Clear Belief Systems Blog » Microsoft

Microsoft Does Another Emergency Update for 10 Critical IE Bugs

Don Fosen — Wed, 31 Mar 2010 22:00:39 +0000

Microsoft has once again had to patch Internet Explorer with an emergency update, issued yesterday. Several of these bugs have been known to them for months but are only recently being heavily exploited. More good reasons to move to Firefox!

Additional Information:
Computerworld Article
Microsoft Security Bulletin

Another Huge Update from Microsoft

Don Fosen — Sun, 07 Feb 2010 19:31:22 +0000

Microsoft is planning another giant update for February 9th. This round will contain 13 updates to fix 26 bugs in a range of products. Five of these updates are rated “critical” by Microsoft meaning that they address very serious security issues. Please make sure that as you receive Windows Updates you are applying them.

Additional Information:
Microsoft Security Response Center
Microsoft Slates Colossal Windows Update

New Internet Explorer bug exposes confidential files

Don Fosen — Wed, 03 Feb 2010 19:06:34 +0000

Microsoft has acknowledged the latest in a long series of critical Internet Explorer bugs. This one allows remote sites to access files on your computer when Internet Explorer Protected mode is off. Since many people turn Protected Mode off because they believe it causes performance issues or because of annoying warnings this issue can be serious.

Not sure if Protected Mode is on or off? Click here for how to tell and how to set it. Note that the mode only exists in IE 7 and IE 8 on Windows Vista and Windows 7.

Additional Information:
Microsoft Security Advisory
Nasty New IE Bug

IE Exploit Used in Google Attacks

Don Fosen — Wed, 20 Jan 2010 20:26:30 +0000

A bug in Internet Explorer was used by what appears to be Chinese government sponsored hackers to access the email accounts of Chinese dissidents. Microsoft has stated that this problem exists mainly in Internet Explorer 6 but there is some question in the industry about how this issue affects the more recent iterations of IE. Some reports claim that the bug exists but it would only crash IE, not allow access to protected data. Microsoft is expected to release a patch by February 9th at the latest.

This is a great example of why it is so critical to keep current on Windows updates, many of the updates Microsoft is releasing now are fixing serious security problems, not just for Internet Explorer but all of Microsoft’s products. I also highly recommend Firefox (download here) for those of you who have not tried it. It has an occasional security problem as well but overall appears to be more secure than Internet Explorer.

Additional Information:

Google Blog Post About Incident
Microsoft Security Response
Hacking Code Made Public
Hackers Wield Newest IE Exploit

Update: Yesterday (Thursday January 21st) Microsoft released an emergency patch for this bug. Please make sure you are current on Windows Updates.

Conficker Turns One, 7 Million Infections and Counting!

Don Fosen — Mon, 02 Nov 2009 21:29:03 +0000

The Conficker worm has been around for a year now and is currently infecting an estimated seven million computers. Although we are still not sure exactly Conficker does, it has the insidious capability of spreading itself through a network once it has compromised one computer in the network. Microsoft has issued patches but apparently not everybody has applied them, especially in large corporate environments. This is one of the reasons we stress how important it is to keep up on Windows Updates.

Additional Information:
After one year, Conficker infects 7M computers
Microsoft: Worms are most prevalent security problem
Computer Worm definition

Biggest Microsoft Security Update Ever

Don Fosen — Thu, 15 Oct 2009 17:08:19 +0000

Microsoft has released their biggest security update ever, I highly recommend you install this latest round of mea culpa’s from the crowd in Redmond. This set of updates fixes 34 flaws, including 21 Microsoft has marked as critical.

Here are some links with additional details:

Computerworld Security, Microsoft Delivers Massive Patch Tuesday

Microsoft Security Bulletin Summary for October 2009