Remember the flaw that was announced around the beginning of December 2011, where hackers could possibly cause HP printers to burst into flames?
Well, HP released a fix for that a week or so back… However, they didn’t mention fire issue.
None-the-less, you may wish to consider upgrading.
Should you require assistance applying updates to your devices, servers or computers in the Greenville or Upstate SC area, you can call upon us at 864.990.4748 or email info@homelandsecureit.com
Excuse the sensational title, but it may not be too far from the truth.
There is an article over on ComputerWorld.com that reads, “HP LaserJet Printers vulnerable to attacks, researchers warn“… (opens in a new window).
Our in-house expert, Greg Varner, believes that if an attacker could exploit the device to the point of causing it to brown paper in the fuser, it would not be overly difficult to disable the safety mechanisms discussed in the article that protects this from happening.
Without question this does give us cause to pause and think about these connected devices.
Microsoft has released Volume 11 of their “Microsoft Security Intelligence Report” or SIRv11, which provides “An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011″.
One tidbit of interesting information contained in the report is that in the first half of 2011, less than one percent of exploits were against zero-day vulnerabilities and 99 percent of all attacks during the same period distributed malware through familiar techniques like social engineering and unpatched vulnerabilities.
I encourage you to read it in its electronic format as it is 168 pages of eye-glazing information, and we wouldn’t want to kill a tree for it.
You can find the full report and further information at: http://www.microsoft.com/sir
I came across a very handy document from www.securingthehuman.org that explains which security standards and awareness compliance requirements might apply to your organization.
It is by no means a complete listing, but gives the one minute run-down of the majority of the biggies….
—
Last Updated: 19 July, 2011
1. Executive Summary
The purpose of this document is to identify different standards and legislations that require organizations to have security awareness programs. This information can then be used to help justify your security awareness program. Any questions or suggestions for this document should be sent to info@securingthehuman.org.
2. ISO/IEC 27001 & 27002
§ISO 27002 8.2.2 – All employees of the organization and, where relevant, contractors and third party users should receive appropriate awareness training and regular updates in organizational policies and procedures, as relevant for their job function. Learn more at: http://en.wikipedia.org/wiki/ISO_27001
3. PCI DSS
§12.6 – Make all employees aware of the importance of cardholder information security.
• Educate employees (for example, through posters, letters, memos, meetings and promotions).
• Require employees to acknowledge in writing that they have read and understood the company’s security policy and procedures.
Download the standard at:
https://www.pcisecuritystandards.org/security_standards/documents.php
4. Sarbanes-Oxley (SOX)
§404(a).(a).(1) – The Commission shall prescribe rules requiring each annual report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C 78m or 78o(d)) to contain an internal control report which shall – state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting;
Learn more at: http://en.wikipedia.org/wiki/Sarbanes-Oxley
5. Gramm-Leach Bliley Act
§6801.(b).(1)-(3) – In furtherance of the policy in subsection (a) of this section, each agency or authority described in section 6805(a) of this title shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical and physical safeguards –
• To insure the security and confidentiality of customer records and information;
• To protect against any anticipated threats or hazards to the security or integrity of such records;
• To protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.
Learn more at: http://en.wikipedia.org/wiki/Gramm-Leach-Bliley_Act
6. CobiT
§PO7.4 Personnel Training – Provide IT employees with appropriate orientation when hired and ongoing training to maintain their knowledge, skills, abilities, internal controls and security awareness at the level required to achieve organizational goals.
§DS7 – Management of the process of Educate and train users that satisfies the business requirement for IT of effectively and efficiently using applications and technology solutions and ensuring user compliance with policies and procedures is: […] 3 Defined when A training and education program is instituted and communicated, and employees and managers identify and document training needs. Training and education processes are standardized and documented. Budgets, resources, facilities and trainers are being established to support the training and education program. Formal classes are given to employees on ethical conduct and system security awareness and practices. Most training and education processes are monitored, but not all deviations are likely to be detected by management. Analysis of training and education problems is only occasionally applied.
Learn more at: http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
7. Federal Information Security Management Act (FISMA)
§3544.(b).(4).(A),(B) – Securing awareness training to inform personnel, including contractors and other users of information systems that support the operations and assets of the agency, of information security risks associated with their activities; and their responsibilities in complying with agency policies and procedures designed to reduce these risks.
