ky331
5 Iridium

Updates 11/8/11 - Microsoft Tuesday, Firefox 8, SpywareBlaster, Shockwave

Today is "Microsoft Tuesday" (aka "Patch Tuesday") on which Microsoft is expected to release its monthly cycle of Windows critical/security updates.   Based on previous history, they should become available at 1 PM [USA - Eastern Standard Time].

Please use Windows/Automatic updates to determine which updates --- if any --- are applicable to your particular system.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
9 Replies
ky331
5 Iridium

Re: Updates 11/8/11 - Microsoft Tuesday

Firefox 8  has been released today --- you can update via the internal updater (Help / About Firefox / Check for Updates).  

As a reminder:   During the installation process, FF will test for compatibility of your existing add-ons with the new version, and advise you of potential conflicts (which, if you continue, will be disabled).   If there's an add-on you "just can't live without", you might want to delay installing FF until that add-on is also updated.   In my case, my main add-ons (WOT 2001-07-04, KeyScramber 2.8.2, & Yahoo Toolbar 2.4.1) were all compatible emoticon.Smile.title

"The biggest new feature is that Firefox itself now handles third party add-on installations to avoid security problems from sketchy extensions. Also included in the new version is built-in support to search Twitter messages in the browser's address bar." -- http://lifehacker.com/5856826/firefox-8-now-available

The following was copied/pasted from http://en.wikipedia.org/wiki/Firefox_8#Expected_Release_Dates :

Version 8.0

Firefox 8 on Windows 7
  • Add-ons installed by third-party programs are now disabled by default
  • Added a one-time add-on selection dialog to manage previously installed add-ons
  • Added Twitter to the search bar
  • Added a preference to load tabs on demand, improving start-up time when windows are restored
  • Improved performance and memory handling when using <audio> and <video> elements
  • Added Cross-Origin Resource Sharing (CORS) support for cross-domain textures in WebGL
  • Added support for HTML5 context menus
  • Added support for insertAdjacentHTML
  • Improved CSS hyphen support for many languages
  • Improved WebSocket support
  • Fixed several stability issues

=========================================================================

EDIT:   Security Update Advisory (from http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox8 )

Fixed in Firefox 8

MFSA 2011-52 Code execution via NoWaiverWrapper
MFSA 2011-51 Cross-origin image theft on Mac with integrated Intel GPU
MFSA 2011-50 Cross-origin data theft using canvas and Windows D2D
MFSA 2011-49 Memory corruption while profiling using Firebug
MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)
MFSA 2011-47 Potential XSS against sites using Shift-JIS

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
ky331
5 Iridium

Re: Updates 11/8/11 - Microsoft Tuesday

Adobe Shockwave Player : 

Note:  Shockwave is NOT a required program.   It is primarily used by "gamers".   [Emphasize that Shockwave player is completely separate from Flash Player, which IS commonly used.]   If you don't already have Shockwave installed/running on your system, then odds are you don't  want to get it now.   But for those of you who do have/run it:

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.6.1.629 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system

Adobe recommends users of Adobe Shockwave Player 11.6.1.629 and earlier versions upgrade to the newest version 11.6.3.633 available here: http://get.adobe.com/shockwave/.

Source:  http://www.adobe.com/support/security/bulletins/apsb11-27.html

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
ky331
5 Iridium

Re: Updates 11/8/11 - Microsoft Tuesday

This month's Windows Updates:

CRITICAL:       MS11-083 Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

IMPORTANT:   MS11-085 Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704)

                           MS11-086 Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837)

MODERATE:   MS11-084  Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) 

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
ky331
5 Iridium

Re: Updates 11/8/11 - Microsoft Tuesday

This month's Malicious Software Removal Tool (MSRT, or MRT) adds detection/removal of:

Win32/Dofoil - a family of trojans that connects to a remote site and downloads and executes arbitrary files.

Win32/Carberp - a family of trojans that may be delivered via malicious code, for instance by variants of Exploit:JS/Blacole. The trojan downloads other Win32/Carberp components to execute payload code such as stealing online banking credentials and log on data from numerous other software applications, downloading and executing arbitrary files, exporting installed certificates, capturing screen shots and logging keystrokes.

Win32/Cridex - malware that may be delivered via spammed malware such as TrojanDownloader:Win32/Skidlo.A, or by other malicious code such as variants of Exploit:JS/Blacole. The malware could spread to removable drives, steal local certificates, capture online banking credential entered via web browsers, download and execute files, and search and upload local files.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
Highlighted
Andy.Wall
1 Copper

Re: Updates 11/8/11 - Microsoft Tuesday

After releasing Firefox 8, i am waiting for Thunderbird 8. Recently Mozilla releases Thunderbird some days after Firefox. Can you predict when can we expect it?

I love dell always
0 Kudos
Not applicable

Re: Updates 11/8/11 - Microsoft Tuesday

Thunderbird 8 is available now. Update through internal updater (Help > About Thunderbird in the main menubar), or downlad from the link below.

www.mozilla.org/.../all.html

0 Kudos
ky331
5 Iridium

Re: Updates 11/8/11 - Microsoft Tuesday

SpywareBlaster database update 11/8/2011 

19 NEW items (IE/ActiveX)

for a total of 14738 items in database

after updating (via internal updater), be sure to enable all protection

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
ky331
5 Iridium

Re: Updates 11/8/11 - Microsoft Tuesday

Windows Malicious Software Removal Tool for November, version 4.2

32-bit version for Win 7/Vista/XP/Server2003 http://www.microsoft.com/download/en/details.aspx?id=16

x64-bit version http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=9905

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
ky331
5 Iridium

Re: Updates 11/8/11 - Microsoft Tuesday

Note to XP (and Server 2003) users:  

RE-offering of  Microsoft Security Bulletin MS11-037 : Vulnerability in MHTML Could Allow Information Disclosure (KB2544893) [Important]

"Microsoft re-released this bulletin to reoffer security update KB2544893 for all supported editions of Windows XP and Windows Server 2003. The new offering of this update provides systems running Windows XP or Windows Server 2003 with the same cumulative protection that is provided by this update for all other affected operating systems. Systems running supported editions of Windows XP and Windows Server 2003 will automatically be offered the new version of this update. Customers using these operating systems, including those who have already successfully installed the update originally offered on June 14, 2011, should install the reoffered update."

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos