Todays updates from Microsoft.

[Bill Sanderson MVP]

I just posted some details about WD:

To simplify, go to Help, About, with Windows Defender. Look at the ENGINE
version. If that is 1.1.2101.0 or higher, you are patched.

This was a high risk vulnerability, but one which was responsibly
disclosed--there's no sign of it being used, nor were there sample exploits
available.

 

[robinb]

if you get the paid version, would you mind going through my website to
purchase it?
I get a $4 commission for everyone I sell.
the site is http://rdinternetassociates.com/Why.aspx
scroll down to anyone of the icons for AVG
Also i recommend you not buy the suite. Even though i think AVG is the best
antivirus, i personnally do not like suites. I found things run better if
you purchase them seperately.
robin

 

[Guest]

Hi JJ and all,

Have a look here, and see where the patches go:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

************************************************************
Title: Microsoft Security Bulletin Summary for February 2007
Issued: February 13, 2007
Version Number: 1.0
Bulletin: http://go.microsoft.com/fwlink/?LinkId=82739
************************************************************

Summary:
========
This advisory contains information about all security updates released this
month. It is broken down by security bulletin severity.

Critical Security Bulletins
===========================

MS07-008 - Vulnerability in HTML Help ActiveX Control Could Allow
Remote Code Execution (928843)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-009 - Vulnerability in Microsoft Data Access Components (MDAC)
Function Could Allow Remote Code Execution (927779)

- Affected Software:

- Windows 2000 SP4
- Windows XP SP2
- Windows Server 2003
- Windows Server 2003 on Itanium-based Systems

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-010 - Vulnerability in Microsoft Malware Protection Engine
Could Allow Remote Code Execution (932135)

- Affected Software:
- Windows Live OneCare
- Microsoft Antigen for Exchange 9.x
- Microsoft Antigen for SMTP Gateways 9.x
- Microsoft Windows Defender
- Microsoft Windows Defender x64 Edition
- Microsoft Windows Defender in Windows Vista
- Microsoft Forefront Security for Exchange Server
- Microsoft Forefront Security for SharePoint

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-014 - Vulnerability in Microsoft Word Could Allow Remote Code
Execution (929434)

- Affected Software:
- Office 2000 Service Pack 3
- Office XP Service Pack 3
- Office System 2003
- Microsoft Office 2004 for Mac
- Microsoft Office v.X for Mac
- Microsoft Works Suites 2004, 2005, and 2006

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-015 - Vulnerabilities is Microsoft Office Could Allow Remote
Code Execution (932554)

- Affected Software:
- Office 2000 Service Pack 3
- Office XP Service Pack 3
- Office 2003 Service Pack 2
- Microsoft Office 2004 for Mac

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-016 - Cumulative Security Update for Internet (928090)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

Important Security Bulletins
============================

MS07-005 - Vulnerability in Step-by-Step Interactive Training Could
Allow Remote Code Execution (923723)

- Affected Software:
- Windows 2000 SP4
- Windows XP SP2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 SP1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-006 - Vulnerability in Windows Shell Could Allow Elevation of
Privilege (928255)

- Affected Software:
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Impact: Elevation or Privilege
- Version Number: 1.0

MS07-007 - Vulnerability in Windows Image Acquisition Service Could
Allow Remote Code Execution (927802)

- Affected Software:
- Windows XP Service Pack 2

- Impact: Elevation or Privilege
- Version Number: 1.0

MS07-011 - Vulnerability in Microsoft OLE Dialog Could Allow Remote
Code Execution (926436)

- Affected Software:

- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-012 - Vulnerability in Microsoft MFC Could Allow Remote Code
Execution (924667)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Visual Studio .NET 2002(all versions and products included in the
Visual
Studio .NET 2002 suite)
- Visual Studio .NET 2003(all versions and products included in the
Visual
Studio .NET 2003 suite)

- Impact: Remote Code Execution
- Version Number: 1.0

MS07-013 - Vulnerability in Microsoft RichEdit Could Allow Remote
Code Execution (918118)

- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Office 2000 Service Pack 3
- Office 2000 Multilanguage Packs
- Office XP Service Pack 3 (all versions and products included in the
Office XP suite)
- Office 2003 Service Pack 2
- Learning Essentials 1.0
- Learning Essentials 1.1
- Learning Essentials 1.5
- Global Input Method Editor for Office 2000 (Japanese)
- Office 2004 for Mac
- Office v.X for Mac

- Impact: Remote Code Execution
- Version Number: 1.0

Update Availability:
===================
Updates are available to address these issues.
For additional information, including Technical Details,
Workarounds, answers to Frequently Asked Questions,
and Update Deployment Information please read
the Microsoft Security Bulletin Summary for this
month at: http://go.microsoft.com/fwlink/?LinkId=82739
=====================

Acknowledgments:
================
Microsoft thanks the following for working with us to protect
customers:
- Brett Moore of Security-Assessment.com
(http://www.security-assessment.com)
for reporting an issue described in MS07-005.
- Fabrice Desclaux of EADS Common Research Center
(http://www.eads.net) for reporting an issue described in MS07-012.
- Kostya Kortchinsky of Immunity, Inc
(http://www.immunityinc.com) for reporting an issue described in
MS07-012.
- Kostya Kortchinsky of Immunity, Inc
(http://www.immunityinc.com)for reporting an issue described in
MS07-011.
- Kostya Kortchinsky of Immunity, Inc
(http://www.immunityinc.com)for reporting an issue described in
MS07-013.
- HD Moore of the BreakingPoint Systems
(http://www.bpointsys.com)for reporting an issue described in
MS07-008.
- Shih-hao Weng of Information and Communication Security Technology
Center
(http://www.icst.org.tw)for reporting an issue described in MS07-014.
- USAA (https://www.usaa.com)for reporting an issue described in MS07-014.
- Neel Mehta and Alex Wheeler of ISS X-Force
(http://xforce.iss.net) for reporting an issue described in MS07-010.
- H D Moore of BreakingPoint Systems
(http://www.bpointsys.com) for reporting an issue described in
MS07-016.
- iDefense (http://idefense.com/) for reporting an issue described in
MS07-016.
--

 

[Guest]

Hi Robin. I bookmarked the site. So your saying to buy just the Anti virus
and the Anti spyware seperately? Don't mine me probably asking a stupid
question, but right about now my brain is fried. I'm not sure what you mean
about the suite. AS I said, we have the free AVG, so far we like it alot, and
hubby is trying out the spyware.

At present I run AVG, Spywareblaster, and of course a firewall, and am quite
happy with those 3. As they say, sometimes you can overdo. If we do decide to
get the pro edition of the anti virus, I will go thru your site.

Thanx for telling me, much appreciated......

 

[Guest]

Robin,

If you got the FE update on January 25th either from Engels link or WU/MU
than you have it all ready, that was the engine update being referred to.

?
Tim

 

[Guest]

Thanx Engel and Bill. I didn't read up on anything today, seeing we are in
for alot of snow, I was running to stores before everyone in town got there
too. LOL Hopefully this will answer Robins questions too.

Have a great nite folks, and again, Thanx!!!

 

[Robinb]

I did and thanks Tim
robin

Robin,

If you got the FE update on January 25th either from Engels link or WU/MU
than you have it all ready, that was the engine update being referred to.

?
Tim

 

[Robinb]

the free version of AVG will do you just fine if you are using it in the
home.
I recommend the pro version mostly for businesses or a small home business
because it has a bunch of networking features.
If you purchase it and you are still running xp and want to purchase it then
get the AVG antivirus with firewall. (unless you are running another
firewall program other than XP) then get just AVG Antivirus.
You should also purchase the AVG antispyware seperately.
I just do not like suites because if something gets corrupted you normally
wind up with nothing working.
If you purchase it seperately then you at least have one program working
correctly.