Learn more at: http://en.wikipedia.org/wiki/FISMA
8. Health Insurance Portability & Accountability Act (HIPAA)
§164.308.(a).(5).(i) – Implement a security awareness and training program for all members of its workforce (including management).
Learn more at: http://en.wikipedia.org/wiki/Hipaa
9. NERC CIP
The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection Standard.
§CIP-004-3(B)(R1) – The Responsible Entity shall establish, document, implement, and maintain a security awareness program to ensure personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets receive on-going reinforcement in sound security practices. The program shall include security awareness reinforcement on at least a quarterly basis using mechanisms such as:
• Direct communications (e.g., emails, memos, computer based training, etc.);
• Indirect communications (e.g., posters, intranet, brochures, etc.);
• Management support and reinforcement (e.g., presentations, meetings, etc.).
Download the standard at: http://www.NERC.com/files/ CIP-004-3.pdf
10. US State Privacy Laws
Many states in the United States have their own individual privacy laws. You can find a listing of most of those state privacy laws at the Morrison & Foerster’s Privacy Library. Many of these privacy laws require some type of awareness training, or at a minimum that the privacy requirements are communicated to employees in that state.
Learn more at: http://www.mofo.com/privacy–data-security-services/
11. EU Data Protection Directive
The European Union has directed all European member countries to develop and define laws regarding the protecting of personal privacy of the citizens of their respective country. While each country’s implementation of this directive is different and unique, many of them require security awareness training to educate people on how to protect individual privacy.
Learn more at: http://en.wikipedia.org/wiki/Data_Protection_Directive
12. Australian Government InfoSec Manual
§0252 – Information security awareness and training: Revision: 2; Updated: Nov-10;
Applicability: U, IC, R/P, C, S/HP, TS; Compliance: must
Agencies must provide ongoing information security awareness and training for personnel on information security policies including topics such as responsibilities, consequences of non-compliance, and potential security risks and counter-measures.
Download the manual at:
http://www.dsd.gov.au/publications/Information_Security_Manual_2010.pdf
You can find the original latest version of this document here.
—
Should you need assistance with security and compliance at your Upstate or Greenville SC area business, Homeland Secure IT can assist. Call us at 864.990.4748 or email info@homelandsecureit.com for more information!
The other day I posted about the BEAST that can circumvent SSL encryption used with websites and how a proof of concept would be demonstrated soon and actual exploits in the wild even sooner.
No sooner had I posted about that than Google’s Chrome development team had posted that they have an update already prepared for the Chrome browser that in theory should protect from the man-in-the-middle BEAST attack.
More information can be found over on The Register …
When the update comes…. Install it =)
This may come as no surprise to those who have been around computer security for a while, but the BIOS viruses are making a comeback!
One of the first made its debut back in 1999 and was known as “CIH”. But Symantec is reporting a new killer on the block called “Trojan.Mebromi” that affects the Award BIOS and seizes control of a system even before you get to the MBR (Master Boot Record).
Expect this trend to continue….
Read more about it here:
http://www.symantec.com/connect/blogs/bios-threat-showing-again
As always, please insure your systems are using the latest anti-virus (We suggest and sell Trend Micro products such as the amazing Trend Micro Worry Free Business Security), that all updates are applied to your Microsoft Windows operating systems, all applications and support programs from Microsoft Office, to Adobe Reader, Flash and JAVA are at the latest patch levels. Obtain a quality firewall, and use common sense! And don’t forget to BACKUP!
If you suspect your system may be infected, or want to know how to better protect your computer or an entire business full of computers and servers, please call us at 864.990.4748 or email info@homelandsecureit.com. We offer virus removal and cleanup in the Greenville / Upstate, SC area.
We provide sales, licensing, installation and support for Trend Micro and Symantec products. We can sell you one seat, or protect your business with 1000 users!
Trend Micro Titanium 2012
Trend Micro has unveiled their Titanium update for 2012!
Keep your identity, data and social network protected from a new generation of threats. Staying safe online these days is about more than just avoiding malware. You have to protect your device, your privacy, your personal data, your social network, and your family against an army of new threats. Given that abandoning the Internet completely isn’t really an option, how do you accomplish all these goals at once? The new Trend Micro Titanium 2012 is packed with powerful new and enhanced features to help you protect the many aspects of your digital life-and can do it in a way that’s fast, simple, and easy to manage.
