on this Microsoft Support page. The following is a quote from the Microsoft Vista SP-1 Support page titled "Things to know before you download."

"Some Windows Vista users may encounter an issue with a small set of hardware devices that may not function properly after updating a Windows Vista PC to Windows Vista SP1. This is an issue with the way the device drivers were re-installed during the Windows Vista SP1 update process, not with the drivers themselves—these drivers worked on Windows Vista RTM and they work on Windows Vista SP1. This problem is typically corrected by simply uninstalling and reinstalling the driver. We are working with the manufacturers of these devices to get the known problematic drivers and their install programs updated, and also on other solutions we can use to ensure a smooth customer experience when updating to Windows Vista SP1 using Windows Update. For new PCs provisioned with Windows Vista SP1, this is not an issue."

Continue reading "Windows Vista SP-1 released - some driver problems reported" »

Posted by Wiz at 4:00 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Yesterday, in an unusual move, Microsoft issued an out-of-cycle patch through it's automatic Windows Updates service. This update fixes issues caused by the US changes to Daylight Saving Time.

In a very long Microsoft support article titled "August 2007 cumulative time zone update for Microsoft Windows operating systems" (kb933360), the company explains the reason for this re-release of the DST patch originally issued in January 2007.

This update supersedes and replaces update KB931836, released in January 2007. This update also includes additional time zone changes that were signed in to law after update KB931836 was created.

Important Before you apply the update that is described by this article, be aware of potential issues that may affect Microsoft Office Outlook.

See this Microsoft article; kb931667, for details about how to address the daylight saving time changes in 2007 by using the Time Zone Data Update Tool for Microsoft Office Outlook.

Kb931667 APPLIES TO:
• Microsoft Office Outlook 2007
• Microsoft Office Outlook 2003
• Microsoft Outlook 2002 Standard Edition
• Microsoft Outlook 2000 Standard Edition

If you want a complete white paper describing these issues just read the new knowledgebase article. Otherwise, just download the patch manually, if you haven't already received it via Automatic Windows Updates.

Interesting note to Limited Users and Power Users
As a Windows XP Professional "Power User" I am not accustomed to seeing Windows Updates unless I have logged into an Administrator level account. But, last night, as I was turning off my computer I saw a notice that an important Windows Update was waiting to be installed and to "Click Turn Off to continue installing it." In a few moments my DST patch was installed and my 'puter shut itself off for the night. This is good news for it provides a means to deliver system level patches to users operating with reduced user privileges, for their own protection. It's actually the second time this year that I have received a Windows Update while signing off for the night.

For those who are curious about why I would run with less than administrator privileges, read my blog article titled "Limited User Privileges Protect Against Malware Infections."

Continue reading "Microsoft Issues Out-Of-Cycle Time Zone Patch via Windows Updates" »

Posted by Wiz at 9:35 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Attention Microsoft Windows 2000, XP, Vista and Server 2003 users! Patch Tuesday is coming on May 8, 2007. Here are the details about the patches being released through Windows Update Services.

On Tuesday 8 May 2007 Microsoft is planning to release:

Security Updates

. Two Microsoft Security Bulletins affecting Microsoft Windows.
The highest Maximum Severity rating for these is Critical. These updates will require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.

. Three Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.

. One Microsoft Security Bulletin affecting Microsoft Exchange. The highest Maximum Severity rating for these is Critical. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.

. One Microsoft Security Bulletin affecting CAPICOM and BizTalk. The highest Maximum Severity rating for these is Critical. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool.

Microsoft Windows Malicious Software Removal Tool

. Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

. Microsoft will release 1 NON-SECURITY High-Priority Update for Windows on Windows Update (WU) and Software Update Services (SUS).

. Microsoft will release 6 NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

If you have set your computer to download and install updates automatically they will do so. Otherwise, be sure you check manually throughout the afternoon of May 8, 2007.