I also have superantispyware which is also totally free. I like this
program alot too. It has grabbed stuff that the others did not. You can
pick it up at http://www.superantispyware.com/

Download the free version.
Just remember to take it out of startup in the "options" once the program is
set up because real time only works in the pro version and why have
something else go into startup if this option doesn't work unless you
purchase it.

If you need help setting it up when you go to my website there is an email
address there and you can email me and i can help you set it up. If you
live in the USA you can email me your phone number and I can walk you
through all the set ups too. I have manuals for all 3 programs (picture
step by step) that i would email you on how to use all 3 programs.
robin

 

[Robinb]

also AVG antispyware can be made free too if you do not want realtime
protection (once the 30day trial is up). I would only recommend this if you
are running WD for your realtime protection and run scans at least once a
week for the free antispyware programs. There is no reason why you can't
run both in realtime- I do and have it on about 30 clients computers.

To Make AVG antipsyware free this is what you need to do: (this is for
everyone also btw)

Right click on the AVG icon on the task bar (right hand corner)
take the check marks off "start with windows" and "residence shield"
go to Control Panel
Administrative Tools
Double click "Services"
Scroll down till you find AVG Anti-Spyware Guard
Highlight it, right click and choose "Properties"
Where it says it is "Enabled" click on the drop down box and make sure
"disabled" is now in the box.
Click OK- then close everything.
Now AVG antispyware is totally free
You will have to do your own updates (I recommend to do this daily even if
there is none) by clicking on "Manual Updates"

 

[Guest]

Robin, you have really been a dear with all this info. We don't have a
business, so it is strickly home use, and as I said, hubby downloaded the
spyware to try it out, as we know certain features are lost if not bought
after a certain time. Thanx for the link to the other free spyware thing, I
will check it out a little later. Nice to know I can also email you to set
things up, as sometimes I am a bit computer challenged.

I don't think we have another firewall except the XP one, but will ask
hubby. Like I said, this computer just got an overhaul due to having Nortons
in here for 2 years, it really grabbed on to a few things which I couldn't
get out, that is when we shoved the AVG in here, plus office, which I didn't
have. I hear ya about having things seperate, as if one thing goes bonkers,
it won't affect the other one.

Thank you again for all the info., it is MUCH appreciated. Hope you have a
wonderful Valentine's Day, we are in the middle of an ice storm, hopefully
our power doesn't go out. Mother nature was sooo good to us this winter till
today, and man, she is making up for it. Take care, and I will be in
touch...

 

[Guest]

Just printed this out for hubby...Thanx again!!!!

 

[Bill Sanderson MVP]

We got a little snow. Enough that the kids got off school, and my work
closed as well, although I probably still need to go out to meetings in the
evening.

So, I slept late--then discovered when I got up that the heat hadn't gone
on. The igniter that lights the pilot had failed at the start of the
heating season, and I managed to convince it primarily by force of will to
work a bit longer, but it quit again this morning. I re-applied the same
fix, but maybe I'll actually have to go out and buy the parts to fix it this
time....

--

 

[Guest]

*****************
Bill,

Toooo bad you can't use system restore to fix your heating problems. Trust
you will have everything working soon. We have about one foot of snow/ice in
very north NJ.
*****************

 

[Guest]

We only got about 2" of snow, but the sleet is still coming down and the
winds are wicked at times. Guess everything from L.I. is moving up here. As
long as we don't lose power I will be ok with that, too cold to be without
heat!!!

Guess it is time you fixed the heater problem. Bundle up, stay warm and
safe. I know with all this ice, I am indoors for the day, so will take a ME
day and do as little as possible. LOL

 

[Jack Ass]

why don't you do us all a favor and go away
we only allow nice people here
robin

Can you define what is your understanding of "nice people"? Would say
someone who is clogging up the bandwidth with non spyware matter is
"nice"? Let us extend this further to say someone posts a link to a
brand new p o r n site for the 14th Feb? Is this person "nice"? Where do
you draw the line? Both are a nuisance as far as I am cencerned but to you a woman who posts an
irrelevant stuff is nice but someone posting a new p or n site for singles
and recently divorced is not nice! What a hypocrite you are. You need
to go out and educate yourself. By the way leave that computer aside for
a day to see what is happening on this planet!

