Essential Computer Security

Tony Bradley on Facebook
Tony_BradleyPCW
- Microsoft Needs a Tablet Strategy, Not a Tablet. http://bit.ly/d15SFa about 58 minutes ago from TweetDeck
- Microsoft, Get Back to Work! http://bit.ly/c8OiP1 about 9 hours ago from API
- How Froyo Will Boost Business. http://bit.ly/drrtRS about 15 hours ago from API
- Major companies jumping at the chance to download Facebook profile data from BitTorrent. http://bit.ly/acZSmB about 16 hours ago from TweetDeck
- pcworld: Facebook on the Job: Educating, Monitoring Are Key http://bit.ly/ddxCBW (via @NetworkWorld)- pcworld: Face... http://is.gd/dTCJE about 17 hours ago from tweet hopper
“Having collaborated with Tony on a book and worked side-by-side on a security engagement, I can definitively say that I'm impressed. Tony is an evangelist for the information security community, and a solid consultant. He is both efficient and intelligent, a combination which is not all that common.”
Anatoly Elberg
BT
My Sites

Internet Explorer

August 2007

To view a summary of the August bulletins, visit Microsoft Security Bulletin Summary for August, 2007. Click the links below to view the individual Microsoft Security Bulletins and to download any patches that might be required for your system. You can also visit Windows Update to automatically determine what patches or updates your system needs.

Microsoft Security Bulletin MS07-042
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx
Microsoft Security Bulletin MS07-043
Vulnerability in OLE Automation Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-043.mspx
Microsoft Security Bulletin MS07-044
Vulnerability in Microsoft Excel Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-044.mspx
Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx
Microsoft Security Bulletin MS07-046
Vulnerability in GDI Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-046.mspx
Microsoft Security Bulletin MS07-047
Vulnerability in Windows Media Player Could Allow Remote Code Execution
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx
Microsoft Security Bulletin MS07-048
Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms07-048.mspx
Microsoft Security Bulletin MS07-049
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms07-049.mspx
Microsoft Security Bulletin MS07-050
Vulnerability in Vector Markup Language Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-050.mspx

Tags: 2007 by Tony Bradley
Comments Off

June 2007

To view a summary of the June bulletins, visit Microsoft Security Bulletin Summary for June, 2007. Click the links below to view the individual Microsoft Security Bulletins and to download any patches that might be required for your system. You can also visit Windows Update to automatically determine what patches or updates your system needs.

Microsoft Security Bulletin MS07-030
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms07-030.mspx
Microsoft Security Bulletin MS07-031
Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-031.mspx
Microsoft Security Bulletin MS07-032
Vulnerability in Windows Vista Could Allow Information Disclosure
Microsoft Criticality: Moderate
- http://www.microsoft.com/technet/security/bulletin/ms07-032.mspx
Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx
Microsoft Security Bulletin MS07-034
Cumulative Security Update for Outlook Express and Windows Mail
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx
Microsoft Security Bulletin MS07-035
Vulnerability in Win 32 API Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-035.mspx

Tags: 2007 by Tony Bradley
Comments Off

May 2007

To view a summary of the May bulletins, visit Microsoft Security Bulletin Summary for May, 2007. Click the links below to view the individual Microsoft Security Bulletins and to download any patches that might be required for your system. You can also visit Windows Update to automatically determine what patches or updates your system needs.

Microsoft Security Bulletin MS07-023
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-023.mspx
Microsoft Security Bulletin MS07-024
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-024.mspx
Microsoft Security Bulletin MS07-025
Vulnerability in Microsoft Office Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-025.mspx
Microsoft Security Bulletin MS07-026
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx
Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-027.mspx
Microsoft Security Bulletin MS07-028
Vulnerability in CAPICOM Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-028.mspx
Microsoft Security Bulletin MS07-029
Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms07-029.mspx

Tags: 2007 by Tony Bradley
Comments Off

December 2006

To view a summary of the December bulletins, visit Microsoft Security Bulletin Summary for December, 2006. Click the links below to view the individual Microsoft Security Bulletins and to download any patches that might be required for your system. You can also visit Windows Update to automatically determine what patches or updates your system needs.