Note for Mac computer users:
Apple released major patches and updates last week for numerous Apple programs, including QuickTime Player. It is extremely important that you apply these updates if your computer is on the Internet. Use the built-in Software Update utility to obtain these fixes.

As sometimes happens there may be software incompatibility problems that arise after these updates are released and applied. If I learn of any significant issues I will post about them here.

Posted by Wiz at 12:50 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Original posting date: 04/03/2007 - Updated on 04/19/2007

If you installed the KB925902 Windows Update patch, released on April 3, 2007, and rebooted to see the following error message, I have solutions for you.

Rthdcpl.exe (or other file) - Illegal System DLL Relocation
"The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL."

This problem occurs when the Realtek HD Audio Control Panel (Rthdcpl.exe) by Realtek Semiconductor Corporation, or AVG 7.5, or certain other applications are installed, which use Hhctrl.ocx. The name of the file causing the conflict will be related to the application it belongs to. The Hhctrl.ocx file that is included in security update 928843 and the User32.dll file that is included in security update 925902 have conflicting base addresses. This problem occurs if a program loads the Hhctrl.ocx file before the program loads the User32.dll file. A list of the applications known to be affected are in my extended comments.

If this happened to your Windows computer, please read this Microsoft Knowledge Base article:

935448 Certain programs may not start, and you receive an error message on a computer that is running Windows XP Service Pack 2: "Illegal System DLL Relocation"

You can read the details about the cause of the problem and download a Hotfix from that page which addresses the issue with the Realtek and other listed device drivers and applications. Alternately, install update 935448 by using Automatic Updates or by using Microsoft Update. To use Microsoft Update, visit the following Microsoft Web site: http://update.microsoft.com/microsoftupdate

Or, better yet, go directly to the manufacturer - Realtek drivers download page and download the newest audio driver (Realtek has released version 1.64 to address this problem), which corrects the above mentioned problems and also works with Windows Vista operating systems.

If you are using another program that is on the affected list, such as AVG Anti Virus Control Center 7.5, check for updates from the manufacturer, which will correct the underlying problem. Most of these updates may require a reboot to install completely, If no updates are available yet, apply the hotfix listed above (for validated copies of Windows XP SP-2 only).

A list of applications known to be affected is below, in the extended comments...

Continue reading "Hotfix for User32.dll error caused by April 3 Windows Update" »

Posted by Wiz at 7:16 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

October 10, 2006

Today is Patch Tuesday as Microsoft rolls out it's newest critical patches and security updates. If you have turned on Automatic Windows Updates you will receive some or all of the available updates, pertaining to your particular computer, sometime today. If you do not have Automatic Updates turned on you should manually visit the Windows or Microsoft Updates website to download and install all available patches. Some of these patches will require a reboot to install them.

Keeping your computer up to date with Windows Updates is critical for keeping your computer safe from the latest threats that are being exploited in the wild.

However, this is not the end of securing you computer. You also need to run up-to-date anti virus and anti spyware applications. There are links to various security programs in the right sidebar and in my ads on these pages.

You should also consider reducing your permissions to that of a Limited User, for your daily browsing and emailing user account. See my blog article about running as a Limited User and how this can protect you against most malware threats.

Posted by Wiz at 2:26 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

On 8 August 2006 Microsoft is planning to release:

Security Updates

. Ten Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.

. Two Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

Microsoft Windows Malicious Software Removal Tool

. Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center. Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

. Microsoft will not release any NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).

. Microsoft will release twoNON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released.

Microsoft will host a webcast next week to address customer questions on these bulletins. For more information on this webcast please see below:
. TechNet Webcast: Information about Microsoft's Security Bulletins
. Wednesday, August 09, 2006 11:00 AM Pacific Time (US & Canada)
WebCast Link

At this time no additional information on these bulletins such as details regarding severity or details regarding the vulnerability will be made available until 8 August 2006.

