Microsoft releases Fix-It for latest 0-day vulnerability.

View the original article here

Microsoft releases Fix-It for latest 0-day vulnerability.

A few days ago a new 0-day vulnerability was discovered that affects all versions of Microsoft’s Internet Explorer – but Internet Explorer 10 – on all recent versions of the Windows operating system. Microsoft suggested workarounds like installing the company’s own excellent mitigation tool or setting the Internet and Intranet security zone to high to block the exploit from executing. Third parties recommended to not use Internet Explorer until a fix is released by Microsoft.

The security advisory confirmed that targeted attacks were carried out on the Internet, with users only having to visit a website with a vulnerable version of Internet Explorer for the attack to take place. The Poison Ivy trojan was installed on a successfully exploited system, and for some days researchers assumed that it was the only threat.

Today it became known that other exploits have also been used in the last couple of days, making it even more important to fix the vulnerability as soon as possible.

Microsoft today as well has released a Fix IT to patch Internet Explorer and protect the browser and thus the underlying operating system from the 0-day vulnerability. A Fix it is a lightweight portable program that can modify the operating system or programs installed on it. This particular Fix It resolves the 0-day vulnerability for 32-bit versions of Internet Explorer.

Before you apply the patch you need to make sure that Internet Explorer is fully updated.  Once done, download the Fix It from this Microsoft Support page and run it once it is on your computer. Just follow the instructions on screen to patch your system and protect Internet Explorer form being vulnerable to attacks exploiting the vulnerability. Again: this only works for the 32-bit version of Internet Explorer. It is therefor recommended to run this version only for the time being until a security update resolves the issue complete. The Fix It support page offers a second program that you can use to disable the fix again.

It may come as a surprise to many that Microsoft reacted that fast, considering that the company in the past has often taken its time before it released updates to the public. The quick patch may have been designed with Windows users in mind, but it certainly may have also had something to do with the bad press that Microsoft received after the vulnerability was discovered. (via Dottech)

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.
Microsoft Releases Internet Explorer 0-Day Vulnerability Fix-It
Microsoft Confirms Internet Explorer Vulnerability [Security]
Internet Explorer Vulnerability Fix
Microsoft Posts Advisory About New Internet Explorer Vulnerability
Old Internet Explorers Affected By Security Vulnerability

About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.Author: Martin Brinkmann, Thursday September 20, 2012 -
Tags:fix it, internet-explorer, microsoft, vulnerability
Categories: Browsing, Internet Explorer

You are here: Home » Browsing » Microsoft releases Fix-It for latest 0-day vulnerability.

View the original article here

Kaspersky Releases KIS Technology Preview For Windows 8

2012 is a special year for security software companies like Kaspersky, as they not only have to deliver their yearly updates to their customer base, but also make sure that their products are compatible with Microsoft’s soon to be released operating system Windows 8.

Kaspersky today has released a technology preview of Kasperksy Internet Security 2013 that has been specifically designed for Microsoft’s new operating system. Beta users should not confuse the release with the previously released KIS 2013 Beta for previous Windows operating systems.

The 143 Megabyte download includes the full Internet Security 2013 product for 32-bit and 64-bit editions of Windows 8. The product will be automatically activated for 90 days after the day of installation on the system.

The company notes that “the software is distributed as is”, and that it “may be unstable”, which indicate that it is a beta product aimed at sorting out as many of the bugs that the testers find.

The download page does not reveal many information about new and improved features in this particular version. According to the page, the product’s speed has been improved significantly and will not “reduce PC performance” anymore. The only other changes mentioned are integration between the KIS Technology Preview and the Windows Security Center, and support for new security features of the Windows 8 operating system.

Kaspersky has created a new support forum for beta users to report bugs and exchange information.

Kaspersky is not the only company that is readying their product line for Windows 8. Avast in late February released this year’s security lineup with full Windows 8 support.