Microsoft Security Bulletin MS06-072
Cumulative Security Update for Internet Explorer
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms06-072.mspx
Microsoft Security Bulletin MS06-073
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms06-073.mspx
Microsoft Security Bulletin MS06-074
Vulnerability in SNMP Could Allow Remote Code Execution
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms06-074.mspx
Microsoft Security Bulletin MS06-075
Vulnerability in Windows Could Allow Elevation of Privilege
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms06-075.mspx
Microsoft Security Bulletin MS06-076
Cumulative Security Update for Outlook Express
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms06-076.mspx
Microsoft Security Bulletin MS06-077
Vulnerability in Remote Installation Service Could Allow Remote Code Execution
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms06-077.mspx
Microsoft Security Bulletin MS06-078
Vulnerability in Windows Media Format Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx

Tags: 2006 by Tony Bradley
Comments Off

November 2006

Microsoft released a total of 6 Security Bulletins for November 2006. One is rated as Important, and the other 5 are rated as Critical. MS06-071 is related to a flaw in the XML Core Services which has been being attacked in the wild for the past few weeks as a zero-day exploit.

To view a summary of the November bulletins, visit Microsoft Security Bulletin Summary for November, 2006. Click the links below to view the individual Microsoft Security Bulletins and to download any patches that might be required for your system. You can also visit Windows Update to automatically determine what patches or updates your system needs.

Microsoft Security Bulletin MS06-066
Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms06-066.mspx
Microsoft Security Bulletin MS06-067
Cumulative Security Update for Internet Explorer
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms06-067.mspx
Microsoft Security Bulletin MS06-068
Vulnerability in Microsoft Agent Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms06-068.mspx
Microsoft Security Bulletin MS06-069
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms06-069.mspx
Microsoft Security Bulletin MS06-070
Vulnerability in Workstation Service Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms06-070.mspx
Microsoft Security Bulletin MS06-071
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx

Tags: 2006 by Tony Bradley
Comments Off

April 2006

To view a summary of the April bulletins, visit Microsoft Security Bulletin Summary for April, 2006. Click the links below to view the individual Microsoft Security Bulletins and to download any patches that might be required for your system. You can also visit Windows Update to automatically determine what patches or updates your system needs.

Microsoft Security Bulletin MS06-013
Cumulative Security Update for Internet Explorer
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx
Microsoft Security Bulletin MS06-014
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms06-014.mspx
Microsoft Security Bulletin MS06-015
Vulnerability in Windows Explorer Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx
Microsoft Security Bulletin MS06-016
Cumulative Security Update for Outlook Express
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms06-016.mspx
Microsoft Security Bulletin MS06-017
Vulnerability in Microsoft Front Page Server Extensions Could Allow Cross Site Scripting
Microsoft Criticality: Moderate
- http://www.microsoft.com/technet/security/bulletin/ms06-017.mspx

Tags: 2006 by Tony Bradley
Comments Off

February 2006

To view a summary of the February bulletins, visit Microsoft Security Bulletin Summary for February, 2006. Click the links below to view the individual Microsoft Security Bulletins and to download any patches that might be required for your system. You can also visit Windows Update to automatically determine what patches or updates your system needs.

Microsoft Security Bulletin MS06-004
Cumulative Security Update for Internet Explorer
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms06-004.mspx
Microsoft Security Bulletin MS06-005
Vulnerability in Windows Media Player Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms06-005.mspx
Microsoft Security Bulletin MS06-006
Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms06-006.mspx
Microsoft Security Bulletin MS06-007
Vulnerability in TCP/IP Could Allow Denial of Service
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms06-007.mspx
Microsoft Security Bulletin MS06-008
Vulnerability in Web Client Service Could Allow Remote Code Execution
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms06-008.mspx
Microsoft Security Bulletin MS06-009
Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms06-009.mspx
Microsoft Security Bulletin MS06-010
Vulnerability in PowerPoint 2000 Could Allow Information Disclosure
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms06-010.mspx

Tags: 2006 by Tony Bradley
Comments Off

August 2005

Microsoft released 6 new bulletins for the month of August. Three of them are rated as Critical, one Important and two Moderate.

Two of the Critical security bulletins, MS05-039 and MS05-043, are particularly urgent because exploit code has already been developed for each of them. According to Marc Maiffret, co-founder and “Chief Hacking Officer” at eEye Digital Security, eEye has developed a freely available scanner which can be used to remotely identify machines vulnerable to the MS05-039 vulnerability.

