Over 1 million tech questions and answers.

Can't patch Sigred DNS flaw on 2008 not R2

Q: Can't patch Sigred DNS flaw on 2008 not R2

I?m trying to install the security update to patch the Sigred DNS vulnerability on our last Server 2008 x86. It?s being phased out soon but wanted to patch it regardless.
When I try to install KB4565529-x86 it says, ?The Windows Modules Installer must be updated before you can install this package" so I attempted to update the Servicing Stack for 2008 (not R2) which leads me to KB955430-x86 but that also errors out saying
that ?This update does not apply to your system?.
How can I get this patch installed? I?ve already created the script below to put the temp fix in place but want to make sure the patch gets installed as well.

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v "TcpReceivePacketSize" /t REG_DWORD /d 0xFF00 /f
net stop DNS && net start DNS

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Can't patch Sigred DNS flaw on 2008 not R2

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 64.4

One of my tech tv programs mentions,2 weeks ago, a flaw in zone alarm and zone alarm pro which allowed an obscure port to remain open. A patch was promised for both the free addition and the pro addition. I've returned to their site but nothing has been mentioned. Anyone know of this? One worm was enough and I'd like to stay safe!
Thanks
 

A:zone alarm flaw-patch

Read other 6 answers
RELEVANCY SCORE 63.6

Hi All,
Your can read about here.
Barry
 

A:Microsoft Releases Patch for Windows Flaw

Run a scan at the Windows Updates site and the KB912919 patch should appear in the critical updates section.

Microsoft has released it 5 days early.

-------------------------------------------------------------------------------------
 

Read other 1 answers
RELEVANCY SCORE 62.4

Adobe Systems has released an emergency patch for Flash Player in order to fix a critical vulnerability that attackers are already taking advantage of.

The vulnerability, tracked as CVE-2016-7855 in the Common Vulnerabilities and Exposures database, is a use-after-free error that could lead to arbitrary code execution.

"Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10," the company warned in a security advisory Wednesday.

Users are advised to upgrade to Flash Player 23.0.0.205 on Windows and Mac and to version 11.2.202.643 on Linux. The Flash Player runtime bundled with Google Chrome and Microsoft Edge or Internet Explorer 11 on Windows 10 and 8.1 will be updated automatically through those browsers' update mechanisms.



Emergency Flash Player patch fixes zero-day critical flaw | PCWorld

Read other answers
RELEVANCY SCORE 62.4

Download patch for: J2SE JRE v 1.4.2_06
Available at: http://java.sun.com/j2se/1.4.2/download.html

The following article at CNET News.com was published about the flaw:

Java flaw could lead to Windows, Linux attacks
Published: November 23, 2004, 12:43 PM PST
By Robert Lemos
Staff Writer, CNET News.com

A flaw in Sun Microsystems' plug-in for running Java on a variety of browsers and operating systems could allow a virus to spread through Microsoft Windows and Linux PCs.

...

-- Tom
 

Read other answers
RELEVANCY SCORE 60

This is one of the major flaws with McAfee Total Protected which, as of Aug 2009, still remains to be an issue for many owners. There was some conversation among McAfee forum administrators that the ability to manage the ?Trusted Programs? list would be added (back) to their Total Protection suite, prior to the release of Microsoft IE 8. Obviously, McAfee did not keep that promise.

Without this ability, McAfee *will* mark legitimate applications (files / programs) as POTENTIALLY UNWANTED PROGRAMS (PUP) and thereby quarantine them ? rendering your apps useless.

A:McAfee Total Protection suite 2008, 2009 - MAJOR FLAW

Although McAfee's (home) products lack an Exclusion or ?Trusted Programs? option, you do have the option to upload the False Positive to McAfee's labs, where if the file is determined legit, you will most likely be supplied with an EXTRA.DAT to cover the FP until McAfee's main database is officially updated. They are usually pretty quick to respond and you should receive the EXTRA.DAT within a couple of hours. I've had very few FP's with McAfee in 3 years of use and I'm a fairly heavy computer user. They have quite a low level of FP detections compared to some other Antivirus vendors. AVG had one such (fairly big) FP just the other day.

