Let me just say… Update your Microsoft Windows based computers.

As you will see below, the biggest vulnerability is your Internet Explorer, which should be updated, even if you are using another browser.

Should you require assistance installing these or any other security updates, please call upon us in the Upstate of SC.

We can also provide patch management which will apply updates across your entire network and permit the ability to see the status of each machine without visiting them individually.

864-990-4748 or use the contact link on our website for more information…

Here’s the full Security Bulletin from Microsoft:

********************************************************************
Microsoft Security Bulletin Summary for April 2013
Issued: April 9, 2013
********************************************************************

This bulletin summary lists security bulletins released for April 2013.

The full version of the Microsoft Security Bulletin Summary for April 2013 can be found at http://technet.microsoft.com/security/bulletin/ms13-apr.

With the release of the bulletins for April 2013, this bulletin summary replaces the bulletin advance notification originally issued on April 4, 2013. For more information about the bulletin advance notification service, see http://technet.microsoft.com/security/bulletin/advance.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications at http://technet.microsoft.com/security/dd252948.

Microsoft is hosting a webcast to address customer questions on these bulletins on April 10, 2013, at 11:00 AM Pacific Time (US & Canada). Register for the Security Bulletin Webcast at http://technet.microsoft.com/security/bulletin.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

Critical Security Bulletins
============================

MS13-028

- Affected Software:
- Windows XP Service Pack 3
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Windows XP Professional x64 Edition Service Pack 2
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Windows Server 2003 Service Pack 2
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Windows Server 2003 x64 Edition Service Pack 2
- Internet Explorer 6
- Internet Explorer 7
- Internet Explorer 8
- Windows Server 2003 with SP2 for Itanium-based Systems
- Internet Explorer 6
- Internet Explorer 7
- Windows Vista Service Pack 2:
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Windows Vista x64 Edition Service Pack 2:
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
- Windows Server 2008 for 32-bit Systems Service Pack 2:
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
(Windows Server 2008 Server Core installation not affected)
- Windows Server 2008 for x64-based Systems Service Pack 2:
- Internet Explorer 7
- Internet Explorer 8
- Internet Explorer 9
(Windows Server 2008 Server Core installation not affected)
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Internet Explorer 7
- Windows 7 for 32-bit Systems:
- Internet Explorer 8
- Internet Explorer 9
- Windows 7 for 32-bit Systems Service Pack 1:
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Windows 7 for x64-based Systems:
- Internet Explorer 8
- Internet Explorer 9
- Windows 7 for x64-based Systems Service Pack 1:
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
- Windows Server 2008 R2 for x64-based Systems:
- Internet Explorer 8
- Internet Explorer 9
(Windows Server 2008 R2 Server Core installation
not affected)
- Windows Server 2008 R2 for x64-based Systems
Service Pack 1:
- Internet Explorer 8
- Internet Explorer 9
- Internet Explorer 10
(Windows Server 2008 R2 Server Core installation
not affected)
- Windows Server 2008 R2 for Itanium-based Systems and
Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1
- Internet Explorer 8
- Windows 8 for 32-bit Systems
- Internet Explorer 10
- Windows 8 for 64-bit Systems
- Internet Explorer 10
- Windows Server 2012
- Internet Explorer 10
(Windows Server 2012 Server Core installation not affected)
- Windows RT
- Internet Explorer 10
- Impact: Remote Code Execution
- Version Number: 1.0

MS13-029

- Affected Software:
- Windows XP Service Pack 3
- Remote Desktop Connection 6.1 Client
- Remote Desktop Connection 7.0 Client
- Windows XP Professional x64 Edition Service Pack 2
- Remote Desktop Connection 6.1 Client
- Windows Server 2003 Service Pack 2
- Remote Desktop Connection 6.1 Client
- Windows Server 2003 x64 Edition Service Pack 2
- Remote Desktop Connection 6.1 Client
- Windows Vista Service Pack 2
- Remote Desktop Connection 6.1 Client
- Remote Desktop Connection 7.0 Client
- Windows Vista x64 Edition Service Pack 2
- Remote Desktop Connection 6.1 Client
- Remote Desktop Connection 7.0 Client
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Remote Desktop Connection 6.1 Client
(Windows Server 2008 Server Core installation not affected)
- Windows Server 2008 for x64-based Systems Service Pack 2
- Remote Desktop Connection 6.1 Client
(Windows Server 2008 Server Core installation not affected)
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Remote Desktop Connection 6.1 Client
- Windows 7 for 32-bit Systems and
Windows 7 for 32-bit Systems Service Pack 1
- Remote Desktop Connection 7.0 Client
- Windows 7 for x64-based Systems and
Windows 7 for x64-based Systems Service Pack 1
- Remote Desktop Connection 7.0 Client
- Windows Server 2008 R2 for x64-based Systems and
Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Remote Desktop Connection 7.0 Client
(Windows Server 2008 R2 Server Core installation not affected)
- Windows Server 2008 R2 for Itanium-based Systems and
Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1
- Remote Desktop Connection 7.0 Client
- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

MS13-030

- Affected Software:
- Microsoft SharePoint Server 2013
- Impact: Information Disclosure
- Version Number: 1.0

MS13-031

- Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems and
Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems and
Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems and
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
- Windows Server 2008 R2 for Itanium-based Systems and
Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1
- Windows 8 for 32-bit Systems
- Windows 8 for 64-bit Systems
- Windows Server 2012
(Windows Server 2012 Server Core installation affected)
- Windows RT
- Impact: Elevation of Privilege
- Version Number: 1.0

