|
|
Security Alerts
To receive a monthly security alert, send a blank email to subscribe@ask-4-help.com.
If you would like assistance or advice regarding your own computer, please give us a call.
Some of the most serious PC security alerts are posted here. Most of these problems allow malicious web sites, emails, and files to install malware on your computer with no additional clicks beyond clicking to open the web page, email, or file.
To avoid problems with poorly written Internet Explorer ActiveX controls, we recommend Firefox or Opera for most of your web surfing. We also recommend the Firefox plugin NoScript that can help prevent both known (and unknown!) security issues by blocking Javascript, Java, Flash, and other special content on web sites unless you choose to allow it. (Remark.)
(Dates in red indicate when the software vulnerabilities were first made public.)
- 8/29/08 VMWare - See advisory.
- 8/25/08 Novell iPrint - See advisory.
- 8/20/08 Opera - Update to version 9.52. See advisory.
- 8/11/08 uTorrent and Bittorrent Mainline - Update to version 1.8 RC7.
- 8/6/08 Webex Meeting Manager ActiveX - Remark.
- 7/25/08 RealPlayer - See advisory!
- 7/16/08 Firefox - Update to version 2.0.0.16 or version 3.0.1.
- 7/9/08 Java - Apply update.
- 7/7/08 Snapshot Viewer ActiveX Control - See advisory.
- 7/3/08 Opera - Update to version 9.51.
- 7/1/08 Firefox 2 - Update to version 2.0.0.15 or version 3.0.
- 6/19/08 Safari - Update to version 3.1.2. Browse only trusted web sites.
- 6/23/08 Adobe Reader and Acrobat - Apply update.
- 6/19/08 Safari - Update to version 3.1.2. Browse only trusted web sites.
- 6/17/08 Firefox - Browse only trusted web sites. See remark and advisory.
- 6/10/08 QuickTime - Update to version 7.5 immediately. See advisory.
- 6/10/08 OpenOffice - Update to version 2.4.1.
- 6/3/08 HP Support ActiveX Control - Update to version 1.0.0.24 or later. See advisory.
- 5/21/08 Trillian - Update to version 3.1.10.0.
- 4/8/08 Adobe Flash Player - Update to version 9.0.124.0.
- 4/8/08 Windows and Internet Explorer - Apply Microsoft Updates.
- 4/3/08 Opera - Update to version 9.27.
- 4/2/08 QuickTime - Update to version 7.4.5 immediately.
- 3/25/08 Firefox - Update to version 2.0.0.13 immediately.
- 3/21/08 Safari - Browse only trusted web sites.
- 3/17/08 Safari - Update to version 3.1.
- 3/17/08 F-Secure - Apply updates immediately. See advisory.
- 3/10/08 RealPlayer ActiveX - Update to version 11.0.2.
- 3/4/08 Java - Install JRE 6 Update 5.
- 2/7/08 Firefox - Update to version 2.0.0.12.
- 2/3/08 Adobe Acrobat 7 and Adobe Reader - Update to version 8.1.2.
- 2/3/08 Yahoo! Music Jukebox 2.2.2.56 - Disable or uninstall the datagrid.dll and mediagridax.dll ActiveX controls immediately! (Experts only.)
- 2/3/08 Facebook Photo Uploader ActiveX - Update to version 4.5.57.1.
- 1/31/08 MySpace Image Uploader - Disable or uninstall the MySpaceUploader.ocx ActiveX. (Experts only.)
- 1/15/08 Excel - Open only trusted Excel files. See advisory.
- 1/15/08 iPhone/iPod - Update to version 1.1.3 or later.
- 1/11/08 QuickTime - Update to QuickTime version 7.4. See advisory. (Remark.)
- 1/10/08 QuickTime - See advisory.
- 1/8/08 Gateway - Disable or uninstall the CWebLaunchCtl ActiveX. (Experts only.)
- 1/8/08 Web Warning - See article.
- 1/3/08 RealPlayer 11.x - Apply update when available. Recommendations.