Read other 1 answers
RELEVANCY SCORE 50

Hello,
Is there currently a patch for MS17-010 that works on Windows Storage Server 2008 Standard 64-bit Service Pack1 that does not require completely disabling SMBv1?
Thank you

Read other answers
RELEVANCY SCORE 43.6

Dear Experts, 

I have few queries :
> i have been pacthing IE on win 2012 R2 servers from Oct 2017 and the latest deployed pacth is April 2018 roll out. but when i scan these server by Vulnerability scanners- it detects  june 2017 IE patch missing(which i know was never deplyed as
i started patching from Oct 2017 ) and i believe this June 2017 IE patch requires below registry key to be present , which they are not :
The following registry key is missing.
This registry key is required to enable the fix for CVE-2017-8529:
SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe
SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe
My Query is - 
Does the installation of the superseding patch adds/updates the registry keys required for the patch it supersedes.In this case should  the successfull installation of April 2018 IE patch be adding these registry keys required for June 2017 IE patch.
if not  is there any documentation related to this ?

Read other answers
RELEVANCY SCORE 43.2

Unauthorized Patch For Microsoft WMF Bug Sparks Controversy

Sober worm may hit tomorrow, but businesses are more concerned about the WFM vulnerability and Microsoft's inability to produce a patch this week. Some are choosing an alternative that could lead to other problems.

By Larry Greenemeier
InformationWeek

Jan 4, 2006 01:00 PM

Concerns over the lack of a Microsoft-issued patch have pushed the Windows Metafile/Zero-Day bug to top of mind, surpassing even tomorrow's much-anticipated Sober worm attack.

The lag time between the Dec. 27 discovery of the WMF vulnerability and Microsoft's planned Jan. 10 patch availability has forced IT security departments to find alternative means for protecting their systems and prompted a non-Microsoft developer to create a patch that others could use.

All of this serves to damage Microsoft's reputation as a company that can secure its own products—a reputation that only recently was beginning to improve after years of being dragged through the mud. Experts are divided over whether it's wise to use Ilfak Guilfanov's Hexblog patch to fix the WMF vulnerability, which could allow attackers to use WMF images to execute malicious code on their victims' computers. Some say it's a necessary measure to protect systems until the official Microsoft patch arrives; others say it's not worth the extra work to patch twice or to take the risk of using a third-party fix.

"We're advising against ... Read more

A:Solved: Unauthorized Patch For Microsoft WMF Bug (Patch Attached)

No offense but before anyone considers downloading the unoffical patch from a third party - they should at the least be aware of and check the MD5 checksum's of the files to insure they have not been tampered with...

wmf_checker_hexblog.exe - MD5: ba65e1954070074ea634308f2bab0f6a

wmf_checker_source.zip - MD5: 7ae8ac24e68baaa49e0de3f05e64a571

wmffix_hexblog14.exe - MD5: 15f0a36ea33f39c1bcf5a98e51d4f4f6

wmfhotfix.cpp - MD5: 8cf91671e353bb259cca30e06bee8bc2

An FAQ and the official unofficial hotfix and checker liinks can be found here:
http://castlecops.com/t143213-Hexblog_WMF_FAQ.html
.....Willy
 

Read other 2 answers
RELEVANCY SCORE 42.4

as per this website
Susan Bradley states

I got word back as follows: Outlook 2010 Calendar Folder property is empty - Microsoft Community

As of now, the product group has consolidated similar cases and currently working on the fix for the Event 27 issue, which is planned for the December 2013 Cumulative Update. Timelines can change for a number of reasons, and if a change does occur I will provide you with an update. You can find information on the Cumulative Update release schedule here:

go to the 5th page and you will see it

A:Office 2010 sp2 patch should be in Dec Patch tuesday

Hotfix for this issue.

Description of the Outlook 2010 hotfix package (Outlook-x-none.msp): December 10, 2013

Read other 8 answers
RELEVANCY SCORE 40.4

Hello,
In the DISA Security Technical Implementation Guides (STIGS) there is a test for event tracing (#V31026). 
The STIG indicates that if you are running Win 2008 the absence of etwenable = false is not a 'finding' because event tracing is enabled by default (on 2008 servers) and it should be enabled and running.
Is this the same for windows 2008 R2 Enterprise Server?
I cannot find the element etwenable in my 2008 R2 Enterprise server test system, it does not exist.
Does that mean the requirement for the STIG is met, and event tracing IS enabled by default on Win 2008 R2 Enterprise Servers?  No further action is required to enable? 

