Tuesday Fun With Microsoft

The new patches are here, the new patches are here!

Microsoft Patches 17 Bugs in December Patch Tuesday

Microsoft fixed 17 bugs in the Windows operating system, Microsoft Office, Windows Media Player and Internet Explorer. The fixes also cover a zero-day flaw exploited by the Duqu Trojan.

Microsoft released 13 security bulletins to fix 17 different vulnerabilities as part of its December Patch Tuesday update, according to the advisory released Dec. 8. Three bulletins were marked critical and the remaining 10 were rated important.

See also:
Microsoft Security Bulletin Summary for December 2011
Merry Christmas! Microsoft Plans Massive Patch Tuesday to Close 2011
Last Patch Tuesday of 2011 Secures Windows XP, Vista, Windows 7
December 2011 Patch Tuesday sees 13 Microsoft bulletins, Duqu patch
Microsoft fixes 20 bugs in year’s last ‘Patch Tuesday’
Microsoft to patch three critical holes
Microsoft slims final patch Tuesday of 2011 to 13 patches from proposed 14
No BEAST fix from Microsoft in December patch batch
Microsoft fixes Duqu hole, but not BEAST problem
Microsoft scratches BEAST patch at last minute, but fixes Duqu bug
December Patch Tuesday Fixes Duqu Worm
‘Duqu’ zero-day Windows flaw patched this week
Microsoft: Duqu patched, bringing years total to 99 corrections

Well, it’s a good thing that Microsoft finally patched against the Duqu virus, better late than never, as they say. What are you waiting for? Start installing your gifts!

/at least you can’t say Microsoft didn’t get you anything for the Holidays

Don’t Get Caught In The Crossfire

The Duqu virus is squarely aimed at Iran’s nuclear program. Unless you’re connected with Iran’s nuclear program, your chances of being directly targeted are extremely low. However, Microsoft was freaked out enough to issue a security bulletin for Windows users. So, better safe than sorry, protect yourself against the possibility of becoming collateral damage in an epic, upcoming attack.

Microsoft issues Duqu virus workaround for Windows

Microsoft has issued a temporary fix to the pernicious Duqu virus — also known as “Son of Stuxnet” — which could affect users of Windows XP, Vista, Windows 7 as well as Windows Server 2008.

The company promised the security update earlier this week as it races to deal with the virus, which targets victims via email with a Microsoft Word attachment. The virus is not in the email, but in the attachment itself. A Symantec researcher said if a user opens the Word document, the attacker could take control of the PC, and nose around in an organization’s network to look for data, and the virus could propagate itself.

See also:
Microsoft Security Advisory (2639658)
Microsoft software bug linked to ‘Duqu’ virus
Microsoft Provides Workaround Patch for Duqu Malware
Microsoft announces workaround for the Duqu exploit
Microsoft Issues Temporary Duqu Workaround, Plans 4 Patch Tuesday Fixes
Six Ways to Protect Yourself from Duqu
Microsoft Airs Temporary Fix to Defeat Duqu Worm
Microsoft Releases Temporary Plug For Duqu
Duqu exploits same Windows font engine patched last month, Microsoft confirms
5 Things To Do To Defend Against Duqu
Microsoft issues temporary ‘fix-it’ for Duqu zero-day
Patch Tuesday: Fix for ‘Duqu’ zero-day not likely this month

Is it just me or doesn’t it seem a bit more than odd that Microsoft, a company with close ties to and a past history of working with U.S. intelligence agencies, would publicly issue a workaround to defend against a specific piece of malware that, by many accounts, is being actively and currently used by U.S. intelligence agencies to set up and facilitate an upcoming attack, in cyberspace or otherwise, against Iran’s nuclear program? I mean, it’s not like the Iranians can’t read English, why help them defend against Duqu? Hmmm, something’s not quite right here.

/whatever’s going on, and something is going on, it’s way above my pay grade, but when the endgame comes, don’t forget to duck

Do The Microsoft Patch Dance

The dance that never ends.

Microsoft Patch

Microsoft released 13 security bulletins, patching 22 vulnerabilities across its product line, including two critical updates affecting Internet Explorer and the Windows DNS Server.

While Microsoft issued fewer updates this month, August was still marked as a busy month for system administrators. Adobe Systems Inc., which issues fixes on a quarterly cycle, issued a critical security update late Tuesday, repairing seven flaws in its Shockwave Player, more than a dozen holes in its Flash Player and an error in its Flash Media Server.

