Homeland Secure IT Alert

Homeland Secure IT Alert for Tuesday, April 17, 2012

Flashback was so last month. The new hotness is SabPub, which actually has been around for a while now, but only recently making its appearance in the headlines. Even though SabPub has been around for around two months, it was not discovered in the wild until a few days ago.

Not unlike Flashback, one source of entry to your beloved Mac for this trojan is through Java, in fact, the very same vulnerability as leveraged by Flashback. Another SabPub variant uses a well known and publicized vulnerability in Microsoft Office’s Word.

What should you do? Insure updates are in place for your operating system, and that Java is up to date, as well as any Adobe software/plugins like Flash Player, Reader, Acrobat, etc.

Also, purchase a reliable anti-virus software package immediately.

What if you are already infected? Find a reputable and reliable computer repair / service shop in your area and let them check it out. Some service centers like Homeland Secure IT offer a free evaluation of your machine.  You can call us at 864.990.4748 for more information.

Homeland Secure IT Alert

Coming your way right after Easter – Security updates from Microsoft!

This information is from the Microsoft Security Advance Notification for April 2012:

********************************************************************

Microsoft Security Bulletin Advance Notification for April 2012

Issued: April 5, 2012

********************************************************************

This is an advance notification of security bulletins that Microsoft is intending to release on April 10, 2012.

The full version of the Microsoft Security Bulletin Advance Notification for April 2012 can be found at http://technet.microsoft.com/security/bulletin/ms12-apr.

This bulletin advance notification will be replaced with the April bulletin summary on April 10, 2012. For more information about the bulletin advance notification service, see http://technet.microsoft.com/security/bulletin/advance.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://technet.microsoft.com/security/dd252948.aspx.

Microsoft will host a webcast to address customer questions on these bulletins on April 11, 2012, at 11:00 AM Pacific Time (US & Canada). Register for the Security Bulletin Webcast at http://technet.microsoft.com/security/bulletin.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. The security bulletins for this month are as follows, in order of severity:

Critical Security Bulletins

============================

Bulletin 1

- Affected Software:

- Windows XP Service Pack 3:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows XP Professional x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 with SP2 for Itanium-based Systems:

- Internet Explorer 6

- Internet Explorer 7

- Windows Vista Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Internet Explorer 9

- Windows Vista x64 Edition Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Internet Explorer 9

- Windows Server 2008 for 32-bit Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2:

- Internet Explorer 7

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

- Internet Explorer 8

(Windows Server 2008 R2 Server Core installation

not affected)

- Internet Explorer 9

(Windows Server 2008 R2 Server Core installation

not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1:

- Internet Explorer 8

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 2

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 3

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Windows Server 2008 for x64-based Systems Service Pack 2

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 4

- Affected Software:

- Microsoft Office 2003 Service Pack 3

- Microsoft Office 2007 Service Pack 2

- Microsoft Office 2007 Service Pack 3

- Microsoft Office 2010 (32-bit editions)

- Microsoft Office 2010 Service Pack 1 (32-bit editions)

- Microsoft Office 2003 Web Components Service Pack 3

- Microsoft SQL Server 2000 Service Pack 4

- Microsoft SQL Server 2000 Analysis Services Service Pack 4

- Microsoft SQL Server 2005 for 32-bit Systems Service Pack 4

- Microsoft SQL Server 2005 for Itanium-based Systems

Service Pack 4

- Microsoft SQL Server 2005 for x64-based Systems Service Pack 4

- Microsoft SQL Server 2005 Express Edition with

Advanced Services Service Pack 4

- Microsoft SQL Server 2008 for 32-bit Systems Service Pack 2

- Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3

- Microsoft SQL Server 2008 for x64-based Systems Service Pack 2

- Microsoft SQL Server 2008 for x64-based Systems Service Pack 3

- Microsoft SQL Server 2008 for Itanium-based Systems

Service Pack 2

- Microsoft SQL Server 2008 for Itanium-based Systems

Service Pack 3

- Microsoft SQL Server 2008 R2 for 32-bit Systems

- Microsoft SQL Server 2008 R2 for x64-based Systems

- Microsoft SQL Server 2008 R2 for Itanium-based Systems

- Microsoft BizTalk Server 2002 Service Pack 1

- Microsoft Commerce Server 2002 Service Pack 4

- Microsoft Commerce Server 2007 Service Pack 2

- Microsoft Commerce Server 2009

- Microsoft Commerce Server 2009 R2

- Microsoft Visual FoxPro 8.0 Service Pack 1

- Microsoft Visual FoxPro 9.0 Service Pack 2

- Visual Basic 6.0 Runtime

- Impact: Remote Code Execution

- Version Number: 1.0

Important Security Bulletins

============================

Bulletin 5

- Affected Software:

- Microsoft Forefront Unified Access Gateway 2010 Service Pack 1

- Microsoft Forefront Unified Access Gateway 2010 Service Pack 1

Update 1

- Impact: Information Disclosure

- Version Number: 1.0

Bulletin 6

- Affected Software:

- Microsoft Office 2007 Service Pack 2

- Microsoft Works 9

- Microsoft Works 6-9 File Converter

- Impact: Remote Code Execution

- Version Number: 1.0

Other Information

=================

Follow us on Twitter for the latest information and updates:

http://twitter.com/msftsecresponse

Microsoft Windows Malicious Software Removal Tool:

==================================================

Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security Updates on MU, WU, and WSUS:

========================================================

For information about non-security releases on Windows Update and Microsoft update, please see:

* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base

Article 894199, Description of Software Update Services and

Windows Server Update Services changes in content.

Includes all Windows content.

* http://technet.microsoft.com/en-us/wsus/bb456965.aspx: Updates

from Past Months for Windows Server Update Services. Displays all

new, revised, and rereleased updates for Microsoft products other

than Microsoft Windows.

Microsoft Active Protections Program (MAPP) ===========================================

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed at http://www.microsoft.com/security/msrc/collaboration/mapp.aspx.

Recognize and avoid fraudulent email to Microsoft customers:

=============================================================

If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/bulletin/pgp.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://technet.microsoft.com/security/dd252948.aspx.

********************************************************************

THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

********************************************************************

To manage or cancel your subscription to this newsletter, visit the Microsoft.com Profile Center at <http://go.microsoft.com/fwlink/?LinkId=245953> and then click Manage Communications under My Subscriptions in the Quicklinks section.

For more information, see the Communications Preferences section of the Microsoft Online Privacy Statement at:

<http://go.microsoft.com/fwlink/?LinkId=92781>.

For the complete Microsoft Online Privacy Statement, see:

<http://go.microsoft.com/fwlink/?LinkId=81184>.

For legal Information, see:

<http://www.microsoft.com/info/legalinfo/default.mspx>.

This newsletter was sent by:

Microsoft Corporation

1 Microsoft Way

Redmond, Washington, USA

98052

—

If you require assistance with these or any other updates, please do not hesitate to call upon us at 864.990.4748.

This is courtesy of the WatchGuard Security Center.  We are happy to partner with WatchGuard to provide firewall and security solutions. Call us at 864.990.4748 if we can be of service!

