It’s Another New Record And For All The Wrong Reasons

It’s Tuesday, and we all know what fun event happens on Tuesdays.

Patch Tuesday brings record harvest of security fixes

Run Windows? Notice a little icon toward the bottom right of the screen that wasn’t there last night? Please don’t ignore it. That icon is your cue to take part in the monthly Microsoft ritual called Patch Tuesday.

For this month, Microsoft shipped a set of 16 patches that close a record 49 vulnerabilities in such software as Internet Explorer, Word and Windows Media Player.

Many of these holes allow a remote takeover of your computer, in some cases after you do nothing wrong beside visit the wrong Web page. One such opening has frequently been exploited by the Stuxnet worm that’s been running around the world.

Your computer should at least download, if not download and install, these updates for you. But if not, don’t reject Windows’ attempt to help you out. Click that icon, look over the resulting list of security updates, and install them.

See also:
Microsoft security updates for October 2010
Microsoft Plugs a Record 49 Security Holes
It’s Microsoft Patch Tuesday: October 2010
Microsoft Unleashes Massive Security Patch
Microsoft fixes record 49 holes, including Stuxnet flaw
Microsoft Releases Biggest-ever Security Update
Patch Tuesday: Critical flaws haunt Microsoft Office, IE browser
Microsoft Patches Stuxnet Vulnerability in Massive Security Update
Microsoft releases fixes for record number of vulns
Microsoft aims barrage of fixes at Stuxnet and more

So, you know what to do, clean up after Microsoft’s crappy software before someone remotely takes over your computer with a worm and you become part of the problem.

/unless you’re Iranian, in which case there’s a special set of patches coming out for your computers and they download and install themselves so you don’t even need to worry about this latest bulletin

Advertisements

If It’s Tuesday It Must Be Time To Patch Windows Again

Microsoft issues urgent Windows, Office security patches

Microsoft today released patches for 26 recently-discovered security holes affecting users of Windows and Office. It is urging companies, in particular, to prioritize patching certain vulnerabilities that are likely to precipitate active cyberattacks within the next 30 days.

The most worrisome security holes are easy for cybercriminals to exploit. Bad guys routinely reverse engineer Microsoft’s patches and quickly create and spread malicious programs designed to seek out and take of control of PCs that aren’t current on patching, security experts say.

Microsoft normally issues security updates on the second Tuesday of each month, known as Patch Tuesday. Most home PC users get security updates automatically, via Windows auto update. Home users just need to follow prompts to restart their PCs, once the patches are downloaded to their harddrives.

However, corporations typically take weeks to test security updates and install them company wide. “While everyone has been focused on the volume of updates today, it should be noted that there are 12 vulnerabilities with Microsoft’s highest exploitability rating,” says Sheldon Malm, senior director of security at vulnerability management firm Rapid 7. “This certainly raises the bar for customers to plan, test, and rollout these updates more quickly than usual.”

See also:
Microsoft Security Bulletin Summary for February 2010
Microsoft Plugs 26 Vulnerabilities With 13 Patches In Record Update
Microsoft delivers huge Windows security update
Microsoft Fixes 26 Vulnerabilities In Windows, Office
Slew of Critical Updates from Microsoft
Microsoft Fixes Windows Security Vulnerabilities in Patch Tuesday Update
Microsoft warns of TLS/SSL flaw in Windows

/lovely software, by now you should know the patching drill

Microsoft Cleans Up After Chinese Hack Of Google, Obama Turns The Other Cheek

Microsoft to release patch for IE hole on Thursday

Microsoft said on Wednesday that it will release on Thursday a patch to fix the latest hole in Internet Explorer that was used in the China-based attack on Google and for which an exploit has been released on the Internet since last week.

The company plans to release the patch as close to 10 a.m. PST on Thursday as possible and host a public Webcast at 1 p.m. PST, according to the security advisory.

Microsoft continues to see limited attacks and has only seen evidence of successful attacks against Internet Explorer 6, according to Jerry Bryant, senior security program manager at Microsoft.

“This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical,” he said in a statement.

“It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicized,” Bryant said. “We recommend that customers install the update as soon as it is available. For customers using automatic updates, this update will automatically be applied once it is released.”

