Monday, December 31, 2012

Fix it for Security Advisory 2794220 Available

Security Bulletin
Microsoft  Security Advisory 2794220 has been updated to provide a Fix it solution.  Applying this Fix it solution will prevent the vulnerability in the referenced Security Advisory from being used for code execution without affecting your ability to browse the Web. 

Microsoft Fix it

A Microsoft Fix it solution is available now for applying to protect your computer. The update will not require a restart.

Fix it
EnableDisable
Fix this problem
Microsoft Fix it 50971
Fix this problem
      Microsoft Fix it 50972


References



Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Saturday, December 29, 2012

Microsoft Security Advisory 2794220

Security Advisory
Microsoft released Security Advisory 2794220 to address an issue that affects Internet Explorer versions 6, 7 and 8.  Internet Explorer versions 9 and 10 are not affected.

At this time, Microsoft is aware of a very small number of targeted attacks.  This issue allows remote code execution if users browse to a malicious website with an affected browser.  Generally, this is a result of an attacker convincing someone to click a link in an email or instant message.

Recommendations:

Microsoft is actively working to develop a security update to address the issue.  In the meantime, please consider the following suggestions:

1.  Update Internet Explorer -- If your operating system is Windows Vista or Windows 7, update to Internet Explorer 9.  For Windows XP, your system will be more secure if you update to Internet Explorer 8.

2.  Update or Uninstall Java -- Current exploits of this type of vulnerability in Internet Explorer use third-party software, including Oracle’s Java, to help obtain reliable exploitation.

Most home computer users no longer need Java.  Following are reasons why someone may need Oracle Sun Java installed on their computer:

  • Playing on-line games generally requires Java.
  • With OpenOffice, Java is needed for the items listed here
  • It used to be that Java was needed for websites to be properly displayed. However, that is generally not the case now with Flash having taken over.
  • There may be commercial programs that depend on Java. If Java is needed for a software installed on your computer, there should be a prompt for it.
If you need Java, be sure you have uninstalled all old, vulnerable versions and have only the most recent release installed on your computer.  The current version of Java is Version 7 Update 10.
 

3.  Install and configure EMET -- The Enhanced Mitigation Experience Toolkit was designed to help prevent hackers from gaining access to your system. It prevents exploitation by applying in-box mitigations to help protect against this and other issues and should not affect usability of websites.

An easy guide for EMET installation and configuration is available in KB2458544.  Additional information about configuring EMET is available in the EMET User's Guide, in the following locations:
  • 32-bit systems -- C:\Program Files\EMET\EMET User's Guide.pdf
  • 64-bit systems -- C:\Program Files (x86)\EMET\EMET User's Guide.pdf
Additional suggestions are available in the MSRC Blog post and the Security Advisory, referenced below.

References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Thursday, December 20, 2012

Critical Update MS12-078 Re-released



Microsoft re-released security update KB2753842 to resolve an issue with OpenType fonts not properly rendering after the original update was installed.

MS12-078 is a Critical update.  Thus, even if you have already installed the December security updates, the re-released KB2753842 update needs to be installed.

Note:  The update requires a restart to complete installation.

More Information:

Bulletin NumberBulletin TitleBulletin KB
MS12-078Vulnerabilities in Microsoft Windows 2783534


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, December 11, 2012

Adobe Flash Player Critical Security Updates



Adobe Flash Player was updated to address critical security vulnerabilities.  These updates address a vulnerability that could cause the application to crash and potentially allow an attacker to take control of the affected system.


Update Information

The newest versions are as follows:
Windows XP, Windows Vista, Windows 7:  11.5.502.135
Windows 8:  11.3.377.15
Macintosh:  11.5.502.136
Linux: 11.2.202.258.

Release date: December 11, 2012
Vulnerability identifier: APSB12-27
Priority: 1
CVE number: CVE-2012-5676, CVE-2012-5677, CVE-2012-5678
Platform: All Platforms

Flash Player Update Instructions


Flash Player for Windows, Macintosh and Linux

Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.

