Do The Microsoft Patch Dance

The dance that never ends.

Microsoft Patch

Microsoft released 13 security bulletins, patching 22 vulnerabilities across its product line, including two critical updates affecting Internet Explorer and the Windows DNS Server.

While Microsoft issued fewer updates this month, August was still marked as a busy month for system administrators. Adobe Systems Inc., which issues fixes on a quarterly cycle, issued a critical security update late Tuesday, repairing seven flaws in its Shockwave Player, more than a dozen holes in its Flash Player and an error in its Flash Media Server.

Microsoft addressed seven vulnerabilities in Internet Explorer including two zero-day flaws. According to MS11-057, Microsoft said an attacker who successfully exploited any of the vulnerabilities could gain the same user rights as the local user. Microsoft said the most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer

. . .

Another noteworthy bulletin is MS11-065, which resolves a vulnerability in the Remote Desktop Protocol. Although the security bulletin is rated important for users of Windows Server 2003, Miller said Microsoft has seen attacks targeting the flaw in the wild. The flaw can be targeted if an attacker sends a malicious remote desktop protocol connection request to the victim’s computer which could cause the system to crash.

See also:
Microsoft Security Bulletin Summary for August 2011
Microsoft Fixes IE, Windows DNS Server Flaws In Patch Tuesday Update
Microsoft Patches 22 Security Holes
Microsoft Security Patch Fixes 20-Year-Old Flaw
Microsoft fixes 22 security bugs
Microsoft’s August Patch Tuesday security update to tackle critical flaws in IE and Windows Server
Your Microsoft Patch Tuesday update for August 2011
Microsoft to Fix 22 Software Flaws in Its August Patch Tuesday Update
Hefty Microsoft August Patch Delivers 13 Security Fixes
IE, Windows server bugs likely to be exploited soon
Microsoft expecting exploits for critical IE vulnerabilities
Microsoft Update

Get busy downloading.

/so, until the next Patch Tuesday . . .

Operation Cupcake

Too funny, the British go about fighting terrorism with attempted humor.

MI6 attacks al-Qaeda in ‘Operation Cupcake’

The cyber-warfare operation was launched by MI6 and GCHQ in an attempt to disrupt efforts by al-Qaeda in the Arabian Peninsular to recruit “lone-wolf” terrorists with a new English-language magazine, the Daily Telegraph understands.

When followers tried to download the 67-page colour magazine, instead of instructions about how to “Make a bomb in the Kitchen of your Mom” by “The AQ Chef” they were greeted with garbled computer code.

The code, which had been inserted into the original magazine by the British intelligence hackers, was actually a web page of recipes for “The Best Cupcakes in America” published by the Ellen DeGeneres chat show.

See also:
British intelligence used cupcake recipes to ruin al-Qaida websiteMI6 hacks Qaida site, swaps bomb info with cake recipes
MI6 swapped pipe-bomb guide for cupcake recipes
MI6 scores al Qaeda hit, with cupcakes
British MI6 replace bomb website with cupcake recipe
MI6 hacks al-Qaeda website, leaves garbled recipe for cupcakes
UK spies cooked up problem for al Qaeda: media
Cupcake shop enlisted in war on terror?
MI6 Hackers Replaced Bombs with Cakes
Make Pastries, Not Bombs
SIS (MI6)
Secret Intelligence Service
GCHQ – Government Communications Headquarters
Government Communications Headquarters

Of course, it would have been better if the cupcake recipes hadn’t been garbled but, nonetheless, well played!

/and hey, as long as MI6 has rooted themselves this deep into al Qaeda servers, why not a massive Hello Kitty campaign?

It’s Tuesday, Time To Download Microsoft Patches

And this Tuesday, there’s an extra big heapin’ helpin’ of downloadin’ fun!

Microsoft Issues Huge Patch Tuesday Fix for Windows, IE

Microsoft today released a batch of 17 security updates for a Patch Tuesday that cover 64 vulnerabilities in Microsoft Windows, Office, Internet Explorer, Visual Studio, .NET Framework and GDI+.

Nine of the bugs are rated critical, while eight are important. One of the “important” bulletins includes 30 vulnerabilities in one bug, MS11-034, and they all share the same couple of root causes, Microsoft said.