Vulnerable software is IE 6 on Microsoft Windows 2000 and IE 6, 7, and 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, Microsoft said.

So, while China continues its relentless, covert cyberwar against U.S. and other Western commercial, government, and military targets, stealing information and secrets and causing economic and national security damage to our computer networks, guess what the Obama administration has decided to do, against the advice of U.S. intelligence officials and experts?

China removed as top priority for spies

The White House National Security Council recently directed U.S. spy agencies to lower the priority placed on intelligence collection for China, amid opposition to the policy change from senior intelligence leaders who feared it would hamper efforts to obtain secrets about Beijing’s military and its cyber-attacks.

The downgrading of intelligence gathering on China was challenged by Director of National Intelligence Dennis C. Blair and CIA Director Leon E. Panetta after it was first proposed in interagency memorandums in October, current and former intelligence officials said.

The decision downgrades China from “Priority 1” status, alongside Iran and North Korea, to “Priority 2,” which covers specific events such as the humanitarian crisis after the Haitian earthquake or tensions between India and Pakistan.

The National Security Council staff, in response, pressed ahead with the change and sought to assure Mr. Blair and other intelligence chiefs that the change would not affect the allocation of resources for spying on China or the urgency of focusing on Chinese spying targets, the officials told The Washington Times.

White House National Security Council officials declined to comment on the intelligence issue. Mike Birmingham, a spokesman for Mr. Blair, declined to comment. A CIA spokesman also declined to comment.

But administration officials, speaking on the condition of anonymity, said the new policy is part of the Obama administration’s larger effort to develop a more cooperative relationship with Beijing.

See also:
Microsoft Security Bulletin Advance Notification for January 2010
New IE hole exploited in attacks on U.S. firms
Microsoft Scrambles to Patch Browser
Microsoft patching “Google hack” flaw in IE tomorrow
Microsoft Security Bulletin MS10-002 Coming Thursday for IE Zero-Day
Microsoft to issue “Google attack” browser patch
Microsoft to issue emergency IE patch Thursday
Microsoft will issue emergency IE patch on Thursday
China removed as top priority for spies
China no longer top priority for intelligence gathering: White House
‘China no longer top priority for intelligence gathering’
China: Still an Intelligence Priority

Relax, don’t worry, the country is in the very best of hands.

/Obama’s NSC, more than a dozen morons stuffed in a four passenger clown car

Bill Gates Strikes Again

Microsoft warns of serious computer security hole

Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn’t fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims’ machines. The victims don’t need to do anything to get infected except visit a Web site that’s been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

The so-called “zero day” vulnerability disclosed by Microsoft affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft’s Web site, while the company works on a “patch” — or software fix — for the problem.

See also:
Microsoft Security Advisory (972890)
Microsoft: Attacks on Unpatched Windows Flaw
Windows users ambushed by attack on fresh IE flaw
Hackers exploit second DirectShow zero-day using thousands of hijacked sites
New attack code targets Microsoft ActiveX zero-day vulnerability
Zero-Day Video Exploit Hits Windows XP
Zero-day Windows flaw fuels IE attacks

/let’s have a big round of applause for Bill and his magnificent software

You’re Going To Get IE8 Whether You Like It Or Not

Microsoft tired of waiting

Microsoft, disappointed by the low adoption rate for the company’s latest iteration of its Internet Explorer web browser, will from next week begin pushing the software to computer users through the Windows automatic update feature.

The target in the drive to expand use of Internet Explorer 8 (IE8) is the more than 90% of the IE user base still on versions six and seven. According to research firm Net Applications, IE8’s share of the IE market has reached 4.36% but overall IE share dropped to 60.90% this month.

See also:
Microsoft to start pushing IE 8 browser
Microsoft To Push Automatic Rollout For Internet Explorer 8
Internet Explorer 8 to hit Automatic Update
Microsoft rolls out automatic Internet Explorer 8 update
Why you should not install Internet Explorer 8
Internet Explorer 8 has good, bad sides

I tried installing IE8 a couple times a month or so ago, but it refused to open some of the websites on my Favorites list so I uninstalled it and went back to IE7.

/so, you’ve been warned, if you don’t want IE8, pay attention to which automatic updates you install next week