MS13-032

- Affected Software:
- Windows XP Service Pack 3
- Active Directory Application Mode (ADAM)
- Windows XP Professional x64 Edition Service Pack 2
- Active Directory Application Mode (ADAM)
- Windows Server 2003 Service Pack 2
- Active Directory
- Active Directory Application Mode (ADAM)
- Windows Server 2003 x64 Edition Service Pack 2
- Active Directory
- Active Directory Application Mode (ADAM)
- Windows Server 2003 with SP2 for Itanium-based Systems
- Active Directory
- Windows Vista Service Pack 2
- Active Directory Lightweight Directory Service (AD LDS)
- Windows Vista x64 Edition Service Pack 2
- Active Directory Lightweight Directory Service (AD LDS)
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Active Directory Services
- Active Directory Lightweight Directory Service (AD LDS)
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems Service Pack 2
- Active Directory Services
- Active Directory Lightweight Directory Service (AD LDS)
(Windows Server 2008 Server Core installation affected)
- Windows 7 for 32-bit Systems and
Windows 7 for 32-bit Systems Service Pack 1
- Active Directory Lightweight Directory Service (AD LDS)
- Windows 7 for x64-based Systems and
Windows 7 for x64-based Systems Service Pack 1
- Active Directory Lightweight Directory Service (AD LDS)
- Windows Server 2008 R2 for x64-based Systems and
Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Active Directory Services
- Active Directory Lightweight Directory Service (AD LDS)
(Windows Server 2008 R2 Server Core installation affected)
- Windows 8 for 32-bit Systems
- Active Directory Lightweight Directory Service (AD LDS)
- Windows 8 for 64-bit Systems
- Active Directory Lightweight Directory Service (AD LDS)
- Windows Server 2012
- Active Directory Services
(Windows Server 2012 Server Core installation affected)
- Impact: Denial of Service
- Version Number: 1.0

MS13-033

- Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Impact: Elevation of Privilege
- Version Number: 1.0

MS13-034

- Affected Software:
- Windows Defender for Windows 8 and Windows RT
- Impact: Elevation of Privilege
- Version Number: 1.0

MS13-035

- Affected Software:
- Microsoft InfoPath 2010 Service Pack 1 (32-bit editions)
- Microsoft InfoPath 2010 Service Pack 1 (64-bit editions)
- Microsoft SharePoint Server 2010 Service Pack 1
- Microsoft Groove Server 2010 Service Pack 1
- Microsoft SharePoint Foundation 2010 Service Pack 1
- Microsoft Office Web Apps 2010 Service Pack 1
- Impact: Elevation of Privilege
- Version Number: 1.0

MS13-036

- Affected Software:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation affected)
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems and
Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems and
Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems and
Windows Server 2008 R2 for x64-based Systems Service Pack 1
(Windows Server 2008 R2 Server Core installation affected)
- Windows Server 2008 R2 for Itanium-based Systems and
Windows Server 2008 R2 for Itanium-based Systems Service
Pack 1
- Windows 8 for 32-bit Systems
- Windows 8 for 64-bit Systems
- Windows Server 2012
(Windows Server 2012 Server Core installation affected)
- Windows RT
- Impact: Elevation of Privilege
- Version Number: 1.0

Once you get past that totally different interface, and the login if you are on a domain, one annoying trait that may tweak your shorts is the forced automatic restart after updates are applied. You would notice that where Windows keeps saying that your machine is going to reboot and actually starts to count down. How annoying, right?

Even though this behavior is annoying, it has a purpose! When “Patch Tuesday” comes around, and these updates are pushed to your computer and installed, it needs to reboot in order to close out the vulnerable components and patch them so you are protected from nasty exploits.

Failure to apply and activate updates can (and does) lead to machines which are in a vulnerable state, and visiting malicious websites, or opening malicious documents, even though the updates have been installed, but the machine is not rebooted, may result in viruses, trojans, worms and other malware being installed.

I think that was redundant, but I really want you to understand just how important these updates are!

That being said… Should you get too annoyed by the forced reboots, there’s a potential way around this by using the Group Policy Editor.   That setting is found under Local Computer Policy, Computer Configuration, Administrative Templates, Windows Components, Windows Update…    Just set “No auto-restart with logged on users for scheduled automatic updates installation” to “Enabled”.

But don’t do it, unless you have another means for maintaining your patch management.  Really, don’t do it.

If you would like to talk with someone about patch management, windows security, network security or anything computer support related for you or your business in the Upstate SC area, please call us at 864-990-4748 or use our contact form on our website.

Yesterday, Apple Inc announced that computers within their own network have been exploited.  Mac computers in other companies have also been exploited.

It’s always a heated subject whenever I mention that more and more Apple Macs are becoming compromised. Very passionate people will argue with me until they are blue in the face about how Microsoft Windows machines are more vulnerable, and that their Mac never gets infected. However, I must add this in – as a provider of business computer service and support. We have seen a steady decline in malware on Windows 7 computers, and no infections as of this date on Windows 8. While, Mac issues are increasing.

Here’s a link to the Reuters story.

As always, regardless of whether you own a Windows based computer or a Mac, please take these simple steps at the very least to help insure the security of your computer:

• Keep your machine’s operating system up to date with patches!
• Keep all applications, such as Microsoft Office, Adobe Reader up to date with patches
• Support applications such as JAVA should be kept up to date (and some feel disabled or uninstalled
• Use current COMMERCIAL anti-virus which permits the scanning of websites in real time (We suggest Trend Micro)
• Avoid sketchy websites, don’t open emails (You didn’t win the Microsoft Lotto, trust me)
• If you feel you have been exposed, seek a professional immediately
• Watch those public hot spots if using a notebook (man-in-the-middle)
• Do not give permission for anything to install that you didn’t initiate
• Go straight to Adobe or other software provider for your updates
• Don’t initiate a scan for malware if prompted while visiting a website

Should you need assistance with any computer or network security issue for your home or business in the Greenville or Upstate SC area, please do not hesitate to call upon us at 864-990-4748 or use our contact form.

It looks like the Microsoft has a total of six bulletins with four of those being CRITICAL. In all, 19 vulnerabilities will be corrected and they will affect the .NET Framework, Internet Explorer and Office, in addition to Windows itself.

But wait, that’s not all! You also get important updates from Adobe for their Adobe Flash Player, Adobe Air and all versions of Adobe Reader….   These updates affect multiple platforms, so Apple Mac users need to apply them too!