Summary:

• This vulnerability affects: OS X 10.7.x (Lion) and 10.6.x (Snow Leopard)
• How an attacker exploits it: By enticing you to a website containing maliciously crafted Java
• Impact: In the worst case, an attacker executes code on your user’s computer, with that user’s privileges
• What to do: Install Java for OS X Lion 2012-001 or Java for OS X 10.6 Update 7 immediately, or let Apple’s updater do it for you.

Exposure:

Yesterday, Apple released an advisory describing a Java security update for OS X 10.6.x and 10.7.x. The update fixes 12 vulnerabilities in OS X’s Java components (number based on CVE-IDs).

Apple doesn’t describe each flaw in technical detail, but they do share the worst case impact. If an attacker can lure you to a website containing specially crafted Java code, he can exploit many of these vulnerabilities to execute code on your OS X computer, with your privileges.

This Apple update finally brings the Java updates Oracle released in February to OS X users. Unfortunately, attackers have already been exploiting one of these Java vulnerabilities against Mac users in the wild. A Mac trojan called Flashback has reportedly infected over 600,000 Macs, by leveraging one of these Java flaws (as well as a Flash vulnerability in the past). If you have any Mac computers in your organization, we highly recommend you install Apple’s OS X Java update immediately. You can also find instructions for checking your Mac for the Flashback malware here.

Solution Path:

Apple has issued Java for OS X Lion 2012-001 [dmg file] and Java for OS X 10.6 Update 7 [dmg file] to correct these flaws. If you manage OS X 10.6.x or 10.7.x computers, we recommend you download and deploy these updates immediately, or let OS X’s automatic Software Update utility install it for you.

For All WatchGuard Users:

Some of these attacks rely on one of your users visiting a web page containing malicious Java bytecode. The HTTP-Proxy policy that ships with most WatchGuard appliances automatically blocks Java bytecode by default, which somewhat mitigates the risk posed by some of these vulnerabilities.

Status:

Apple has released Java updates to fix these issues.

References:

• Apple’s OS X March Java advisory
• Apple software downloads
• Apple security updates

This alert was researched and written by Corey Nachreiner, CISSP.

Homeland Secure IT Alert

Homeland Secure IT Alert

Secure IT Alert for Thursday, February 2, 2012

If you are running a current version of Apple Mac OS X, 10.6.x or OS X 10.7.x  (Snow Leopard & Lion respectively), then you are vulnerable to exploits that these patches correct.

These security flaws could potentially allow an attacker to execute code on your computer after you visit a malicious web site or download/view affected documents or files, or allow Denial of Service (DoS) or even elevation of privileges.

How do you fix this? Apple has released OS X Security Update 2012-001 and OS X 10.7.3 to fix these security problems – UPDATE ASAP.

The 52 security vulnerabilities affect 27 components that are part of OS X and OS X server.  Some of the affected software includes: Apache, OpenGL, PHP, QuickTime and Time Machine.

A few examples:

Buffer overflow vulnerability in ImageIO – View a malicious image and it could result in a crash of an application, or code to be executed on your computer. The upside is, it would only execute with your privileges.

Buffer overflow vulnerability in CoreAudio – Play a malicious audio file and experience a crash of your system, or execute code with your privileges.

QuickTime vulnerabilities – Six of these babies could mean that if you open a malicious image or video in QT, code could be executed with your privileges.

The full update information can be found at http://support.apple.com/kb/HT5130

Should you require assistance in applying these updates, do not hesitate to call us in the Greenville or Upstate SC area at 864.990.4748 or email info@homelandsecureit.com

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Wednesday, January 11, 2012

Yesterday was Adobe’s first patch day of the new year and the security bulletin describes a total of six vulnerabilities in Adobe Reader and Acrobat X 10.1.1 and older, on both Microsoft Windows and Apple Mac.

The issues that are addressed are considered “critical” in nature and the solution is to download and deploy updates or to allow the Adobe Software Updater to perform the updates for you.

Adobe Reader X 10.1.2

• For Windows
• For Mac

Adobe Acrobat X 10.1.2

• Standard and Pro for Windows
• Pro Extended for Windows
• Pro for Mac

Homeland Secure IT Alert

Apple Safari web browser can be used as an avenue that would allow malicious code on a web site to be run with whatever privileges you have on that computer.

Here’s an actual security bulletin you can read about this:

https://secunia.com/advisories/47237/

Until this is patched for sure, I believe I would not be using the Apple Safari browser on a Windows 7 machine.  Just my two cents.

This is obviously not good for those using the iPad for financial, medical or legal purposes.

The work around until this is fixed correctly is to lock the iPad while on the home screen or a screen which does not display anything of importance (Like “Please Stay Calm” or maybe “Angry Birds”).

A quick search turned up people talking about this on forums and a number of news articles such as this one from cnet.com.

There is mention of a security flaw with Siri that allows people to send text messages, emails and even make phone calls from a password-protected iPhone 4s lock screen.

Homeland Secure IT Alert

Homeland Secure IT Alert for Friday, September 30, 2011

An update to Microsoft Security Essentials (MSE) and Microsoft Forefront Endpoint Protection was causing grief for many users today as it incorrectly flagged the Google Chrome browser as malware.

The typical behavior was for an alert to be displayed stating that “PWS:Win32/Zbot” was found and that it needs to be removed. What is really removed is the Chrome.exe, so you are left without your favorite browser.

Attempts to reinstall Chrome fail with additional warnings.

Microsoft has stated that a faulty virus definition update was the cause. and by 10AM Pacific time, an additional update was released to correct that behavior.

If this has happened to you, a manual update of the MSE or FEP should fix you up! Of course, you will still have to reinstall Google Chrome.

Homeland Secure IT Alert

These affect Apple Mac as well as Microsoft Windows…

Here’s the actual US-CERT Technical Cyber Security Alert:

National Cyber Alert System

Technical Cyber Security Alert TA11-222A

Adobe Updates for Multiple Vulnerabilities

Original release date: August 10, 2011

Last revised: –

Source: US-CERT

Systems Affected

* Shockwave Player 11.6.0.626 and earlier versions for Windows and Macintosh

* Flash Media Server 4.0.2 and earlier versions for Windows and Linux

* Flash Media Server 3.5.6 and earlier versions for Windows and Linux

* Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems

* Adobe Flash Player 10.3.185.25 and earlier versions for Android

* Adobe AIR 2.7 and earlier versions for Windows, Macintosh, and Android

* Adobe Photoshop CS5 and CS5.1 and earlier versions for Windows and Macintosh

* RoboHelp 9 (versions 9.0.1.232 and earlier), RoboHelp 8, RoboHelp Server 9, and RoboHelp Server 8 for Windows

Overview

There are multiple vulnerabilities in Adobe Shockwave Player, Flash

Media Server, Flash Player, Photoshop CS5, and RoboHelp. Adobe has

released updates to address these vulnerabilities.

I. Description

Adobe security bulletins APSB11-19, APSB11-20, APSB11-21,

APSB11-22, and APSB11-23 describe multiple vulnerabilities in Adobe

Shockwave Player, Flash Media Server, Flash Player, Photoshop CS5,

and RoboHelp. An attacker may use these vulnerabilities to run

malicious code or cause a denial of service on an affected system.

Adobe has released updates to address these vulnerabilities.

II. Impact

These vulnerabilities could allow an attacker to run malicious code

on the affected system or cause a denial of service.

