" />

Tech Geek and More

Technology Explained for All

Sponsor Ad IDrive Remote Backup

Category Archives: Windows Updates

Alert: You need to make sure your Windows/Office software is up to date. Targeted attacks against recently addressed Microsoft Office vulnerability is now out

Last November, Microsoft released security bulletin MS10-087 (http://www NULL.microsoft NULL.com/technet/security/Bulletin/MS10-087 NULL.mspx), which addresses a number of critical vulnerabilities in how Microsoft Office parses various office file formats. One of them is CVE-2010-3333 (http://cve NULL.mitre NULL.org/cgi-bin/cvename NULL.cgi?name=CVE-2010-3333), “RTF Stack Buffer Overflow Vulnerability,” which could lead to remote code execution via specially crafted RTF data. A few days before Christmas, we received a new sample (sha1: cc47a73118c51b0d32fd88d48863afb1af7b2578) that reliably exploits this vulnerability and is able to execute malicious shellcode which downloads other malware.

The notice that was posted on the Microsoft Protection Center blog ( http://blogs.technet.com/b/mmpc/archive/2010/12/29/targeted-attacks-against-recently-addressed-microsoft-office-vulnerability-cve-2010-3333-ms10-087.aspx (http://blogs NULL.technet NULL.com/b/mmpc/archive/2010/12/29/targeted-attacks-against-recently-addressed-microsoft-office-vulnerability-cve-2010-3333-ms10-087 NULL.aspx) ) concerns a flaw in the Microsoft Office program that was fixed in November. The bad guys have now found a way to exploit the flaw on computers that do NOT have the updated software. This affects you no matter which version of Office or Windows you are running.

Symantec underlined the seriousness of the flaw to CNET’s Elinor Mills in November:

“One of the most dangerous aspects of this vulnerability is that a user doesn’t have to open a malicious e-mail to be infected,” Joshua Talbot, security intelligence manager at Symantec Security Response, said at the time. “All that is required is for the content of the e-mail to appear in Outlook’s Reading Pane. If a user highlights a malicious e-mail to preview it in the Reading Pane, their machine is immediately infected. The same holds true if a user opens Outlook and a malicious e-mail is the most recently received in their in-box; that e-mail will appear in the Reading Pane by default and the computer will be infected.”

image

So what does this mean to you…….It means that if you receive an email, even if its obvious that the email is bad and you don’t click on it, just by it appearing in the reading pane section, will cause your computer to get infected with malware.

How do you make sure you are protected?

Windows Vista / Windows 7

If you are running Windows Vista or Windows 7 go to start –> Control Panel –> Windows Update

Once in Windows Update –>  click on Check for updates –> Once the scan is complete –> system will tell you how many updates you need –> now click on Install updates.

image

Once you have successfully updated all Windows / Office software your Windows update should look like this.

image

Windows XP

In Windows XP –> Using Internet Explorer –> Visit the Microsoft Update website (LINK) http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us (http://www NULL.update NULL.microsoft NULL.com/microsoftupdate/v6/default NULL.aspx?ln=en-us)

(IMPORTANT NOTE: In XP – Microsoft has 2 websites for updates. One is called Windows Updates and one is called Microsoft Updates. You want to make sure that you are on the one that says Microsoft Updates as the Windows Updates site does NOT give you Office updates)

image

Once you are on the site –> Click on Custom and let it scan your pc.  (Note you may be asked to run an ActiveX file if this is the 1st time you have been to the site. Just make sure you say you in this case specifically)

image

You may also get a message about a needed download –> if you do just click on “Download and Install Now”

image

Once Microsoft Update completes its scan it will show you what updates you are missing

image

Look under the “High Priority” updates and make sure that you have selected them all

image

Followed up clicking on “Review and install updates”

image

This will bring you to the confirmation page.  Make sure you have all missing updates selected. You will see 1 final “Install Updates”. Click on it –>

image

Followed by “I Accept” under the agreements area –> and then watch your updates download and install.

After the updates install –> Reboot pc –> and visit site again to see if you have any remaining updates.  Continue the steps until you get 0 (zero) remaining “High Priority” updates.

image

Once you are at 0 (Zero) now your Windows / Office software is up to date.

(FINAL NOTE: This does NOT mean you are free and clear, as always you need to take care of precautions when surfing the Internet.  There are still many other ways you can have your computer compromised)

Software: Windows Updates – December 2009

microsoft I know this post is a couple of days late, but i want to make sure that no one missed their December updates.  Microsoft released 6 major updates for December, in addition to a number of smaller updates (Update to Windows Update itself, the Microsoft Malicious Software Removal Tool, among the others).

December 8th

  • Bulletin 1: Critical (Remote Code Execution), Windows
  • Bulletin 2: Important (Remote Code Execution), Windows, Office
  • Bulletin 3: Critical (Remote Code Execution), Office
  • Bulletin 4: Critical (Remote Code Execution), Windows, Internet Explorer
  • Bulletin 5: Important (Denial of Service), Windows
  • Bulletin 6: Important (Remote Code Execution), Windows

    •      As always please make sure that you run Windows update either by going to the Microsoft Update site (http://www.update.microsoft.com (http://www NULL.update NULL.microsoft NULL.com)) or if you are using Windows Vista or Windows 7 from the start menu go to Control Panel –> Windows update –> Check for new updates.

         Remember fixing security holes in your operating system, is like fixing a broken window in your home.  You can lock your house door all you like, but if you don’t fix the window, bad guys will have an easy time getting into your home.

    Software: The November Updates(Patch Tuesday) – Microsoft

    microsoft Its that time of the month again.  Microsoft is set to release its latest updates and fixes this coming Tuesday November 11th (Patch Tuesday). 

    The patches will fix security holes in:

    • Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 & 3
    • Windows Vista Service Pack 1 & 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2008 Service Pack 2
    • Microsoft Office XP
    • Microsoft Office 2003
    • Microsoft Office 2007
    • Microsoft Office 2004 (Mac)
    • Microsoft Office 2008 (Mac)

         Those running Windows 7 do not have any scheduled patches for this coming Tuesdays release.  As always please make sure that you run Windows update either by going to the Microsoft Update site (http://www.update.microsoft.com (http://www NULL.update NULL.microsoft NULL.com)) or if you are using Windows Vista from the start menu go to Control Panel –> Windows update –> Check for new updates. 

         Remember fixing security holes in your operating system, is like fixing a broken window in your home.  You can lock your house door all you like, but if you don’t fix the window, bad guys will have an easy time getting into your home.

    Google Ads
    View in: Mobile | Standard