The Adobe patches are likely more critical than Microsoft. The Flash Player is a “0 day” and corrects seven vulnerabilities that affect every platform.

If you need any assistance installing these patches, or would like to discuss a patch management system for your Greenville, Spartanburg or Anderson based business, please call us at 864-990-4748

Not a pumpkin patch, but a Microsoft Patch!

Here we are, another Patch Tuesday, where Microsoft makes updates available to their products.

The Microsoft Security Bulletin Advance Notification for October 2012 indicates there are seven bulletins that will be addressed today.  They include:

1. Critical – Remote code execution – Affecting Microsoft Office and Microsoft Server
2. Important – Remote code execution – Affecting Microsoft Office
3. Important – Elevation of privilege – Affecting Microsoft Office, Microsoft Server Software, Microsoft Lync
4. Important – Remote code execution – Affecting Microsoft Office, Microsoft Server Software
5. Important – Elevation of privilege – Affecting Microsoft Windows
6. Important – Denial of Service – Affecting Microsoft Windows
7. Important – Elevation of privilege – Affecting Microsoft SQL Server

As always, we highly recommend these and *every* Microsoft related update be applied to your servers and workstations, without delay.

Please remember that failure to do so, leaves unpatched “holes” that can be leveraged to gain control of or access to your desktops and servers.

A network security evaluation should be performed frequently on your business network, and Homeland Secure IT will be happy to undertake this duty in the Greenville / Upstate SC area. Please give us a call at 864-990-4748 or use our contact form. We are Microsoft Small Business Specialists!

Receive this blog – in your inbox – thanks to FeedBlitz

We did it, we got hooked up with FeedBlitz!

Here’s the general plan…

Step One – Cut a hole in the box… No wait, that’s another project….   Step One: Ditch our newsletter…  It’s boring and random anyway.

Step Two – Attempt to get our mailing list subscribers to subscribe to switch over to our blog, either in email or RSS.

Step Three – Profit.  Okay, maybe not, but at least have a better interaction with our customers, friends and the general public.

Why the blog? I post SOMETHING there every day.  Something good, sometimes.  Something timely.  Reviews of gadgets, announcements of security vulnerabilities and patches for those things, information about some new computer toy that is coming out, general IT news, and on the other end of the spectrum, I might post an article about my band, or our children.

Contests are not out of the question either. We have given away some cool things, from an X-Box, to a tablet computer! In the future, we may only give these away via our blog, I’m not sure yet.

If you are reading this, you are either already subscribed and reading it in your inbox, or maybe through an RSS feed reader, however, if you followed a Twitter or Facebook post over, would you might subscribing? It’s free. It might even save you some money. Tell your friends.

And please, for the love of all that is holy, interact here! I would love to see your responses, and love to have a discussion about why I am wrong, or how whatever I was talking about saved your life, or your business.

Thanks for the support!

• Computer operating system updates downloaded and installed (Microsoft Windows)
• Support application updates updated regularly (Java, Adobe, Microsoft Office)
• Robust anti-virus and anti-malware installed and up to date
• Backups of systems in place
• Overall more refined browsing habits (awareness of dangers)

But their Apple Macintosh brothers and sisters in generally browse aimlessly, without seeming to care what may lay waiting for them at the next link.

This is exactly the type of behavior that hackers are hoping to exploit.

By taking advantage of the laid-back browsing habits, lack of urgency to install updates, and lack of awareness to the dangers, many Mac machines and their owners have already fallen victim to hackers pushing Flashback and other malware packages…

Here’s some more information over on Computer World…

UPDATE YOUR MACHINES!

If you need assistance keeping your computer, notebook, server or a whole fleet of them up to date, we can help with that! Please call us in the Greenville, Anderson and Spartanburg area at 864-990-4748 or use our contact form.

The updates released this week are serious, people.

If you do not patch up your computers and servers, or call us in to do it for you, the chances of being exploited are incredibly high….  Especially for the Microsoft Exchange and Remote Desktop vulnerabilities.

Sorry to harp on it, but this is important….  Too many gaping holes to ignore this time.

Should you need help with this or any other IT service in Greenville, Spartanburg or Anderson, please call us at 864.990.4748.

I don’t think anyone using Microsoft Windows will escape the patchy update goodness on Tuesday!

Microsoft will be unleashing nine bulletins, of which, five are rated as critical. These updates will address vulnerabilities in Microsoft Windows itself, Microsoft Explorer, Microsoft Office, Microsoft SQL Server, and Microsoft Exchange Server, and a few bonuses too!  Our friends at the WatchGuard Security blog believe one patch will address the vulnerability in Microsoft Exchange.

But wait, that’s not all! You also get Adobe updates as an added bonus.

One thing for sure is… Tuesday will bring some updates for you!

If you require assistance with these security issues, or have any security or computer support questions here in Greenville or the Upstate of SC, please give us a call at 864.990.4748 or use the CONTACT link in the menu.

Computer Crime & Intellectual Property Section
United States Department of Justice
Attention!

This operating system is locked due to the violation of the federal laws of the United States of America! Following violations were detected:
Your IP address is “xx.xx.xx.xx“. This IP address was used to visit websites containing pornography, child pornography, zoophilia and child abuse. Your computer also contains video files with pornographic content, elements of violence and child pornography! Spam-messages with terrorist motives were also sent from your computer.
This computer lock is aimed to stop your illegal activity.

To unlock the computer you are obliged to pay a fine of $ 100.
You must pay the forfeit through Paysafecard:
To do this, you should enter the 16 digits resulting code (if necessary with a password) in the payment form and press OK (if you have several codes, enter them one after the other and press OK).
If an error occurs, send the codes to address surcharge@cyber-usa-police.gov.

This pop-up will haunt you forever, even if you pay the “fine”.  Just don’t do it.

This type of ransom-ware can be removed with tools such as Malwarebytes generally, but you should examine WHY you have it in the first place.

Visiting sketchy websites is always a bad idea, so is running your computer without the latest updates to the Operating System, Java, Adobe, Office and other applications, and of course not having proper anti-virus in place.

