DarkFiber Consulting - IT Managed Services » Microsoft

Microsoft Windows Help and Support Center Vulnerability

DarkFiber Consulting — Wed, 23 Jun 2010 18:43:55 +0000

DarkFiber Consulting is aware of a vulnerability affecting the Mircosoft Windows Help and Support Center. This vulnerability is due to improper sanitization of hcp:// URIs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands.

DarkFiber Consulting encourages users and administrators to review Vulnerability Note VU#578319 and implement the workarounds to help mitigate the risks and reduce attack vectors.

DarkFiber Consulting will provide additional information as it becomes available.

Tags: Arbitrary Commands, Attacker, Microsoft, Microsoft Help, Microsoft Support, Microsoft Windows Help And Support, Sanitization, Vectors, Vulnerability Note, Windows Help, Windows Support, Workarounds

Microsoft Releases June Security Bulletin

DarkFiber Consulting — Wed, 23 Jun 2010 18:43:54 +0000

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint, and .NET Framework as part of the Microsoft Security Bulletin Summary for June 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.

DarkFiber Consulting encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Tags: Address, Arbitrary Code, Attacker, Bulletins, Internet Explorer, Microsoft, Microsoft Explorer, Microsoft Internet, Microsoft Security Bulletin, Microsoft Updates, Microsoft Windows, Privileges, Security Policies, Sharepoint, Vulnerabilities, Windows Explorer, Windows Internet

Microsoft Releases February Security Bulletin

DarkFiber Consulting — Mon, 01 Mar 2010 21:14:00 +0000

Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for February 2010. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges.

DarkFiber Consulting encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Tags: Address, Arbitrary Code, Attacker, Bulletins, Denial Of Service, Microsoft, Microsoft Office, Microsoft Security Bulletin, Microsoft Windows, Privileges, Security Policies, Vulnerabilities

Microsoft Releases Advance Notification for February Security Bulletin

DarkFiber Consulting — Mon, 01 Mar 2010 21:13:59 +0000

Microsoft has issued a Security Bulletin Advance Notification, indicating that its February release cycle will contain 13 bulletins. Five of them will have a severity rating of Critical and will be for Microsoft Windows. The remaining eight bulletins have an Important rating and are for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, February 9, 2010.

DarkFiber Consulting will provide additional information as it becomes available.

Tags: Advance Notification, Bulletins, Microsoft, Microsoft Office, Microsoft Security, Microsoft Windows, Security Bulletin, Severity Rating, Windows Microsoft

Microsoft Releases Cumulative Security Update for Internet Explorer

DarkFiber Consulting — Thu, 28 Jan 2010 02:08:46 +0000

Microsoft has released Security Bulletin MS10-002 as a Cumulative Security Update for Internet Explorer. This update addresses multiple vulnerabilities that when exploited, may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Bulletin MS10-002 and apply any necessary updates to help mitigate the risks.

Tags: Arbitrary Code, Attacker, Cumulative Security Update, Explorer Microsoft, Explorer Update, Internet Addresses, Internet Explorer, Internet Security, Microsoft, Microsoft Internet, Microsoft Security Bulletin, Microsoft Update, Ms10, Necessary Updates, Security Explorer, Update Microsoft, Vulnerabilities

Microsoft Releases Security Advisory 979352

DarkFiber Consulting — Thu, 28 Jan 2010 02:08:44 +0000

Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitation of this vulnerability.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 979352 and apply the suggested workaround of setting the Internet zone security setting to High to help mitigate the risks.

Additional information about this vulnerability can be found in Vulnerability Note VU#492515.

Tags: Arbitrary Code, Attacker, Code Microsoft, Internet Explorer, Internet Security, Internet Zone, Microsoft, Microsoft Explorer, Microsoft Internet, Microsoft Releases Security Advisory, Microsoft Security Advisory, Vulnerability Note, Workaround, Zone Security

Microsoft Releases December Security Bulletin

DarkFiber Consulting — Thu, 10 Dec 2009 18:49:52 +0000

Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for December 2009. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

DarkFiber Consulting encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Tags: Address, Arbitrary Code, Attacker, Bulletins, Denial Of Service, Microsoft, Microsoft Office, Microsoft Security Bulletin, Microsoft Windows, Security Policies, Vulnerabilities

Microsoft Releases Advance Notification for December Security Bulletin

DarkFiber Consulting — Thu, 10 Dec 2009 18:49:49 +0000

Microsoft has issued a Security Bulletin Advance Notification indicating that its December release cycle will contain six bulletins, three of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Microsoft Office, and Internet Explorer. There will also be three important bulletins for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, December 8.

DarkFiber Consulting will provide additional information as it becomes available.

Tags: Advance Notification, Amp Nbsp, Bulletins, December 8, Internet Explorer, Microsoft, Microsoft Internet, Microsoft Office, Microsoft Security, Microsoft Windows, Security Bulletin, Severity Rating, Windows Microsoft

Research In Motion Releases Advisory for BlackBerry PDF Distiller Vulnerabilities

DarkFiber Consulting — Thu, 10 Dec 2009 18:49:47 +0000

Research In Motion has released a security advisory to address multiple vulnerabilities in the PDF distiller of some released versions of the BlackBerry Attachment Service. The advisory lists the affected versions as BlackBerry Enterprise Server 5.0.0 running on Microsoft Windows version 2003 or 2008, BlackBerry Enterprise Server 5.0.0 running on Microsoft Windows 2000, BlackBerry Enterprise Server software versions 4.1.3 through 4.1.7, and BlackBerry Professional Software 4.1.4. By convincing a user to view a specially crafted PDF file, an attacker may be able to execute arbitrary code or cause a denial-of-service condition on the system that hosts the BlackBerry Attachment Service.

DarkFiber Consulting encourages users and administrators to review BlackBerry security advisory KB19860 and apply any necessary updates.

Tags: Amp Nbsp, Arbitrary Code, Attacker, Blackberry Server, Blackberry Software, Denial Of Service, Enterprise Server Software, Microsoft, Microsoft 2000, Microsoft Server, Microsoft Software, Microsoft Windows 2000, Microsoft Windows Version, Necessary Updates, Pdf Distiller, Pdf File, Professional Software, Research In Motion, Software Versions, Windows 2000

Microsoft Releases Security Advisory 977981

DarkFiber Consulting — Thu, 10 Dec 2009 18:49:45 +0000

Microsoft has released security advisory 977981 to address a vulnerability in Microsoft Internet Explorer. This vulnerability may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 977981 and implement the suggested workarounds listed in the advisory to help mitigate the risks.

Tags: Address, Amp Nbsp, Arbitrary Code, Attacker, Internet Explorer, Microsoft, Microsoft Explorer, Microsoft Internet, Microsoft Releases Security Advisory, Microsoft Security Advisory, Vulnerability, Workarounds