Microsoft addressed seven vulnerabilities in Internet Explorer including two zero-day flaws. According to MS11-057, Microsoft said an attacker who successfully exploited any of the vulnerabilities could gain the same user rights as the local user. Microsoft said the most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer

. . .

Another noteworthy bulletin is MS11-065, which resolves a vulnerability in the Remote Desktop Protocol. Although the security bulletin is rated important for users of Windows Server 2003, Miller said Microsoft has seen attacks targeting the flaw in the wild. The flaw can be targeted if an attacker sends a malicious remote desktop protocol connection request to the victim’s computer which could cause the system to crash.

See also:
Microsoft Security Bulletin Summary for August 2011
Microsoft Fixes IE, Windows DNS Server Flaws In Patch Tuesday Update
Microsoft Patches 22 Security Holes
Microsoft Security Patch Fixes 20-Year-Old Flaw
Microsoft fixes 22 security bugs
Microsoft’s August Patch Tuesday security update to tackle critical flaws in IE and Windows Server
Your Microsoft Patch Tuesday update for August 2011
Microsoft to Fix 22 Software Flaws in Its August Patch Tuesday Update
Hefty Microsoft August Patch Delivers 13 Security Fixes
IE, Windows server bugs likely to be exploited soon
Microsoft expecting exploits for critical IE vulnerabilities
Microsoft Update

Get busy downloading.

/so, until the next Patch Tuesday . . .

Budget Hero 2.0

Find out how hard it really is to get us out of the economic mess we’re in. Do you have a better fiscal plan than Paul Ryan’s road map, can you destroy the country as quickly as Obama’s reckless spending spree?

Computer game gives people shot at managing budget

Think you might do better than President Barack Obama and congressional leaders in picking and choosing what government spending to cut — or taxes to raise — to stave off a debt showdown that could wreck the economy? A new computer game gives you, too, the chance to play “Budget Hero.”

“Budget Hero 2.0” is an update of an original version that came out in 2008. It shows players just how difficult it might be to carry out their grand policy objectives — universal health care, extending the Bush tax cuts or ending foreign aid — and still keep the government from either becoming irrelevant, or going broke.

“Our timing turns out to be perfect,” said former Rep. Jane Harman, D-Calif., who resigned this year to head the Woodrow Wilson Center, a nonpartisan think tank that developed the game with American Public Media.

Play the game:

Budget Hero 2.0

See also:
Budget Hero 2.0: Fun with debt ceilings!
Get Ready To Get Your Game On And Save The Country! (Civic Duty Meets Casual Gaming)
Computer Game Lets You Be a ‘Budget Hero’
Computer game gives people shot at managing budget
New Game Allows Users to Take a Crack at the Debt Ceiling
Computer game offers a chance to solve fiscal crisis
Woodrow Wilson International Center for Scholars
Woodrow Wilson International Center for Scholars
American Public Media
American Public Media

Okay, okay, so the game was developed by Lefties, as disclosed above. It’s still somewhat amusing, factual, and pertinent to our current predicament.

/give it a whirl, be a Budget Hero

Tuesday Fun With Microsoft

Give it up for Patch Tuesday, everyone’s favorite day of the month. Try and contain your excitement.

Microsoft Patch Tuesday Targets Four Bugs, One Critical

Microsoft on Tuesday issued three security bulletins that tackle four vulnerabilites. Just one of the vulnerabilities is rated critical. The other three are essentially the same bug, despite the fact that they affect three different products.

The first bug, MS11-015, describes two vulnerabilities in Windows Media. One, the only rated critical in this group, is a bug in Windows Media Center and Windows Media Player related to the handling of .dvr-ms files. It can lead to remote code execution in the context of user.

The other Windows Media bug, specifically in Microsoft DirectShow, is another instance of the insecure DLL loading bug that Microsoft and other vendors have been fixing for months. MS11-016 describes this bug in Microsoft Groove 2007 and MS11-017 describes it in the Windows Remote Desktop client.

Microsoft also released non-security updates today, including the monthly Windows Malicious Software Removal Tool, the update for the Windows Mail Junk E-mail Filter, and an update “to resolve issues” in Windows 7 and Windows Server 2008 R2.