If you have difficulties removing this type of malware and you are in the Greenville or Upstate SC area, please call us at 864.990.4748 or use the contact info tab above. We provide virus removal, virus cleanup and more importantly, virus and malware protection!

Homeland Secure IT Alert

Homeland Secure IT Alert for Tuesday, April 17, 2012

Flashback was so last month. The new hotness is SabPub, which actually has been around for a while now, but only recently making its appearance in the headlines. Even though SabPub has been around for around two months, it was not discovered in the wild until a few days ago.

Not unlike Flashback, one source of entry to your beloved Mac for this trojan is through Java, in fact, the very same vulnerability as leveraged by Flashback. Another SabPub variant uses a well known and publicized vulnerability in Microsoft Office’s Word.

What should you do? Insure updates are in place for your operating system, and that Java is up to date, as well as any Adobe software/plugins like Flash Player, Reader, Acrobat, etc.

Also, purchase a reliable anti-virus software package immediately.

What if you are already infected? Find a reputable and reliable computer repair / service shop in your area and let them check it out. Some service centers like Homeland Secure IT offer a free evaluation of your machine.  You can call us at 864.990.4748 for more information.

Homeland Secure IT Alert

Coming your way right after Easter – Security updates from Microsoft!

This information is from the Microsoft Security Advance Notification for April 2012:

********************************************************************

Microsoft Security Bulletin Advance Notification for April 2012

Issued: April 5, 2012

********************************************************************

This is an advance notification of security bulletins that Microsoft is intending to release on April 10, 2012.

The full version of the Microsoft Security Bulletin Advance Notification for April 2012 can be found at http://technet.microsoft.com/security/bulletin/ms12-apr.

This bulletin advance notification will be replaced with the April bulletin summary on April 10, 2012. For more information about the bulletin advance notification service, see http://technet.microsoft.com/security/bulletin/advance.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://technet.microsoft.com/security/dd252948.aspx.

Microsoft will host a webcast to address customer questions on these bulletins on April 11, 2012, at 11:00 AM Pacific Time (US & Canada). Register for the Security Bulletin Webcast at http://technet.microsoft.com/security/bulletin.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. The security bulletins for this month are as follows, in order of severity:

Critical Security Bulletins

============================

Bulletin 1

- Affected Software:

- Windows XP Service Pack 3:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows XP Professional x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 with SP2 for Itanium-based Systems:

- Internet Explorer 6

- Internet Explorer 7

- Windows Vista Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Internet Explorer 9

- Windows Vista x64 Edition Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Internet Explorer 9

- Windows Server 2008 for 32-bit Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2:

- Internet Explorer 7

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

- Internet Explorer 8

(Windows Server 2008 R2 Server Core installation

not affected)

- Internet Explorer 9

(Windows Server 2008 R2 Server Core installation

not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1:

- Internet Explorer 8

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 2

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 3

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

- Windows Server 2008 for x64-based Systems Service Pack 2

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 4

- Affected Software:

- Microsoft Office 2003 Service Pack 3

- Microsoft Office 2007 Service Pack 2

- Microsoft Office 2007 Service Pack 3

- Microsoft Office 2010 (32-bit editions)

- Microsoft Office 2010 Service Pack 1 (32-bit editions)

- Microsoft Office 2003 Web Components Service Pack 3

- Microsoft SQL Server 2000 Service Pack 4

- Microsoft SQL Server 2000 Analysis Services Service Pack 4

- Microsoft SQL Server 2005 for 32-bit Systems Service Pack 4

- Microsoft SQL Server 2005 for Itanium-based Systems

Service Pack 4

- Microsoft SQL Server 2005 for x64-based Systems Service Pack 4

- Microsoft SQL Server 2005 Express Edition with

Advanced Services Service Pack 4

- Microsoft SQL Server 2008 for 32-bit Systems Service Pack 2

- Microsoft SQL Server 2008 for 32-bit Systems Service Pack 3

- Microsoft SQL Server 2008 for x64-based Systems Service Pack 2

- Microsoft SQL Server 2008 for x64-based Systems Service Pack 3

- Microsoft SQL Server 2008 for Itanium-based Systems

Service Pack 2

- Microsoft SQL Server 2008 for Itanium-based Systems

Service Pack 3

- Microsoft SQL Server 2008 R2 for 32-bit Systems

- Microsoft SQL Server 2008 R2 for x64-based Systems

- Microsoft SQL Server 2008 R2 for Itanium-based Systems

- Microsoft BizTalk Server 2002 Service Pack 1

- Microsoft Commerce Server 2002 Service Pack 4

- Microsoft Commerce Server 2007 Service Pack 2

- Microsoft Commerce Server 2009

- Microsoft Commerce Server 2009 R2

- Microsoft Visual FoxPro 8.0 Service Pack 1

- Microsoft Visual FoxPro 9.0 Service Pack 2

- Visual Basic 6.0 Runtime

- Impact: Remote Code Execution

- Version Number: 1.0

Important Security Bulletins

============================

Bulletin 5

- Affected Software:

- Microsoft Forefront Unified Access Gateway 2010 Service Pack 1

- Microsoft Forefront Unified Access Gateway 2010 Service Pack 1

Update 1

- Impact: Information Disclosure

- Version Number: 1.0

Bulletin 6

- Affected Software:

- Microsoft Office 2007 Service Pack 2

- Microsoft Works 9

- Microsoft Works 6-9 File Converter

- Impact: Remote Code Execution

- Version Number: 1.0

Other Information

=================

Follow us on Twitter for the latest information and updates:

http://twitter.com/msftsecresponse

Microsoft Windows Malicious Software Removal Tool:

==================================================

Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Non-Security Updates on MU, WU, and WSUS:

========================================================

For information about non-security releases on Windows Update and Microsoft update, please see:

* http://support.microsoft.com/kb/894199: Microsoft Knowledge Base

Article 894199, Description of Software Update Services and

Windows Server Update Services changes in content.

