Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 4 Dec 2008 3:22 pm |
|
Heads up! Windows Updates are coming next Tuesday, December 9, 2008, and there are plenty of them, depending on which OS you have and whether you have any MS Office products installed. There will be:
2 Windows system file updates
1 IE 6 or 7 update
1 Windows Media Player update
1 VB Bulletin
1 Word Bulletin
1 Excel Bulletin
1 PowerPoint 2007 Bulletin
1 SharePoint Bulletin
Plus, Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool (MSRT) on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center. This tool is capable of detecting and removing Bots and some common Rootkits, so always allow it to run every month, during Windows Updates. Even if there are no critical patches in some months, at least run the WMRT on the second Tuesday of the month.
The MSRT is reportedly responsible for destroying much of the Storm Botnet, last September and is now going after the Rustock and Srizbi Botnets (that I blog about regularly). Botnets are responsible for virtually all of the spam in the World, at this time.
The full version of the Microsoft Security Bulletin Advance Notification for December 2008 can be found at http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx.
This bulletin advance notification will be replaced with the December bulletin summary on December 9, 2008.
<hr>
Sun Corp just released a critical update to the Java Virtual Machine, in all of its manifestations. The new version is Java 6 Update 11. It fixes 14 recently announced critical vulnerabilities. You can download the latest version of Java here. Use this link to test your browsers for Java plug-ins and see what version you are running. Test all installed browsers and update them as necessary.
After you update to the latest Java Machine please uninstall all previous builds and versions. Their presence on your computer is a security threat. Java applets can be coded by Bolshevik criminals to request a particular vulnerable version of Java, and if that version remains on your computer you could be exploited.
Please note that "Java" is NOT the same technology as "JavaScript!" They are two radically different things! Java is an assembled language, where self contained "applets" are created and dispersed in "JAR" files. They are similar to executable programs in that way and can run as stand-alone desktop animations and games.
JavaScript is a plain-text scripted language that is interpreted by web browsers. JavaScript is not self contained and is not transportable as an applet, thus is not like Java at all. It was originally named ActionScript, by Netscape, then renamed "JavaScript" by a coffee addicted script writer in their coding section.
<hr>
If you haven't checked for missing updates to these and other commonly deployed programs and plug-ins, please do yourself a favor and visit the Secunia Online Software Inspector. It requires Java to run and will report on any missing Windows Updates and all out-of-date plug-ins, like Java, Flash and Quicktime. Make it a point to run the Inspector once a week, for your safety.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