See also:
Microsoft Security Bulletin Summary for March 2011
Microsoft Fixes Four Flaws
Microsoft patches critical Windows drive-by bug
Microsoft fixes critical Windows hole, others
Microsoft Patch Tuesday – three fixes for March, one critical, all ring coding alarms
Patch Tuesday: Gaping security hole in Windows Media Player
Critical Patch Tuesday Flaw Easy to Exploit
Go Plug Your Critical Hole
Microsoft Patch Tuesday leaves MHTML bug unchecked
Zero-day IE flaw not in Microsoft Patch Tuesday
Patch Tuesday Will Skip IE Before PWN2OWN Contest
March Patch Tuesday leaves IE unpatched for Pwn2Own hackers
Microsoft Releases Zero IE8 Security Updates Before “Pwn2Own” Browser Hacking Contest
Windows fix on Patch Tuesday ‘breaks’ VMware software
Microsoft Windows 7 Patches Wreak Havoc With VMware View
Windows 7 Update Breaks VMware Connection
Windows Update

As usual, Microsoft releases a patch that doesn’t even fix all the known issues and doesn’t play well with third party software. Particularly amusing is the fact that Microsoft is waiting to issue further patches until after a hacker contest is over fearing, with good reason, that the hackers will find even more Windows vulnerabilities.

/Microsoft Windows and Swiss cheese, what’s the difference?

It Must Be Tuesday Again

Because Microsoft comes bearing gifts.

Patch Tuesday: Critical security holes in Microsoft Office

Microsoft has shipped a patch for to fix several critical security holes affecting its Office productivity suite and warned that hackers can use RTF (Rich Text Format) e-mails to launch code execution attacks.

The MS10-087 bulletin, which is considered a high-priority update, patches a total of 5 documented vulnerabilities affecting all currently supported Microsoft Office products.

It is rated critical for Office 2007 and Office 2010 because of a preview pane vector in Microsoft Outlook that could trigger the vulnerability when a customer views a specially crafted malicious RTF file, the company explained.

The update also patches the DLL load hijacking attack vector that haunted multiple Windows applications, including Microsoft’ own Office software.

Microsoft urges Office users to consider this a “top priority bulletin” and warned that reliable exploit code is likely within the next 30 days.

As part of the November Patch Tuesday release, the company also patched a pair of security flaws in Microsoft PowerPoint and four documented flaws in Unified Access Gateway (UAG), which is a component of Microsoft Forefront.

See also:
Microsoft Security Bulletin MS10-087 – Critical
Microsoft Office Takes Center Stage for Patch Tuesday
Small, But Serious Patch Tuesday
Microsoft Patch Tuesday: Updates for Office and Forefront
Microsoft patches critical Outlook drive-by bug
Microsoft plugs hole related to Word-launched e-mails
Microsoft Patch Tuesday Update Will Not Fix IE Flaw
IE zero-day vulnerability not part of light Patch Tuesday
Microsoft tiny Patch Tuesday has no IE fix
Microsoft’s Patch Tuesday for November does not include a fix for a zero-day flaw in Internet Explorer
Windows Update

Well, apparently Microsoft didn’t quite get to fixing everything that’s wrong with their software this time around, but you had better install the patch anyway.

/so, until next time, and you know there will be a next time . . .

If It’s Thursday, It Must Be Time To Patch Flash

If you watch YouTube videos or read PDF files, you’re gonna want to pay attention.

After attacks, Adobe fixes Flash bug

Less than a week after fielding reports that hackers were targeting a bug in its Flash Player software, Adobe Systems has rushed out a fix for the problem.

Adobe’s new 10.1 Flash update, released Thursday, fixed a bug that was first spotted via a small number of targeted attacks late last week.

According to Symantec, these Flash attacks are still not widespread, but users should update their Flash software as soon as possible. “We have been seeing a small but steady rise in detections of related malicious PDFs and we expect to continue to see these numbers increase over the coming hours and days,” the security vendor said in a statement.

Criminals have been exploiting the flaw using malicious Flash swf files, which are typically opened by the Web browser’s Flash Player plugin, or via PDFs that have maliciously encoded Flash components embedded inside them, Adobe said Thursday. Those malicious PDFs are typically opened by Reader or Acrobat, which include their own versions of Flash Player that have not yet been patched. That fix is due June 29.

Thursday’s update includes an unusually large number of security bug-fixes, 32 in all. “It’s a huge number of bugs fixed, something along the lines of what we’d expect of Apple,” said Andrew Storms, director of security operations with nCircle Network Security.

Adobe’s Flash and Reader software have emerged as prime hacking targets in the past year, and the company is toying with the idea of releasing more frequent security updates to keep pace.