Includes all Windows content.

* http://technet.microsoft.com/en-us/wsus/bb456965.aspx: Updates

from Past Months for Windows Server Update Services. Displays all

new, revised, and rereleased updates for Microsoft products other

than Microsoft Windows.

Microsoft Active Protections Program (MAPP) ===========================================

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed at http://www.microsoft.com/security/msrc/collaboration/mapp.aspx.

Recognize and avoid fraudulent email to Microsoft customers:

=============================================================

If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.

The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/bulletin/pgp.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://technet.microsoft.com/security/dd252948.aspx.

********************************************************************

THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.

IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

********************************************************************

To manage or cancel your subscription to this newsletter, visit the Microsoft.com Profile Center at <http://go.microsoft.com/fwlink/?LinkId=245953> and then click Manage Communications under My Subscriptions in the Quicklinks section.

For more information, see the Communications Preferences section of the Microsoft Online Privacy Statement at:

<http://go.microsoft.com/fwlink/?LinkId=92781>.

For the complete Microsoft Online Privacy Statement, see:

<http://go.microsoft.com/fwlink/?LinkId=81184>.

For legal Information, see:

<http://www.microsoft.com/info/legalinfo/default.mspx>.

This newsletter was sent by:

Microsoft Corporation

1 Microsoft Way

Redmond, Washington, USA

98052

—

If you require assistance with these or any other updates, please do not hesitate to call upon us at 864.990.4748.

This is courtesy of the WatchGuard Security Center.  We are happy to partner with WatchGuard to provide firewall and security solutions. Call us at 864.990.4748 if we can be of service!

Summary:

• This vulnerability affects: OS X 10.7.x (Lion) and 10.6.x (Snow Leopard)
• How an attacker exploits it: By enticing you to a website containing maliciously crafted Java
• Impact: In the worst case, an attacker executes code on your user’s computer, with that user’s privileges
• What to do: Install Java for OS X Lion 2012-001 or Java for OS X 10.6 Update 7 immediately, or let Apple’s updater do it for you.

Exposure:

Yesterday, Apple released an advisory describing a Java security update for OS X 10.6.x and 10.7.x. The update fixes 12 vulnerabilities in OS X’s Java components (number based on CVE-IDs).

Apple doesn’t describe each flaw in technical detail, but they do share the worst case impact. If an attacker can lure you to a website containing specially crafted Java code, he can exploit many of these vulnerabilities to execute code on your OS X computer, with your privileges.

This Apple update finally brings the Java updates Oracle released in February to OS X users. Unfortunately, attackers have already been exploiting one of these Java vulnerabilities against Mac users in the wild. A Mac trojan called Flashback has reportedly infected over 600,000 Macs, by leveraging one of these Java flaws (as well as a Flash vulnerability in the past). If you have any Mac computers in your organization, we highly recommend you install Apple’s OS X Java update immediately. You can also find instructions for checking your Mac for the Flashback malware here.

Solution Path:

Apple has issued Java for OS X Lion 2012-001 [dmg file] and Java for OS X 10.6 Update 7 [dmg file] to correct these flaws. If you manage OS X 10.6.x or 10.7.x computers, we recommend you download and deploy these updates immediately, or let OS X’s automatic Software Update utility install it for you.

For All WatchGuard Users:

Some of these attacks rely on one of your users visiting a web page containing malicious Java bytecode. The HTTP-Proxy policy that ships with most WatchGuard appliances automatically blocks Java bytecode by default, which somewhat mitigates the risk posed by some of these vulnerabilities.

Status:

Apple has released Java updates to fix these issues.

References:

• Apple’s OS X March Java advisory
• Apple software downloads
• Apple security updates

This alert was researched and written by Corey Nachreiner, CISSP.

Homeland Secure IT Alert

An article over on CRN on March 15 entitled “Apple Safari Patch Shows Products Not Hacker Proof” is sure to get some people’s panties in a wad, but it does correctly post the facts, though it will fall short of educating the misled public that Apple products are not hacker proof.

This particular issue is that the WebKit browser engine used in Safari and Google’s Chrome has a multitude of “critical glitches”, 72 of them, that provides a large attack surface. Safari 5.1.4 has addressed these known vulnerabilities and you are encouraged to insure that update is in place.

One of the statements Marcus Carey with Rapid7 was quoted as saying in the above article is, ”Even just allowing employees to install iTunes on their machines exposes the organization to Safari/WebKit vulnerabilities”. That was said in regards to the need to manage the use of Apple laptops, tablets and smartphones when connected to a corporate network.

If you require assistance with any computer or network security related issue, please call us at 864.990.4748 – we provide service & support to the Greenville & Upstate, SC area!

The Advance Notification outlines 7 bulletins that cover updates from “important” to “critical” in Microsoft Windows (XP / Server 2003 / Vista / Server 2008) and Microsoft Developer Tools & Software.

Most will require a restart, or at least MAY require a restart.

On the Advance Notification page you can find out more about the updates coming your way on January 10th.

If you require assistance with these updates or any other security issue in the Greenville / Upstate SC area please call us at 864.990.4748 or email info@homelandsecureit.com

Last updated December 13, 2011

Microsoft has not left servers out of the mix at all, so you system admin types will be able to justify reboots for sure.

These patches cover everything from code execution to elevation of privileges and even Denial of Service on just about every version of the Windows OS, including XP, Server 2003 , Vista, Windows 7  and Server 2008 R2.

Please find the full list below, or visit HERE for a much pretty version…  If you require assistance with these or any other security related issues, please call us at 864.990.4748 or email info@homelandsecureit.com in the Greenville / Upstate, SC area.

