Posts Tagged ‘Microsoft Office’

Windows Security Bulletins and Security News

Lots and lots of computer security related news recently, the IE and Firefox brouhaha concerning a high security risk with how IE handles a “firefoxurl://” URI (uniform resource identifier), Haute Secure blocks malware, Microsoft security bulletins and Facebook pimping da crudware baby.

Firefox and IE together brew up security trouble News.com article about the Firefox and IE combo flaw that could allow someone to compromise their machine remotely.

Site Advisor 2.0: Haute Secure Launches To Detect and Block Malware Little review of Haute Secure from Michael Arrington, he says, “Haute Secure launched moments ago: it?s a new browser plug-in that the company says will detect and block malware before it has a chance to infect your computer. The timing couldn?t be better as news spreads of more Windows-based vulnerabilities.”

Haute Secure They block bad sites and then let you decide if you want to allow it or not. Sounds like the UAC feature of Windows Vista, but I haven’t tried it yet myself.

Microsoft Security Bulletin MS07-036 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) This critical security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities as well as other security issues identified. These vulnerabilities could allow remote code execution on your computer if a user opens a specially created Excel file. Users whose accounts are not configured to run as Administrator will be less impacted than those who do. This is a critical security update for supported editions of Microsoft Office 2000. For supported editions of Microsoft Office XP, Microsoft Office 2003, 2007 Microsoft Office System, this update is rated important. This update is also rated important for the Excel Viewer 2003, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.

Microsoft Security Bulletin MS07-039 – Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) This critical security patch resolves a vulnerability in Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition, and remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

Facebook found pimping crudware Facebook has become the latest website to be found pushing services that deliver highly deceptive security warnings designed to trick users into buying software. Purveyors of this scam are making use of Facebook Flyers, small ads that get posted on Facebook pages associated with a specific region. At 5,000 impressions for just $10, it’s a bargain.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - July 11, 2007 at 3:04 am

Categories: Firefox, IE7, Security   Tags: , , , , , , , , ,

Microsoft’s Next Tuesday Update

This week when Microsoft does it’s Tuesday patch update, it will contain fixes for two flaws, one deemed critical for Office and a windows patch marked as important.

On 14 March 2006 Microsoft is planning to release:

Security Updates

One Microsoft Security Bulletin affecting Microsoft Office. The highest Maximum Severity rating for this is Critical. These updates may require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scanning Tool.

One Microsoft Security Bulletin affecting Microsoft Windows. The highest Maximum Severity rating for this is Important. These updates will not require a restart. These updates will be detectable using the Microsoft Baseline Security Analyzer.

Microsoft Windows Malicious Software Removal Tool

Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

Note that this tool will NOT be distributed using Software Update Services (SUS).

Non-security High Priority updates on MU, WU, WSUS and SUS

Microsoft will not release any NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).

Microsoft will release one NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).

From News.com:

Microsoft rates as critical any security threat that could allow a malicious Internet worm to spread without any action required on the part of the user. Problems deemed “important” could be exploited to compromise the confidentiality, integrity or availability of data, or the integrity or availability of processing resources, according to the company.

Microsoft’s notice did not specify which components of Windows or Office are being repaired with Tuesday’s patches or how many flaws the update will tackle. Security researchers with eEye Digital Security list one vulnerability on their Web site for which a fix is considered overdue.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - March 9, 2006 at 3:38 pm

Categories: Microsoft News, Office News   Tags: , ,

Tool to Help Migrate from Notes to Office

Today, Microsoft announced they will be releasing a free set of tools to help Lotus Notes and Domino users move to Microsoft Office platforms, according to this article from WindowsITPro.

“Today we are responding to the strong demand we’re seeing from customers using Lotus Notes/Domino who are planning a transition to … the Office system of programs, servers and services,” says Microsoft corporate vice president Kurt DelBene. “This announcement is a big step in our overall strategy toward helping these customers make the move so they can begin to take advantage of our platform’s benefits.”

The new and updated tools include:

- Application Analyzer 2006 for Lotus Domino, which will analyze Notes/Domino environments and recommend how to migrate those applications to Microsoft’s platforms. It will ship in the first quarter of 2006, according to Microsoft.

- Data Migrator 2006 for Lotus Domino, a new tool that will help organizations migrate data stored in Domino to Windows SharePoint Services (WSS). It will ship in the second quarter of 2005.

- Three new Windows SharePoint Services Application Templates, which will join the 30 application templates Microsoft first released in August 2005. The new templates include Discussion Database, Team Work Site and Document Library; they are available today.

Click here to visit Microsoft to find out more.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - January 17, 2006 at 10:38 am

Categories: Office News   Tags: