Unsolved
This post is more than 5 years old
3 Apprentice
•
15.2K Posts
0
13442
Updates 12/11/10 - Microsoft Tuesday, Adobe Flash/Air, Java, Secunia PSI
Today is Microsoft/Patch Tuesday --- the second Tuesday of the month --- on which Microsoft is expected to release its monthly cycle of Windows critical/security updates. Based on previous history, they should become available at 1 p.m. [USA - Eastern Standard Time].
Please use Windows/Automatic updates to determine which updates are applicable to your particular system.
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
December 11th, 2012 05:00
Windows Malicious Software Removal Tool (MSRT, MRT) for December, version 4.15
32-bit version for Windows 8/7/Vista/XP/Server2003 http://www.microsoft.com/en-us/download/details.aspx?id=16
x64-bit version http://www.microsoft.com/en-us/download/details.aspx?id=9905
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
December 11th, 2012 09:00
Flash Player 11.5.502.135 has been released (and Adobe AIR 3.5.0.880, for those who have/use AIR)
http://www.adobe.com/support/security/bulletins/apsb12-27.html
for additional information, see http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19467178.aspx
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
December 11th, 2012 10:00
The following 5 updates are rated CRITICAL:
MS12-077 Cumulative Security Update for Internet Explorer (2761465)
MS12-078 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
(2783534)
MS12-079 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642)
MS12-080 Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126)
MS12-081 Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
-----------------------
The following 2 updates are rated IMPORTANT:
MS12-082 Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
MS12-083 Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)
============
NOTE: 118.1 MEG on this win7 x64 system. This is getting rediculous.
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
December 11th, 2012 11:00
This month's MSRT (cited above) adds detection/removal of
Win32/Phdet - a family of backdoor trojans that are used to perform distributed denial of service (DDoS) attacks against specified targets.
For additional information/details, see http://blogs.technet.com/b/mmpc/archive/2012/12/11/msrt-december-12-phdet.aspx
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
December 12th, 2012 04:00
And for those who insist on keeping it around, and/or actually need, it: JAVA
Java 7 update 10: http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html
( release notes: http://www.oracle.com/technetwork/java/javase/7u10-relnotes-1880995.html )
[ or Java 6 update 38 http://www.oracle.com/technetwork/java/javase/downloads/jre6u38-downloads-1877409.html ]
-------------------------------------------------------------------------------------------------
Comment: Java is perhaps the biggest source of vulnerabilities. If you don't acutally have a need for it, DUMP IT!
joe53
1 Rookie
1 Rookie
•
5.8K Posts
0
December 12th, 2012 09:00
Secunia PSI - Version 3.0.0.6001 (11th December 2012)
This is a minor maintenance release. The primary changes are:
Different view - Program Status.Enhanced update performance when new data is received from the server.
Minor bug fixes.In addition to the above change, a number of minor bug fixes as well as aesthetic and user-experience enhancements have been completed.
https://secunia.com/products/consumer/PSI/sys_req/
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
December 19th, 2012 05:00
Java 7 update 10 introduces important new security controls
A new control "allows you to disable the Java web plugin by unchecking a single tick-box: After installing Java 7u10 you can open the Java control panel and uncheck the option "Enable Java content in the browser"... disabling the web plugin eliminates most of the risk associated with having Java installed".
Java will also now check to see if it is at the latest security "baseline".
Starting with Java 7u10 users have to ability to set security levels from low to very high for Web-based Java content, with medium being the
default option. Medium allows untrusted apps to run if your Java is patched, but will only allow signed applications to run if you are out of date.
http://nakedsecurity.sophos.com/2012/12/19/java-7-update-10-introduces-important-new-security-controls/
======================
Java 7 Update 10 allows users to restrict Java in browsers
Java users can now block Web-based Java content completely or enforce strict restrictions for it
http://www.infoworld.com/d/security/java-7-update-10-allows-users-restrict-java-in-browsers-209423
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
December 20th, 2012 13:00
Microsoft re-released update MS-12-078 (KB2753842) to resolve an issue with OpenType fonts not properly rendering after the original update was installed.
Customers who have successfully installed the original KB2753842 update need to install the rereleased update.