Notes:
  • Users of Adobe AIR for Windows should update to 3.5.0.880 and Macintosh users to 3.5.0.890.  See Determine version | Adobe AIR runtime
  • Beginning with Adobe Flash Version 11.3, the universal 32-bit installer will include the 32-bit and 64-bit versions of the Flash Player.  
  • If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box.  It is not needed for the Flash Player update.
  • Uncheck any toolbar offered with Adobe products if not wanted.
  • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
  • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

References







Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Microsoft Security Bulletin Release for December 2012


Microsoft released seven (7) bulletins addressing 17 vulnerabilities in Microsoft Windows, Internet Explorer (IE), Word and Windows Server.

Five bulletins are identified as Critical and two as Important.

Bulletin NumberBulletin TitleBulletin KB
MS12-077Cumulative Security Update for Internet Explorer 2761465
MS12-078Vulnerabilities in Microsoft Windows 2783534
MS12-079Vulnerability in Microsoft Office 2780642
MS12-080Vulnerabilities in Microsoft Exchange Server 2784126
MS12-081Vulnerability in Microsoft Windows 2758857
MS12-082Vulnerability in Microsoft Windows 2770660
MS12-083Vulnerability in Microsoft Windows 2765809

Support

The following additional information is provided in the Security Bulletin:

References





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Monday, December 10, 2012

Introducing WinPatrol 2013, Enhanced for Windows 8


No question about it, Bill Pytylovany has done it again!  Officially released is WinPatrol 2013, version 26.0.2013, which Bill has enhanced for Windows 8.  It works with either Windows 8 or Windows 8 Professional.  However, there (currently at least) is not an App for Windows RT so it will not work on Windows RT.

Although additional features specific to Windows 8 will be added to WinPatrol in the future, for people using Windows 8 who want to go directly to the desktop, you can use WinPatrol to easily make that happen.  With File Explorer (explorer.exe) as a Start up Program will cause Windows 8 to switch to the desktop mode.  To add explorer.exe (or other programs) to Start up is easy with WinPatrol:

Adding Programs to Start up
  • Right-click Scotty in the system tray and click "Display Startup Info..."  Accept the UAC prompt.
  • At the bottom of the Start up Programs tab, click the Add button 
  • Navigate to the location of the program to be added, locate and highlight the .exe file and click Open (explorer.exe is located in the C:\Windows directory).
See Bits from Bill: WinPatrol 2013 Enhanced for Windows 8 for additional information.

For anyone wondering, although the latest version update addresses Windows 8 features, WinPatrol runs on Windows XP, Vista and Windows 7, Windows 8 including x64 versions.

Download WinPatrol 26.0.2013 
Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Thursday, December 06, 2012

Security Bulletin Advance Notice for December 2012

Security Bulletin
On Tuesday, December 11, 2012, Microsoft is planning to release seven (7) bulletins addressing eleven (11) vulnerabilities.

Five bulletins are identified as Critical and address vulnerabilities in Microsoft Windows, Word, Windows Server and Internet Explorer.  The two remaining bulletins are rated Important and will address issues in Microsoft Windows.


As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.


References



Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Friday, November 30, 2012

Minor Firefox Update to Version 17.0.1


Mozilla released what appears to be a minor update to version 17.0.1.  There are no updates listed for version 17.0.1 on the Security Advisories page.

From the Release Notes:

  • 17.0.1: Font rendering issue in Firefox 17.0 (bug 814101)
  • 17.0.1: Reverted user agent change causing some website incompatibilities
  • 17.0.1: Leaving Private Browsing with Social API enabled should reset social components (814554)
  • Pointer lock doesn't work in web apps (769150)
  • Page scrolling on sites with fixed headers (780345)

    New:
  • First revision of the Social API and support for Facebook Messenger
  • Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user's permission (see blog post)
  •  
To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

If you do not use the English language version, Fully Localized Versions are available for download.


Home
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Tuesday, November 20, 2012

Mozilla Firefox 17 Released, Includes Security Updates



Firefox 17 was sent to the release channel today by Mozilla.  Included in the update are six (6) critical, nine (9) high and one (1) Moderate security update.