III. Solution

Users of these Adobe products should review the relevant Adobe

security bulletins and follow the recommendations in the “Solution”

section.

APSB11-19: Security update available for Adobe Shockwave Player

APSB11-20: Security update available for Adobe Flash Media Server

APSB11-21: Security update available for Adobe Flash Player

APSB11-22: Security update available for Adobe Photoshop CS5

APSB11-23: Security updates available for RoboHelp

IV. References

* Security update available for Adobe Shockwave Player -

<http://www.adobe.com/support/security/bulletins/apsb11-19.html>

* Security update available for Adobe Flash Media Server -

<http://www.adobe.com/support/security/bulletins/apsb11-20.html>

* Security update available for Adobe Flash Player -

<http://www.adobe.com/support/security/bulletins/apsb11-21.html>

* Security update available for Adobe Photoshop CS5 -

<http://www.adobe.com/support/security/bulletins/apsb11-22.html>

* Security updates available for RoboHelp -

<http://www.adobe.com/support/security/bulletins/apsb11-23.html>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA11-222A.html>

—

If you require help, please call us at 864.990.4748 or email info@homelandsecureit.com

Homeland Secure IT Alert

Homeland Secure IT Alert for Friday, August 5th, 2011

Tired of boring Tuesdays? Feeling deprived by Microsoft? Well, coming this Patch Tuesday, something to make every Microsoft user smile!  Updates!

You read that right, Microsoft has updates galore coming your way!  They cover every current version of the Microsoft Operating system including the almost forgotten Windows XP, Windows Server 2003, Windows Vista, Windows 7 and Windows Server 2008 and believe it or not, Windows Server 2008 R2 Server Core as well!

And it’s not just the operating systems, Microsoft has some software updates for Microsoft Visual Studio 2005 SP1 & Report Viewer 2005 SP1…

The full spectrum of issues, from remote code execution, elevation of privileges, denial of service and the ever popular information disclosure!

Strap-in and update your systems this coming Patch Tuesday.   Now is a great time for all the Mac and Linux users to proclaim “Thank God I don’t use Microsoft”… All together now!

Should you or your Greenville / Upstate business require assistance with these or any other update or computer / network security related issues, please call us at 864.990.4748 or email info@homelandsecureit.com

Here is the Microsoft Security Bulletin for your reading enjoyment:

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

********************************************************************

Microsoft Security Bulletin Advance Notification for August 2011

Issued: August 4, 2011

********************************************************************

This is an advance notification of security bulletins that Microsoft is intending to release on August 9, 2011.

The full version of the Microsoft Security Bulletin Advance Notification for August 2011 can be found at http://www.microsoft.com/technet/security/bulletin/ms11-aug.mspx.

This bulletin advance notification will be replaced with the August bulletin summary on August 9, 2011. For more information about the bulletin advance notification service, see http://www.microsoft.com/technet/security/bulletin/advance.mspx.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft will host a webcast to address customer questions on these bulletins on August 10, 2011, at 11:00 AM Pacific Time (US & Canada). Register for the Security Bulletin Webcast at http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. The security bulletins for this month are as follows, in order of severity:

Critical Security Bulletins

===========================

Bulletin 1

- Affected Software:

- Windows XP Service Pack 3:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows XP Professional x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 with SP2 for Itanium-based Systems:

- Internet Explorer 6

- Internet Explorer 7

- Windows Vista Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Internet Explorer 9

- Windows Vista x64 Edition Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Internet Explorer 9

- Windows Server 2008 for 32-bit Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2:

- Internet Explorer 7

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

- Internet Explorer 8

(Windows Server 2008 R2 Server Core installation

not affected)

- Internet Explorer 9

(Windows Server 2008 R2 Server Core installation

not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1:

- Internet Explorer 8

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 2

- Affected Software:

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Impact: Remote Code Execution

- Version Number: 1.0

Important Security Bulletins

============================

Bulletin 3

- Affected Software:

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 4

- Affected Software:

- Microsoft Visio 2003 Service Pack 3

- Microsoft Visio 2007 Service Pack 2

- Microsoft Visio 2010 and

Microsoft Visio 2010 Service Pack 1 (32-bit editions)

- Microsoft Visio 2010 and

Microsoft Visio 2010 Service Pack 1 (64-bit editions)

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 5

- Affected Software:

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

- Impact: Elevation of Privilege

- Version Number: 1.0

Bulletin 6

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2:

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Impact: Elevation of Privilege

- Version Number: 1.0

Bulletin 7

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Elevation of Privilege

- Version Number: 1.0

Bulletin 8

- Affected Software:

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Denial of Service

- Version Number: 1.0

Bulletin 9

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Impact: Denial of Service

- Version Number: 1.0

Bulletin 10

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Chart Control for Microsoft .NET Framework 3.5 Service Pack 1

- Impact: Information Disclosure

- Version Number: 1.0

Bulletin 11

- Affected Software:

- Microsoft Visual Studio 2005 Service Pack 1

- Microsoft Report Viewer 2005 Service Pack 1

Redistributable Package

- Impact: Information Disclosure

- Version Number: 1.0

Moderate Security Bulletins

============================

Bulletin 13

- Affected Software:

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Denial of Service

- Version Number: 1.0

Bulletin 12

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Information Disclosure

- Version Number: 1.0

Other Information

=================

Follow us on Twitter for the latest information and updates:

http://twitter.com/msftsecresponse

Microsoft Windows Malicious Software Removal Tool:

==================================================

Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security Updates on MU, WU, and WSUS:

========================================================

For information about non-security releases on Windows Update and Microsoft update, please see:

* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base

Article 894199, Description of Software Update Services and

Windows Server Update Services changes in content.

Includes all Windows content.

* http://technet.microsoft.com/en-us/wsus/bb456965.aspx: Updates

from Past Months for Windows Server Update Services. Displays all

new, revised, and rereleased updates for Microsoft products other

than Microsoft Windows.

Microsoft Active Protections Program (MAPP) ===========================================

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed at http://www.microsoft.com/security/msrc/collaboration/mapp.aspx.

Recognize and avoid fraudulent e-mail to Microsoft customers:

=============================================================

If you receive an e-mail message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious Web sites. Microsoft does not distribute security updates via e-mail.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://www.microsoft.com/technet/security/bulletin/pgp.mspx.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx.

********************************************************************

THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

********************************************************************

To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line.

To set your contact preferences for this and other Microsoft communications, see the communications preferences section of the Microsoft Privacy Statement at:

<http://go.microsoft.com/fwlink/?LinkId=92781>.

For the complete Microsoft Online Privacy Statement, see:

<http://go.microsoft.com/fwlink/?LinkId=81184>.

For legal Information, see:

<http://www.microsoft.com/info/legalinfo/default.mspx>.

—

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Wednesday, July 21st, 2011

The United States Computer Emergency Readiness Team has issued their recommendations for protection against network intrusions.  I have included the entire document below, but the most current version of the document can be found here.  Please keep in mind that these recommendations are not related to any one platform. These are “Best Practices” regardless of whether your business uses Microsoft, Linux or Mac OS X or whether your organization relies upon cloud computing instead of localized servers.