Critical Security Bulletins

============================

MS11-083

- Affected Software:

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Important Security Bulletins

============================

MS11-085

- Affected Software:

- Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

MS11-086

- Affected Software:

- Windows XP Service Pack 3

- Active Directory Application Mode (ADAM)

- Windows XP Professional x64 Edition Service Pack 2

- Active Directory Application Mode (ADAM)

- Windows Server 2003 Service Pack 2

- Active Directory

- Active Directory Application Mode (ADAM)

- Windows Server 2003 x64 Edition Service Pack 2

- Active Directory

- Active Directory Application Mode (ADAM)

- Windows Server 2003 with SP2 for Itanium-based Systems

- Active Directory

- Windows Vista Service Pack 2

- Active Directory Lightweight Directory Service (AD LDS)

- Windows Vista x64 Edition Service Pack 2

- Active Directory Lightweight Directory Service (AD LDS)

- Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Active Directory and

Active Directory Lightweight Directory Service (AD LDS)

- Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Active Directory and

Active Directory Lightweight Directory Service (AD LDS)

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Active Directory Lightweight Directory Service (AD LDS)

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Active Directory Lightweight Directory Service (AD LDS)

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Active Directory and

Active Directory Lightweight Directory Service (AD LDS)

- Impact: Elevation of Privilege

- Version Number: 1.0

Moderate Security Bulletins

============================

MS11-084

- Affected Software:

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Denial of Service

- Version Number: 1.0

Be sure get your devices up to date…

• OS X Lion v10.7.2 and Security Update 2011-006
• iTunes 10.5
• Safari 5.1.1
• iOS 5 Software Update
• Numbers for iOS v1.5
• Pages for iOS v1.5
• Apple TV 4.4

If you require assistance applying updates to your business computers in the Greenville / Upstate, SC area, please call us at 864.990.4748 or email info@homelandsecureit.com….

This is from US-CERT, for your reading enjoyment:

National Cyber Alert System

Technical Cyber Security Alert TA11-256A

Microsoft Updates for Multiple Vulnerabilities

Original release date: September 13, 2011

Last revised: –

Source: US-CERT

Systems Affected

* Microsoft Windows

* Microsoft Office

* Microsoft Server Software

Overview

There are multiple vulnerabilities in Microsoft Windows, Microsoft

Server Software, and Microsoft Office. Microsoft has released

updates to address these vulnerabilities.

I. Description

The Microsoft Security Bulletin Summary for September 2011

describes multiple vulnerabilities in Microsoft Windows, Microsoft

Server Software, and Microsoft Office. Microsoft has released

updates to address the vulnerabilities.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code,

cause a denial of service, or gain unauthorized access to your

files or system.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the

Microsoft Security Bulletin Summary for September 2011. That

bulletin describes any known issues related to the updates.

Administrators are encouraged to note these issues and test for any

potentially adverse effects. In addition, administrators should

consider using an automated update distribution system such as

Windows Server Update Services (WSUS).

IV. References

* Microsoft Security Bulletin Summary for September 2011 -

<http://technet.microsoft.com/en-us/security/bulletin/ms11-sep>

* Microsoft Windows Server Update Services -

<http://technet.microsoft.com/en-us/wsus/default.aspx>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA11-256A.html>

These affect Apple Mac as well as Microsoft Windows…

Here’s the actual US-CERT Technical Cyber Security Alert:

National Cyber Alert System

Technical Cyber Security Alert TA11-222A

Adobe Updates for Multiple Vulnerabilities

Original release date: August 10, 2011

Last revised: –

Source: US-CERT

Systems Affected

* Shockwave Player 11.6.0.626 and earlier versions for Windows and Macintosh

* Flash Media Server 4.0.2 and earlier versions for Windows and Linux

* Flash Media Server 3.5.6 and earlier versions for Windows and Linux

* Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems

* Adobe Flash Player 10.3.185.25 and earlier versions for Android

* Adobe AIR 2.7 and earlier versions for Windows, Macintosh, and Android

* Adobe Photoshop CS5 and CS5.1 and earlier versions for Windows and Macintosh

* RoboHelp 9 (versions 9.0.1.232 and earlier), RoboHelp 8, RoboHelp Server 9, and RoboHelp Server 8 for Windows

Overview

There are multiple vulnerabilities in Adobe Shockwave Player, Flash

Media Server, Flash Player, Photoshop CS5, and RoboHelp. Adobe has

released updates to address these vulnerabilities.

I. Description

Adobe security bulletins APSB11-19, APSB11-20, APSB11-21,

APSB11-22, and APSB11-23 describe multiple vulnerabilities in Adobe

Shockwave Player, Flash Media Server, Flash Player, Photoshop CS5,

and RoboHelp. An attacker may use these vulnerabilities to run

malicious code or cause a denial of service on an affected system.

Adobe has released updates to address these vulnerabilities.

II. Impact

These vulnerabilities could allow an attacker to run malicious code

on the affected system or cause a denial of service.

III. Solution

Users of these Adobe products should review the relevant Adobe

security bulletins and follow the recommendations in the “Solution”

section.

APSB11-19: Security update available for Adobe Shockwave Player

APSB11-20: Security update available for Adobe Flash Media Server

APSB11-21: Security update available for Adobe Flash Player

APSB11-22: Security update available for Adobe Photoshop CS5

APSB11-23: Security updates available for RoboHelp

IV. References

* Security update available for Adobe Shockwave Player -

<http://www.adobe.com/support/security/bulletins/apsb11-19.html>

* Security update available for Adobe Flash Media Server -

<http://www.adobe.com/support/security/bulletins/apsb11-20.html>

* Security update available for Adobe Flash Player -

<http://www.adobe.com/support/security/bulletins/apsb11-21.html>

* Security update available for Adobe Photoshop CS5 -

<http://www.adobe.com/support/security/bulletins/apsb11-22.html>

* Security updates available for RoboHelp -

<http://www.adobe.com/support/security/bulletins/apsb11-23.html>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA11-222A.html>

—

If you require help, please call us at 864.990.4748 or email info@homelandsecureit.com

Homeland Secure IT Alert

Homeland Secure IT Alert for Thursday, June 09, 2011

Microsoft Patch Tuesday will soon be upon us again, and Microsoft has not let us down!  A little something for everyone….