Based on the extensive list of security updates, it is recommended that the update be applied as soon as possible.

Security Updates Fixed in Firefox 17

    MFSA 2012-106 Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer
    MFSA 2012-105 Use-after-free and buffer overflow issues found using Address Sanitizer
    MFSA 2012-104 CSS and HTML injection through Style Inspector
    MFSA 2012-103 Frames can shadow top.location
    MFSA 2012-102 Script entered into Developer Toolbar runs with chrome privileges
    MFSA 2012-101 Improper character decoding in HZ-GB-2312 charset
    MFSA 2012-100 Improper security filtering for cross-origin wrappers
    MFSA 2012-99 XrayWrappers exposes chrome-only properties when not in chrome compartment
    MFSA 2012-98 Firefox installer DLL hijacking
    MFSA 2012-97 XMLHttpRequest inherits incorrect principal within sandbox
    MFSA 2012-96 Memory corruption in str_unescape
    MFSA 2012-95 Javascript: URLs run in privileged context on New Tab page
    MFSA 2012-94 Crash when combining SVG text on path with CSS
    MFSA 2012-93 evalInSanbox location context incorrectly applied
    MFSA 2012-92 Buffer overflow while rendering GIF images
    MFSA 2012-91 Miscellaneous memory safety hazards (rv:17.0/ rv:10.0.11)

      What's New

      • NEW -- First revision of the Social API and support for Facebook Messenger
      • NEW -- Click-to-play blocklisting implemented to prevent vulnerable plugin versions from running without the user's permission (see blog post)
      The Release Notes include additional changes and fixed features in version 17.  As with previous versions 15, the update includes a long list of Bug Fixes, referenced below.

      Update

      To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

      If you do not use the English language version, Fully Localized Versions are available for download.

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Tuesday, November 13, 2012

      Microsoft Security Bulletin Release for November 2012


      Microsoft released six (6) bulletins addressing 19 vulnerabilities in Microsoft Windows Shell, Windows Kernel, Internet Explorer, Internet Information Services (IIS), .NET Framework, and Excel.

      Three bulletins are identified as Critical, one as Important and one as Moderate.

      Bulletin NumberBulletin TitleBulletin KB
      MS12-071Cumulative Security Update for Internet Explorer 2761451
      MS12-072Vulnerabilities in Microsoft Windows 2727528
      MS12-073Vulnerabilities in Microsoft Windows 2733829
      MS12-074Vulnerabilities in Vulnerabilities in Microsoft Windows .NET Framework 2745030*
      MS12-075Vulnerabilities in Microsoft Windows 2761226
      MS12-076Vulnerabilities in Microsoft Office 2720184

      *In the event you have had problems in the past with .NET Framework updates, it is suggested that you install MS12-074 (KB2745030) separately, including a shutdown/restart.

      Support

      The following additional information is provided in the Security Bulletin:

      References





      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Thursday, November 08, 2012

      Security Bulletin Advance Notice for November 2012

      Security Bulletin
      On Tuesday, November 13, 2012, Microsoft is planning to release six (6) bulletins.

      Four bulletins are identified as Critical and address thirteen vulnerabilities in Microsoft Windows, Internet Explorer and the .NET Framework.  Four vulnerabilities in Microsoft Office will be addressed in one bulletin rated Important.  The remaining bulletin rated Moderate will address two issues in Microsoft Windows.

      As I have advised in the past, if you have problems with .NET Framework updates, please install that update separately with a shutdown/restart following the update.

      As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.


      References



      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Wednesday, November 07, 2012

      Adobe Flash Player Critical Security Update



      Adobe Flash Player was updated to address security vulnerabilities.  These updates address a vulnerability that could cause the application to crash and potentially allow an attacker to take control of the affected system.


      Update Information

      The newest version for Windows and Macintosh is 11.5.502.110.  For Linux, the newest version is 11.2.202.251.

      Release date: November 6, 2012
      Vulnerability identifier: APSB12-24
      Priority: See table below
      CVE number: CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280
      Platform: All Platforms

      Flash Player Update Instructions


      Flash Player for Windows, Macintosh and Linux

      Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.

      Notes:
      • Users of Adobe AIR  3.5.0.600 for Windows and Macintosh should update to Adobe AIR 3.5.
      • Beginning with Adobe Flash Version 11.3, the universal 32-bit installer will include the 32-bit and 64-bit versions of the Flash Player.  
      • If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box.  It is not needed for the Flash Player update.
      • Uncheck any toolbar offered with Adobe products if not wanted.
      • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
      • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
      Adobe Flash Player for Android

      The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

      Verify Installation

      To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

      Do this for each browser installed on your computer.

      To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

      References







      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Saturday, November 03, 2012

      Report: Top Ten Vulnerabilities Exclude Microsoft Products

      Yes, you read the title correctly.  Kaspersky released their 2012 third quarter report of the top ten vulnerabilities and no Microsoft product is on the list.  The data in the report is based on vulnerable programs and files detected on the computers of KSN users.  There was an average of eight different vulnerabilities on each affected computer.

      Topping the list is Oracle Java, followed by Adobe products, particularly Adobe Flash Player.  Also included in the list are two Apple products, Quick Time and iTunes.  The list of vulnerabilities can be found on the Securelist, "IT Threat Evolution: Q3 2012", here.

      The takeaway?
      Don't be a statistic.  Stay safe and keep your computer updated.

      If your computer does get infected or you need assistance determining if it is up to date, post the requested logs for review in the Analysis and Malware Removal forum at LandzDown or in the Security Arena at Sysnative.com.


      Home
      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Friday, October 26, 2012

      Firefox 16.0.2 Released to Fix Critical Security Issue


      Mozilla released version 16.0.2 to address a critical security issue which, if unfixed, could be combined with some plugins to perform a cross-site scripting (XSS) attack on users.


      Security Update Fixed in Firefox 16.0.2

      Update

      To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

      If you do not use the English language version, Fully Localized Versions are available for download.

      References




      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Thursday, October 25, 2012

      WinPatrol PLUS for 99 Cents (Limited Time)

      WinPatrol
      If you missed other opportunities to purchase a WinPatrol PLUS license for 99 cents, this may be your last chance.  Although Bill Pytlovany is once again providing this wonderful opportunity, he expects it will be the last.

      The special is available now through Friday, October 25, 2012. October 26, 2012 (thanks, Kosh!).  Each 99 cent license is good for a single machine, although you can indeed order multiple licenses.  A single activation code will be created per order.  The name/code combination can be used on each machine.

      NOTE: Bill told me that many people are not waiting or clicking continue to get their PLUS code after making the purchase. Although Bill can get it for you, there will be a delay while he processes the e-mail and tracks down the code. So, please wait for the code!!! 
       If you already have the free version of WinPatrol installed, all you need do is launch WinPatrol and click the About/PLUS tab. Just enter your new PLUS code and the PLUS features will automatically be activated!!!

      If you do not have WinPatrol installed, you can download it at the time of purchasing the PLUS code or just go to WinPatrol.com and download it. You'll download the "free" version and then add your PLUS code after installing it.

      Its that simple!


      As always with your WinPatrol PLUS license, the 99 cent license is transferable if you get a new computer.   

      If you are new to WinPatrol or a long-time supporter of this great software program, we're happy to help with WinPatrol questions at LandzDown in our WinPatrol Help & Information forum.

      See Bill's post for additional information: WinPatrol® PLUS for 99 cents Best October News or head right to BillP Studios to place your orderClick on the link that looks like the copy below at http://www.billp.com/store.html:

      PayPal Upgrade Option
      Experimental Special

      WinPatrol PLUS Only $0.99

      One license per computer
      One code for each order

      Be sure to wait after payment for code creation page.



      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...


      Wednesday, October 17, 2012

      Oracle Java Quartely Security and Patch Update

      java

      Oracle released security updates for its Java SE Runtime Environment software.