—

National Cyber Alert System
Technical Cyber Security Alert TA11-200A

Last updated July 20, 2011

—

Should your Greenville or Upstate SC based business or organization require assistance with this, please contact us at 864.990.4748 or email info@homelandsecureit.com. We offer firewalls and security appliances from our partners such as Cisco, WatchGuard, SonicWALL, and more!

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Thursday, June 09, 2011

Microsoft Patch Tuesday will soon be upon us again, and Microsoft has not let us down!  A little something for everyone….

The following is directly from their Advanced Notification for June 2011, released today:

********************************************************************

Microsoft Security Bulletin Advance Notification for June 2011

Issued: June 9, 2011

********************************************************************

This is an advance notification of security bulletins that Microsoft is intending to release on June 14, 2011.

The full version of the Microsoft Security Bulletin Advance Notification for June 2011 can be found at http://www.microsoft.com/technet/security/bulletin/ms11-jun.mspx.

This bulletin advance notification will be replaced with the June bulletin summary on June 14, 2011. For more information about the bulletin advance notification service, see http://www.microsoft.com/technet/security/bulletin/advance.mspx.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft will host a webcast to address customer questions on these bulletins on June 15, 2011, at 11:00 AM Pacific Time (US & Canada). Register for the Security Bulletin Webcast at http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. The security bulletins for this month are as follows, in order of severity:

Critical Security Bulletins

===========================

Bulletin 1

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 2

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Microsoft Silverlight 4

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 3

- Affected Software:

- Microsoft Forefront Threat Management Gateway 2010 Client

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 4

- Affected Software:

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 5

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 6

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 7

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 8

- Affected Software:

- Windows XP Service Pack 3:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows XP Professional x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 with SP2 for Itanium-based Systems:

- Internet Explorer 6

- Internet Explorer 7

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Windows Vista Service Pack 2:

- Internet Explorer 9

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Windows Vista x64 Edition Service Pack 2:

- Internet Explorer 9

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for 32-bit Systems Service Pack 2:

- Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2:

- Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2:

- Internet Explorer 7

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

- Internet Explorer 8

(Windows Server 2008 R2 Server Core installation

not affected)

- Internet Explorer 9

(Windows Server 2008 R2 Server Core installation

not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1:

- Internet Explorer 8

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 9

- Affected Software:

- Windows XP Service Pack 3:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows XP Professional x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 with SP2 for Itanium-based Systems:

- Internet Explorer 6

- Internet Explorer 7

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2:

- Internet Explorer 7

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1:

- Internet Explorer 8

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1:

- Internet Explorer 8

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

- Internet Explorer 8

(Windows Server 2008 R2 Server Core installation

not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1:

- Internet Explorer 8

- Impact: Remote Code Execution

- Version Number: 1.0

Important Security Bulletins

============================

Bulletin 10

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Information Disclosure

- Version Number: 1.0

Bulletin 11

- Affected Software:

- Microsoft Excel 2002 Service Pack 3

- Microsoft Excel 2003 Service Pack 3

- Microsoft Excel 2007 Service Pack 2

- Microsoft Excel 2010 (32-bit editions)

- Microsoft Excel 2010 (64-bit editions)

- Microsoft Office 2004 for Mac

- Microsoft Office 2008 for Mac

- Microsoft Office for Mac 2011

- Open XML File Format Converter for Mac

- Microsoft Excel Viewer Service Pack 2

- Microsoft Office Compatibility Pack for

Word, Excel, and PowerPoint 2007 File Formats Service Pack 2

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 12

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Elevation of Privilege

- Version Number: 1.0

Bulletin 13

- Affected Software:

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Impact: Denial of Service

- Version Number: 1.0

Bulletin 14

- Affected Software:

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Denial of Service

- Version Number: 1.0

Bulletin 15

- Affected Software:

- Microsoft InfoPath 2007 Service Pack 2

- Microsoft InfoPath 2010 (32-bit editions)

- Microsoft InfoPath 2010 (64-bit editions)

- SQL Server 2005 Service Pack 3

- SQL Server 2005 x64 Edition Service Pack 3

- SQL Server 2005 for Itanium-based Systems Service Pack 3

- SQL Server 2005 Service Pack 4

- SQL Server 2005 x64 Edition Service Pack 4

- SQL Server 2005 for Itanium-based Systems Service Pack 4

- SQL Server 2005 Express Edition Service Pack 3

- SQL Server 2005 Express Edition Service Pack 4

- SQL Server 2005 Express Edition with Advanced Services

Service Pack 3

- SQL Server 2005 Express Edition with Advanced Services

Service Pack 4

- SQL Server Management Studio Express (SSMSE) 2005

- SQL Server Management Studio Express (SSMSE) 2005 x64 Edition

- SQL Server 2008 for 32-bit Systems Service Pack 1

- SQL Server 2008 for x64-based Systems Service Pack 1

- SQL Server 2008 for Itanium-based Systems Service Pack 1

- SQL Server 2008 for 32-bit Systems Service Pack 2

- SQL Server 2008 for x64-based Systems Service Pack 2

- SQL Server 2008 for Itanium-based Systems Service Pack 2

- SQL Server 2008 R2 for 32-bit Systems

- SQL Server 2008 R2 for x64-based Systems

- SQL Server 2008 R2 for Itanium-based Systems

- Microsoft Visual Studio 2005 Service Pack 1

- Microsoft Visual Studio 2008 Service Pack 1

- Microsoft Visual Studio 2010

- Impact: Information Disclosure

- Version Number: 1.0

Bulletin 16

- Affected Software:

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

- Impact: Elevation of Privilege

- Version Number: 1.0

If you require help with these updates or any other security related matter, please feel free to call upon us in the Greenville / Upstate, SC area at 864-990-4748 or email info@homelandsecureit.com

Homeland Secure IT Alert

Homeland Secure IT Alert for Friday, May 13 2011

On May 04, the FBI issued a warning about links related to the death of Usama bin Laden.

The text from the FBI site follows:

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Wednesday, March 23, 2011

Adobe has released out-of-cycle updates earlier this week that affect Flash Player, Reader and Acrobat across many platforms such as Apple Mac OS X, Microsoft Windows, Android and Chrome… Here is the summary from the WatchGuard Security Center:

Severity: High

21 March, 2011

Summary:

• These vulnerabilities affects: Recent versions of Adobe Reader, Acrobat,  and Flash Player
• How an attacker exploits it: In various ways, but most commonly by enticing your users into visiting a website containing malicious Flash or Reader content
• Impact: In the worst case, an attacker can execute code on your computer, potentially gaining control of it
• What to do: If you use these popular Adobe products, you should download and install their various updates as soon as possible.

Exposure:

Typically, Adobe’s quarterly Patch Day falls on the same Tuesday as Microsoft Patch Day (the second Tuesday of the month). However, a recent zero day Flash exploit circulating in the wild has encouraged Adobe to release a few out-of-cycle patches early. Today, Adobe released two security bulletins that fix a  zero day Flash vulnerability in Reader, Acrobat, and Flash Player, running on all platforms (including Android).