To view a summary of the August bulletins, visit Microsoft Security Bulletin Summary for August, 2005. Click the links below to view the individual Microsoft Security Bulletins and to download any patches that might be required for your system. You can also visit Windows Update to automatically determine what patches or updates your system needs.

Microsoft Security Bulletin MS05-038
Cumulative Security Update for Internet Explorer
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms05-038.mspx
Microsoft Security Bulletin MS05-039
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx
Microsoft Security Bulletin MS05-040
Vulnerability in Telephony Service Could Allow Remote Code Execution
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms05-040.mspx
Microsoft Security Bulletin MS05-041
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service
Microsoft Criticality: Moderate
- http://www.microsoft.com/technet/security/bulletin/ms05-041.mspx
Microsoft Security Bulletin MS05-042
Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing
Microsoft Criticality: Moderate
- http://www.microsoft.com/technet/security/bulletin/ms05-042.mspx
Microsoft Security Bulletin MS05-043
Vulnerability in Print Spooler Service Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms05-043.mspx

Tags: 2005 by Tony Bradley
Comments Off

April 2005

There seems to be a theme among the Security Bulletins from Microsoft this month: an attacker can execute code remotely and it is critical that you patch. There are 5 Critical and 3 Important patches this month, including the always-popular Cumulative Update for Internet Explorer.

Those who really want to update Internet Explorer might consider trying Mozilla Firefox. It is not perfect by any stretch, but lacks most of the security flaws of Internet Explorer.

To view a summary of the April bulletins, visit Microsoft Security Bulletin Summary for April, 2005. Click the links below to view the individual Microsoft Security Bulletins and to download any patches that might be required for your system. You can also visit Windows Update to automatically determine what patches or updates your system needs.

Microsoft Security Bulletin MS05-016
Vulnerability in Windows Shell that Could Allow Remote Code Execution
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms05-016.mspx
Microsoft Security Bulletin MS05-017
Vulnerability in Message Queuing Could Allow Code Execution
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms05-017.mspx
Microsoft Security Bulletin MS05-018
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms05-018.mspx
Microsoft Security Bulletin MS05-019
Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx
Microsoft Security Bulletin MS05-020
Cumulative Security Update for Internet Explorer
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms05-020.mspx
Microsoft Security Bulletin MS05-021
Vulnerability in Exchange Server Could Allow Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms05-021.mspx
Microsoft Security Bulletin MS05-022
Vulnerability in MSN Messenger Could Lead to Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms05-022.mspx
Microsoft Security Bulletin MS05-023
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms05-023.mspx

Tags: 2005 by Tony Bradley
Comments Off

December 2004

When Microsoft released their November 2004 Security Bulletins they did not acknowledge or address a vulnerability which had been announced the week prior. Exploiting the iFrame flaw in Internet Explorer could potentially allow an attacker to gain complete control of a victim’s computer.

As of early November the flaw was already being exploited on the Internet and a new variant of the Mydoom worm, later renamed the Bofra worm by some antivirus vendors, took advantage of the vulnerability as well.

Microsoft broke their normal patch release schedule to put out a critical update for Internet Explorer. On the regularly scheduled monthly Security Bulletin release date, Tuesday, December 14, Microsoft released five more Security Bulletins.

Microsoft Security Bulletin MS04-040
Cumulative Security Update for Internet Explorer
Microsoft Criticality: Critical
- http://www.microsoft.com/technet/security/bulletin/ms04-040.mspx
Microsoft Security Bulletin MS04-041
Vulnerability in WordPad Could Allow Code Execution
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms04-041.mspx
Microsoft Security Bulletin MS04-042
Vulnerability in DHCP Could Allow Remote Code Execution and Denial of Service
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms04-042.mspx
Microsoft Security Bulletin MS04-043
Vulnerability in HyperTerminal Could Allow Code Execution
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms04-043.mspx
Microsoft Security Bulletin MS04-044
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms04-044.mspx
Microsoft Security Bulletin MS04-045
Vulnerability in WINS Could Allow Remote Code Execution
Microsoft Criticality: Important
- http://www.microsoft.com/technet/security/bulletin/ms04-045.mspx

Tags: 2004 by Tony Bradley
Comments Off

« Previous Page — Next Page »

Computer Security In Plain English For Normal People

Tony_BradleyPCW

My Sites

Internet Explorer

August 2007

June 2007

May 2007

December 2006

November 2006

April 2006

February 2006

August 2005

April 2005

December 2004

Recent Posts