Is there an easy way to verify it actually is enabled?  Check registry value, run script?

Excerpt from the STIG:
Microsoft Dot Net Framework 4.0 STIG
Rule Title:  Event tracing for Windows (ETW) for Common Language Runtime events must be enabled.
STIG ID: APPNET0067  Rule ID: SV-41075r1_rule 
Vuln ID: V-31026
Severity: CAT II Class: Unclass
NOTE:
Beginning with Windows Vista and Windows Server 2008, ETW Tracing is enabled by default and the "etwEnable" setting is not required in order for Event Tracing to be enabled. 
An etwEnable setting of "true" IS required in earlier versions of Windows as ETW is disabled by default.
Thank you,
V/R
Bill
William C. ?BC? Davis PMP, CISSP, IASO
Lead Infosec Engineer/Scientist
Comm:   781.271.5221
DSN: ... Read more

Read other answers
RELEVANCY SCORE 40

how can i remove all my old computer programs from my new hp slimline desktop260-po26 . mircosoft keeps loading all my old computer stuff everytime i hook up my att internet connection 

A:how to remove window server 2008 2008 sp1,sp2 vista,sp1,sp2,...

chuck5014 wrote:how can i remove all my old computer programs from my new hp slimline desktop260-po26 . mircosoft keeps loading all my old computer stuff everytime i hook up my att internet connection Could you clarify what you're having a problem with?   Post a screenshot if possible.

Read other 1 answers
RELEVANCY SCORE 39.2

I have tried to stop this spyware xp2008 with no sucess. It has stopped me from doing anything on my computer. I have Spywear Doctor that took me 10 hours to run. It found 6 trojans and delted them but now I still get a sign saying that I have MalwareProtector 2008. A website told me to download mbam-setup. There is no way for me to get into "my computer" from "start". I did download it but now I can't open it to run it. When I click on my "start" button now, all programs are missing.

When I turn off the computer and power it on again, this is the message - RUNDLL Error loading C:\WINDOWS\system32\oljqvcfu.dll. Next line says The specified module could not be found.

Please help.

Read other answers
RELEVANCY SCORE 39.2

Hello, my wife was downloading a "David Cook Video" from some unknown website. She screamed when all of these pop-ups came up. I closed them out and ran AVG 8. It was unable to remove the virus. Then the desktop went blue and the system kept trying to restart but could not, another blue screen came up with white text. I was able to restart in safe mode. I have 2 new items on my desktop XP antivirus 2008 and Malware Protector 2008. Thanks in advance for your help.

I have posted my System Scanner file below and will attach my Active Scan and Extra.txt file.



Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-07-08 09:04:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-07-08 13:04:04 UTC - RP4 - Deckard's System Scanner Restore Point
2: 2008-07-08 11:41:55 UTC - RP3 - Last good restore point
1: 2008-07-08 11:41:33 UTC - RP2 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:20 AM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Run... Read more

A:Antivirus XP 2008 and Malware Protector 2008

Bump.

Read other 12 answers
RELEVANCY SCORE 38

While I'm still stabilising the overclock on my PC, can I ask if anyone has installed Visual Studio 2008 & SQL Server 2008 on Windows 7 x64 7600? If you do get any hiccups during install but manage to install it, does it run alright? Any problems? I'm interested in C# and ASP.NET development only. Thanks.

A:VS 2008 & SQL Server 2008 compatibility

Get the service packs. They run just fine.

Read other 1 answers
RELEVANCY SCORE 38

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:37: VIRUS ALERT!, on 8/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Common Files\Virtual Token\vtserver.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\QCONSVC.EXEC:\Program Files\Sandboxie\SandboxieServer.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\SYSTEM32\Ati2evxx.exeC:\WINDOWS\Explorer.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Java\jre1.6.0_04\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files... Read more

A:Antivirus Xp 2008, Antispyware 2008 Xp

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.I will need some time to look over your computer's log(s). I am still in training, so my responses to you must be checked by a coach.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. Please take note of a few guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it may not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directl... Read more

Read other 9 answers
RELEVANCY SCORE 38

I am in need of some MAJOR help.... this is my daughters computer and is majorlly infected....


ComboFix 08-06-20.4 - Cat 2008-06-25 19:49:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.482 [GMT -4:00]
Running from: C:\Documents and Settings\Cat\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\b\Favorites\Online Security Test.url
C:\Documents and Settings\Cat\Application Data\AXPDefender
C:\Documents and Settings\Cat\Application... Read more

A:Malware 2008 / Antivirus XP 2008 HELP PLEASE!!!!

Deckard's System Scanner v20071014.68
Run by Cat on 2008-06-25 20:23:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-25 20:23:58
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\syste... Read more

Read other 17 answers
RELEVANCY SCORE 37.6

http://news.yahoo.com/s/pcworld/20060421/tc_pcworld/125507
 

A:Patch for the 908531 patch

more garbage for garbage for garbage.....
 

Read other 3 answers
RELEVANCY SCORE 36.4

Microsoft Corp., a worldwide leader in operating systems and Internet technologies, announced that it has found a major flaw in Windows XP operating system that is related to the JPEG image format.

An attacker could infiltrate the user's computer by tricking the user into opening a specially coded JPEG file. Microsoft has released a patch and a specialized tool that will scan for the aforementioned vulnerability. The software giant stated that this flaw does not affect users with Windows XP Service Pack 2.

The flaw affects Windows XP, Windows 2003 Server Edition, and later versions of Microsoft Office. Some users with older Microsoft operating systems may also be affected only if they are running specialized image editing software such as Digital Image Pro and Visio 2002.

Here is a link to a plethora of information on this flaw.
 

A:Another Flaw With MS?

Deke said:

The software giant stated that this flaw does not affect users with Windows XP Service Pack 2. Click to expand...

So the moral is - get SP2 !
 

Read other 1 answers
RELEVANCY SCORE 36.4

Zero day IE7 security flaw:

http://threatpost.com/en_us/blogs/new-zero-day-flaw-discovered-ie7-112209
 

Read other answers
RELEVANCY SCORE 36.4

A German mathematician called Martin von Gagern found a bug in GnuTLS , an open-source library that implements TLS...http://www.malwarecity.com/blog/devil-in-t...etails-287.html

Read other answers
RELEVANCY SCORE 36.4

I found it in my startup through msconfig. I have no idea what it is.
Loads from the c:\docume~1\admini~1\applic~1\find01~1\dvd flaw.exe

A:Dvd Flaw.exe What Is It?

to BC easye35Googling on this name came up empty. The single flaw.exe was reckognized as malware. If you do CTRL ALT DEL do you see it running under processes?Please downloadProcessExplorer and see where it is refering to by selecting the process and post it here

Read other 4 answers
RELEVANCY SCORE 36

Alright, let the rant begin:
 
A month back, Comcast backstabbed us and gave us <1 Mbps, when we were paying for 40+ Mbps. After three different routers and three different tech support guys came over, we "solved" the problem. Only not really.
It seems everywhere else the internet is fine. On this computer though (HP Pavilion p7-1534 PC, running Windows 8) it's anything but fine. The problem is that the connection randomly drops and says "Limited" in the Networks panel. I can reconnect immediately, but I play Wizard101 and once you lose connection for the slightest second, you have to restart the entire program (Which takes close to a minute). It has also been bothering other users of this computer.
 
Another odd thing is that, when I try to check the "Connect Automatically" box, and we lose connection again, the box NEVER stays checked. Even weirder, ALL of the other networks in my area have the "Connect Automatically" box checked. I think this may be part of the problem.
 
I am an avid hater of Windows 8 because nothing seems to work, including this. The internet was working fine until Comcast backstabbed us, but now I think it is just the computer.
 
Any ideas how to solve this? I am getting REALLY tired of it.
Thanks in advance for any help.
 
One more thing: We have no bandwidth problems, it just randomly dorps. My parents are considering buying a booster, would that solve the problem?

A:Internet Flaw

 
 
It seems everywhere else the internet is fine. On this computer though (HP Pavilion p7-1534 PC, running Windows 8) it's anything but fine. The problem is that the connection randomly drops and says "Limited" in the Networks panel. I can reconnect immediately, but I play Wizard101 and once you lose connection for the slightest second, you have to restart the entire program (Which takes close to a minute). It has also been bothering other users of this computer.
 
Any ideas how to solve this? I am getting REALLY tired of it.
Thanks in advance for any help.
 
One more thing: We have no bandwidth problems, it just randomly dorps. My parents are considering buying a booster, would that solve the problem?
 

Try replacing the network cable for that computer if that doesn't resolve the issue. Then next thing you can do is to try to do a system restore/ or update your Ethernet adapter drivers.

Read other 4 answers
RELEVANCY SCORE 36

Microsoft is investigating a new flaw in the Windows operating system but didn't provide details on their Security Response Center Blog....we?re looking into new public proof of concept code around a possible vulnerability in Microsoft Windows. So far we?re not aware of any attacks attempting to use vulnerability or any customer impact, but we wanted to let everyone know we?re investigating.What we know at the moment is that the vulnerability can be attacked through Internet Explorer and requires user interaction on the page before the attack can occur...blogs.technet.com

A:Another Windows Flaw

Astronaut: Houston we have a problem...

Houston: What is it?

Astronaut: We can't tell you.

Houston: Why not?

Astronaut: Because it hasn't occured yet...

Houston: Then how do you know it will happen?

Astronaut: We saw some code laying around...

Houston: So.. we always have sloppy work

Astronaut: Correct, however, this is leading to an "unknown" problem...

laymans terms of what Microsoft is doing.

Read other 1 answers
RELEVANCY SCORE 36

MyNetscape

Sunday, Sept. 1, 2002
Security Flaw Found in Microsoft Web Browser
SAN FRANCISCO (Reuters) - Security researchers on Monday
said they have found serious flaws in Microsoft Corp.'s
Internet Explorer browser and in PGP, a widely used data
scrambling program, that could expose credit card and other
sensitive information of Internet users.
The Internet Explorer (IE) problem has been around for at
least five years and could allow an attacker to intercept
personal data when a user is making a purchase or providing
information for e-commerce purposes, said Mike Benham, an
independent security researcher based in San Francisco.
"If you ever typed in credit card information to an SSL
site there's a chance that somebody intercepted it," he added.
Internet Explorer fails to check the validity of digital
certificates used to prove the identity of Web sites, allowing
for an "undetected, man in the middle attack," he said.
Digital certificates are typically issued by trusted
certificate authorities, such as VeriSign Inc., and used by Web
sites in conjunction with the Secure Sockets Layer (SSL)
protocol for encryption and authentication.
Anyone with a valid digital certificate for any Web site
can generate a valid certificate for any other Web site,
according to Benham.
"I would consider this to be incredibly severe," he added.
Cryptography expert Bruce Schneier agreed.
"This is one of the worst cryptographic vulnerabilities
... Read more

Read other answers
RELEVANCY SCORE 36

See: http://www.eweek.com/article2/0,1895,1850357,00.asp
'Killbit' Workaround for Zero-Day IE Flaw Available <-- DO NOT USE!!!!!!!!!

Note: Use Microsoft pre-patch workaround instead!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

The utility sets the "killbit" for Msddds.dll (Microsoft DDS Library Shape Control), the COM object that can cause browser crashes—and remote code execution—via specially crafted Web pages.

Once the "killbit" is set to prevent the use of Msdds.dll as an ActiveX, all applications that use the COM object utility will break.

Microsoft has already issued an advisory confirming the severity of the flaw and providing pre-patch workaround to help block known attack vectors. See advisory here:
http://www.microsoft.com/technet/security/advisory/906267.mspx

-- Tom
 

Read other answers
RELEVANCY SCORE 36

Lately ...
Many things I try to do, I get a popup notice that this contains a security flaw .. Do I want to continue ???

Is this because I've installed XP SP3 ??
 

A:Security Flaw

Read other 8 answers
RELEVANCY SCORE 36

I think I've found a major flaw in the audio systems for Windows 7. I'm not sure if it could just be my computer, but it's quite annoying, since I change audio ports a lot for recording.

What happens is if I change my Sound out -> Headphones/Speakers port to the other one like lets say from Headphone port (front) to the Speakers port (back) all my sounds will completely cut out, and Windows will begin to lag until I restart my computer. In iTunes, if I try to play a song at this point, iTunes will either lock up or refuse to play the song.

I am running Windows 7 Home Premium 64-bit.
My sound card is a Realtek HD Integrated Audio Chipset.

A:Major Flaw? (Win 7)

Do you have the latest drivers for your sound card?

Read other 5 answers
RELEVANCY SCORE 36

Here's another beauty - JavaVM is at it again
Flaw in Microsoft VM JDBC Classes Could Allow Code Execution (Q329077)
http://www.microsoft.com/technet/security/bulletin/MS02-052.asp

------
Just noticed it's been rolled into the security post at the top - mod should delete this one.
 

A:JavaVM flaw

That's ok, the additional heads-up can't hurt. They really should provide another download link for the patch other than the update site, as not everyone can get there; it's not on any of their other download sites yet that I can see.
 

Read other 1 answers
RELEVANCY SCORE 36

Found this today.

"New Windows zero-day flaw bypasses UAC"
http://www.informationweek.com/shar...ZW0ACXQE1GHPCKHWATMY32JVN?articleID=228400132
 

A:New Zero-Day Flaw Bypasses UAC

good read
 

Read other 1 answers
RELEVANCY SCORE 35.6

These are just a few things that were found on my computer, have no idea how it got so out of control.
I worked all day trying to get rid of all of these and finally succeeded by running and updating antivirus/Spyware detector and then rebooting in safe mode, while doing this many times I recieved "blue screen" and sometimes it was fake and sometimes it was real, if I pressed ESC I knew it was a fake screen.
Eventually it let me stay on long enough to get rid of everything
But I'm still getting the FAKE blue screen so could someone take a look at my highjackthis log please


Logfile of HijackThis v1.99.1
Scan saved at 10:33:46 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Rogers\Update Manager\RogersUpdate... Read more

Read other answers
RELEVANCY SCORE 35.6

A critical flaw that can be easily dealt with. >f
---------------------------------------------------------------------------------------------

Firefox has a password flaw
The Internet browser Firefox 2 has a problem with its "password manager" that could allow a hacker to obtain usernames and passwords from Firefox users, Newsfactor.com reports.

The Mozilla Foundation, which maintains Firefox's code, has acknowledged the problem. It has an extensive discussion going on here about what it calls "bug #360 493."

According to Newsfactor, the same problem could affect Internet Explorer as well.

Newsfactor also reports that "neither Mozilla nor Microsoft has released a patch for the problem, but users can avoid (the) attacks simply by disabling their browsers' autosave features for usernames and passwords. In Firefox, the feature is found in the 'Options' window under the 'Tools' menu.

"Mozilla has indicated that it plans a fix in Firefox version 2.0.0.1 or 2.0.0.2."

http://blogs.usatoday.com/ondeadline/2006/11/firefox_has_a_p.html
 

A:Firefox password flaw

Read other 10 answers
RELEVANCY SCORE 35.6

9 March 2007A serious flaw was found in opensource encryption software GNU Privacy Guard (GPG).It allows a cybercriminal to launch a phishing attack. The flaw allows to insert text in trusted e-mail. Ivan Arce from Core Security, who discovered the vulnerability says attacker can insert malware or lead user to malicious website. Arce decided to inform of the flaw because it was patched two weeks ago.It affects email clients like Kmail, Evolution, Sylpheed, Mutt and GNUMail, so its users should install patches as soon as possible.Source:http://www.arcabit.com/infobase.html?show=...ion&id=1154

Read other answers
RELEVANCY SCORE 35.6

Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web..."It's a very fundamental issue with how the entire addressing scheme of the Internet works," Securosis analyst Rich Mogul said in a media conference call."You'd have the Internet, but it wouldn't be the Internet you expect. (Hackers) would control everything."breitbart.com

Read other answers
RELEVANCY SCORE 35.6

MS have reported an increase in attacks using this exploit and have reminded users about the 'Fix It' which is available to disable the protocol involved; http://www.networkworld.com/news/20...rs-work-around-to-windows.html?source=nww_rss

It is possible that there will be a patch for this on 13th July (for those with SP3!) but I've applied the Fix It today, rather than attempt the manual Registry amendment.
 