Though the two bulletins affect different software, they both fix the same core Flash related vulnerability that we described in our earlier WatchGuard Security Center post. As usual, Adobe doesn’t describe this zero day flaw in any technical detail. However, they do mention that the flaw lies within the authplay.dll component, which all three vulnerable products use. By enticing one of your users to visit a web site or download a PDF file containing malicious flash content, an attacker could leverage this flaw to execute code with that users privileges. If your users have administrative or root privileges on the victim platform, the attacker would gain complete control.

As was the case during our first post, attackers have been exploiting this flaw in the wild (even before Adobe knew it existed). If you use the affected software (as most users do), we highly recommend you install Adobe’s updates immediately.

For more details about these update, see Adobe’s bulletins below:

• APSB11-05: March 2011 Flash Player Update
• APSB11-06 : March 2011 Reader and Acrobat Update

Solution Path:

Adobe has released Reader, Acrobat, and Flash Player updates to fix this flaw. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you. Note: Adobe has not yet released a Reader X update for this vulnerability, since Reader X’s default sand-boxing technology should protect you from this flaw by default.That said, we do expect a Reader X update at a later date.

• APSB11-05:
  • Flash Player 10.2.153.1
  • Flash Player 10.2.156.12 for Android <= (link only works from Android phone)
  • Google Chrome (w/Flash 10.2.154.25)
  • AIR 2.6
• APSB11-06:
  • Adobe Reader
  • For Windows
  • For Mac
    • Adobe Acrobat
    • Standard and Pro for Windows
    • Pro Extended for Windows
    • Pro for Mac

For All WatchGuard Users:

Some of WatchGuard’s Firebox models allow you to prevent your users from downloading certain types of files via the web (HTTP) or email (SMTP, POP3). If you like, you can temporarily mitigate the risk of some of these vulnerabilities by blocking various Adobe-related files using your Firebox’s proxy services. Such files include, .PDF, .SWF, .DIR, .DCR, and .FLV. That said, many websites rely on these files to display interactive content. Blocking them could prevent some sites from working properly. Furthermore, many businesses rely on PDF files to share documents. Blocking them would affect legitimate files as well. For that reason, we recommend the updates above instead.

Nonetheless, if you choose to block some Adobe files, follow the links below for video instructions on using your Firebox proxy’s content blocking features to block files by their file extensions:

• Firebox X Edge running 10.x
  • How do I block files with the FTP proxy?
  • How do I block files with the HTTP proxy?
  • How do I block files with the POP3 proxy?
  • How do I block files with the SMTP proxy
• Firebox X Core and X Peak running Fireware 10.x
  • How do I block files with the FTP proxy?
  • How do I block files with the HTTP proxy?
  • How do I block files with the POP3 proxy?
  • How do I block files with the SMTP proxy?

Status:

Adobe has released updates to fix these vulnerabilities.

References:

• Adobe Flash Player Security Bulletin
• Adobe Reader Security Bulletin

This alert was researched and written by Corey Nachreiner, CISSP. (@SecAdept)

—

If you require assistance with these or any other computer service related issues in Greenville or Upstate SC, please call 864.990.4748 or email info@homelandsecureit.com – We are WatchGuard partners and offer sales and support of their fine line of security appliances to help protect your network!

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Tuesday, March 22, 2011

Apple Mac OS X owners will be happy to know that they have not been forgotten and that 57 vulnerabilities that affect all current versions of OS X 10.5.x (Leopard) and OS X 10.6.x (Snow Leopard) are addressed in this major security update.

A total of 26 components that ship as a part of OS X and OS X Server, including five for Quicktime, ClamAV and Apache are affected.  In short, there exists many code execution vulnerabilities, Denial of Service (DoS) & cross-site scripting flaws, as well as information disclosure issues which this update will help protect you from. Suggested action – install all necessary updates as soon as possible, keep current anti-virus on your computer and avoid opening links and documents sent in email that you are not expecting.

Here’s the post from the WatchGuard site:

WATCHGUARD SECURITY ANNOUNCEMENT:

Summary:

• These vulnerabilities affect: All current versions of OS X 10.5.x (Leopard) and OS X 10.6.x (Snow Leopard)
• How an attacker exploits them: Multiple vectors of attack, including enticing your users to visit a malicious web site, or into downloading and viewing various documents or images
• Impact: Various results; in the worst case, an attacker executes code on your user’s computer
• What to do: OS X administrators should download, test and install OS X 10.6.7 or Security Update 2011-001 as soon as possible, or let Apple’s Software updater do it for you.

Exposure:

Today, Apple released a security update to fix vulnerabilities in all current versions of OS X. The update fixes around 57 (number based on CVE-IDs) security issues in 26 components that ship as part of OS X or OS X Server, including Apache, Quicktime, and ClamAV. Some of the fixed vulnerabilities include:

• Multiple ImageIO Buffer Overflow Vulnerability. ImageIO is one of the components that helps OS X handle various image file types. Unfortunately, it also suffers from various security vulnerabilities involving the way it handles certain types of image files (such as a buffer overflow vulnerabilities). Though these vulnerabilities differ technically, they generally share the same scope and impact. If an attacker can get a victim to view a specially crafted image file (perhaps hosted on a malicious website), he could exploit any of these flaws to either crash an application or to execute attack code on the victim’s computer. By default, the attacker would only execute code with that user’s privileges. The affected image types include JEPG, TIFF, and XBM.
• Many ATS Vulnerabilities. The Apple Type Service (ATS) helps OS X machines handle fonts. ATS suffers from various memory related vulnerabilities having to do with the way it handles certain types of embedded fonts. By tricking one of your users into downloading and viewing a malicious document containing a specially crafted font, an attacker can exploit this flaw to execute code on that user’s computer. By default, the attacker would only execute code with that user’s privileges.
• Five Quicktime Vulnerabilities. Quicktime is the popular video and media player that ships with OS X (and iTunes). Quicktime suffers from five security issues (number based on CVE-IDs) involving how it handles certain image and video files. While the vulnerabilities differ technically, they share the same basic scope and impact. If an attacker can trick one of your users into viewing a maliciously crafted image or video in QuickTime, he could exploit any of these flaws to execute code on that user’s computer, with that user’s privileges.

Apple’s alert also describes many other code execution vulnerabilities, as well as some Denial of Service (DoS) flaws, cross-site scripting (XSS) vulnerabilities, and information disclosure flaws. Components patched by this security update include:

Please refer to Apple’s OS X 10.5.x and 10.6.x alert for more details.

On a related note, Apple has released many security updates in the last few weeks. Besides the Java update we alerted about early this month, Apple has also posted the following security-related product updates:

• Apple TV 4.2
• Safari 5.0.4 forOS X and Windows
• iOS 4.3 for iPhone, iPad, and iPod

If you use any of those products, we recommend you update them as well, or let Apple’s automatic Software Updater do it for you.

Solution Path:

Apple has released OS X Security Update 2011-001 and OS X 10.6.7 to fix these security issues. OS X administrators should download, test, and deploy the corresponding update as soon as they can.

• Security Update 2011-001 (Leopard)
• Security Update 2011-001 (Leopard Server)
• OS X 10.6.7 Update
• OS X 10.6.7 Update for early 2011 Macbook Pro
• OSX Server 10.6.7 Update
• OS X 10.6.7 Update Combo
• OSX Server 10.6.7 Update Combo

Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend that you let OS X’s Software Update utility pick the correct updates for you automatically.