See also:
Adobe Flash Player version 10.1
Exploit for new Flash vulnerability spreading fast
Adobe releases Flash 10.1 and patch bundle
Adobe Issues Massive Flash Security Update
Adobe plugs 32 security holes in ‘critical’ Flash Player patch
Adobe Issues Security Patch
Adobe Flash Player 10.1 released for Windows, Mac, Linux
Adobe debuts What Jobs Hates™ v10.1
Adobe Releases Flash Player 10.1, AIR 2
Adobe releases Flash Player 10.1 for Mac
Adobe Reader 9.3
Adobe Systems

Be careful, the Flash update tries to install Google Toolbar by default. So, unless you want Google Toolbar, make sure you uncheck the box for Google Toolbar before you hit the install button. If Google Toolbar gets mistakenly installed, you can always uninstall it using Control Panel/Add or Remove Programs.

/damn, I hate it when software vendors try and tack on unrelated, third party software by default to the software download you actually want to install

Here Comes The Second Wave Of Jew Haters Bent On Jihad Against Israel

******************************UPDATE******************************

Attackers of the IDF soldiers found to be Al Qaeda mercenaries

On board the Mavi Marmara ship that arrived as part of the flotilla to Gaza was a group of approximately 40 people with no identification papers, who are mercenaries belonging to the Al Qaeda terror organization. This was disclosed by the Israeli Security Cabinet, which gathered on Tuesday evening (June 1) for a special meeting.

According to intelligence disclosed during that meeting, the terrorists wore bullet-proof vests, and carried with them night-vision goggles, weapons, and large sums of cash. Each person in this group had the exact same amount of cash in his pockets. While the civilian protestors were sent to the lower deck during the Shayetet Naval Special Force’s interception of the ship, the group divided into cells and remained on the upper deck in order to attack the soldiers.

Shocka!

/”peace flotilla” my ass!

******************************END UPDATE******************************

After last weekend’s incident on board the Mavi Marmara which, unlike the the other five ships in the “peace flotilla”, was the only ship that refused to divert to the port of Ashdod, it’s clear that the “peace activists” aboard the Mavi Marmara weren’t much interested in bringing “much needed humanitarian aid” to Gaza because, as it turns out, there’s no shortage in Gaza of any of the supplies they were transporting. The truth is that, for the most part, those on board the Mavi Marmara were jihadists, comitted to the destruction of Israel, sent by a group with links to Al-Qaeda, with the sole intention of provoking the IDF and hating on the Jews.

A participant: “Right now we face one of two happy endings: either Martyrdom or reaching Gaza.” [Based on Islamic call before battle: “Either victory or Martyrdom”.]

/Michael Ramirez

But while The Israelis are busy in Ashdod deporting the jihadi Jew haters from the first wave of the armed with weapons “peace flotilla” and sending their unneeded cargo on to Gaza, here comes the second wave of Jew haters, just itching for their turn to provoke the IDF and hate on the Jews!

And what might be the name of their second “peace flotilla” flagship? Wait for it . . . drumroll please . . .

“Introducing the MV Rachel Corrie”

The 1200-ton cargo ship had been abandoned in July 2009, off the coast of Ireland. She was then impounded after an inspection by the International Transport Federation (ITF) discovered her owners had exploited their Lithuanian crewmembers – not paying their wages and subjecting them to humiliating treatment, and they had been left with just one day of food. The 42-year-old MV Linda languished for nine months, waiting in the port of Dundalk for just the right buyer to rescue her. http://www.flickr.com/photos/29205195@N02/

On March 31, 2010, the Free Gaza Movement bought her at auction for €70,000 and will send her to the imprisoned Palestinians of Gaza loaded with cement, paper, and medical equipment, all banned by Israel from this battered and bruised slice of the Mediterranean.

Ah, yes siree Bob, what could possibly be more perfect than a “peace flotilla” flagship named after that internationally famous, peace loving “peace activist” and rabid Jew hater, Rachel Corrie?

Activists on ‘Rachel Corrie’ undeterred by Israeli action

THE DELAYED Free Gaza Movement’s cargo ship Rachel Corrie yesterday assumed a holding position in the eastern Mediterranean, poised to make a fresh attempt to reach Israeli-blockaded Gaza.

Organiser Greta Berlin said the ship was waiting for Challenger II , a small passenger boat which suffered failure of its steering gear while preparing for the passage.

The two vessels, their crews and passengers are undeterred by the Israeli commando operation against the flotilla which cost the lives of nine passengers and climaxed in the detention of the other 679 on board.