Posted by Wiz at 7:14 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Microsoft Security Bulletin Advanced Notification

On 11 July 2006 Microsoft is planning to release:

Security Updates

. Four Microsoft Security Bulletins affecting Microsoft Windows.
The highest Maximum Severity rating for these is Critical. These
updates will be detectable using the Microsoft Baseline Security
Analyzer and the Enterprise Scan Tool. Some of these updates will
require a restart.

. Three Microsoft Security Bulletins affecting Microsoft Office.
The highest Maximum Severity rating for these is Critical. These
updates will be detectable using the Microsoft Baseline Security
Analyzer. These updates may require a restart.

Microsoft Windows Malicious Software Removal Tool

. Microsoft will release an updated version of the Microsoft
Windows Malicious Software Removal Tool on Windows Update, Microsoft
Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update
Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

. Microsoft will not release any NON-SECURITY High-Priority
Updates for Windows on Windows Update (WU) and Software Update
Services (SUS).

. Microsoft will release one NON-SECURITY High-Priority Updates
on Microsoft Update (MU) and Windows Server Update Services (WSUS).

End of support for Windows 98, 98 Second Edition and Millenium Edition.

There will be no further updates or patches released for the aforementioned operating systems, as support for them ends on the morning of July 11, 2006. Anybody who is still using Windows 9x or ME is at increasing risk from Internet threats that are no longer going to be patched by Microsoft. You are strongly advised to obtain a newer, supported operating system, such as Windows XP.

You can obtain a legal, licensable copy of Windows XP from Tiger Direct, at a much lower price than Microsoft charges for just a license. View all versions of Windows Operating Systems available from TigerDirect

Posted by Wiz at 9:56 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition (Me) ends on July 11, 2006. Microsoft will end public and technical support by this date. This also includes security updates. Microsoft is providing final notifications to customers to end the extended security update support for these products.

Microsoft is ending support for these products because they are
outdated and these older operating systems can expose customers to security risks. We recommend that customers who are still running Windows 98 or Windows Me upgrade to a newer, more secure Microsoft operating system, such as Windows XP, as soon as possible.

Continue reading "Final notification about the end of Win98, Win98SE and WinME support" »

Posted by Wiz at 9:42 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Microsoft Security Bulletin MS06-015: Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

Affected Software:
< snip >...
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.

Frequently asked questions (FAQ) related to this security update

If Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) are listed as an affected product, why is Microsoft not issuing security updates for them?
During the development of Windows 2000, significant enhancements were made to the underlying architecture of Windows Explorer. The Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) Windows Explorer architecture is much less robust than the more recent Windows architectures. Due to these fundamental differences, after extensive investigation, Microsoft has found that it is not feasible to make the extensive changes necessary to Windows Explorer on Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) to eliminate the vulnerability. To do so would require reengineer a significant amount of a critical core component of the operating system. After such a reengineering effort, there would be no assurance that applications designed to run on these platforms would continue to operate on the updated system.

Microsoft strongly recommends that customers still using Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) protect those systems by placing them behind a perimeter firewall which is filtering traffic on TCP Port 139. Such a firewall will block attacks attempting to exploit this vulnerability from outside of the firewall, as discussed in the workarounds section below.

Will Microsoft issue security updates for Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) sometime in the future?
Microsoft has extensively investigated an engineering solution for Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME). We have found that these architectures will not support a fix for this issue now or in the future.

If you connect to the Internet with a Windows 98 or ME computer you will be at risk from past, present and future threats, with no help coming from Microsoft after July 11. Microsoft is discontinuing ALL support and patches for Windows 98, Windows 98 S.E. and Windows M.E., effective on the evening of July 11, 2006.

"Critical security updates will be provided on the Windows Update site through July 11, 2006. Microsoft will not publicly release non-critical security hotfixes for Windows 98, Windows 98 Second Edition, or Windows Millennium Edition."

