DarkFiber Consulting – IT Managed Services

Microsoft has issued a Security Bulletin Advance Notification indicating that its August release will contain 14 bulletins. Eight bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer, Office, and Silverlight. The remaining six bulletins will have the severity rating of important and will be for Microsoft Windows and Office. Release of these bulletins is scheduled for Tuesday, August 10, 2010.

DarkFiber Consulting will provide additional information as it becomes available.

Microsoft has released security bulletin MS10-046 to address a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote attacker may be able to execute arbitrary code.

DarkFiber Consulting strongly encourages users and administrators to review Microsoft security bulletin MS10-046 and apply any necessary updates to mitigate the risks.

Additional information regarding this vulnerability can be found in the following:

• Microsoft Security Bulletin MS10-046
• Microsoft Security Advisory 2286198
• DarkFiber Consulting Current Activity Entry “Microsoft Windows .LNK Vulnerability“
• DarkFiber Consulting Vulnerability Note VU#940193

DarkFiber Consulting is aware of a vulnerability affecting the Mircosoft Windows Help and Support Center. This vulnerability is due to improper sanitization of hcp:// URIs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands.

DarkFiber Consulting encourages users and administrators to review Vulnerability Note VU#578319 and implement the workarounds to help mitigate the risks and reduce attack vectors.

DarkFiber Consulting will provide additional information as it becomes available.

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint, and .NET Framework as part of the Microsoft Security Bulletin Summary for June 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.

DarkFiber Consulting encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for February 2010. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

DarkFiber Consulting encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Microsoft has issued a Security Bulletin Advance Notification, indicating that its February release cycle will contain 13 bulletins. Five of them will have a severity rating of Critical and will be for Microsoft Windows. The remaining eight bulletins have an Important rating and are for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, February 9, 2010.

DarkFiber Consulting will provide additional information as it becomes available.

Microsoft has released Security Bulletin MS10-002 as a Cumulative Security Update for Internet Explorer. This update addresses multiple vulnerabilities that when exploited, may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Bulletin MS10-002 and apply any necessary updates to help mitigate the risks.

Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitation of this vulnerability.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 979352 and apply the suggested workaround of setting the Internet zone security setting to High to help mitigate the risks.

Additional information about this vulnerability can be found in Vulnerability Note VU#492515.

Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for December 2009. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Microsoft has issued a Security Bulletin Advance Notification indicating that its December release cycle will contain six bulletins, three of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Microsoft Office, and Internet Explorer. There will also be three important bulletins for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, December 8.

DarkFiber Consulting will provide additional information as it becomes available.