Pavlov Scope

Apple has released two sets of new security updates.

1) Affecting both Windows (2000 and XP) and Mac OSX users, a new Quicktime flaw has been resolved in version 7.1 as an update. Windows users who have not installed Quicktime or iTunes need not apply this fix. The Apple advisory  describes the details and includes a download link to the updated software. Windows users will need to manually apply this update, but if Mac OSX users have automatic Software Updates enabled in their preferences they should automatically be prompted for this installation. Doesn’t hurt to double check in your updates program since the flaw that is fixed prevents local access to your computer through this vulnerability.

2) Affecting Mac OSX users – A big list of fixes has been released in Apple’s third major patch deployment of the year. The list is available here.  As above, if you have automatic updates enabled, you should have already been prompted. If not, please check your updates program to ensure that these updates are applied – they are critical fixes. The Apple Download  page has the latest updates available (both sets of fixes were released 05/11/2006).

_____________________________________________________________
KevFrey
kevfrey@gmail.com
.     .    .   .  . .. .  .   .    .     .

Several watchdog groups have reported that a flaw has been found in Microsoft Word (XP and 2003) and it is being actively exploited "in the wild." This doesn’t appear to affect the Mac versions of Office. Microsoft’s bulletin on the flaw is here . The flaw is intended to be fixed on the upcoming June 13th release of monthly fixes, but it might be issued sooner if larger-scale (more widespread) exploits arise. This is a nasty flaw since it is related to email attachments and people generally trust Word docs. Don’t open any Word attachments until you have applied the forthcoming fix (unless you are expecting it from a known sender)! If a bad guy decides to couple this attack with collected, related address book email addresses, one could easily receive a message from a known sender but it could contain an exploited Word doc attachment, so be careful in all cases. The trouble with patching this flaw is that Office XP users will probably need to have their installation media available to install the patch. This isn’t such a big deal in a home environment, but in an enterprise it presents the challenge of deploying patches to users that do not have Administrative rights to their PCs. Office 2003 does not seem to have this trouble. Microsoft has issued a workaround procedure to assist users in protecting themselves from this flaw in the interim. Good news is that they have instructions for both home users and enterprise-focused administrators. Expand the "Workarounds…" section in the above listed link (there are several levels to expand using the plus "+" signs). In there you will find the workaround directions that best suit your situation. Domain administrators have been given a method for Group Policy deployment (GPO) for implementing the "safe mode" portion of the workaround. This is nice, but to disable Outlook feature of using Word as an email editor is still a manual workaround according to Microsoft. However, you should be able to enforce the Microsoft Word editor option using the Office Resource Kit’s Group Policy object to modify the Mail Editor settings accordingly (based on your environment). All you Admins out there: I haven’t experimented with this option myself, but it should do the trick… if concerned, try it out on a limited OU of test machines/users and let me know if you feel altruistic. Here is where the setting should be:

But I digress – If you choose not to open any Word attachments, you can safely "wait it out" for the patch to be released 2nd week of June.

_____________________________________________________________
KevFrey
kevfrey@gmail.com
.     .    .   .  . .. .  .   .    .     .

Greetings all; Just a quick one…

New flaws have been fixed by Nullsoft (list of fixes here ) to resolve some apparently nasty issues in WinAmp. Additionally, many other fixes that resolve some operational issues with the software have been implemented which should help the overall user experience (few crashes, odd behavior, etc.).

If you use Winamp, please update it to v5.22 .

_____________________________________________________________
KevFrey
kevfrey@gmail.com
.     .    .   .  . .. .  .   .    .     .

For years, my wife and I watched Wall $treet Week on Friday evenings. Although that sounds like a laughably dry way to spend Friday nights with a loved one, for those that don’t know he was a very entertaining fellow. We looked forward to the 30 uninterrupted minutes of his wit and subtle puns on the weekly PBS show and he always put us in a good mood. Being that we often do the bills on the weekend (as I imagine millions of other Americans do too), he would make it less of a chore and more of an opportunity through his light-hearted framing of money matters.

When PBS gave him a very bitter pill to swallow, we applauded his move to CNBC and followed him over. And, we applauded CNBC for retaining that no interruption, low key format with which fans and viewers fell in love.

We mourn the loss of a straight-shooter  who was out to make sense of big economic ideas for the lamen. I, for one, will miss him.

Rukeyser’s Wikipedia entry 

_____________________________________________________________
KevFrey
kevfrey@gmail.com
.     .    .   .  . .. .  .   .    .     .

Hiya; My Firefox just prompted me to download and install the 1.5.0.3 update. Last week I reported that the Mozilla team had developed a fix, so it was soon to be released. Now, that fix is out in the patch 1.5.0.3. So, please install it when prompted by Firefox – or if you are not prompted, go download it here: Firefox Download 

Additionally – More bad news about IE: Just today (2006-May-02), security researchers have found YET ANOTHER  new flaw.

Ugh. Microsoft is burning up my OT.

_____________________________________________________________KevFrey
kevfrey@gmail.com.     .    .   .  . .. .  .   .    .     .