Exploit Thursday – this months winner – Powerpoint

October 12th, 2006

The SecurityFix reminds us of what usually comes close behind Patch Tuesday…. exploit Wednesday or Thursday and this month, the exploits seemed to start coming out Thursday. There’s a new Powerpoint exploit starting to make the rounds right on the heels of Patch day. The main goal is likely to get the most mileage out of the exploit before the NEXT patch Tuesday. Microsoft is reported to be investigating the reports of this vulnerability.

Read the rest of this entry »

Vista software compatibility concerns and license restrictions…

October 12th, 2006

I should say that George Ou has been trying to put to rest some of the concerns people have about “will xyz program run on vista”. The All About Microsoft blogpost on virtual PC seems to have started all this. I should say that virtual machines seem to be a good way to make sure that whatever “ye olde application” doesn’t work perfectly well in a new OS can still run. (I have a couple of old DOS applications that I’ve revisited this way.) (By the way, this is a question many people ask whether it’s a new version of windows or if they run other Operating Systems..) I was a bit more interested to read about some of the licensing terms for the various Vista flavors…

Read the rest of this entry »

The problems with cache servers

October 12th, 2006

Networkworld brings us this report that exploit code removed from websites can live on for quite a while in caching servers. Which, in a way is NOT news, but it’s worth remembering. Many times when someone visits a website, their really visiting a caching proxy server that has previously grabbed a copy of data from the original website. Many networks use cache servers to improve network performance. (i.e…. we have 20 people an hour hitting cnn.com why shouldn’t we just be able to download the page once?)

Read the rest of this entry »

What wasn’t patched Tuesday…

October 12th, 2006

Sunbelt reminds us that the daxctle.ocx exploit was NOT among those patched Tuesday by Microsoft. They remind us of the following workaround…

Mitigation: The DirectAnimation Path control can be disabled by setting the kill bit for the following CLSID: {D7A7D7C3-D47F-11d0-89D3-00A0C90833E6}

More info at Microsoft’s Knowledge Base

   Send article as PDF   

Google Docs and Spreadsheets

October 10th, 2006

Bye bye Writely – hello Google Docs and Spreadsheets Inside Google has been reporting on the (happening right now) launch of docs.google.com which should be a shared login for both the writely successor and spreadsheets which is now known as Google Docs and Spreadsheets. It appears to support IE 6 and Firefox.

   Send article as PDF   

Vista kill switch may push people to linux

October 10th, 2006

It’s not really a surprising headline. I think anytime a proprietary vendor tightens the screws a bit to limit piracy they are going to force people to other, competing products. Especially when there’s a significant cost difference involved. If there are three t-shirts for sale, one for $5 with no logo and another for $50 with a brand logo (we’ll say nike) and yet another (pirated) with a nike logo for $10 and everybody thinks the nike logo is cool and in… they’ll buy the $10 “pirated” shirt unless they know that it’s pirated and are morally compelled to spend the $50. If piracy is cracked down on and you have a choice between the $50 logo shirt and the $5 no logo shirt….. hmmm I’d rather have $45 extra dollars than a swoosh on my shirt.

Read the rest of this entry »

Updating Windows XP SP2 serial number

October 10th, 2006

Intelliadmin published this earlier today… with all the problems some people have had with the Genuine advantage notification that their copy of Windows may not be legitimate (many reasons for this…) it may be necessary to buy a new copy of Windows and it would be a nuisance to have to reinstall. So, there is a way to just update the serial number to the new copy. The download from Microsoft can be found here and checks the main system files (for patching/changes to circumvent WGA) and then asks for the new Product Key. Reboot and it should have updated the serial number and maybe WGA will let you do updates.

Read the rest of this entry »

Preventing the automatic update to Internet Explorer 7

October 10th, 2006

Internet Explorer 7 is set to be released this month (October 2006) and it will likely be an automatic update for Windows users either November or December of this year. (I’m thinking November.) Now, it’s been a long time in the making, at one point Microsoft said there wouldn’t be another version past 6 of IE, but… it’s finally coming and some people will not want it installed automatically until they’ve had more time to investigate it and test with their critical uses.

Read the rest of this entry »

Microsoft October 2006 patch Tuesday

October 10th, 2006

The first thing I should mention is that this months update from Microsoft is the last for XP SP1 users should plan a migration path to SP2 to keep getting updates to XP. Multiple vulnerabilities this month have been patched in Office There are 4 advisories, but a total of 15 issues covered by those four. Powerpoint, Excel, Word and Office/Publisher there are a variety of exploits, some public (like the powerpoint) others that were privately reported. Also, Incidents.org gives a nice summary of the advisories and the severity of each (urgency of updating.) The setslice vulnerability is patched in this batch by the way.

Read the rest of this entry »

Microsoft Windows and Office updates (October 2006)

October 10th, 2006

Multiple Security issues (October 2006 patch day.) details.

update.microsoft.com

   Send article as PDF