      Oracle Java SE Critical Patch Update Advisory - October 2012 identifies the following affected product releases and versions:

      Affected product releases and versions:
      Java SEPatch Availability
      JDK and JRE 7 Update 7 and earlierJava SE
      JDK and JRE 6 Update 35 and earlierJava SE
      JDK and JRE 5.0 Update 36 and earlierJava SE
      SDK and JRE 1.4.2_38 and earlierJava SE
      JavaFX 2.2 and earlierJavaFX

        It is strongly recommended that the update be applied as soon as possible.

        Although Java is not required (See Do You Need Java?), if you do have Java installed on your computer, it is advisable to install the latest update.  It is also advised that all prior (and vulnerable) versions of Java SE be uninstalled from your computer.

        Download Information

        Now that Java SE 7 has been officially released, it is recommended that users of Java SE 6 upgrade to the latest version.  When you upgrade from Java SE 6 to Java SE 7, please check installed program files and remove all versions of Java SE 6. The "end of life" date for Java SE 6 has been extended from July 2012 to February 2013, to allow additional time for businesses to transition to JDK 7.


        Select Java SE 7u9 from http://java.com/en/download/inc/windows_new_xpi.jsp?locale=en

        or Java SE 6 Update 37 from http://java.com/en/download/manual_v6.jsp


        Verify your version:  http://www.java.com/en/download/testjava.jsp

        Note: UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

        Critical Patch Updates

        For Oracle Java SE Critical Patch Updates, the next scheduled dates are as follows:
        • 19 February 2013
        • 18 June 2013
        • 15 October 2013

          References






          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...

          Monday, October 15, 2012

          Adobe Reader and Acrobat Version XI Released

          Adobe
          Adobe released Version XI of both Adobe Reader and Adobe Acrobat which include new cloud services.  This version of Adobe products is compatible with Windows 8.

          System Requirements

          • 1.3GHz or faster processor
          • Microsoft® Windows® XP with Service Pack 3 for 32 bit or Service Pack 2 for 64 bit; Windows Server® 2003 R2 (32 bit and 64 bit); Windows Server 2008 or 2008 R2 (32 bit and 64 bit); Windows 7 (32 bit and 64 bit); Windows 8 (32 bit and 64 bit)
          • 256MB of RAM (512MB recommended)
          • 320MB of available hard-disk space
          • 1024x768 screen resolution
          • Internet Explorer 7, 8, 9, or 10; Firefox Extended Support Release; Chrome
          Note: For 64-bit versions of Windows Server 2003 R2 and Windows XP (with Service Pack 2), Microsoft Update KB930627 is required.

          Security Enhancements

          • Enhanced Protected Mode now includes data theft prevention capabilities
          • New Protected View implements a separate desktop and winstation for the UI, which provides an additional layer of defense
          • PDF Whitelisting Framework allows selective enablement of JavaScript for both Windows and Mac OS
          • Elliptic Curve Cryptography support for digital signatures

          Download Adobe Reader


          References




          Home
          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...


          Thursday, October 11, 2012

          Mozilla Firefox Updated to 16.0.1 Due to Security Vulnerability


          Due to a critical security vulnerability, Firefox 16 was pulled from the release channel shortly after its release yesterday.  The vulnerability has been addressed in the release of version 16.0.1.  Also addressed were two bugs resulting in crashes.

          For additional information, see the Mozilla Security Blog, Security Vulnerability in Firefox 16.

          Security Updates Fixed in Firefox 16.0.1

          Update

          To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

          If you do not use the English language version, Fully Localized Versions are available for download.

          References




          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...


          Tuesday, October 09, 2012

          Mozilla Firefox 16 Released, Includes Critical Security Updates

          UPDATE: Firefox 16 was pulled from the update channel. See the Mozilla Security Blog: Security Vulnerability in Firefox 16. Until the problems with version 16 are fixed, the previous version 15.0.1 can be downloaded from this direct link: Firefox 15.

          ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~


          Firefox 16 was sent to the release channel today by Mozilla.  Included in the update are eleven (11) critical and three (3) high security updates.

          Based on the extensive list of security updates, it is recommended that the update be applied as soon as possible.