Should you install a beta security product? That depends. It may make sense if your company or you are running the latest Kaspersky versions and you want to make sure that the upcoming version is compatible with other software running on the systems. I’d otherwise suggest you skip the beta and select a software that is already available as a final product.

Update: My first try to install Kaspersky Internet Security 2013 failed miserably. The installer prompted for a reboot to complete the installation, but there was no sign that the security software was installed after the reboot. The Kaspersky folders where there, but there was no process running in the background, no system tray icon or any other indicator that the program had been installed.

The reason for this was a restart prompt in the middle of installation. I first assumed that it was a prompt by the installer to finish the installation after reboot. This apparently was not the case. You need to select Reboot Later when the prompt comes up to avoid the same issue. (via Techdows)

Update 2: The site does not list a key, select Trial version during installation.

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter. Kaspersky Anti-Virus KAVRemover
Kaspersky Pure Released
Kaspersky Internet Security 2011 Beta Download
Kaspersky Application Vulnerability Analysis
Ghacks Christmas Giveaway: Kaspersky Internet Security 2009 About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.Author: Martin Brinkmann, Monday March 5, 2012 -
Tags:beta software, kaspersky, windows software

You are here: Home » Security » Kaspersky Releases KIS Technology Preview For Windows 8

View the original article here

Adobe Releases Flash Player Security Update to 11.1.102.63

Adobe today has published an update for Flash Player that brings the current version of the product to 11.1.102.63 on the desktop, and version 11.1.111.7 on Android devices. Adobe classifies the update as a priority 2 update that fixes several critical security vulnerabilities that have been discovered earlier in the product. Priority 2 is the second highest priority rating, and critical the highest severity rating.

[A priority 2] update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits. Based on previous experience, we do not anticipate exploits are imminent. As a best practice, Adobe recommends administrators install the update soon (for instance, within 30 days).

The vulnerability affects all previous versions of Adobe Flash Player for Windows, Macintosh, Linux and Solaris, as well as previous versions of Flash Player for Android.

The vulnerabilities can be used by attackers to cause a crash on the target system running vulnerable versions of Flash, to take control of the affected system. Adobe recommends that users update their Flash Player version to the latest version as soon as possible to protect their system vulnerability exploits.

Flash users who do not know which version of the product they have installed, should visit Adobe’s About Flash page to find out. Flash Player needs updating if the version displayed is lower than 11.1.102.63 for a desktop system, and lower than 11.1.111.7 for Android systems.

Desktop users can visit the Get Flash Player website to download the latest version of the product from the Adobe website. Keep in mind that you need to close all open web browsers before you can complete the update of Flash Player on the system. The Google Chrome browser is updated automatically via Google Update, an update for that browser alone is not necessary.

Adobe furthermore has made available an update to Flash Player 10 users who, for whatever reason, cannot update to Flash Player 11. The update resolves the security issue on their system. It can be downloaded here.

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter. Adobe Releases A New Security Update For Flash Player
Adobe Releases Flash Player Security Update
Adobe Flash Player Security Update
Adobe Releases Another Flash Security Update
Adobe Flash Player Security Update Available About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.Author: Martin Brinkmann, Tuesday March 6, 2012 -
Tags:flash player, flash player update

You are here: Home » Security » Adobe Releases Flash Player Security Update to 11.1.102.63

Click on the following link(s) to read more about Security

View the original article here

Avast Releases Fix Update Utility For Corrupted Installations

The release of Avast 7 has caused anger and confusion in part of the security software’s user base. Especially the fact that Google Chrome was installed in a sneaky way during updates or new installations fueled criticism of the new version. Some users on the other hand reported that the application did not install or update correctly. The installation basically hangs and exits with an error message.

Especially users who try to upgrade from version 6 to 7 are affected by corrupted installations of the security software. The core issue here is that it is not possible to update the program anymore. Some users have experienced other issues as well, like crashing third party applications, slow system starts or shutdowns or related issues.

