This post is worthy of a BOLO. Fixed earlier this month in the Patch Tuesday updates is a bug that has existed in all versions of Microsoft Office. This bug, CVE-2017-11882, exists in the Equation Editor, which allows users to enter mathematical formulas in Office documents. These formulas exists as OLE (Object Linking and Embedding) objects […]
Microsoft Windows
Fun With Windows 10 Fall Creator’s Update (FCU)
So, I set about in October with great hopes of updating my Windows 10 boxes to the new Fall Creator’s Update. I was most interested in the enhanced security in Windows Defender. I had mixed success with the update (NOTE: #1). Here’s some of the features therein: Windows Mixed Reality When actual reality just isn’t […]
Microsoft’s 9/2017 Patch Tuesday
Microsoft’s September 2017 Patch Tuesday is a real humdinger, even exceeding August’s Patch Tuesday; encompassing 259 security patches covering 82 vulnerabilities. Windows 7: 22 vulnerabilities of which three are rated critical, 19 important Windows 8.1: 26 vulnerabilities of which four are rated critical, 22 important Windows 10 version 1703: 25 vulnerabilities of which two are […]
Fun With Windows 10’s Utility Menu
Writer David Pogue mentions a useful Windows 10 Utility Menu available for technicians and power users. It is simply invoked using the keys WINDOWS + X. Yes, depressing the Windows and “x” keys simultaneously brings up a Windows 10 utility menu with all the good stuff you need:
Critical Patch Tuesday: 7/11/2017
Oh thank heaven, for 7/11? On a day where Slurpees are the norm, networks across the world were getting a bunch of patches from Microsoft. All told, Microsoft patched 54 vulnerabilities, 19 of them Critical, with one of the Critical fixes “in the wild“. All the the Critical patches were of the type that allowed […]
Skype: Critical Vulnerability Patched
The German security firm, Vulnerability Lab, found a bug with stack buffer overflows in Skype. This vulnerability can cause Skype to crash. It can also allow for Remote Code Execution. The vulnerability is listed on the CVE (Criticial Vulnerabilities and Exposures) database as: CVE-2017-9948. The exploit revolves around image processing of the Windows clipboard, and […]
HIPAA: Product Sunsets
The following products have reached End-Of-Life and cannot be used for any HIPAA or PCI/DSS compliant entities: Windows Vista: 04/11/2017 Exchange Server 2007: 04/11/2017 The following products will reach End-Of-Life on 10/10/2017: Microsoft Office 2007 Microsoft also released a statement stating that they will not support interconnection from any Non-TLSv2 device. These include: Microsoft XP/Vista […]
BOLO: PowerPoint Order/Invoice Exploit
This is another Office document infection that can occur without the benefit of Macros. The active malware associated with this exploit is called “Zusy” and affects Microsoft PowerPoint. The infection occurs when the mouse is moved over (Mouse-Over) a warning hyperlink. PowerPoint inexplicably invokes PowerShell, allowing the exploit to install. When the user opens […]
Vulnerabilities with Movie Subtitles
Check Point Software Technologies has uncovered vulnerabilities in the processing of Subtitles with the four most popular movie players for Windows and Linux systems: VLC Kodi Popcorn-Time Stream.io Hackers can exploit Subtitle ranking algorithms and allow exploited subtitles to be delivered first. The instant the subtitle is loaded, the hacker is able to perform Remote […]
Mr. Smith Goes to Washington
Following the latest variant of the WannaCry(pt) RansomWare that spread throughout the globe last weekend, Microsoft’s President and Chief Legal Officer, Brad Smith, blew a gasket. He argues, “Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military […]