 

[Guest]

for now I have AVG, free edition, Spywareblaster
and a firewall. ... am trying the AVG.
So far I like it, and am thinking of getting the whole paid set, as in my
opinion it is better then Norton, and cheaper, even the paid set.

I know Robin doesn't like complete internet security suites and has advised
against it, but you may like to hear from someone who's been using the
complete AVG package.

It was only released a few months ago, and I got it within a few days. I was
very critical of it at first. There were several bugs, and some not very
satisfactory messages (for example it would alert me with a big
heart-stopping message: 'VIRUS FOUND! -when it had merely found a tracking
cookie!). There was also a bug in the firewall, which bothered me for a
while. But to do the guys at AVG justice, they kept on responding to all my
emails until every one of these problems was fixed. Gradually as the weeks
have gone by, they've tweaked the Internet Security suite quite nicely, and I
feel a lot happier with it now.

The suite provides you with a two-way firewall (which I've grown to realise
is far more secure than the Windows firewall) with a combined antivirus and
excellent antispyware scanner, with real-time protection; and AVG assured me
when I asked, that the protection is no less effective than with the separate
scanners. On the whole I've come to feel that I did the right thing getting
the complete package (though I wasn't sure at the start). It's cheaper than
buying the bits separately (and in comparison with Norton it's a LOT cheaper
- and I can easily live without all the various types of Norton trauma and
minimal support). Most of all, it's very convenient to use. A single click
brings up the control centre and everything is there, to hand. All updates
come automatically, and together, every day - and it's effortless. I don't
even notice the updates happening. Basically, you can forget it's there most
of the time, though of course there is some slowdown of system performance,
as there would be with any suite.

My main gripe, now, is that I still find large chunks of the user manual
almost unintelligible, and I don't think the software communicates very well,
generally - but that's a criticism of AVG in general, not just the security
suite.

I'm not really bothered by the issue of what happens if one part of it stops
working properly. If that were to happen (it hasn't), it's not a particularly
big deal to reinstall the whole suite - which actually doesn't take very long.

So by all means take Robin's advice - I leaned very heavily on her expertise
myself and am grateful for it; but you may like to know that overall I'm
content with my decision to buy the complete security suite, having now been
using it since its first release. You wouldn't have quite so much control as
you would get by having all the separate bits - but then, it wouldn't require
you to intervene as much, either. It depends on what you want.

 

[Jack Ass]

Well in that case this link is appropriate here:

http://sourceforge.net/projects/odf-converter

Let us know how you get on with it!!

dildo for breakfast with scamble egg and baked beans on top of toasted
bread?

Jack

 

[Guest]

JJ. Same advice to you as Robin. Don`t rise to the bait or get suckered in.
IGNORE !!

Stu

 

[Guest]

Thanx Alan for that info. I know 2 people who bought the whole package and
are happy with it, and a few that just bought the Anti Virus and are very
happy. Like you said, it depends on what you want it for. I just couldn't
handle Norton any longer after 5 years of it. Seems the last 2 years it got
more and more expensive, and you received VERY little support, if any.

At present we are trying it and are pleased, even though I have to check
manually for updates if my one auto one doesn't come in at the time I have it
scheduled for, but that is no big deal. I also like the fact it runs a
complete scan at 10, my option, each day. I'm letting hubby try out the
spyware part to see how he likes it, as for now, between Spywareblaster, AVG
AV and my firewall, I don't seem to be having any problems. I wound up with 3
viruses when I had Norton and couldn't find a fix from them. Had to go to
Geeks to get my computer cleaned out, and took their suggestion of the 3
things I am running, even they aren't too fond of Nortons.

I'll wait a few weeks, see how it all goes, then decide, and I thank you
again for your input, it is always appreciated.

 

[Guest]

Definitely intend to Stu, not worth my time....;-)