The Microsoft Security Response Center (MSRC)

To help customers plan and prioritize for this month’s security updates, we wanted to let you know that we will be releasing 6 bulletins (three critical and three important) addressing 15 vulnerabilities, affecting Windows and Microsoft Office products. Customers should plan a restart for the Windows bulletins. The Office bulletins may not require a restart if the components being updated are not in use. More information about the upcoming security updates can be found on the TechNet Web site.

Advance Notification

The November edition of the monthly security bulletin webcast will be held on Wednesday Nov. 11 at 11:00 a.m. PST (UTC -8)
Register for the webcast here

Certifiedbug.com

Microsoft Security Bulletin Advance Notification for November 2009

I realize that the news that it’s okay to have duplicate machine SIDs comes as a surprise to many, especially since changing SIDs on imaged systems has been a fundamental principal of image deployment since Windows NT’s inception. This blog post debunks the myth with facts by first describing the machine SID, explaining how Windows uses SIDs, and then showing that - with one exception - Windows never exposes a machine SID outside its computer, proving that it’s okay to have systems with the same machine SID.

http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx

Certifiedbug.com

Russinovich Debunks Machine SID Duplication Myth

976749 addresses two issues with MS09-054 that a limited number of customers reported.

These two issues can affect the proper display of web pages. For additional details, please refer to Microsoft Knowledge Base article 976749.

Security update MS09-054 was released as part of the October Security Bulletin Release cycle and protects against the vulnerabilities outlined in the bulletin. Also, we’re not currently aware of any attempts to attack the vulnerabilities.

While the number of customers affected by these two issues is limited, after working both with affected customers and our CSS group, we feel the best thing for all customers is to proactively provide this update as widely as possible to help prevent other customers from encountering the issues outlined in the KB.

Because of this, we plan to release this update through the same broad release channels as the original security update, MS09-054. Customers will see 976749 offered by default through Windows Update, Microsoft Update, and Automatic Updates.

Customers who have applied MS09-054 should go ahead and apply 976749. Customers who have not yet applied MS09-054 should apply both MS09-054 and 976749.

There’s more information on the update and the issues it addresses in Microsoft Knowledge Base article 976749.

The Microsoft Security Response Center (MSRC)
http://blogs.technet.com/msrc/archive/2009/11/02/update-released-for-ms09-054.aspx

Certifiedbug.com

Update released for MS09-054

Overview
Volume 7 of the Microsoft® Security Intelligence Report provides an in-depth perspective on malicious and potentially unwanted software, software exploits, security breaches and software vulnerabilities (both in Microsoft software and in third-party software). Microsoft developed these perspectives based on detailed analysis over the past several years, with a focus on the first half of 2009.

Download the report here

Certifiedbug.com

Microsoft Security Intelligence Report volume 7

The Desertec Industrial Initiative aims to supply Europe with 15% of its energy needs by 2050.

Companies who signed up to the $400bn (£240bn) venture include Deutsche Bank, Siemens and the energy provider E.On.

The consortium, which will be based in Munich, hopes to start supplying Europe with electricity by 2015.

Desertec Industrial Initiative aims to produce solar-generated electricity with a vast network of power plants and transmission grids across North Africa and the Middle East.

BBC News

Certifiedbug.com

Sahara Solar Project

Less severe.
Opera may allow scripts to run on the feed subscription page, thereby gaining access to the feeds object. This can be used for automatic subscription of feeds, or reading other feeds.
http://www.opera.com/support/kb/view/939/

Less severe.
In some cases, a Web font intended to be used for page content could be incorrectly used by Opera to render parts of the user interface, including the address field. This can be used by a malicious site to display a false domain name in the address field.
http://www.opera.com/support/kb/view/940/

If you don’t receive the update notice when using the program select “Check for Updates” from the Help menu.

Opera 10.01 Download

Certifiedbug.com

Opera 10.01 released

MFSA 2009-64 Crashes with evidence of memory corruption (rv:1.9.1.4/ 1.9.0.15)
MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-54 Crash with recursive web-worker calls
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing

If you don’t receive the update notice when using the program select “Check for Updates” from the Help menu.

Firefox 3.5.4 download

Certifiedbug.com

Firefox 3.5.4 released

In two days the latest operating system from Microsoft will be in the stores, Windows 7.

Nearly half of 1,200 companies surveyed by a veteran technology analyst plan to deploy Windows 7 in its first year of availability, and another 11 percent say they will make the shift as soon as Microsoft releases the first service pack update for the new operating system.

Tech Flash
Sunbelt blog
http://itic-corp.com/

Certifiedbug.com

ITIC Survey: 50% of businesses to deploy Windows 7 in first year

Take a tour

Watch the videos

Compare editions

Explore the features

See what makes it different

Get free themes, desktop backgrounds, and gadgets

Certifiedbug.com

Windows 7 October 22

The cleaner affiliates write about the dangerousness of the rogue and link to a “Free” Scan or “Free” Removal tool which may not be free at all.

So I decided to MAKE a picture of a new rogue that does NOT exist: Secure Shield. I post the picture and wait for the “serious” guys.

Those guys are inventing files, folders and keys name.

Secure Shield fake rogue

Certifiedbug.com

Cleaner affiliates gotcha