- 12/19/07 Opera - Update to version 9.25 or later ASAP!
- 12/21/07 Adobe Flash - Recommendations. Set Flash to store no content in the Flash Settings Manager
- 12/19/07 Opera - Update to version 9.25 or later ASAP!
- 12/12/07 HP Info Center - Disable or uninstall the HPInfoDLL.HPInfo.1 ActiveX. (Experts only.)
- 12/11/07 Internet Explorer - Apply update immediately.
- 12/7/07 Sun StarOffice/StarSuite - Apply patch.
- 12/6/07 Skype - Update to version 3.6 or later.
- 11/27/07 Lotus Notes - See advisory.
- 11/24/07 QuickTime - Update to 7.3.1 ASAP! (See article.)
- 11/20/07 BitDefender Online Scanner ActiveX - See advisory.
- 11/9/07 AOL Radio ActiveX - AOL and AIM software users will be prompted to upgrade. Others should install patch or uninstall the AmpX.dll ActiveX control. (Experts only.)
- 11/5/07 QuickTime - Update to version 7.3.
- 11/5/07 Edraw - Disable or uninstall the EDImage.ocx ActiveX. (Experts only.)
- 11/1/07 Sonic Wall SSL VPN ActiveX - See advisory.
- 10/30/07 Macrovision - See advisory.
- 10/22/07 Adobe Reader - Download patch!
- 10/19/07 RealPlayer - Download patch!
- 10/18/07 Visual FoxPro ActiveX - Disable FPOLE.OCX ActiveX control immediately. Apply updates when available. (Experts only.)
- 10/17/07 Opera - Update to version 9.24 or later.
- 10/11/07 Winamp - Update to version 5.5 or later.
- 10/10/07 Kaspersky Online Scanner - Update to version 5.0.98.0 or later.
- 10/10/07 Adobe PageMaker 7.0.1 and 7.0.2 - See advisory.
- 10/9/07 Word 2000 (Office 2000) and Word 2002 (Office XP) - Apply update immediately.
- 10/4/07 Java - Apply update.
- 10/3/07 Kazaa Altnet Download Manager ActiveX - Disable or uninstall (Experts only.)
- 10/2/07 Edraw - Disable or uninstall the officeviewer.ocx ActiveX. (Experts only.)
- 9/25/07 Gmail - Check your filters. (Comment.)
- 9/24/07 Gmail and Google Blogspot polling - Use Firefox together with NoScript. (Comment.)
- 9/24/07 Ask Toolbar - Disable or uninstall the Ask Toolbar for IE. (Experts only.)
- 9/18/07 VMware - Apply update.
- 9/17/07 OpenOffice - Update to version 2.3 or later.
- 9/12/07 QuickTime - Firefox users should install NoScript.
(Comment.) IE users should set Local zone security to High. Do not open untrusted QuickTime files. (Comment.)
- 9/4/07 iTunes - Update to version 7.4 or later. (Experts only.)
- 9/4/07 QuickBooks Online Edition ActiveX controls - Update to version 10 or later. (Experts only.)
- 8/29/07 Yahoo! Messenger - Update to version 8.1.0.419 or later.
- 8/28/07 MSN Messenger - Upgrade to Windows Live Messenger version 8.1 or later.
- 8/28/07 Oracle JIntiator ActiveX control (beans.ocx) - Apply updates when available. (Experts only)
- 8/28/07 BEA JRockit - Apply patches.
- 8/27/07 Motorola Timbuktu Pro - Update to version 8.6.5 or later.
- 8/27/07 ACTi NVR ActiveX - Apply updates when available. (Experts only.)
- 8/15/07 Opera - Update to version 9.23 or later.
- 8/10/07 Microsoft DirectX SDK - FlashPix ActiveX contains a vulnerability. (Experts only.)
- 8/9/07 Symantec - Users of certain 2005 and 2006 products should run LiveUpdate. (See advisory.)
- 7/24/07 Yahoo! Widgets - Update to version 4.0.5 or later.