Nobody wants security software that hogs disk space, presents constant pop-ups and alerts, or that’s complicated to install—so Titanium 2012 provides automated security with a small footprint that anyone can use. Titanium 2012 offers the strong, fast security that gave Titanium its name—but this new version includes powerful features and enhancements to keep you protected from the next generation of threats:
• New social networking protection
• New easy to customize console
• New fake AV cleaner
• New proactive botnet protection
• New proactive PE virus protection
• New method to detect packer-encrypted malware
• Enhanced virus and spyware detection and cleaning
• Enhanced behavioral monitoring
• Enhanced rootkit detection and removal
The new Titanium 2012 is still powered by the Trend Micro™ Smart Protection Network™ infrastructure, our cloud security infrastructure that stops threats in cyberspace or “the cloud.” Smart Protection Network monitors the Internet 24/7, worldwide. It gathers and analyzes threat data, blocking viruses and other malware before they can reach your PC. And because processing is done in the cloud, Titanium 2012 uses less of your PC’s memory and disk space.
If you would like more information about Trend Micro’s Titanium 2012 Maximum Security product or any of the other Trend Micro products, from endpoint to server, from home to enterprise, please call us at 864.990.4748 or email info@homelandsecureit.com.
We specialize in providing Trend Micro licensing, sales, consultation, installation and support to Greenville / Upstate SC small, medium and enterprise business clients. We offer and recommend Trend Micro Worry-Free Business Security as the primary line of defense for small/medium businesses! From one computer to 1000!
One thing I am asked weekly is, “I just received an email alert telling me my mailbox exceeded the storage limit, why is that?”.
Wellllllll, first of all, these messages, though they come in email and look all official, signed by “System Administrator” or something similar, are likely phishing attempts.
If you hover over the URL listed to “re-validate” your mailbox, or to “increase your storage limit”, you will see that the link has nothing to do with your email host.
People who fall for this and follow the link through are presented with a form which asks for personal information to authenticate your account. That information is destined for parts unknown and could be used for anything from creating new accounts for you, to obtaining personal information about your finances, medical records, or who knows what. In most circumstances, it is going to be for monetary gain.
One I checked out for a client a few minutes ago prompted me to write this blog post… It was a very authentic looking email that appeared to come from Google’s GMail service. Even the link looked right upon first glance even to me, and understandably to the person who received it. The web interface was in the style of Google’s and other than the VERY in-depth questions, would have passed for a Google page. It was the supposed “Personal Profile Page”.
We’re talking about asking a person to input their first, last and middle name, street address, phone number, cell phone number, age, sex, birthdate, email address, which is fairly normal, but upon entering bogus information, it took me to a second page. That one was for “Personal Identity Verification” purposes, “for your safety”. Heh…. It asked you to input security questions for help in identifying you in the future. Mother’s maiden name, street you grew up on, enter a pin number, old Google password and a new one to change to for security purposes and something you should never be asked for, Drivers License number and expiration, SOCIAL SECURITY NUMBER and a CREDIT CARD number with expiration date “For account verification purposes only, no charge will appear”.
They had gone to the trouble of putting up a FAQ that was functional, and even a “Contact Us” link that gave you a webform to fill out with your information.
Bottom line here is – don’t believe everything you read, and certainly, don’t just enter your private information into sites just because it LOOK official……
If you have done this recently, you should contact your financial institutions immediately. Watch those credit card bills closely!
An article in The Register states, “Beware of Macs in enterprise” due to the findings by iSec Partners who claim large numbers of Macs are “in many ways more vulnerable than recent versions of Windows.”
The vulnerability they specifically mention is the DHX authentication scheme which is easy to compromise and apparently “trivial to force OS X server to resort back to” from the more secure Kerberos.
A proof-of-concept has been demonstrated by the group that works as such: A test Mac connected to a LAN waits to be contacted by a machine running OS X server, and then it quickly copies all its authentication credentials. It then contacts other Macs on the network and pretends to be the administrator machine and when they respond it is able to access and download data from them.
More information can be found in the article above, but a rep from iSec sums it up by saying, “If we go into an enterprise with a Mac and run this tool we will have dozens or hundreds of passwords in minutes” and also that “Macs are fine as long as you run them as little islands, but once you hook them up to each other, they become much less secure.”
While we have not seen the tool used to demonstrate the threat, the theory is sound.
