PayPal has been the talk of the town the last couple of weeks – at least in the SpamAssassin User’s Group. Hackers have been sending out fraudulent Emails. They pass SPF checks. They pass DKIM signing checks. In Email, the only headers you can really trust are your own and all of the Emails were […]
Microsoft Windows
BOLO: 17-Year Old MS-Office Bug in Equation Editor
This post is worthy of a BOLO. Fixed earlier this month in the Patch Tuesday updates is a bug that has existed in all versions of Microsoft Office. This bug, CVE-2017-11882, exists in the Equation Editor, which allows users to enter mathematical formulas in Office documents. These formulas exists as OLE (Object Linking and Embedding) objects […]
Fun With Windows 10 Fall Creator’s Update (FCU)
So, I set about in October with great hopes of updating my Windows 10 boxes to the new Fall Creator’s Update. I was most interested in the enhanced security in Windows Defender. I had mixed success with the update (NOTE: #1). Here’s some of the features therein: Windows Mixed Reality When actual reality just isn’t […]
Microsoft’s 9/2017 Patch Tuesday
Microsoft’s September 2017 Patch Tuesday is a real humdinger, even exceeding August’s Patch Tuesday; encompassing 259 security patches covering 82 vulnerabilities. Windows 7: 22 vulnerabilities of which three are rated critical, 19 important Windows 8.1: 26 vulnerabilities of which four are rated critical, 22 important Windows 10 version 1703: 25 vulnerabilities of which two are […]
Fun With Windows 10’s Utility Menu
Writer David Pogue mentions a useful Windows 10 Utility Menu available for technicians and power users. It is simply invoked using the keys WINDOWS + X. Yes, depressing the Windows and “x” keys simultaneously brings up a Windows 10 utility menu with all the good stuff you need:
Critical Patch Tuesday: 7/11/2017
Oh thank heaven, for 7/11? On a day where Slurpees are the norm, networks across the world were getting a bunch of patches from Microsoft. All told, Microsoft patched 54 vulnerabilities, 19 of them Critical, with one of the Critical fixes “in the wild“. All the the Critical patches were of the type that allowed […]
Skype: Critical Vulnerability Patched
The German security firm, Vulnerability Lab, found a bug with stack buffer overflows in Skype. This vulnerability can cause Skype to crash. It can also allow for Remote Code Execution. The vulnerability is listed on the CVE (Criticial Vulnerabilities and Exposures) database as: CVE-2017-9948. The exploit revolves around image processing of the Windows clipboard, and […]
HIPAA: Product Sunsets
The following products have reached End-Of-Life and cannot be used for any HIPAA or PCI/DSS compliant entities: Windows Vista: 04/11/2017 Exchange Server 2007: 04/11/2017 The following products will reach End-Of-Life on 10/10/2017: Microsoft Office 2007 Microsoft also released a statement stating that they will not support interconnection from any Non-TLSv2 device. These include: Microsoft XP/Vista […]
BOLO: PowerPoint Order/Invoice Exploit
This is another Office document infection that can occur without the benefit of Macros. The active malware associated with this exploit is called “Zusy” and affects Microsoft PowerPoint. The infection occurs when the mouse is moved over (Mouse-Over) a warning hyperlink. PowerPoint inexplicably invokes PowerShell, allowing the exploit to install. When the user opens […]
Vulnerabilities with Movie Subtitles
Check Point Software Technologies has uncovered vulnerabilities in the processing of Subtitles with the four most popular movie players for Windows and Linux systems: VLC Kodi Popcorn-Time Stream.io Hackers can exploit Subtitle ranking algorithms and allow exploited subtitles to be delivered first. The instant the subtitle is loaded, the hacker is able to perform Remote […]
1 2