The following is directly from their Advanced Notification for June 2011, released today:

********************************************************************

Microsoft Security Bulletin Advance Notification for June 2011

Issued: June 9, 2011

********************************************************************

This is an advance notification of security bulletins that Microsoft is intending to release on June 14, 2011.

The full version of the Microsoft Security Bulletin Advance Notification for June 2011 can be found at http://www.microsoft.com/technet/security/bulletin/ms11-jun.mspx.

This bulletin advance notification will be replaced with the June bulletin summary on June 14, 2011. For more information about the bulletin advance notification service, see http://www.microsoft.com/technet/security/bulletin/advance.mspx.

To receive automatic notifications whenever Microsoft Security Bulletins are issued, subscribe to Microsoft Technical Security Notifications on http://www.microsoft.com/technet/security/bulletin/notify.mspx.

Microsoft will host a webcast to address customer questions on these bulletins on June 15, 2011, at 11:00 AM Pacific Time (US & Canada). Register for the Security Bulletin Webcast at http://www.microsoft.com/technet/security/bulletin/summary.mspx.

Microsoft also provides information to help customers prioritize monthly security updates with any non-security, high-priority updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.

This advance notification provides a number as the bulletin identifier, because the official Microsoft Security Bulletin numbers are not issued until release. The bulletin summary that replaces this advance notification will have the proper Microsoft Security Bulletin numbers (in the MSyy-xxx format) as the bulletin identifier. The security bulletins for this month are as follows, in order of severity:

Critical Security Bulletins

===========================

Bulletin 1

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 2

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Microsoft Silverlight 4

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 3

- Affected Software:

- Microsoft Forefront Threat Management Gateway 2010 Client

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 4

- Affected Software:

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 5

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 6

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 7

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 8

- Affected Software:

- Windows XP Service Pack 3:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows XP Professional x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 with SP2 for Itanium-based Systems:

- Internet Explorer 6

- Internet Explorer 7

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Windows Vista Service Pack 2:

- Internet Explorer 9

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Windows Vista x64 Edition Service Pack 2:

- Internet Explorer 9

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for 32-bit Systems Service Pack 2:

- Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems Service Pack 2:

- Internet Explorer 9

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2:

- Internet Explorer 7

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1:

- Internet Explorer 8

- Internet Explorer 9

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

- Internet Explorer 8

(Windows Server 2008 R2 Server Core installation

not affected)

- Internet Explorer 9

(Windows Server 2008 R2 Server Core installation

not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1:

- Internet Explorer 8

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 9

- Affected Software:

- Windows XP Service Pack 3:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows XP Professional x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 x64 Edition Service Pack 2:

- Internet Explorer 6

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2003 with SP2 for Itanium-based Systems:

- Internet Explorer 6

- Internet Explorer 7

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2:

- Internet Explorer 7

- Internet Explorer 8

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2:

- Internet Explorer 7

(Windows Server 2008 Server Core installation not affected)

- Internet Explorer 8

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2:

- Internet Explorer 7

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1:

- Internet Explorer 8

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1:

- Internet Explorer 8

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

- Internet Explorer 8

(Windows Server 2008 R2 Server Core installation

not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1:

- Internet Explorer 8

- Impact: Remote Code Execution

- Version Number: 1.0

Important Security Bulletins

============================

Bulletin 10

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Information Disclosure

- Version Number: 1.0

Bulletin 11

- Affected Software:

- Microsoft Excel 2002 Service Pack 3

- Microsoft Excel 2003 Service Pack 3

- Microsoft Excel 2007 Service Pack 2

- Microsoft Excel 2010 (32-bit editions)

- Microsoft Excel 2010 (64-bit editions)

- Microsoft Office 2004 for Mac

- Microsoft Office 2008 for Mac

- Microsoft Office for Mac 2011

- Open XML File Format Converter for Mac

- Microsoft Excel Viewer Service Pack 2

- Microsoft Office Compatibility Pack for

Word, Excel, and PowerPoint 2007 File Formats Service Pack 2

- Impact: Remote Code Execution

- Version Number: 1.0

Bulletin 12

- Affected Software:

- Windows XP Service Pack 3

- Windows XP Professional x64 Edition Service Pack 2

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2003 with SP2 for Itanium-based Systems

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Elevation of Privilege

- Version Number: 1.0

Bulletin 13

- Affected Software:

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Impact: Denial of Service

- Version Number: 1.0

Bulletin 14

- Affected Software:

- Windows Vista Service Pack 1 and

Windows Vista Service Pack 2

- Windows Vista x64 Edition Service Pack 1 and

Windows Vista x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

- Windows Server 2008 for Itanium-based Systems and

Windows Server 2008 for Itanium-based Systems Service Pack 2

- Windows 7 for 32-bit Systems and

Windows 7 for 32-bit Systems Service Pack 1

- Windows 7 for x64-based Systems and

Windows 7 for x64-based Systems Service Pack 1

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

- Windows Server 2008 R2 for Itanium-based Systems and

Windows Server 2008 R2 for Itanium-based Systems

Service Pack 1

- Impact: Denial of Service

- Version Number: 1.0

Bulletin 15

- Affected Software:

- Microsoft InfoPath 2007 Service Pack 2

- Microsoft InfoPath 2010 (32-bit editions)

- Microsoft InfoPath 2010 (64-bit editions)