The Rachel Corrie , which began its voyage in Ireland, was named after a young US woman killed by an Israeli bulldozer demolishing Palestinian homes in Gaza.

Among those on board are Nobel Prize laureate Mairead Maguire and former UN assistant secretary general Denis Halliday.

Ms Berlin said the ships would be picking up other human rights activists and journalists before attempting the passage which Israel has vowed to stop.

“Israel can haul the Rachel Corrie into Ashdod as it did the other boats or show goodwill to the world by allowing her to proceed to Gaza,” she stated.

See also:
Irish aid boat holds course towards Gaza despite Israel warning
Aid ship Rachel Corrie still heading for Gaza
Gaza flotilla update: Ireland’s MV Rachel Corrie still headed for Gaza
IPSC: MV Rachel Corrie continues en route to Gaza as all-party Dail motion calls for its safe passage
Irish aid vessel still sailing for Gaza, ‘most serious consequences’ promised if passengers harmed
The Lone Ship of the Freedom Flotilla: The Rachel Corrie MV Continues to Sail Towards Gaza in Defiance of Israeli Threats
Ireland to Israel: Let new aid ship break Gaza blockade
Gaza flotilla ship pays tribute to fallen activist
Rachel Corrie ship sets sail for Gaza
Free Gaza Movement
Free Gaza Movement
The “Humanitarian Relief” Wing of Hamas and Al-Qaeda
Foundation for Human Rights and Freedom and Humanitarian Relief
Insani Yardim Vakfi
IHH (İnsani Yardım Vakfı)

Of course, the Rachel Corrie will never make it to Gaza and will end up in Ashdod with the rest of the “peace flotilla”, but the real mission will be nonetheless accomplished, provoke the IDF and hate on the Jews. Islamists, Lefties, and Lefty governments worldwide will be outraged that the Jew haters weren’t allowed to freely run a well publicized, long standing naval blockade of Gaza and condemn Israel for defending herself against weapons smuggling into Gaza, from which Hamas has launched thousands of rockets into Israel. And so it goes, same as it ever was.

/why is the IDF even bothering to try and board these ships after they refuse to stop, whatever happened to the tried and true practice of disabling the rudder and leaving it at that?

Modern Warfare 2, Update Fail

Modern Warfare 2 Stimulus Package has rocky launch

Gamers who downloaded the $15 Call of Duty: Modern Warfare 2 Stimulus Package this morning were in for a nasty shock. According to numerous user reports, when the map pack to Activision’s billion-dollar game launched this morning on Xbox Live, the maps would not actually load, and matchmaking was largely nonfunctional.

The problem was then confirmed by none other than Xbox Live programming director Larry Hryb–better known as Major Nelson–on his Twitter feed. “Matchmaking is in a bad state on Xbox LIVE right now. We’re working on it and will resolve it as quickly as we can,” he said about 10:30 a.m. PDT. Microsoft sent out a patch intended to fix the issues shortly thereafter, when chief Infinity Ward spokesperson Robert Bowling claimed the map pack was functioning.

Much like a pool with no water, the Stimulus Package was of little use to many gamers during the day.

Bowling’s confidence was misguided, however, as matchmaking issues persisted throughout the day. About 12:40 p.m. PDT, Hryb twittered that, “Matchmaking across #XboxLIVE is fixed! You may still have trouble purchasing and we’ll let u know ASAP when fixed.” Bowling also reported that stability was increasing, posting a picture of the rising number of connections on a monitor.

The Call of Duty: Modern Warfare 2 Stimulus Package is set to launch on the PlayStation 3 and PC later this spring.

See also:
Modern Warfare 2 update disconnects Xbox users
Modern Warfare 2 Xbox 360 Stimulus Package incurs glitch
Modern Warfare 2’s Stimulus Package DLC misfires at launch
Modern Warfare 2 Stimulus Package Launches With Problems [Update]
Infinity Ward: Call of Duty Modern Warfare 2 Stimulus Package Release Bug Bugs Fix Fixes Problems
Modern Warfare 2 map update gives Xbox Live problems
Stimulate Your Modern Warfare 2 Map Selections
New maps arrive on Xbox Live for ‘Call of Duty: Modern Warfare 2’
Modern Warfare 2 Stimulus Package available today on Xbox Live

So, not only are they charging for new maps that used to be free, they don’t even bother to make sure they work before releasing them!

/not only have the greedy Activision/Infinity Ward bastards driven the once awesome Call of Duty franchise into the ditch, apparently they don’t even care who knows it anymore