More from: Windows

Microsoft, Adobe Push Critical Fixes

If you use Microsoft products or Adobe Flash Player, please take a moment to read this post and update your software. Adobe today issued a critical update that plugs at least three security holes in the program. Separately, Microsoft released six security updates that address 29 vulnerabilities in Windows and Internet Explorer.

Most of the bugs that Microsoft addressed with today’s updates (24 of the 29 flaws) are fixed in a single patch for the company’s Internet Explorer browser. According to Microsoft, one of those 24 flaws (a weakness in the way IE checks Extended Validation SSL certificates) was already publicly disclosed prior to today’s bulletins.

The other critical patch fixes a security problem with the way that Windows handles files meant to be opened and edited by Windows Journal, a note-taking application built in to more recent versions of the operating system (including Windows Vista, 7 and 8).

More details on the rest of the updates that Microsoft released today can be found at Microsoft’s Technet blogQualys’s site, and the SANS Internet Storm Center.

Adobe’s Flash Player update brings Flash to version on Windows, Mac and Linux systems. Adobe said it is not aware of exploits in the wild for any of the vulnerabilities fixed in this release.

To see which version of Flash you have installed, check this link. IE10/IE11 and Chrome should auto-update their versions of Flash, although my installation of Chrome says it is up-to-date and yet is still running v.

Flash has a built-in auto-updater, but you might wait days or weeks for it to prompt you to update, regardless of its settings. The most recent versions of Flash are available from the Adobe download center, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here.

Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). If you have Adobe AIR installed (required by some programs like Tweetdeck and Pandora Desktop), you’ll want to update this program. AIR ships with an auto-update function that should prompt users to update when they start an application that requires it; the newest, patched version is v. for Windows, Mac, and Android.

kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746 computer repair st cloud computer reapir kissimee lake nona narcossee virus malware virus removal

Microsoft Warns of Attacks on IE Zero-Day

From Krebs:

Microsoft is warning Internet Explorer users about active attacks that attempt to exploit a previously unknown security flaw in every supported version of IE. The vulnerability could be used to silently install malicious software without any help from users, save for perhaps merely browsing to a hacked or malicious site.

In an alert posted on Saturday, Microsoft said it is aware of  “limited, targeted attacks” against the vulnerability (CVE-2014-1776) so far.

Microsoft’s security advisory credits security firm FireEye with discovering the attack. In its own advisory, FireEye says the exploit currently is targeting IE9 through IE11 (although the weakness also is present in all earlier versions of IE going back to IE6), and that it leverages a well-known Flash exploitation technique to bypass security protections on Windows.

ie0daymitigationMicrosoft has not yet issued a stopgap “Fix-It” solution for this vulnerability. For now, it is urging IE users to download and install its Enhanced Mitigation Experience Toolkit (EMET), a free tool that can help beef up security on Windows. Microsoft notes that EMET 3.0 doesn’t mitigate this attack, and that affected users should instead rely on EMET 4.1. I’ve reviewed the basics of EMET here. The latest versions of EMET are available here.

According to information shared by FireEye, the exploit also can be blocked by running Internet Explorer in “Enhanced Protected Mode” configuration and 64-bit process mode, which is available for IE10 and IE11 in the Internet Options settings as shown in the graphic above.

This is the first of many zero-day attacks and vulnerabilities that will never be fixed for Windows XP users. Microsoft last month shipped its final set of updates for XP. Unfortunately, many of the exploit mitigation techniques that EMET brings do not work in XP.

kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746 computer repair st cloud computer reapir kissimee lake nona narcossee virus malware virus removal

End of an Era

Tonight will be the last round updates for Windows XP ever.  It will now be trivially easy to take advantage of security flaws in Windows XP.  See our previous post about upgrading.


The operating system is now 12 years old, so Microsoft is no longer providing security updates that patch holes in the software. The danger now is that hackers who find bugs in XP will be able to exploit them freely.
Windows XP isn’t just running on the dusty, discarded PC in your closet. It’s everywhere, threatening devices that store sensitive information and computers that keep the city lights on and water running.
An estimated 95% of bank ATMs run on XP. GE (GE, Fortune 500) Intelligent Platforms, which sells industrial software, discovered 75% of its utility customers still use it. Cybersecurity provider Cylance says one of its clients is a major hospital where XP is still on more than 100,000 devices, including computers that hold patient records.
“It’s literally everywhere still,” said Cylance chief scientist Ryan Permeh. “Every point that’s running XP is ripe for worms. They haven’t been much of a common occurrence in modern times, but any new vulnerability could result in mass infection with very little remediation.”
That includes point-of-sale systems at about 30% of retail stores, according to Greg Rosenberg, a security engineer at Trustwave. That lowers the bar to recreate the massive Target hack that happened late last year.
So, what do you do? It’s simple. Upgrade.
The best strategy is to use an operating system that still receives updates from Microsoft (MSFT, Fortune 500). For that, loading your computer with Windows 7 or Windows 8 will do. You’re better off with Windows 8, because Microsoft plans to keep supporting it until 2023.
If you’ve been holding off because of Windows 8’s missing start button, have no fear. Microsoft is adding that feature in the next update. Plus, the company is giving away $100 in credits for new PCs.
If that isn’t reason enough, try this: Windows XP computers are already six times more likely to get infected, by Microsoft’s account.

It’s Time To Upgrade

This month marks the end of Windows XPs long and successful life.   After this months round of updates there will be no more security fixes for Windows XP.

What does this mean for you?  Well if you are running an older a computer that still uses Windows XP it means that security holes are no longer being patched, so soon –I suspect very soon– Windows XP will be impossible to secure and will be overrun with viruses and malware.  

I strongly suspect criminals have been holding back on exploits waiting for this month to hit.

You have three choices on how to deal with this issue:

1.    Bury your head in the sand ignore the problem and blame Microsoft.  Leaving yourself open to malware that can and will do any number things including get into your bank accounts.
2.    If your computer is new enough and can support it upgrade to your choice of either Windows 7 or 8.
3.    Buy a new computer.

Windows 7 and 8 upgrades cost $175 and include data migration.

Our custom built computers start at $500, all our customs built computers include data migration and are built and serviced by us a local company, there is no corporate red tape to deal with if you have a problem.  Just friendly, fast, courteous and knowledgeable service from a person you know. 

This is an issue that you can not ignore, deal with it now before you have a problem.