Experienced users may have resolved the situation already by running Avast’s Software Removal Tool which uninstalls all traces of Avast software on the system. A clean install of Avast 7 runs through without problems afterwards.

Avast has released a Fix Update utility for users of Avast 6 and Avast 7 who are experiencing issues with their antivirus.

Here are the instructions on how to use the program to fix Avast on the computer

Avast 7: Run Fix Update first, then go Maintenance > Update and click on Update Program. This should resolve the issue.Avast 6: Run the Fix Update program as well. You will then be asked whether you want to update to Avast 7. Click Yes and the update will be installed. This can take a few minutes before the update completes. Restart the computer in the end to complete the update

The tool can be run on systems that are not affected by the particular issue. It will simply exit in this case telling you that the avast installation does not seem to have the problem that the fix is supposed to resolve. (via Techdows)

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter. Avast Free Antivirus 7 Final Released
Avast 7 Will Install Google Chrome, If You Do Not Pay Attention
Avast Antivirus 5 Download [Security]
Avast Internet Security Free License
Avast 7 Public Betas Available, New Features Included About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.Author: Martin Brinkmann, Wednesday February 29, 2012 -
Tags:avast

You are here: Home » troubleshooting » Avast Releases Fix Update Utility For Corrupted Installations

View the original article here

Microsoft Releases First 2012 Security Update

Microsoft today has released seven security related bulletins that fix issues in the Windows operating system and in Microsoft’s Developer Tools. One bulletin has received the maximum severity rating of critical, the highest available rating, while the remaining six bulletins have all received a rating of important, the third highest rating.

It is interesting to note that the severity rating of the first bulletin is critical on Windows XP and Vista, while only important on Windows 7 and Windows Server 2008 R2. When you look at all bulletins you will notice that Windows XP is affected by all, Vista by five and Windows 7 by four of the vulnerabilities addressed in the bulletins.

The Security Bulletins have just been posted on Microsoft’s Technet website. Here is this month’s summary with links to each security bulletin.

MS12-004 – Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) – This security update resolves two privately reported vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.MS12-001 – Vulnerability in Windows Kernel Could Allow Security Feature Bypass (2644615) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability.MS12-002 – Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.MS12-003 – Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524) – This security update resolves one privately reported vulnerability in Microsoft Windows. This security update is rated Important for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. All supported editions of Windows 7 and Windows Server 2008 R2 are not affected by this vulnerability.

The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. The attacker could then take complete control of the affected system and install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability can only be exploited on systems configured with a Chinese, Japanese, or Korean system locale.

MS12-005 – Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2584146) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.MS12-006 – Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584) – This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.MS12-007 – Vulnerability in AntiXSS Library Could Allow Information Disclosure (2607664) – This security update resolves one privately reported vulnerability in the Microsoft Anti-Cross Site Scripting (AntiXSS) Library. The vulnerability could allow information disclosure if a an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library. The consequences of the disclosure of that information depend on the nature of the information itself. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker’s user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system. Only sites that use the sanitization module of the AntiXSS Library are affected by this vulnerability.

The updates are already available on Windows Update. The easiest way to open the updating tool is to click on the start menu orb and select Windows Update from the program listing there.

Windows users who do not want to or can’t use Windows Updates can download the updates from Microsoft’s Download Center beginning later today. Microsoft as usual will release an ISO image with all security updates of the month for easier distribution.

Update: The severity and exploitability index and bulletin deployment information have been posted.

The next security updates will be released on February 14, 2012.

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter. Microsoft Out Of Band Security Update Released
Microsoft Releases September Security Patches
Microsoft Releases Security Patches for December 2011
Microsoft Releases Out Of Band Security Patch
Microsoft Security Updates May 2010 About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.Author: Martin Brinkmann, Tuesday January 10, 2012 -
Tags:security bulletin, windows-update

You are here: Home » Security » Microsoft Releases First 2012 Security Update

View the original article here