          Security Updates Fixed in Firefox 16

          • MFSA 2012-87 Use-after-free in the IME State Manager
          • MFSA 2012-86 Heap memory corruption issues found using Address Sanitizer
          • MFSA 2012-85 Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer
          • MFSA 2012-84 Spoofing and script injection through location.hash
          • MFSA 2012-83 Chrome Object Wrapper (COW) does not disallow acces to privileged functions or properties
          • MFSA 2012-82 top object and location property accessible by plugins
          • MFSA 2012-81 GetProperty function can bypass security checks
          • MFSA 2012-80 Crash with invalid cast when using instanceof operator
          • MFSA 2012-79 DOS and crash with full screen and history navigation
          • MFSA 2012-78 Reader Mode pages have chrome privileges
          • MFSA 2012-77 Some DOMWindowUtils methods bypass security checks
          • MFSA 2012-76 Continued access to initial origin after setting document.domain
          • MFSA 2012-75 select element persistance allows for attacks
          • MFSA 2012-74 Miscellaneous memory safety hazards (rv:16.0/ rv:10.0.8)

          What's New

          • NEW -- Firefox on Mac OS X now has preliminary VoiceOver support turned on by default
          • NEW -- Initial web app support (Windows/Mac/Linux
          • NEW -- Acholi and Kazakh localizations added
          The Release Notes include additional changes and fixed features in version 16.  As with version 15, there the update includes a long list of Bug Fixes, referenced below.

          Update

          To get the update now, select "Help" from the Firefox menu at the upper left of the browser window, then pick "About Firefox."  Mac users need to select "About Firefox" from the Firefox menu.

          If you do not use the English language version, Fully Localized Versions are available for download.

          References




          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...


          Microsoft Security Bulletin Release for October 2012


          Microsoft released seven (7) bulletins addressing 20 issues in Microsoft Windows, SQL Server, and Office including SharePoint, Lync, Microsoft Works and InfoPath. One bulletin is identified as Critical with the remaining six bulletins rated Important.

          As indicated in the Advance Notice, the issues in FAST Search Server are addressed in the MS12-067, Security Advisory 2737111.

          Also released today are the following Security Advisories:

          Users of Microsoft Works are advised that this product reaches the end of its support lifecycle this week.

          Support

          The following additional information is provided in the Security Bulletin:

          References





          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...


          Monday, October 08, 2012

          Critical Adobe Flash Player Update Released



          Adobe Flash Player was updated to address security vulnerabilities.  These updates address a vulnerability that could cause the application to crash and potentially allow an attacker to take control of the affected system.

          Note:  For users of Internet Explorer 10, Microsoft updated Security Advisory 2755801.  If you do not have Automatic Updates enabled, the Flash Player update can be downloaded from the Download Center at Update for Internet Explorer Flash Player for Windows 8 Release Preview (KB2758994).

          See the MSRC Blog post at Security Advisory 2755801 addresses Adobe Flash Player issues for additional information regarding Adobe Flash Player updates to IE10. 

          November 6, 2012 Update:  Security Advisory 2755801 revised to address Adobe Flash Player issues.

          Update Information

          The newest version for Windows and Macintosh is 11.4.402.287.  For Linux, the newest version is 11.2.202.243.

          Release date: October 8, 2012
          Vulnerability identifier: APSB12-22
          Priority:  Critical
          CVE numbers: CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272
          Platform: All Platforms

          Flash Player Update Instructions


          Flash Player for Windows, Macintosh, Linux and Solaris

          Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.


          Notes:
          • Users of Adobe AIR 3.3.0.3670 for Windows and Macintosh should update to Adobe AIR 3.4.0.2710.
          • Beginning with Adobe Flash Version 11.3, the universal 32-bit installer will include the 32-bit and 64-bit versions of the Flash Player.  
          • If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box.  It is not needed for the Flash Player update.
          • Uncheck any toolbar offered with Adobe products if not wanted.
          • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
          • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
          Adobe Flash Player for Android

          The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

          Verify Installation

          To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

          Do this for each browser installed on your computer.

          To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

          References







          Remember - "A day without laughter is a day wasted."
          May the wind sing to you and the sun rise in your heart...