Read other answers
RELEVANCY SCORE 35.6

About this flaw mentioned in the following articles:

New Web Attack Exploits Unpatched IE Flaw
Robert McMillan, IDG News Service
Dec 9, 2008 8:20 am
http://www.pcworld.com/article/155190/new_web_attack_exploits_unpatched_ie_flaw.html

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: December 10, 2008 | Updated: December 13, 2008
http://www.microsoft.com/technet/security/advisory/961051.mspx

Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.Click to expand...

Question:
I am using IE7 and Windows Vista, does the security update KB958215 fix the above IE7 zero day flaw on Windows Vista?

Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB958215)
http://go.microsoft.com/fwlink/?LinkId=133437

Thanks.
 

A:Internet Explorer 7 zero-day flaw

Read other 13 answers
RELEVANCY SCORE 35.6

This is a minor quirk I've lived with for years on my XO PC but it's become worse in Win 10.

My Ilyama Prolite E2403WS 24" monitor is set to its recommended resolution of 1920 x 1200, and naturally that's supposed to be located at (0,0). But in XP it was always at (-4,-4) and its size was 1928 x 1208. In Win 10 it's at (-8,-8) and size is 1936 x 1216.

Any thoughts on the undelying cause please? And - although I'm very doubtful after my research - a possible cure?

--
Terry, East Grinstead, UK

Read other answers
RELEVANCY SCORE 35.6

Intel chip flaw--but what of it?.

...
"This is the scariest, stealthiest, and most dangerous exploit I've seen come around since the legendary Blue Pill!," writes Jamey Heary in a Network World blog. He is a consulting systems engineer for Cisco Systems.
Click to expand...

-- Tom
 

Read other answers
RELEVANCY SCORE 35.6

Foxit Fix for &#8220;Jailbreak&#8221; PDF Flaw.

According to an advisory Foxit issued last week, Foxit Reader version 4.1.1.0805 &#8220;fixes the crash issue caused by the new iPhone/iPad jailbreak program which can be exploited to inject arbitrary code into a system and execute it there.&#8221; If you use Foxit, you grab the update from within the application (&#8220;Help,&#8221; then &#8220;Check for Updates Now&#8221 or from this link.

-- Tom
 

Read other answers
RELEVANCY SCORE 35.6

On my old XP laptop I was able to come back from "sleep/stand by" and had to re-enter my log in information. I set up my new laptop, an HP X16-1044nr 64 bit Vista to do the same. What I found was that if I left an internet website page open and it went into stand-by, hitting any key; the system doesn’t produce the security log in window. Thus leaving my system vulnerable for anyone to use should I forget and leave a page open. I now make sure I close every window but that’s disturbing. Thanks in advance.
 

Read other answers
RELEVANCY SCORE 35.6

Serious security flaw found in IE [bbc]

As many as 10,000 websites have been compromised since last week to take advantage of the security flaw, said antivirus software maker Trend Micro. Click to expand...

I don't want to go on a rant here but the IE team at Microsoft has caused so many problems for so many people, from users to web developers.

Anybody who is currently a user of IE really should take a look at alternate browsers (Firefox, Opera, Safari).
 

A:Serious security flaw found in IE

Read other 16 answers
RELEVANCY SCORE 35.6

Adobe Scrambling To Fix Another Serious PDF Flaw dated August 9, 2010.

This issue effects Adobe Reader client for Windows, Mac and UNIX based systems.
...
Adobe is rushing to develop a patch for a vulnerability in Acrobat Reader revealed at the Black Hat security conference. The update–expected the week of August 16–will be the third time this year that Adobe has been forced to fix flaws outside of its regularly scheduled quarterly update pattern.

