Unsolved
This post is more than 5 years old
3 Apprentice
•
15.2K Posts
0
3086
Updates - 6/14/2010: Another WHOPPER Microsoft & Adobe Tuesday
Today is "Microsoft Tuesday" (aka "Patch" Tuesday) --- the SECOND Tuesday of the month --- on which Microsoft is expected to release its monthly cycle of Windows critical/security updates. It's expected to be a whopper again this month ... 16 bulletins have been pre-announced! Based on previous history, they should become available at 1 PM (USA - Eastern Daylight Saving Time).
Please use Windows/Automatic Update to determine which updates are applicable to your particular system.
===================
Also, Adobe is expected to release its QUARTERLY updates... including a long-awaited update for Reader X (10.0.1) [and Acrobat X (10.0.3)].
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
June 14th, 2011 12:00
The following bulletins are rated Critical (9)
Microsoft security bulletin MS11-038
Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
http://www.microsoft...n/MS11-038.mspx
Microsoft security bulletin MS11-039
Vulnerability in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2514842)
http://www.microsoft...n/MS11-039.mspx
Microsoft security bulletin MS11-040
Vulnerability in Threat Management Gateway Firewall Client Could Allow Remote Code Execution (2520426)
http://www.microsoft...n/MS11-040.mspx
Microsoft security bulletin MS11-041
Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694)
http://www.microsoft...n/MS11-041.mspx
Microsoft security bulletin MS11-042
Vulnerabilities in Distributed File System Could Allow Remote Code Execution (2535512)
http://www.microsoft...n/MS11-042.mspx
Microsoft security bulletin MS11-043
Vulnerability in SMB Client Could Allow Remote Code Execution (2536276)
http://www.microsoft...n/MS11-043.mspx
Microsoft security bulletin MS11-044
Vulnerability in .NET Framework Could Allow Remote Code Execution (2538814)
http://www.microsoft...n/MS11-044.mspx
Microsoft security bulletin MS11-050
Cumulative Security Update for Internet Explorer (2530548)
http://www.microsoft...n/MS11-050.mspx
Microsoft security bulletin MS11-052
Cumulative Security Update for Internet Explorer (2530548)
http://www.microsoft...n/MS11-052.mspx
The following bulletins are rated Important (7)
Microsoft security bulletin MS11-037
Vulnerability in MHTML Could Allow Information Disclosure (2544893)
http://www.microsoft...n/MS11-037.mspx
Microsoft security bulletin MS11-045
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146)
http://www.microsoft...n/MS11-045.mspx
Microsoft security bulletin MS11-046
Vulnerability in Ancillary Function Driver Could Allow Elevation of Privilege (2503665)
http://www.microsoft...n/MS11-046.mspx
Microsoft security bulletin MS11-047
Vulnerability in Hyper-V Could Allow Denial of Service (2525835)
http://www.microsoft...n/MS11-047.mspx
Microsoft security bulletin MS11-048
\Vulnerability in SMB Server Could Allow Denial of Service (2536275)
http://www.microsoft...n/MS11-048.mspx
Microsoft security bulletin MS11-049
Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893)
http://www.microsoft...n/MS11-049.mspx
Microsoft security bulletin MS11-051
Vulnerability in Active Directory Certificate Services Web Enrollment Could Allow Elevation of Privilege (2518295)
http://www.microsoft...n/MS11-052.mspx
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
June 14th, 2011 14:00
This month's MSRT (Malicious Software Removal Tool) --- version 3.20 --- adds detection/removal of:
Win32/Rorpian -- "a family of worms capable of spreading through network shares and by exploiting vulnerabilities such as the Domain Name System (DNS) Server Service vulnerability. The worm usually downloads additional malware on the affected computer.
Win32/Yimfoca -- "a worm family that spreads via common instant messaging applications and social networking sites. It is capable of connecting to a remote HTTP or IRC server to receive updated configuration data. It also modifies certain system and security settings"
Win32/Nuqel -- "a worm family, written in AutoItScript, that spreads by copying themselves to writeable network shares, removable drives and via instant messaging client messages. They may also terminate certain programs and download arbitrary files from a remote server"
iroc9555
1K Posts
0
June 14th, 2011 15:00
David.
Thank you for the well detailed info, as always.
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
June 14th, 2011 16:00
Hernan,
You're most welcome.
==================
To users of Avast 6, who have their behavior-shield set to ASK, be advised that you will be bombarded by about 40 (???) prompts when you're installing any DOT.NET updates. Be sure to ALLOW them all.