- 7/24/07 Windows URI vulnerability - Browse only trusted web sites. Click only on trusted links. (Experts only.)
- 7/24/07 LinkedIn Internet Explorer Toolbar version 3.0.2 and earlier - Uninstall immediately.
- 7/19/07 Opera - Update to version 9.22 or later.
- 7/18/07 DirectX - Update to October 2006 SDK or later.
- 7/17/07 Firefox - Update to version 2.0.0.5 or later.
- 7/17/07 Netscape 9.0b2 / Internet Explorer cross-browser vulnerability - Browse only trusted web sites. Apply updates when available. (Experts only.)
- 7/16/07 Trillian - Browse only trusted web sites. (Experts only.)
- 7/16/07 InterActual Player 2.x - Apply updates when available. (Experts only.)
- 7/16/07 Cineplayer 3.2 and earlier - Apply updates when available. (Experts only.)
- 7/11/07 Symantec - Consumer product users can run LiveUpdate. (See advisory.)
- 7/11/07 QuickTime - Update to version 7.2 or later.
- 7/10/07 Adobe Flash Player - Update to version 9.0.47.0 or later.
- 7/10/07 Firefox 2.0.x / Internet Explorer cross-browser vulnerability - Browse only trusted web sites. Keep Firefox running when using IE. Apply updates when available. (Experts only.)
- 7/5/07 Java - Apply Java 6 update 2 patch (or Java 5 update 12 patch).
- 7/2/07 HP Instant Support Driver Check ActiveX (sdd.dll) - Upgrade to version 1.5.0.3 or later at www.hp.com/go/drivercheck.
- 6/27/07 HP Photo Digital Imaging ActiveX control (hpqxml.dl, version 4.0.0.204 or earlier) - Apply updates when available. (Experts only.)
- 6/18/07 Trillian - Update Trillian to version 3.1.6.0 or later.
- 6/7/07 Yahoo! Messenger - Upgrade to the latest version.
- 5/8/07 Microsoft Excel - Apply updates.
- 5/2/07 QuickTime - Update your QuickTime software to version 7.1.6 or later.
- 4/25/07 Photoshop CS2 and CS3 - Apply updates.
- 4/3/07 Windows - Apply updates.
- 3/21/07 WinDVD 7 - Upgrade to version 8 or later. (Experts only.)
- 3/21/07 Cineplayer 3.2 and earlier - Apply updates when available. (Experts only.)
- 3/12/07 Yahoo! Messenger - Upgrade to the latest version.
- 2/23/07 Mozilla products (Firefox, Thunderbird, and SeaMonkey) - Upgrade to latest versions.
- 2/14/07 Microsoft Word - Apply updates.
- 2/13/07 Internet Explorer all versions - Apply updates.
- 2/2/07 Office - Apply updates.
- 1/16/07 Java - Apply updates.
- 1/9/07 Windows XP, Windows Server 2003, Windows 2000 and Internet Explorer (all versions) - Apply updates.
- 1/9/07 Adobe Reader - Update to version 7.0.9 or later.
In addition to keeping Microsoft Windows, Microsoft Office, and other PC applications up-to-date, avoid opening files in emails, instant messages, or web sites from unknown or untrusted sources. Files of some applications (such as QuickTime or Adobe Reader) can open automatically when browsing web pages or reading emails; it is especially important to keep these applications up-to-date.
|
|
This problem is solved if you set the
kill bit for the problem ActiveX control:
{9b935470-ad4a-11d5-b63e-00c04faedb18}
This problem is solved if you set the
kill bit for the problem ActiveX control:
{201EA564-A6F6-11D1-811D-00C04FB6BD36}
This problem is solved if you disable the
URI handlers firefoxurl:// and firefoxhtml://.
This problem is solved if you disable the
aim:// URI handler.
This problem is solved if you disable the
URI handler navigatorurl://.
Disable unnecessary URI handlers, such as "mailto", "news", "nntp", "snews", and "telnet".
