Spybot Search & Destroy Weekly Update – March 16, 2016

Uncategorized, Updates No Comments »

2016-03-16
Adware
+ Ad.Outobox ++ Ad.ResultsAlpha + MeMedia.AdVantage
Malware
+ ZenoSearch
Spyware
+ Marketscore.RelevantKnowledge
Trojan
+ Win32.Bifrost + Win32.Kazy + Win32.KillAV.hd + Win32.Koutodoor.aik + Win32.Turkojan
Total: 2615955 fingerprints in 827093 rules for 7610 products.

http://www.safer-networking.org/about/updates/

Merry Christmas

Uncategorized Comments Off on Merry Christmas

Wishing family and friends a very Merry Christmas and happiness this holiday season and throughout the coming year

Pale Moon 25.8.1 Released: November 28, 2015

Uncategorized Comments Off on Pale Moon 25.8.1 Released: November 28, 2015

Pale Moon: Release notes
25.8.1 (2015-11-28)
A small update to address two important issues:

Fix for a crash that could occur at random since the update to 25.8.0.

Fix for CSP (Content Security Policy) to be more lenient towards the incorrect passing of full URLs with all sorts of parameters in the CSP header, leading to misinterpretation of the header and incorrectly blocking the loading of content.

http://www.palemoon.org/releasenotes.shtml

Pale Moon 25.8.0 Released: November 17, 2015

Uncategorized Comments Off on Pale Moon 25.8.0 Released: November 17, 2015

Pale Moon: Release notes
25.8.0 (2015-11-17)
This is a security, stability and usability update.

Fixes/changes:

Updated LibVPX to 1.4.x to be able to play more kinds of VP9-encoded videos.
Updated the JPEG decoder library to 1.4.0.
Fixed and cleaned up XPCOM timer thread code to avoid intermittent issues with events not firing (especially after stand-by).
Updated overrides to work around issues with Facebook and Netflix.
Fixed an issue where too-old system-supplied NSPR and/or NSS libraries would be accepted for use.

Security fixes:

Updated the libpng library to 1.5.24 to address critical security issues CVE-2015-7981 and CVE-2015-8126
Updated the NSPR library to 4.10.10 to address several security issues.
Updated the NSS library to 3.19.4 to address several security issues.
Fixed a memory safety hazard in SVG path code (CVE-2015-7199).
Fixed an issue with IP address parsing potentially allowing an attacker to bypass the Same Origin Policy (CVE-2015-7188).
Fixed an Add-on SDK (Jetpack) issue that would allow scripts to be executed despite being forbidden (CVE-2015-7187).
Fixed a crash due to a buffer underflow in libjar (CVE-2015-7194).
Fixed an issue for Android full screen that would potentially allow address spoofing (CVE-2015-7185).
Added size checks in canvas manipulations to avoid potential image encoding vulnerabilities like CVE-2015-7189. DiD
Fixed potential information disclosure vulnerabilities through the NTLM authentication mechanism. Insecure NTLM v1 is now disabled by default, and the workstation name is set to WORKSTATION by default (configurable with a preference for environments where identification of workstations is done by actual reported machine name). This avoids issues like CVE-2015-4515.
Fixed a potentially vulnerable crash from a spinning event loop during resize painting. DiD
Fixed several Javascript-based memory safety hazards. DiD

DiD This means that the fix is “Defense-in-Depth”: It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.

https://www.palemoon.org/releasenotes.shtml

Microsoft Security Advisory Notification Issued: October 13, 2015

Uncategorized Comments Off on Microsoft Security Advisory Notification Issued: October 13, 2015

Security Advisories Updated or Released Today

* Microsoft Security Advisory (3097966)
– Title: Inadvertently Disclosed Digital Certificates Could Allow
Spoofing
– Originally published: September 24, 2015
https://technet.microsoft.com/library/security/3097966

* Microsoft Security Advisory (3042058)
– Title: Update to Default Cipher Suite Priority Order
– Originally published: May 12, 2015
https://technet.microsoft.com/library/security/3042058

* Microsoft Security Advisory (2960358)
– Title: Update for Disabling RC4 in .NET TLS
– Originally published: May 13, 2014
https://technet.microsoft.com/library/security/2960358

* Microsoft Security Advisory (2755801)
– Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
– Originally published: September 21, 2012
https://technet.microsoft.com/library/security/2755801

Removal instructions for CrossBrowse

Uncategorized Comments Off on Removal instructions for CrossBrowse

What is CrossBrowse?

The Malwarebytes research team has determined that CrossBrowse is adware. These adware applications display advertisements not originating from the sites you are browsing.

https://forums.malwarebytes.org/index.php?%2Ftopic%2F167942-removal-instructions-for-crossbrowse%2F

Mozilla Thunderbird – Released v31.6 to users on March 31, 2015

Uncategorized Comments Off on Mozilla Thunderbird – Released v31.6 to users on March 31, 2015

Thunderbird Notes

Version 31.6.0, first offered to Release channel users on March 31, 2015

Check out “What’s New” and “Known Issues” for this version of Thunderbird

https://www.mozilla.org/en-US/thunderbird/31.6.0/releasenotes/

Mozilla Firefox 33.0 Released: October 14, 2014

Uncategorized Comments Off on Mozilla Firefox 33.0 Released: October 14, 2014

Version 33.0, first offered to Release channel users on October 13, 2014

Check out “What’s New” and “Known Issues” for this version of Firefox below.
As always, you’re encouraged to tell us what you think, or file a bug in Bugzilla. If interested, please see the complete list of changes in this release.

https://www.mozilla.org/en-US/firefox/33.0/releasenotes/

Microsoft Security Advisory Notification Issued: August 12, 2014

Security Bulletins / Advisories, Uncategorized Comments Off on Microsoft Security Advisory Notification Issued: August 12, 2014


Security Advisories Updated or Released Today

* Microsoft Security Advisory (2755801)
– Title: Update for Vulnerabilities in Adobe Flash Player in
Internet Explorer
– »technet.microsoft.com/library/se···/2755801
– Revision Note: V27.0 (August 12, 2014): Added the 2982794
update to the Current Update section.

Microsoft Security Bulletin(s) for August 12, 2014

Security Bulletins / Advisories, Uncategorized Comments Off on Microsoft Security Bulletin(s) for August 12, 2014

Note: There may be latency issues due to replication, if the page does not display keep refreshing

Today Microsoft released the following Security Bulletin(s).

Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:
https://technet.microsoft.com/library/security/ms14-aug

Critical (2)

Microsoft Security Bulletin MS14-051
Cumulative Security Update for Internet Explorer (2976627)
https://technet.microsoft.com/library/security/ms14-051

Microsoft Security Bulletin MS14-043
Vulnerability in Windows Media Center Could Allow Remote Code Execution (2978742)
https://technet.microsoft.com/library/security/ms14-043

Important (7)

Microsoft Security Bulletin MS14-048
Vulnerability in OneNote Could Allow Remote Code Execution (2977201)
https://technet.microsoft.com/library/security/ms14-048

Microsoft Security Bulletin MS14-044
Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340)
https://technet.microsoft.com/library/security/ms14-044

Microsoft Security Bulletin MS14-045
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege (2984615)
https://technet.microsoft.com/library/security/ms14-045

Microsoft Security Bulletin MS14-049
Vulnerability in Windows Installer Service Could Allow Elevation of Privilege (2962490)
https://technet.microsoft.com/library/security/ms14-049

Microsoft Security Bulletin MS14-050
Vulnerability in Microsoft SharePoint Server Could Allow Elevation of Privilege (2977202)
https://technet.microsoft.com/library/security/ms14-050

Microsoft Security Bulletin MS14-046
Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)
https://technet.microsoft.com/library/security/ms14-046

Microsoft Security Bulletin MS14-047
Vulnerability in LRPC Could Allow Security Feature Bypass (2978668)
https://technet.microsoft.com/library/security/ms14-047

Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety 1-866-727-2338. International customers should contact their local subsidiary.

As always, download the updates only from the vendors website – visit Windows Update and Office Update or Microsoft Update websites. You may also get the updates thru Automatic Updates functionality in Windows system.

Security Tool
Find out if you are missing important Microsoft product updates by using MBSA.


© 2016 DP's Security Bits.
WordPress Theme & Icons by N.Design Studio. Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs

Featuring WPMU Bloglist Widget by YD WordPress Developer

Entries RSS Comments RSS Log in