Microsoft identified three vulnerabilities as its top priority bulletins for the month: MS11-020, which resolves a problem with Windows that could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system; MS11-019, another Windows bug that could allow remote code execution if an attacker sent a specially crafted SMB response to a client-initiated SMB request; and MS11-018, which could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

See also:
Microsoft Security Bulletin Summary for April 2011
Tackling the Massive Microsoft Patch Tuesday
Microsoft fixes IE, SMB bugs in big Patch Tuesday
Researcher confirms kernel bugs will dominate Patch Tuesday
Microsoft Smashes Patch Tuesday Record With Massive Update
Another Microsoft Patch Tuesday, 64 New Flaws To Fix
Microsoft Pushes Giant Security Patch
Microsoft delivers monster security update for Windows, IE
Microsoft Releases Torrent of Security Updates
Windows Update

It’s another record! Will Windows software ever be fully patched?

/probably not, so see ya next time, and have a good time downloading, this one takes quite a while!

New Year, More Patches

Same as it ever was, what fun would Tuesdays be without Microsoft issuing software patches?

Microsoft Fixes Windows Security Vulnerabilities in Light Patch Tuesday

Microsoft issued two security bulletins to fix three Windows vulnerabilities, getting Patch Tuesday off to a slow start in 2011.

Only one of the bulletins is rated “critical.” That bulletin, MS11-002, covers two vulnerabilities affecting Microsoft Data Access Components. The first of the bugs exists in the way MDAC (Microsoft Data Access Components) validates third-party API usage. The second is due to the way MDAC validates memory allocation. According to Microsoft, both vulnerabilities could be exploited via a specially crafted Web page to allow an attacker to remotely execute code.

See also:
Microsoft Security Bulletin Summary for January 2011
It’s Microsoft Patch Tuesday: January 2011
Microsoft Patches 3 Windows Vulnerabilities
Microsoft patches critical Windows drive-by bug
Patch Tuesday: Microsoft plugs ‘drive-by download’ security holes
Microsoft’s January Patch Tuesday: 3 fixes but 5 holes unpatched
Two bulletins from Microsoft on its first Patch Tuesday of 2011 but Internet Explorer zero-day remains uncovered
Microsoft ‘Patch Tuesday’ Doesn’t Address Problem
Microsoft Patch Tuesday Update – 11th January 2011
Microsoft Patch Tuesday Hits One Critical Bug
Windows Update

And, once again, Microsoft patches some holes but leaves others uncovered.

/so, I guess we’ll be doing this again in the near future

It’s Another New Record And For All The Wrong Reasons

It’s Tuesday, and we all know what fun event happens on Tuesdays.

Patch Tuesday brings record harvest of security fixes

Run Windows? Notice a little icon toward the bottom right of the screen that wasn’t there last night? Please don’t ignore it. That icon is your cue to take part in the monthly Microsoft ritual called Patch Tuesday.

For this month, Microsoft shipped a set of 16 patches that close a record 49 vulnerabilities in such software as Internet Explorer, Word and Windows Media Player.

Many of these holes allow a remote takeover of your computer, in some cases after you do nothing wrong beside visit the wrong Web page. One such opening has frequently been exploited by the Stuxnet worm that’s been running around the world.

Your computer should at least download, if not download and install, these updates for you. But if not, don’t reject Windows’ attempt to help you out. Click that icon, look over the resulting list of security updates, and install them.

See also:
Microsoft security updates for October 2010
Microsoft Plugs a Record 49 Security Holes
It’s Microsoft Patch Tuesday: October 2010
Microsoft Unleashes Massive Security Patch
Microsoft fixes record 49 holes, including Stuxnet flaw
Microsoft Releases Biggest-ever Security Update
Patch Tuesday: Critical flaws haunt Microsoft Office, IE browser
Microsoft Patches Stuxnet Vulnerability in Massive Security Update
Microsoft releases fixes for record number of vulns
Microsoft aims barrage of fixes at Stuxnet and more

So, you know what to do, clean up after Microsoft’s crappy software before someone remotely takes over your computer with a worm and you become part of the problem.

/unless you’re Iranian, in which case there’s a special set of patches coming out for your computers and they download and install themselves so you don’t even need to worry about this latest bulletin