This and other recent QuickTime vulnerabilities posted here allow malicious QuickTime files found on web pages, emails, blogs, IMs, etc. to install viruses and backdoor software onto your computer. If you are not an iTunes, iPod, or iPhone user and do not need QuickTime, it would be safer to uninstall QuickTime and iTunes from your computer.
Firefox developers fixed this threat from QuickTime with the Firefox 2.0.0.7 release on 9/19/07. However, it is still a good idea to use NoScript since it protects against cross-site scripting (XSS) attacks and disables Javascript on untrusted web pages.
To prevent re-enabling or reinstallation,
set the kill bit for the problem ActiveX control:
AskJeevesToolBar.SettingsPlugin.1 (askBar.dll)
Google fixed these cross-site scripting (XSS) vulnerabilities very quickly. However, using Firefox 2.0.0.7 or later together with NoScript protects against these types of attacks.
This attack adds a filter to forward your email to another email address. (Check your filters!) Using Firefox 2.0.0.7 or later together with NoScript protects against these types of attacks (provided you do not allow scripts to run on the untrusted web site!).
To prevent re-enabling or reinstallation,
set the kill bit for the problem ActiveX control:
{6BA21C22-53A5-463F-BBE8-5CF7FFA0132B}
To prevent re-enabling or reinstallation,
set the kill bit for the problem ActiveX control:
{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}
To prevent re-enabling or reinstallation,
set the kill bit for the FPOLE.OCX ActiveX control:
{EF28418F-FFB2-11D0-861A-00A0C903A97F}
To prevent re-enabling or reinstallation,
set the kill bit for the problem ActiveX control:
{F685AFD8-A5CC-410E-98E4-BAA1C559BA61}
Click to download the patch from AOL.
To prevent re-enabling or reinstallation
of the AOL Radio ActiveX control,
set the kill bit for the AmpX.dll ActiveX control:
{B49C4597-8721-4789-9250-315DFBD9F525}
To prevent re-enabling or reinstallation,
set the kill bit for the HPInfoDLL.HPInfo.1 ActiveX control:
{62DDEB79-15B2-41E3-8834-D3B80493887A}
Google researchers have apparently found a very serious unpatched vulnerability in Adobe Flash content that allows injection of malicious code for the purpose of a cross-site scripting (XSS) attack. What this means is that on your bank web site, a hijacked Flash animation can email your bank web site cookie to an attacker's email address, allowing the attacker to log on as you at your bank's web site, and similarly for email web sites, shopping web sites, and so on.
Our recommendation is to update to the very latest version of Flash (9.0.115), but then disable all Flash content unless it is mission critical. In Firefox, use the NoScript plug-in and set the preferences to block Flash on all sites, INCLUDING trusted sites. You can then click the NoScript logo on a web page to allow Flash content to run on an individual basis.
Make sure RealPlayer is not your default media player for any media file types. Do not open media files sent to you by email, IM, or from untrusted web sites (such as file sharing sites where they could come from anybody). Browse only trusted web sites.
This update fixes many critical issues with QuickTime, but does not appear to fix the critical issue mentioned on 1/10/08. Please be careful with QuickTime files. Call us for help running the program in a safer manner.
This code execution vulnerability affects Firefox 2.0.x and the newly released Firefox 3.x. This vulnerability may not be publicly known, but nevertheless you should browse only trusted web sites and apply Firefox updates as they become available.
This is a serious vulernability. If you've used Webex before and may have the ActiveX installed, delete the ActiveX, or start a new meeting to update to the latest version: 20.2008.2606.4919.
To prevent re-enabling or reinstallation,
set the kill bit for the problem ActiveX control:
{93CEA8A4-6059-4E0B-ADDD-73848153DD5E}
To prevent re-enabling or reinstallation,
set the kill bit for the problem ActiveX control:
{48DD0448-9209-4F81-9F6D-D83562940134}
To prevent re-enabling or reinstallation,
set the kill bit for the problem ActiveX controls:
{5F810AFC-BB5F-4416-BE63-E01DD117BD6C} and
{22FD7C0A-850C-4A53-9821-0B0915C96139}