For All Users:

These flaws enable many diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). Installing these updates, therefore, is the most secure course of action.

Status:

Apple has released updates to fix these flaws.

References:

• March 2011 OS X 10.5x and 10.6.x Security Update

This alert was researched and written by Corey Nachreiner, CISSP. (@SecAdept)

—

If you require assistance with these updates or any others on your Apple Mac OS X system, Microsoft Windows workstation or server or have any other network computer security questions or issues in the Greenville, Upstate SC area, please call 864.990.4748 or email info@homelandsecureit.com

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Wednesday, March 16, 2011

Adobe has warned of a new zero day vulnerability the other day that is being used to exploit users of Adobe Flash Player, Adobe Reader and Acrobat across all platforms, including Microsoft Windows and Apple Mac OS X and Linux. It also covers Flash player for Chrome and Android users, as well as the Authplay.dll component from Adobe Reader and Acrobat X for Windows and Macintosh.

This is a critical vulnerability and at this moment in time, there is no fix for it.

Attackers are exploiting it by attaching malicious Excel (.xls) documents to emails. The Excel document will contain a specially crafted Flash (.swf) file, and if you open the malicious Excel attachment, the embedded .swf file executes and leverages the vulnerability to install persistent malware on your system, such as a bot client giving the attacker a stepping stone to install even more malware.

Since no patch exists, yet, it is advised that you use extreme caution when opening Excel documents attached in email unless you are expecting them.

If you feel you have done so in the last few days, please run a virus scan, or consult with your computer service or repair technicians. Those in Greenville / Upstate SC can call Homeland Secure IT at 864.990.4748 or email info@homelandsecureit.com for assistance.

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Thursday, March 3, 2011

Microsoft issued the Advance Notification for March 2011 and today… The full version of the Microsoft Security Bulletin Advance Notification for March 2011 can be found at http://www.microsoft.com/technet/security/bulletin/ms11-mar.mspx.

The advanced notification will be replaced with the March bulletin summary on March 8, 2011.

On the Critical list are updates for remote code execution that affects: XP SP3, XP Professional x64 SP2, Vista SP1 & SP2, Vista x64 SP1 & SP2, Windows 7 for 32/64bit & SP1, Windows Server 2008 R2 for x64 & SP1.

So basically, a little something for all current Microsoft Windows systems. Watch for these updates on “Patch Tuesday”…

Before our Linux and Macintosh friends begin gloating, there may be something for them too if they are using Mozilla Firefox as their browser.

Mozilla released a Firefox update this week that addressed 11 vulnerabilities which could have allowed an attacker to execute code and install software without user interaction beyond the scope of browsing.

If you are using Firefox, be sure to update to 3.6.14 to insure your security.

Should you require assistance with these or any other computer security or service issues in Greenville / Upstate SC, please call us at 864.990.4748 or email info@homelandsecureit.com

Homeland Secure IT Alert

The reasoning is that it is a large download (750MB or 1GB depending on whether you need 32bit or 64bit versions), a long install process, and there are no enhanced features.

So what does the Service Pack provide? A compilation of security patches and non-security related fixes which have already been addressed and released via Windows Update. So basically, if you have kept up to date with updates as they have been released, SP1 is not going to give you additional security.

SP1 would certainly be handy for those installing a new version of the operating system, especially computer repair and computer service techs who generally have to install a slew of updates after a fresh install. With the release of SP1, a fresh install, followed by SP1 and a few other patches, brings the computer fully up to date. The SP1 install can be downloaded and stored on a DVD for later install, or optionally it could be slip streamed into a full install for computer techs who do LOTS of installs of the OS.

There are two enhancements that are included in the Service Pack, and that is an updated Remote Desktop client that functions with RemoteFX, a new technology that is included in the Windows Server 2008 R2 SP1, released in concert with Windows 7 SP1… Dynamic Memory was also implemented into the Service Pack, which allows virtual machine memory to be adjusted in real-time.

If you would like more information about Microsoft Windows 7 SP1 or Windows Server 2008 R2 SP1, or if you require computer service or repair for your Microsoft Windows based workstation or server, please call 864.990.4748 or email info@homelandsecureit.com – We are your Greenville / Upstate Microsoft Small Business Specialists!

Homeland Secure IT Alert

Homeland Secure IT Alert for Thursday, February 23, 2011

Microsoft has released Security Advisory 967940, titled “Update for Windows Autorun”, and it covers an issue that has long plagued Microsoft Windows Operating Systems. When you insert a USB flash drive, or USB hard drive, Windows has attempted to treat them like CD/DVD material and perform an autorun on it. While most IT professionals and tech savvy individuals have disabled that feature, and anti-virus developers such as Trend Micro have provided an option to disable that function, as gaping hole has been there for everyone else.

How has it affected people? Many ways, from a person inserting their USB flash drive from home into a business computer and the autorun functionality automatically installing the malware that was on the home system directly onto a network computer, creating a huge network security issue, down to malicious people dropping a flash drive containing malicious software on it in the parking lot of a large company they wanted access to. This resulted in workers at said company picking up the flash drive and inserting it into a computer on the corporate network in an attempt to see what was on it or find the owner to return it, and unknowingly permit software that would allow remote access to the network.

So, finally, after years of this, Microsoft has addressed it!

Microsoft has also published MS10-077, a revision to a bulletin posted in 2010 for a change to the Microsoft .NET Framework 4.0 update package. And MS10-070, which is yet another revision to .NET Framework 4.0. These are labeled “Critical” and “Important”, respectively.

Keep your systems up to date, and be sure you have current anti-virus… We recommend and sell Trend Micro Worry-Free Business Security and Titanium. In Greenville / Upstate, SC please call 864.990.4748 or email info@homelandsecureit.com for more information…

Homeland Secure IT Alert

Homeland Secure IT Alert

Secure IT Alert for Wednesday, February 9th, 2011

The February 2011 Patch Tuesday was not boring…   Updates include something for everyone.  Basically every current Microsoft Windows OS version was addressed.

The big one was the IE Update that fixed four code execution holes in the popular web browser.

In addition to fixing thumbnail and font vulnerabilities which mainly affect desktop users, several updates are very important for your servers.

Windows Server has an Active Directory DoS potential, elevation of privileges vulnerabilities from Client/Server Run-time SubSystem (CSRSS), LSASS, Kerberos  & multiple kernel related issues and an Information Disclosure Vulnerability from scripting engines… Most of these are for XP & Windows Server 2003 but the scripting issue affects Windows 7 & Server 2008 R2 only.

As with most of these, Server Core is not affected.

Please apply the appropriate patches ASAP.  Windows Update should be run, or if you are using WSUS, it should handle this for you.

But wait, there’s more!

Microsoft Visio 2002, 2003 and 2007 are vulnerable to code execution… More information is available in the MS11-008 Security Bulletin. This does not affect Visio 2010 or Visio 2007/2010 Viewer.

The Windows IIS FTP service running on Windows Vista, Windows 7, Server 2008 and Server 2008 R2 suffers from a buffer overflow vulnerability which if exploited could cause a DoS (Denial of Service) or worse, allow an attacker to obtain full control of the server. This one is likely the most severe of the updates and should be addressed immediately!

Should you require assistance, or have questions, please call us at 864.990.4748 or email info@homelandsecureit.com. We offer Microsoft Support in Greenville and Upstate, SC.