- SQL Server 2005 Service Pack 3

- SQL Server 2005 x64 Edition Service Pack 3

- SQL Server 2005 for Itanium-based Systems Service Pack 3

- SQL Server 2005 Service Pack 4

- SQL Server 2005 x64 Edition Service Pack 4

- SQL Server 2005 for Itanium-based Systems Service Pack 4

- SQL Server 2005 Express Edition Service Pack 3

- SQL Server 2005 Express Edition Service Pack 4

- SQL Server 2005 Express Edition with Advanced Services

Service Pack 3

- SQL Server 2005 Express Edition with Advanced Services

Service Pack 4

- SQL Server Management Studio Express (SSMSE) 2005

- SQL Server Management Studio Express (SSMSE) 2005 x64 Edition

- SQL Server 2008 for 32-bit Systems Service Pack 1

- SQL Server 2008 for x64-based Systems Service Pack 1

- SQL Server 2008 for Itanium-based Systems Service Pack 1

- SQL Server 2008 for 32-bit Systems Service Pack 2

- SQL Server 2008 for x64-based Systems Service Pack 2

- SQL Server 2008 for Itanium-based Systems Service Pack 2

- SQL Server 2008 R2 for 32-bit Systems

- SQL Server 2008 R2 for x64-based Systems

- SQL Server 2008 R2 for Itanium-based Systems

- Microsoft Visual Studio 2005 Service Pack 1

- Microsoft Visual Studio 2008 Service Pack 1

- Microsoft Visual Studio 2010

- Impact: Information Disclosure

- Version Number: 1.0

Bulletin 16

- Affected Software:

- Windows Server 2003 Service Pack 2

- Windows Server 2003 x64 Edition Service Pack 2

- Windows Server 2008 for 32-bit Systems and

Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 for x64-based Systems and

Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation not affected)

- Windows Server 2008 R2 for x64-based Systems and

Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation not affected)

- Impact: Elevation of Privilege

- Version Number: 1.0

If you require help with these updates or any other security related matter, please feel free to call upon us in the Greenville / Upstate, SC area at 864-990-4748 or email info@homelandsecureit.com

Homeland Secure IT Alert

Homeland Secure IT Alert

Homeland Secure IT Alert for Monday, April 11th, 2011

You’ve waited a whole month for this, and Microsoft has not let you down.  Updates galore are ‘a comin’ tomorrow, April 12th, 2011.

The Microsoft Security Bulletin Advance Notification states that this Patch Tuesday will be a big one. A total of 17 fixes, addressing 64 security vulnerabilities are there for your enjoyment and they cover just about everything, from current versions of Microsoft Windows Operating Systems to Microsoft Office and even Microsoft Windows Server PowerPoint web app.

There are  9 critical, 8 important and two which address information disclosure/privilege threats.

One important update is the cumulative fix for the Internet Explorer browser which will address every supported Windows OS and covers IE 6, IE 7 and IE 8.

Microsoft will be sponsoring a webcast on April 13th at 11AM Pacific here: https://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032455069&EventCategory=4

Should you have issues or concerns about these updates or any Microsoft Security or Support questions in the Greenville / Upstate, SC area, please call us at 864.990.4748 or email info@homelandsecureit.com

Homeland Secure IT Alert

The Java applet loading bug does not appear to create new security vulnerabilities, so you should be secure if you updated to 3.6.14, but I do not believe I would hesitate to update to the latest, just in case. Just to be clear, this does affect both Microsoft Windows and Apple Mac users.

This information comes courtesy of the WatchGuard security forum…  Here’s a quote from that posting about upgraded to Firefox 4 BETA:

On the subject of Firefox, if you’re an adventurous user who likes to adopt the latest and greatest as early as possibly, you might want to give Firefox 4 BETA a whirl. I’ve downloaded it myself, and it seems to have sped up my browsing experience a bit. Mozilla also ensures that the latest BETA contain the same security fixes as 3.6.15. - Corey Nachreiner, CISSP

Homeland Secure IT is your Greenville / Upstate, SC WatchGuard Partner, offering sales, service & support! Please call 864.990.4748 or email info@homelandsecureit.com if you require assistance with network or computer service or security…

Homeland Secure IT Alert

Secure IT Alert for Friday, February 11th, 2011

Adobe has beat out Microsoft for the number of vulnerabilities addressed on Patch Tuesday with the unleashing of a plethora of patches for their Acrobat, Reader, Coldfusion, Shockwave Player and Flash Player.

Reader’s updates are considered CRITICAL and there 29 holes that are plugged… Shockwave comes in second with 21 CRITICAL vulnerabilities fixed, followed by Flash with 13 CRITICAL. These are for Windows, Mac OSX, Linux and Solaris.

The 5 Coldfusion vulnerabilities affect the security of Microsoft Windows, Mac OSX and Unix. Though this update is labeled as only “IMPORTANT”, I wouldn’t skip it!

The long and short of this is – Update! Also be sure to keep your anti-virus / anti-malware current.

If you are in the Greenville / Upstate, SC area and need assistance, please email info@homelandsecureit.com or call 864.990.4748

Homeland Secure IT Alert

Homeland Secure IT Alert

Secure IT Alert for Wednesday, February 9th, 2011

The February 2011 Patch Tuesday was not boring…   Updates include something for everyone.  Basically every current Microsoft Windows OS version was addressed.

The big one was the IE Update that fixed four code execution holes in the popular web browser.

In addition to fixing thumbnail and font vulnerabilities which mainly affect desktop users, several updates are very important for your servers.

Windows Server has an Active Directory DoS potential, elevation of privileges vulnerabilities from Client/Server Run-time SubSystem (CSRSS), LSASS, Kerberos  & multiple kernel related issues and an Information Disclosure Vulnerability from scripting engines… Most of these are for XP & Windows Server 2003 but the scripting issue affects Windows 7 & Server 2008 R2 only.

As with most of these, Server Core is not affected.

Please apply the appropriate patches ASAP.  Windows Update should be run, or if you are using WSUS, it should handle this for you.

But wait, there’s more!

Microsoft Visio 2002, 2003 and 2007 are vulnerable to code execution… More information is available in the MS11-008 Security Bulletin. This does not affect Visio 2010 or Visio 2007/2010 Viewer.

The Windows IIS FTP service running on Windows Vista, Windows 7, Server 2008 and Server 2008 R2 suffers from a buffer overflow vulnerability which if exploited could cause a DoS (Denial of Service) or worse, allow an attacker to obtain full control of the server. This one is likely the most severe of the updates and should be addressed immediately!

Should you require assistance, or have questions, please call us at 864.990.4748 or email info@homelandsecureit.com. We offer Microsoft Support in Greenville and Upstate, SC.

Homeland Secure IT Alert