If you are still using one of those operating systems on a computer that connects to the Internet, you are strongly advised to scrap it and get something up to date, with an operating system that is still supported by Microsoft, or get a new Mac instead. In the meantime, add as much anti-virus, anti-spyware and firewall protection as you can find, that will work on your OS, and download as many Windows updates as you can, then buy a disk imaging program and make a copy of the fresh OS, with all patches and security programs in place. Burn that to a CD for use if your OS crashes or gets invaded by a virus, backdoor, trojan, worm or spyware.

Posted by Wiz at 10:33 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

On 13 June 2006 Microsoft is planning to release:

Security Updates

. Nine Microsoft Security Bulletins affecting Microsoft Windows. The
highest Maximum Severity rating for these is Critical. These updates
will be detectable using the Microsoft Baseline Security Analyzer and
the Enterprise Scan Tool. Some of these updates will require a
restart.

Note that, as discussed in Microsoft Security Bulletin MS06-013, with
the release of one of these bulletins, support for the compatibility
patch discussed in Microsoft Knowledge Base Article 917425 will
cease.

This means that all users who apply this security update will receive
the ActiveX update discussed in Microsoft Knowledge Base Article
912945 regardless of whether or not they have applied the
compatibility patch discussed in Microsoft Knowledge Base Article
917425.

Administrators are encouraged to review the following articles prior
to release and take appropriate steps for their environment:

- Microsoft Security Advisory 912945 - Non-Security Update for
Internet Explorer:
http://www.microsoft.com/technet/security/advisory/912945.mspx

- Microsoft Knowledge Base Article 912945:
http://support.microsoft.com/kb/912945

- Microsoft Knowledge Base Article 917425:
http://support.microsoft.com/kb/917425

- Information for Developers about Internet Explorer:
http://msdn.microsoft.com/ieupdate

. One Microsoft Security Bulletin affecting Microsoft Exchange. The
highest Maximum Severity rating for this is Important. These updates
will be detectable using the Microsoft Baseline Security Analyzer.
These updates may require a restart.

Note that this update will include the functionality change discussed
in Microsoft Knowledge Base Article 912918. Administrators are urged
to review this Knowledge Base article prior to release and take steps
appropriate for their environment.

. Two Microsoft Security Bulletins affecting Microsoft Office. The
highest Maximum Severity rating for these is Critical. These updates
will be detectable using the Microsoft Baseline Security Analyzer.
These updates may require a restart.

Microsoft Windows Malicious Software Removal Tool

. Microsoft will release an updated version of the Microsoft Windows
Malicious Software Removal Tool on Windows Update, Microsoft Update,
Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update
Services (SUS).

Continue reading "Microsoft Security Bulletin Advanced Notification" »

Posted by Wiz at 4:11 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Final customer notification about the end of Windows 98, Windows 98
Second Edition, and Windows Millennium Edition Extended Support

Support for Windows 98, Windows 98 Second Edition, and Windows
Millennium Edition (Me) ends on July 11, 2006. Microsoft will end
public and technical support by this date. This also includes security
updates. Microsoft is providing final notifications to customers to
end the extended security update support for these products.

Microsoft is ending support for these products because they are
outdated and these older operating systems can expose customers to
security risks. We recommend that customers who are still running
Windows 98 or Windows Me upgrade to a newer, more secure Microsoft
operating system, such as Windows XP, as soon as possible.

Continue reading "End of Support: Windows 98, 98SE and ME" »

Posted by Wiz at 5:19 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Source:
Microsoft Security Bulletin MS06-015: Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

You've heard of issues with this security update. Does Microsoft plan to release a revised security update to address these issues?
Microsoft has completed its initial investigation into issues involving old third party software that customers may have experienced after the installation of this security update. On Tuesday, April 25, Microsoft will issue a targeted re-release of the MS06-015 update.

Note Customers who have already applied the MS06-015 update who are not experiencing the problem need take no action.