Homeland Secure IT Alert

An advisory from Microsoft (http://www.microsoft.com/technet/security/advisory/2488013.mspx) released today that reveals a new potentially dangerous vulnerability in Internet Explorer….

Here is an excerpt from that site:

Microsoft Security Advisory (2488013)

Vulnerability in Internet Explorer Could Allow Remote Code Execution

Version: 1.1

General Information

Executive Summary

This SHOULD be the last security advisory for the rest of the  year!!!  Happy New Year!

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Tuesday, December 14, 2010

In an effort to keep the Firefox browser secure, updates have been released that address multiple vulnerabilities. If you are using the 3.5.x or 3.6.x versions of the popular browser on Microsoft Windows, Linux or Apple Mac, you should insure your browser is up to date immediately to 3.5.16 or 3.6.13 respectively.

Failure to do so could allow an attacker to execute code on your computer, regardless of the operating system.

I have attached the announcement from the WatchGuard security ML below:

—

December Firefox Update Corrects a Bunch of Critical Vulnerabilities

Severity: Medium

13 December, 2010

Summary:

• These vulnerabilities affect: Firefox 3.6.x and 3.5.x for Windows, Linux, and Macintosh
• How an attacker exploits it: Typically by enticing one of your users to visit a malicious web page
• Impact: Various results; in the worst case, an attacker executes code on your user’s computer, gaining complete control of it
• What to do: Upgrade to Firefox 3.6.13 (or 3.5.16), or let Firefox’s automatic update do it for you

Exposure:

Last week, Mozilla released a Firefox update fixing 13 (count based on CVE number) vulnerabilities in their popular multi-platform web browser. Mozilla rates most of these vulnerabilities as critical; meaning an attacker can leverage them to execute code and install software without user interaction beyond normal browsing. We summarize three of the most critical Firefox 3.6.12 vulnerabilities below:

• Integer Overflow Vulnerability in Javascript Array (2010-81).  A javascript array (specifically NewIdArray) in Firefox suffers from an integer overflow vulnerability that can cause a memory buffer overflow. By enticing one of your users to a maliciously crafted web page, an attacker can leverage this buffer overflow to either crash Firefox, or to execute malicious code on that user’s machine, with that user’s privileges. If the user happened to be a local administrator or had root privileges, the attacker would gain total control of the victim’s computer.
  Mozilla Impact rating: Critical
• Document.write() Buffer Overflow Vulnerability (2010-75). According to Mozilla, one of the javascript methods used to write text to a page (document.write) suffers from a buffer overflow vulnerability.  By enticing one of your users to a web page containing specially crafted javascript, an attacker can leverage this buffer overflow to either crash Firefox, or to execute malicious code on that user’s machine, with that user’s privileges. As usual, an attacker may gain full control of your users’ computers if they have administrative privileges.
  Mozilla Impact rating: Critical
• Three Memory Corruption Vulnerabilities (2010-74). Mozilla’s update fixes three unspecified memory “safety” related vulnerabilities, which can at least crash Firefox. Mozilla’s alert doesn’t say much about these vulnerabilities, other than they lie within Firefox’s browser engine. Mozilla presumes that, with enough effort, attackers could exploit some of these memory corruption flaws to run arbitrary code on a victim’s computer. To do so, an attacker would first have to trick one of your users into visiting a maliciously crafted web page. If your user took the bait, the attacker could execute malicious code on that user’s machine, with that user’s privileges. If the user happened to be a local administrator or had root privileges, the attacker would gain total control of the victim’s computer.
  Mozilla Impact rating: Critical

Mozilla’s alert describes many more critical vulnerabilities, most of which allow attackers to execute code simply by enticing you to a malicious web page. Visit Mozilla’s Known Vulnerabilities page for a complete list of the vulnerabilities that Firefox 3.6.13 fixes. On a related note, some of these vulnerabilities also affect Firefox 3.5.x. If you use 3.5.x, we recommend you move to 3.6.13. However, if you must stay with 3.5.x, Mozilla has also released an update for that legacy version as well.

Solution Path:

Mozilla has released Firefox 3.6.13 and 3.5.16, to correct these security vulnerabilities. If you use Firefox in your network, we recommend that you download and deploy version 3.6.13 as soon as possible. If, for some reason, you must remain with Firefox 3.5.x, make sure to upgrade to 3.5.16.

Note: The latest version of Firefox 3.6.x automatically informs you when a Firefox update is available. We highly recommend you keep this feature enabled so that Firefox receives its updates as soon as Mozilla releases them. To verify that you have Firefox configured to automatically check for updates, click Tools => Options => Advanced tab => Update tab. Make sure that “Firefox” is checked under “Automatically check for updates.” In this menu, you can configure Firefox to always download and install any update, or if you prefer, only to inform the user that an update exists.

As an aside, attackers cannot leverage many of these vulnerabilities without JavaScript. Disabling JavaScript by default is a good way to prevent many web-based vulnerabilities. If you use Firefox, we recommend you also install the NoScript extension, which will disable JavaScript (and other active scripts) by default.

For All Users:

This attack arrives as normal-looking HTTP traffic, which you must allow through your firewall if your network users need to access the World Wide Web. Therefore, the patches above are your best solution.

Status:

The Mozilla Foundation has released Firefox 3.6.13 to fix these vulnerabilities.

References:

• Firefox 3.6.13 Release Notes
• Vulnerabilities Fixed in Firefox 3.6.13

This alert was researched and written by Corey Nachreiner, CISSP.

More alerts and articles: log into the LiveSecurity Archive.

—

WatchGuard manufactures a wide range of network security appliances / firewalls that can help protect your business from malicious attacks, reduce spam, keep  you within compliance and give you peace of mind. We offer the full WatchGuard line of products for sale and provide support. For more information, email info@homelandsecureit.com or call 864.990.4748.

If you would like a free consultation, please contact us today!

Homeland Secure IT Alert

Homeland Secure IT Alert

Secure IT Alert for Thursday, December 09, 2010

Apple has released a security update that addresses 15 media handling vulnerabilities in Apple QuickTime player on both the Mac and Windows operating systems. These vulnerabilities are similar in nature…

If attacker can coax a user to open a malicious media file, such as an image or a video, the holes can be exploited to allow execution of code on the user’s computer. What damage could be done? If you are a Windows owner, especially if you are using the now outdated Windows XP as an administrator, the attacker can gain full control over your machine. Mac owners are a little more protected as your user account is isolated from the superuser account, however, significant damage can still be done.

The fix? Update to Apple QuickTime 7.6.9 to address these security issues.

If you are using Trend Micro Worry Free Business Security 7, a WatchGuard firewall device or similar, your administrator or computer / network service or support professional can block media files such as AVI, MOV, JP2, FPX, GIF, PCIT, PCT, PIC or QTVR in FTP, HTTP, Email and more. This solution may have a negative impact on your workflow, so the upgrade path to QT 7.6.9 is likely preferable to total blockage of media files.

Should you require assistance with this or any other computer or network security issue, computer repair or computer service in the Greenville or Upstate, SC area, please call us at 864.990.4748 or email info@homelandsecureit.com. We also offer the full line of Trend Micro Security Products, as well as WatchGuard, Cisco, SonicWALL and other firewall appliance.

