Computer Tips -Tech Info

Category: Windows Tech Support

October Microsoft update advance notice….

11 patches will be released by Microsoft on the 10th of October. Bulletin is here, 6 for windows, 4 for Office (at least one in each of those two batches is critical) and 1 .NET (moderate) – yes the Windows updates will likely require a restart. Betanews has a bit more coverage hoping the WebViewFolderIcon ActiveX control vulnerability will get fixed in this batch.

(more…)

October 5, 2006
More rogue security software

Wolves in sheeps clothing…. from Sunbelt blog…. Watch out for pestcapture and “friends” (using dlls from spysheriff). Thanks to sunbelt for keeping their eyes open on the threat of wolves in sheepdogs clothing…. It’s so frustrating having to explain to someone that the software they downloaded to solve their problems has become part of the problem…..

(more…)

October 3, 2006
Vmware launches beta of real to virtual converter

Vmware has launched a tool (windows only it seems) aimed to convert a REAL running system into a virtual machine. (For use with VMWare’s virtualization products. The converter also can convert images from competing virtual machine “platforms”(?) (Microsoft Virtual PC, Microsoft Virtual Server, Symantec Backup Exec System Recovery (formerly LiveState Recovery) and Norton Ghost9 (or higher) to VMware virtual machine disk format.)

(more…)

October 3, 2006
Some days you really want to slap someone at Microsoft….

So, I was formatting a drive the other day. It’s an external hard drive that will need to be readable AND writable by both Mac and Windows XP machines. So, the only choice (without paying for MacDrive to read/write to HFS+) is really FAT32. The drive is in the 250GB-300GB ballpark. So, I reference the maximum filesystem size and see that FAT32 supports up to 2TB filesystems. No problem. I was doing this from the Windows XP machine that would be one of the drives “hosts” and after much scratching around created and attempted to format the FAT32 partition – a LONG verification process ensued 30 minutes – 1 hour. After which…. “volume size too big” eh? Well… the format tool under Windows XP/2000 is crippled…

(more…)

October 1, 2006
Microsoft Internet Explorer patches for unsupported OS versions (Windows 98 and ME)

For starters, if you’re using Windows 98 or ME still in a production system, you REALLY need to be looking at migration options and you should realize that the architecture of those systems is NOT conducive to a good secure platform. No XP isn’t perfect, but it is an improvement in many areas. That much said, if you don’t have too many choices and are wondering how you can protect the old system against the recent Windows Internet Explorer vulnerabilities…. here you go. The zero-day emergency response team has released a version of the VML vulnerability patch for older versions of Windows. So, if you REALLY need to patch an old windows 98 or ME install, you can give that a try. (No guarantees.)

(more…)

October 1, 2006
Firefox zero-day vulnerability (or is it?)

I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day… the intent here though is to use the word in this context…. “vulnerability has been released without giving the vendor an opportunity to patch…” Yes, the fun vulnerability weekend seems to be continuing – there’s a javascript zdnet has coverage it’s “impossible to patch” (?) from the individuals that have publicized it. The announcement came at Toorcon.

(more…)

October 1, 2006
Oh and ANOTHER Powerpoint vulnerability too….

Sometimes you feel like the little Dutch boy of myth/legend with his finger trying to plug the hole in a dam…. Incidents bring us this as well…. another powerpoint vulnerability seems to have been disclosed. MS has an advisory. All currently supported Office versions are vulnerable (even on Mac?) Workarounds include not opening powerpoint files… using the Powerpoint viewer 2003 (I don’t see any word on opening in something like Openoffice.org Impress – that MAY mitigate the risk.)

(more…)

September 30, 2006
Microsoft vulnerability whack-a-mole continues…..

Translation – Microsoft patched one vulnerability another surfaces…. Incidents.org brings us the frustrating news….

If you remember the month of browser bugs series of exploits back in July, there was a denial of service there that appears to have code execution after all. Coincidence or not, it got publicly released after the out of cycle Microsoft patch for MSIE.

So…. here are the possible workarounds….

(more…)

September 28, 2006
Microsoft releases official VML patch!!

The big news this afternoon is that Microsoft HAS gone out of the routine patch cycle to release a security fix for the VML vulnerability that’s been actively exploited in recent days for everything from sneak keylogger installs to massive spyware installs. Sans has a few links, if you de-registered the affected DLL you should consider re-registering the same so that you’ll be able to view/access vml content in the future. Here’s Microsoft’s technet Security Bulletin on the matter. (Visit update.microsoft.com if it’s not automatically downloaded for you.) It should be noted that the RC of IE 7 was not affected by this vulnerability.

(more…)

September 26, 2006
Update on the Internet Explorer VML vulnerability

Just catching up on the days VML vulnerability news from today…. It looks as though… the exploit is now MUCH more widespread this blog has some video of an infection, what’s notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that they can harvest paypal/bank/etc. passwords…) So, there might not be a big red “you’re owned” sign pop up. Sunbelt reported on a test page to visit to see if you’re vulnerable. The direct link is http://www.isotf.org/zert/testvml.htm (Will crash IE if it’s vulnerable.)

(more…)

September 22, 2006