When released, what changes will the revised security update include?
The revised security update will contain no changes to the binaries included in the initial security update. The revised security update will place the following entries in the allow list as indicated in Microsoft Knowledgebase Article 918165.

HP Share-to-Web
• {A4DF5659-0801-4A60-96071C48695EFDA9}

NVIDIA Graphics Driver
• {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
• {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
• {1CDB2949-8F65-4355-8456-263E7C208A5D}

How do I deploy this revised update?
For customers who have already applied the update and are experiencing the problem related to the older Hewlett Packard Share-to-Web software, or older NVIDIA drivers prior to or including version 61.94, the revised update will be available through Windows Update and Microsoft Update. The targeted re-release will be automatically delivered to affected computers through Automatic Update if it has been enabled The re-release will not be distributed to non-affected computers.

Microsoft Baseline Security Analyzer (MBSA) 2.0 will also determine if one of the identified third-party COM controls has been installed and will offer the revised security update.

For Microsoft Baseline Security Analyzer (MBSA) 1.2.1, the detection logic has been updated to offer the revised package only to machines that do not have the initial security update installed. MBSA 1.2.1 cannot be used to determine if the identified third-party COM controls have been installed. In this situation, we recommend either a manual or Group Policy install of the revised security update.

What are the known issues that customers may experience when they install this security update?
Microsoft Knowledge Base Article 918165 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 918165.

Posted by Wiz at 11:22 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

On April 11, 2006, Microsoft released a critical patch, MS06-015 (KB908531), to plug a vulnerability in how COM objects interact with the Windows Explorer Desktop. It was called a Desktop drag and drop vulnerability. Fine, it was exploitable and was patched. Well, not so fast!

I am the moderator of a computers forum and a lot of members who applied that patch as part of the April 11 Windows Updates are reporting all kinds of system instability and freeze-ups. It turns out that they aren't the only ones having trouble because of the COM patch. Forums all over the World are talking about problems people are experiencing after applying this patch, and various solutions have been put forth by individuals and by Microsoft.

Many people first became aware of the effects of the patch when their desktop applications began hanging, and when they used Task Manager to see what processes were running they all found a file named VERCLSID.EXE was running as a process, not an application. Terminating that process restores normal Windows Desktop operation. Verclsid.exe is part of the MS06-015 patch.

You can read about just some of the applications that are having problems because of this patch, in Microsoft Knowledgebase Article 918165. The list of affected products is growing all the time.

Some people have decided to rename or delete the file that is causing the problems - verclsid.exe, which is located in your %Windir\System32 directory. Others have uninstalled the Update via Control Panel > Add/Remove Programs. The Microsoft artlcle linked to above even suggests some solutions for certain 3rd party products.

If your computer is now suffering unexplainable hangs they might be due to bad interactions with this patch. You can rename the verclsid.exe file, uninstall the patch, or look for spyware on your computer. Why did I say that, you ask? Read my extended comments to find out what I learned last weekend...

Continue reading "Latest Microsoft Patch needs Patching" »

Posted by Wiz at 4:38 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Notice to all Windows users, Microsoft has released critical patches today for all supported versions of the Windows OS. At least 6 patches and hotfixes apply to Windows XP and 2000, and all of them require a hard reboot to completely install. If you run as an Administrator and have turned on Automatic Windows Updates, check the golden shield in your Systray to see if it contains an exclamation mark down the middle. If so you have downloaded the patches but need to reboot as soon as possible to install them.

If you downloaded and installed the eEye temporary patch for the CreateTextRange vulnerability, you should uninstall it (the patch will prompt you to uninstall it).

You must be running an Administrator level account to remove the patch or obtain any Windows Updates. If you run as a limited or power user you will have to either switch users to an Admin account, or log off, and log onto an Administrator level account to do these updates, then reboot into the same account, then log off and onto your daily browsing account.

Continue reading "Windows Updates Today - 4/11/06" »

Posted by Wiz at 2:20 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.