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
June 14th, 2011 16:00
The Adobe Acrobat/Reader updates to version 10.1 are now available... use the internal program updater.
This is a major update that provides security fixes, feature updates, and major enhancements such as Protected View for Acrobat.
for the release notes: http://kb2.adobe.com/cps/837/cpsid_83708/attachments/Acrobat_Reader_ReleaseNote_10.1.pdf
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
June 15th, 2011 04:00
Adobe Flash Player (v.10.3.181.26)
Flash Player uninstaller:
http://download.macr...lash_player.exe
ActiveX version for IE users, Flash10t.ocx :
http://fpdownload.ad...h_player_ax.exe
Plugin version for Firefox, Safari, Opera:
http://fpdownload.ad...lash_player.exe
these fix an "unspecified error [that] can be exploited to corrupt memory".
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
June 15th, 2011 06:00
and Shockwave Player... for those who actually have a use for it. I will simply quote Chester Wisniewski from http://nakedsecurity.sophos.com/2011/06/15/patch-tuesday-part-two-adobe-patches-reader-flash-and-more/
"Shockwave Player for Windows and Mac saw 24 vulnerabilities fixed this quarter, begging the question of why anyone still installs this software. That is an extremely large attack surface for something hardly used on modern websites. If you are still using Shockwave you can get the latest version from http://get.adobe.com/shockwave. All 24 flaws can lead to code execution".
iroc9555
1K Posts
0
June 15th, 2011 13:00
David.
It seems that you and I are the only ones getting Avast alerts for Windows Updates.
http://forum.avast.com/index.php?topic=79961.0
There are a couple of XP home system in the topic, but most are Win 7. Tech also told me in the Avast Spanish Forum that he did not get any alerts last month, and he has his Avast set to ask. He runs Win 7.
I have not downloaded mine yet, but I got a dozen or so alerts last month. So I am not expecting anything different for these updates.
iroc9555
1K Posts
0
June 15th, 2011 17:00
David.
I know its not " only you and I ". It was written as an opening statement.
What it matters here, as you said, is the differences between XP pro and Win 7, and as you also indicated if those people not experiencing Avast alerts, have .NET running in their machines, or what kind of settings they have in their Behavior Shield.
I know tech has .NET and his Avast is set to ask, Behavior Shield and Autosandbox: However, he runs Win7 and AIS.
Well,anyway I was just calling your attention to that Avast post since it was related to the Avast alerts.
Regards.
-------------------------------------------
Added: Got my updates, 15 counting MSRT. Two or three Avast alerts when installing Microsoft Office updates and 30 or more Avast alerts from .Net Framework updates.
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
June 15th, 2011 17:00
Hernan,
Since I am getting the Avast alerts... and you are as well... and we are not ignorant/naive users... I doubt we two are the only ones. Keep in mind that many people may be too "lazy" to report (or look into) this.
It's entirely possible that "average" avast users, for simplicity, have set the behavior shield to auto-decide... in which case they would not be offered any prompts. [The same would be true if they've set the behavior shield to "allow"... allowing everything... effectively bypassing any security offered by the behavior shield].
The only windows updates generating the avast prompts were for DotNet. So if people don't have DotNet on their system [and as such, don't need/get these updates] they would not have received any prompts.
When bombarded with the many prompts for DotNet, I responded to each with a "simple" allow [as opposed to allow and remember]. Since all the files were "temp" files, having different names, I don't think "remembering" would have made a difference. But perhaps, if avast could "generalize" this to mean it should remember "temp files generated by DOT.NET updates", then people wouldn't get any more after allowing/remembering the first. I know this is a "stretch", but I'm grasping for explanations here.
Finally, could avast be running/functioning differently in Win7 than it is is XP? Perhaps... I simply don't know. I know the free avast autosandbox was running less frequently on XP than on Vista/7... (but I think that's been fixed).
======================
For other avast6 users reading this thread, would you be kind enough to report your experiences? Please be sure to specify your OS (XP/Vista/7), whether or not you received any DotNet updates, how you've set your behavior shield (auto-decide, ask, or otherwise... and check under your Trusted Processes to see if you've made one that might impact DotNet updates), and whether or not the DotNet updates generated an abundance of behavior shield prompts.
dalem29
2.2K Posts
0
June 16th, 2011 06:00
I got the alerts on my computer that has XP and IE8, which had 15 updates; but none on the one with Vista and IE7, which had 20 MS updates. Will finally update to IE9 this coming weekend.