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Friday, November 19, 2010

This week, Adobe released additional updates that cover Adobe Reader, Acrobat and Flash Player… The existing bulletin published on October 28th was updated to cover the changes…

I have attached the updated security bulletin below, but in short, if you are using Adobe products, it is important that you apply these updates. The affected platforms are Microsoft Windows & Microsoft Windows Server, Macintosh OS X, UNIX, Solaris, and as well as Android!

—

Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat

Release date: October 28, 2010

Last updated: November 16, 2010

Vulnerability identifier: APSA10-05

CVE number: CVE-2010-3654

Platform: All Platforms

SUMMARY

A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.

Adobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64. Adobe recommends users of Adobe Flash Player 10.1.95.1 for Android update to Adobe Flash Player 10.1.105.6. For More information, please refer to Security Bulletin APSB10-26.

Adobe recommends users of Adobe Reader 9.4 and earlier versions for Windows and Macintosh update to Adobe Reader 9.4.1, available now. Adobe recommends users of Adobe Reader 9.4 and earlier versions for UNIX update to Adobe Reader 9.4.1, expected to be available on November 30, 2010. Adobe recommends users of Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh update to Adobe Acrobat 9.4.1. For more information, please refer to Security Bulletin APSB10-28.

AFFECTED SOFTWARE VERSIONS

• Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
• Adobe Flash Player 10.1.95.2 and earlier for Android
• Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX*
• Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh*

*Note: Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Adobe Reader for Android is not affected by this issue.

SEVERITY RATING

Adobe categorizes this as a critical issue.

DETAILS

A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player.

Note: Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Mitigation is available for Adobe Reader and Acrobat 9.x customers as detailed above. Adobe Reader for Android is not affected by this issue.

Adobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64. Adobe recommends users of Adobe Flash Player 10.1.95.1 for Android update to Adobe Flash Player 10.1.105.6. For More information, please refer to Security Bulletin APSB10-26.

Adobe recommends users of Adobe Reader 9.4 and earlier versions for Windows and Macintosh update to Adobe Reader 9.4.1, available now. Adobe recommends users of Adobe Reader 9.4 and earlier versions for UNIX update to Adobe Reader 9.4.1, expected to be available on November 30, 2010. Adobe recommends users of Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh update to Adobe Acrobat 9.4.1. For more information, please refer to Security Bulletin APSB10-28.

Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL:http://blogs.adobe.com/psirt or by subscribing to the RSS feed here: http://blogs.adobe.com/psirt/atom.xml.

Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.

DETAILS

November 16, 2010 – Updated with information on the Adobe Reader and Acrobat updates.
November 9, 2010 – Updated with information on the Flash Player for Android update.
November 4, 2010 – Updated with information on Security Bulletin APSB10-26.
November 2, 2010 – Updated information on the release schedule.
October 28, 2010 – Advisory released.

—

If you require any assistance with these or any other updates, please call us at 864.990.4748 or email info@homelandsecureit.com. We provide full computer and network service, support, repair and consultation to the Greenville / Upstate SC region!

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Friday, November 12 2010

Apple Mac OS X users received some lovin’ in the security department this week with, count ‘em, 134 security vulnerability fixes… These “holes” can allow an attacker to gain full control of your machine. The most common of which seems to be of the “rootkit” variety, giving full control of your machine, if only temporarily, to a remote user, mostly undetected by the user.

Please apply the updates to your systems as soon as possible.  If you require assistance, please contact us in Greenville / Upstate SC or your favorite Mac  computer service center.

Below is the announcement from WatchGuard…  

—

Huge OS X Update Closes 134 Security Holes

Severity: Medium

11 November, 2010

Summary:

• These vulnerabilities affect: All current versions of OS X 10.5.x (Leopard) and OS X 10.6.x (Snow Leopard)
• How an attacker exploits them: Multiple vectors of attack, including enticing your users into downloading and viewing various documents or images
• Impact: Various results; in the worst case, an attacker executes code on your user’s computer
• What to do: OS X administrators should download, test and install OS X 10.6.5 or Security Update 2010-007 as soon as possible, or let Apple’s Software updater do it for you.

Exposure:

Today, Apple released a security update to fix vulnerabilities in all current versions of OS X. The update fixes 134 (number based on CVE-IDs) security issues in 34 components that ship as part of OS X or OS X Server, including Quicktime, ImageIO, and Apache. Some of the fixed vulnerabilities include:

• Multiple ImageIO Buffer Overflow Vulnerability.ImageIO is one of the components that helps OS X handle various image file types. Unfortunately, it also suffers from various security vulnerabilities involving the way it handles certain types of image files (such as a buffer overflow vulnerability). Though these vulnerabilities differ technically, they generally share the same scope and impact. If an attacker can get a victim to view a specially crafted image file (perhaps hosted on a malicious website), he could exploit this flaw to either crash an application or to execute attack code on the victim’s computer. By default, the attacker would only execute code with that user’s privileges. The affected image types include, PNG, TIFF, and PSD.
• Various ATS Vulnerabilities. The Apple Type Service (ATS) helps OS X machines handle fonts. ATS suffers from various memory related vulnerabilities having to do with the way it handles certain types of embedded fonts. By tricking one of your users into downloading and viewing a malicious document containing a specially crafted font, an attacker can exploit this flaw to execute code on that user’s computer. By default, the attacker would only execute code with that user’s privileges. 
• Nine Quicktime Vulnerabilities.  Quicktime is the popular video and media player that ships with OS X (and iTunes). Quicktime suffers from nine security issues (number based on CVE-IDs) involving how it handles certain image and video files. While the vulnerabilities differ technically, they share the same basic scope and impact. If an attacker can trick one of your users into viewing a maliciously crafted image or video in QuickTime, he could exploit any of these flaws to execute code on that user’s computer, with that user’s privileges.

Apple’s alert also describes many other code execution vulnerabilities, as well as some Denial of Service (DoS) flaws, cross-site scripting (XSS) vulnerabilities, information disclosure flaws, and other security issues. Components patched by this security update include:

Please refer to Apple’s OS X 10.5.x and 10.6.x alert for more details.

Solution Path:

Apple has released OS X Security Update 2010-007 and OS X 10.6.5 to fix these security issues. OS X administrators should download, test, and deploy the corresponding update as soon as they can.

• Security Update 2010-007 (Leopard)
• Security Update 2010-007 (Leopard Server)
• OS X 10.6.5 Update
• OSX Server 10.6.5 Update
• OS X 10.6.5 Update Combo
• OSX Server 10.6.5 Update Combo

Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend that you let OS X’s Software Update utility pick the correct updates for you automatically.

For All Users:

These flaws enable many diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). Installing these updates, therefore, is the most secure course of action.

Status:

Apple has released updates to fix these flaws.

References:

• November 2010 OS X 10.5x and 10.6.x Security Update

This alert was researched and written by Corey Nachreiner, CISSP.

—

WatchGuard makes a great line of internet security appliances that can help keep your network safe. Homeland Secure IT is proud to be a WatchGuard partner, offering sales, installation / service and consultation in Greenville & Upstate SC. If you would like more information on their products please call 864.990.4748 or info@homelandsecureit.com.

Homeland Secure IT Alert