Apple has done little to protect their owners in regard to this, and all it would take is exploits such as this to be released into the wild and then one careless individual to cause a total compromise of networks comprised primarily of Macs.
Homeland Secure IT Alert
Homeland Secure IT Alert for Friday, August 5th, 2011
Tired of boring Tuesdays? Feeling deprived by Microsoft? Well, coming this Patch Tuesday, something to make every Microsoft user smile! Updates!
You read that right, Microsoft has updates galore coming your way! They cover every current version of the Microsoft Operating system including the almost forgotten Windows XP, Windows Server 2003, Windows Vista, Windows 7 and Windows Server 2008 and believe it or not, Windows Server 2008 R2 Server Core as well!
And it’s not just the operating systems, Microsoft has some software updates for Microsoft Visual Studio 2005 SP1 & Report Viewer 2005 SP1…
The full spectrum of issues, from remote code execution, elevation of privileges, denial of service and the ever popular information disclosure!
Strap-in and update your systems this coming Patch Tuesday. Now is a great time for all the Mac and Linux users to proclaim “Thank God I don’t use Microsoft”… All together now!
Should you or your Greenville / Upstate business require assistance with these or any other update or computer / network security related issues, please call us at 864.990.4748 or email info@homelandsecureit.com
Here is the Microsoft Security Bulletin for your reading enjoyment:
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
********************************************************************
Microsoft Security Bulletin Advance Notification for August 2011
Issued: August 4, 2011
********************************************************************
This is an advance notification of security bulletins that Microsoft is intending to release on August 9, 2011.
The full version of the Microsoft Security Bulletin Advance Notification for August 2011 can be found at http://www.microsoft.com/technet/security/bulletin/ms11-aug.mspx.
This bulletin advance notification will be replaced with the August bulletin summary on August 9, 2011. For more information about the bulletin advance notification service, see http://www.microsoft.com/technet/security/bulletin/advance.mspx.
To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx.
Microsoft will host a webcast to address customer questions on these bulletins on August 10, 2011, at 11:00 AM Pacific Time (US & Canada). Register for the Security Bulletin Webcast at http://www.microsoft.com/technet/security/bulletin/summary.mspx.
Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.
This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. The security bulletins for this month are as follows, in order of severity:
Critical Security Bulletins
===========================
Bulletin 1
- Affected Software:
- Windows XP Service Pack 3:
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Windows XP Professional x64 Edition Service Pack 2:
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Windows Server 2003 Service Pack 2:
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Windows Server 2003 x64 Edition Service Pack 2:
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Windows Server 2003 with SP2 for Itanium-based Systems:
- Internet Explorer 6
- Internet Explorer 7
- Windows Vista Service Pack 2:
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Windows Vista x64 Edition Service Pack 2:
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Windows Server 2008 for 32-bit Systems Service Pack 2:
- Internet Explorer 7
(Windows Server 2008 Server Core installation not affected)
- Internet Explorer 8
(Windows Server 2008 Server Core installation not affected)
- Internet Explorer 9
(Windows Server 2008 Server Core installation not affected)
- Windows Server 2008 for x64-based Systems Service Pack 2:
- Internet Explorer 7
(Windows Server 2008 Server Core installation not affected)
- Internet Explorer 8
(Windows Server 2008 Server Core installation not affected)
- Internet Explorer 9
(Windows Server 2008 Server Core installation not affected)
- Windows Server 2008 for Itanium-based Systems Service Pack 2:
- Internet Explorer 7
- Windows 7 for 32-bit Systems and
Windows 7 for 32-bit Systems Service Pack 1:
- Internet Explorer 8
- Internet Explorer 9
- Windows 7 for x64-based Systems and
Windows 7 for x64-based Systems Service Pack 1:
- Internet Explorer 8
- Internet Explorer 9
- Windows Server 2008 R2 for x64-based Systems and
Windows Server 2008 R2 for x64-based Systems Service Pack 1:
- Internet Explorer 8
(Windows Server 2008 R2 Server Core installation
not affected)
- Internet Explorer 9
(Windows Server 2008 R2 Server Core installation
not affected)
- Windows Server 2008 R2 for Itanium-based Systems and
Windows Server 2008 R2 for Itanium-based Systems
Service Pack 1:
- Internet Explorer 8
- Impact: Remote Code Execution
- Version Number: 1.0
Bulletin 2
- Affected Software:
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 R2 for x64-based Systems and
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
Bulletin 3
- Affected Software:
- Windows 7 for 32-bit Systems and
Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems and
Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems and
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
- Windows Server 2008 R2 for Itanium-based Systems and
Windows Server 2008 R2 for Itanium-based Systems
Service Pack 1
- Impact: Remote Code Execution
- Version Number: 1.0
Bulletin 4
- Affected Software:
- Microsoft Visio 2003 Service Pack 3
- Microsoft Visio 2007 Service Pack 2
- Microsoft Visio 2010 and
Microsoft Visio 2010 Service Pack 1 (32-bit editions)
- Microsoft Visio 2010 and
Microsoft Visio 2010 Service Pack 1 (64-bit editions)
- Impact: Remote Code Execution
- Version Number: 1.0
Bulletin 5
- Affected Software:
- Windows Server 2008 R2 for x64-based Systems and
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation not affected)
- Impact: Elevation of Privilege
- Version Number: 1.0
Bulletin 6
- Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2:
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Impact: Elevation of Privilege
- Version Number: 1.0
Bulletin 7
- Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems and
Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems and
Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems and
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
- Windows Server 2008 R2 for Itanium-based Systems and
Windows Server 2008 R2 for Itanium-based Systems
Service Pack 1
- Impact: Elevation of Privilege
- Version Number: 1.0
Bulletin 8
- Affected Software:
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems and
Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems and
Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems and
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
- Windows Server 2008 R2 for Itanium-based Systems and
Windows Server 2008 R2 for Itanium-based Systems
Service Pack 1
- Impact: Denial of Service
- Version Number: 1.0
Bulletin 9
- Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Impact: Denial of Service
- Version Number: 1.0
Bulletin 10
- Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
- Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems and
Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems and
Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems and
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
- Windows Server 2008 R2 for Itanium-based Systems and
Windows Server 2008 R2 for Itanium-based Systems
Service Pack 1
- Chart Control for Microsoft .NET Framework 3.5 Service Pack 1
- Impact: Information Disclosure
- Version Number: 1.0
Bulletin 11
- Affected Software:
- Microsoft Visual Studio 2005 Service Pack 1
- Microsoft Report Viewer 2005 Service Pack 1
Redistributable Package
- Impact: Information Disclosure
- Version Number: 1.0
Moderate Security Bulletins
============================
Bulletin 13
- Affected Software:
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
- Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems and
Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems and
Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems and
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation not affected)
- Windows Server 2008 R2 for Itanium-based Systems and
Windows Server 2008 R2 for Itanium-based Systems
Service Pack 1
- Impact: Denial of Service
- Version Number: 1.0
Bulletin 12
- Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
- Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems and
Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems and
Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems and
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
- Windows Server 2008 R2 for Itanium-based Systems and
Windows Server 2008 R2 for Itanium-based Systems
Service Pack 1
- Impact: Information Disclosure
- Version Number: 1.0
Other Information
=================
Follow us on Twitter for the latest information and updates:
http://twitter.com/msftsecresponse
Microsoft Windows Malicious Software Removal Tool:
==================================================
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.
Non-Security Updates on MU, WU, and WSUS:
========================================================
For information about non-security releases on Windows Update and Microsoft update, please see:
* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base
Article 894199, Description of Software Update Services and
Windows Server Update Services changes in content.
Includes all Windows content.
* http://technet.microsoft.com/en-us/wsus/bb456965.aspx: Updates
from Past Months for Windows Server Update Services. Displays all
new, revised, and rereleased updates for Microsoft products other
than Microsoft Windows.
Microsoft Active Protections Program (MAPP) ===========================================
To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed at http://www.microsoft.com/security/msrc/collaboration/mapp.aspx.
Recognize and avoid fraudulent e-mail to Microsoft customers:
=============================================================
If you receive an e-mail message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious Web sites. Microsoft does not distribute security updates via e-mail.
The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://www.microsoft.com/technet/security/bulletin/pgp.mspx.
To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx.
********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********************************************************************
To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line.
To set your contact preferences for this and other Microsoft communications, see the communications preferences section of the Microsoft Privacy Statement at:
<http://go.microsoft.com/fwlink/?LinkId=92781>.
For the complete Microsoft Online Privacy Statement, see:
<http://go.microsoft.com/fwlink/?LinkId=81184>.
For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.
—
Homeland Secure IT Alert
