Thursday, November 11, 2010

HIGH: Two MS Office Security Bulletins Fix 7 - Seven Vunerabilities



Broadcast - Articles
TWO OFFICE SECURITY BULLETINS FIX SEVEN VULNERABILITIES

SEVERITY: HIGH

9 November, 2010

SUMMARY:

* These vulnerabilities affect: Most current versions of
Microsoft Office, and the components that ship with it

* How an attacker exploits it: Typically by enticing one of your
users to open a malicious Office document

* Impact: In the worst case, an attacker executes code on your
user's computer, gaining complete control of it

* What to do: Install Microsoft Office updates as soon as
possible, or let Microsoft's automatic update do it for you

---------------------------------------------------------------
This is a summary, for the complete alert, see Watchguard's web page:
https://www.watchguard.com/archive/showhtml.asp?pack=120268
--------------------------------------------------------------

STATUS:

Microsoft has released Office updates to fix these vulnerabilities.


REFERENCES:

* MS Security Bulletin MS10-087
http://www.microsoft.com/technet/security/bulletin/MS10-087.mspx

* MS Security Bulletin MS10-088
http://www.microsoft.com/technet/security/bulletin/MS10-088.mspx

This alert was researched and written by Corey Nachreiner, CISSP.
Posted by at No comments:
Labels: , ,

Monday, November 8, 2010

Website Magazine - FREE!

Free Print or Email Magazine for all things related to Website Development.

Just got my FREE subscription to http://www.websitemagazine.com/subscribe/4.asp - The Indisputable Leading Print Magazine on Web Business
Posted by at No comments:
Labels: ,

Wednesday, November 3, 2010

HIGH: More Security Vulnerabilities Affect Word and Excel


--------------------------------------------------
Broadcast - Articles
MORE SECURITY VULNERABILITIES AFFECT WORD AND EXCEL

SEVERITY: HIGH

12 October, 2010

SUMMARY:

* These vulnerabilities affect: All current versions of
Microsoft Office for Windows and Mac (specifically Word and
Excel)

* How an attacker exploits them: Typically, by enticing you to
open maliciously crafted Office documents

* Impact: An attacker can execute code, potentially gaining
complete control of your computer

* What to do: Install the appropriate Office patches
immediately, or let Windows Update do it for you.

---------------------------------------------------------------
This is a summary, for the complete alert, see our web page:
https://www.watchguard.com/archive/showhtml.asp?pack=1120003
--------------------------------------------------------------

STATUS:

Microsoft has released Office updates to fix these vulnerabilities.


REFERENCES:

* MS Security Bulletin MS10-079


* MS Security Bulletin MS10-080


This alert was researched and written by Corey Nachreiner, CISSP.
Posted by at No comments:
Labels: , , , ,

Microsoft exposes Firefox users to drive-by malware downloads


Posted on Oct 21st:

"Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?

Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads."

See full article on ZDNet.com
Posted by at No comments:
Labels: , ,

LiveSecurity | Urgent: Firefox 3.6.11 Delivers 13 Security Fixes


--------------------------------------------------
Broadcast - Articles
FIREFOX 3.6.11 DELIVERS 13 SECURITY FIXES

SEVERITY: MEDIUM

21 October, 2010

SUMMARY:

* These vulnerabilities affect: Firefox 3.6.x and 3.5.x for
Windows, Linux, and Macintosh

* How an attacker exploits it: Typically by enticing one of your
users to visit a malicious web page

* Impact: Various results; in the worst case, an attacker
executes code on your user's computer, gaining complete control
of it

* What to do: Upgrade to Firefox 3.6.1 (or 3.5.14), or let
Firefox's automatic update do it for you

---------------------------------------------------------------
This is a summary, for the complete alert, see our web page:
https://www.watchguard.com/archive/showhtml.asp?pack=120075
--------------------------------------------------------------

STATUS:

The Mozilla Foundation has released Firefox 3.6.11 to fix these
vulnerabilities.

REFERENCES:

* Firefox 3.6.11 Release Notes


* Vulnerabilities Fixed in Firefox 3.6.11


This alert was researched and written by Corey Nachreiner, CISS
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)