Pavlov Scope

• MS06-011 – KB914798: Fixes a problem in Windows XP Service Pack 1 (that is, WIndows XP without the newer Service Pack 2 applied). This problem, albeit difficult to exploit, could allow a malicious program to “elevate” its permissions to obtain higher access on your system allowing the program to do more nefarious activities. However, most standard home users already run with elevated permissions (i.e. as Administrators) so this flaw is effectively already a problem for most users anyway (no matter what version of Windows) through the way that they use their computer (I too am guilty of this).
  For any server-types out there (like me), this update also applies Windows 2003 Server without SP1.
  For more information: Microsoft Security Bulletin MS06-011 

  To update Windows on your personal machine (i.e. not your work computer), I recommend using the Microsoft Windows Update  site. If you company/organization does not automatically update your PC at work, update that one too.

• KB913571: Updates the multilingual versions of Visio 2003, Project 2003, and Office 2003 to improve how those products find and correct errors in Dutch language documents. More information: KB913471 - Dutch Language Update for Office 

• MS06-012: “Critical” error fixed in multiple versions of Office, Outlook, and related programs (e.g. Excel 2003 VIEWER). This fix plugs a hole preventing “arbitrary code execution” by potentially dangerous programs. Products affected are:
  1. Office XP
  1. Office 2000
  1. newer versions of Outlook
  1. Office (Excel) 2003 or the Excel Viewer
  1. Microsoft Works (versions 2000-2006)
  1. and Office X & 2004 for Mac

  Please update it to prevent any as-yet-unknown viruses or spyware from exploiting this flaw on your machine. If you know which versions of each that you have, please visit Microsoft Bulletin MS06-012  for direct download links.

  But, I recommend simply going to the Microsoft Office Update  site for best results (this site will interrogate your computer for which software you have and which needs to be updated).

Mac Updates: In addition to the Microsoft Office X / 2004 update for Mac’s (see above), there are additional Apple (Mac OS X) fixes that address the same and similar problems as the updates released a couple weeks ago.

• Security Update 2006-002: Corrects a problem caused by the previous patch a few weeks ago. However, there was another problem (discovered earlier this week) with this “002” patch that caused Safari to have a blank icon and/or the browser would not start. Additionally, some Mac users reported networking-related problems after the -002 update was applied Monday the 13th.

• However, Apple released “2006-002 v1.1” for Mac OS X 10.45 (both PowerPC and Intel) yesterday, Thursday 2006-March-16. Please visit the Apple Support Downloads page  for the latest updates and downloads (if your Mac didn’t already download and prompt for install of the latest updates already).

Flash Updates: Macromedia Flash Player

• If you have Flash installed, you might have already seen the “update Flash” tray icon which looks like this: . If you click on that icon, the following dialog box should be displayed:
  
  which will walk you through the update.
  Otherwise, find out more about the issue here – Apple Support Downloads page  and then go here – Apple Support Downloads page  to get the recommended download and instructions for the Flash update.
  Flash is used to display movie files and rich navigation front-ends for many websites, so it is important to keep this browser add-on up-to-date. The flaw allows a hacker to create a malicious Flash file that will compromise browser security (and potentially your email client) allowing all kinds of ugly stuff (spyware, data loss, data compromise/disclosure, etc.).

McAfee Update alert: McAfee AntiVirus software released an update last Friday (March 10) that mistakenly identified Excel and some additional components as viruses (what is called a “false positive”).
If you run McAfee on your system for your antivirus, make sure your definitions are configured to automatically update and that the current definition file you have is equal to or higher than 4716.

Norton/Symantec AntiVirus and Internet Security problem: Very similar to the McAfee issue above, Norton Security products (A/V, Firewall, etc.) received an update on Mar. 15 (Thurs.) that caused some AOL customers to be bumped from their broadband and/or dialup connections. More information available here: Symantec AOL issue page 

Now, I have to go recupperate from a hellish week where I accomplished 10% of what I had planned due to increased security demands on my tasklist – ugh.