-- Tom
 

A:Adobe Scrambling To Fix Another Serious PDF Flaw

You know, I just don't get these kinds of issues in software developed my major software vendors. I mean there are tools available to help detect programming issues at compile time and run-time memory issues. Insure++ is one example of this kind of tool.

When I read things like this:
A Secunia advisory related to the Adobe flaw explains &#8220;The vulnerability is caused due to an integer overflow error in CoolType.dll when parsing the &#8220;maxCompositePoints&#8221; field value in the &#8220;maxp&#8221; (Maximum Profile) table of a TrueType font. This can be exploited to corrupt memory via a PDF file containing a specially crafted TrueType font.&#8221;Click to expand...

things like doing bounds checking on data coming into the product from an external source are things that should be second nature, at this point. I mean it's not like the Adobe Reader hasn't had security related issues in the past.

Or maybe tools, like Insure++ and others, ARE being used and we're just hearing about code that hasn't been touched or looked at for a while suddenly being exploited.

When will it ever end!!!!!! LOL

Peace...
 

Read other 1 answers
RELEVANCY SCORE 35.6

http://news.yahoo.com/s/pcworld/120756

A:Security Flaw in Firefox

ok. i havn't added any trusted sites to my list but am i still at risk? and how can this be patched?

Read other 19 answers
RELEVANCY SCORE 35.6

This might be worth keeping an eye open
http://news.bbc.co.uk/2/hi/technology/7784908.stm
 

A:Serious security flaw found in IE

The same article has already been noted in another section: "Web & Email"

But thanks anyway.
 

Read other 3 answers
RELEVANCY SCORE 35.6

Microsoft Admits Flaw in Windows Software
By TED BRIDIS
AP Technology Writer
WASHINGTON

Microsoft Corp. acknowledged a critical vulnerability Wednesday in nearly all versions of its flagship Windows operating system software, the first such design flaw to affect its latest Windows Server 2003 software.

Microsoft said the vulnerability could allow hackers to seize control of a victim's Windows computer over the Internet, stealing data, deleting files or eavesdropping on e-mails. The company urged customers to immediately apply a free software repairing patch available from Microsoft's Web site.

The disclosure was unusually embarrassing for Microsoft because it demonstrated the first such serious flaw in the company's powerful new computer server software, billed as its safest ever.

The software is aimed at large corporate customers and was the first product sold under a high-profile "Trustworthy Computing" initiative organized last year by Microsoft founder Bill Gates.

At the product's launch in late April, Microsoft Chief Executive Steve Ballmer declared the new version of Windows to be a "breakthrough in terms of what it means, in terms of its built-in security and reliability."

The flaw, discovered by researchers in western Poland, also affected Windows versions popular among home users.

"This is one of the worst Windows vulnerabilities ever," said Marc Maiffret, an executive at eEye Digital Security Inc. of Aliso ... Read more

A:Widows Security Flaw

Go to Windows Update and get the fix.
 

Read other 2 answers
RELEVANCY SCORE 35.6

A lot of members in here seem to be praising 360 IS and TS. But 360 suffers from a huge flaw. This flaw has been around for over 6 months and 360 seems to be refusing to address it. With every new version this huge problem is not corrected. I have about 6 emails with 360 support and they are aware of this issue. What is the issue you may ask? 360 products do not work in a standard user account. You can install and run 360 IS or TS in an Admin account perfectly fine. Log out and login in under a standard account and the account is unprotected. You can try all day long to force it to start and it will not work. So think again before recommending and praising 360. Never mind that TS comes with features that are completely and totally unnecessary to any security product. Avast is a far superior free security solution and Eset is a top notch paid product. No reason to start an argument either. I can copy and paste the emails from 360 support. Anyone can duplicate this flaw also.

Another thing. 360 China version and this new 360 TS version are completely different. AVC and AV Test.org are testing 360 China. Not 360 TS Free.
 

A:Huge Flaw (Qihoo 360 )

Interesting post, would be great if you could post those emails to and from support (obviously blanking any personal info). Obviously this is a pretty serious claim. If anybody on the forums can verify this, please give me a PM
 

Read other 54 answers