Updates 4/10/12 - ''Microsoft/Adobe Tuesday'', Sandboxie

Virus & Spyware

Virus & Spyware
Perspectives on PC security, including antivirus, anti-spyware and firewall solutions.

Updates 4/10/12 - ''Microsoft/Adobe Tuesday'', Sandboxie

  • Today is "Microsoft Tuesday" --- the SECOND Tuesday of the month --- on which Microsoft is expected to release its monthly cycle of Windows/critical security updates.   Based on previous history, they should become available at 1 PM [USA - Eastern Daylight Saving Time].

    Please use Windows/Automatic updates to determine which updates --- if any --- are applicable to your particular system.

    ==============================================

    Today is also [a quarterly] "Adobe Tuesday":   Adobe is planning to release security updates for Adobe Reader/Acobat X (10.1.2).

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v8 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • The following updates are rated CRITICAL:

    MS12-023 Cumulative Security Update for Internet Explorer (2675157) 

    MS12-024 Vulnerability in Windows Could Allow Remote Code Execution (2653956) 


    MS12-025 Vulnerability in .NET Framework Could Allow Remote Code Execution (2671605)

    MS12-027 Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258)

    ================= ==================

    The following updates are rated IMPORTANT:

    MS12-026 Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Information Disclosure (2663860) 

    MS12-028 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185) 



     

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v8 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Windows Malicious Software Removal Tool (MSRT) for APRIL, version 4.7

    32-bit for Win 7/Vista/XP/Server2003 http://www.microsoft.com/download/en/details.aspx?id=16

    x64-bit version http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=9905

     

    This month's tool adds detection/removal of:

    Win32/Claretore - "a trojan that injects malicious code into Windows processes to interecept web browser communication, and may monitor user activity and send stolen information to a remote website. The trojan could also redirect the web browser to an attacker-specified URL".

    Win32/Bocinex - "a family of malware that launches a Bitcoin mining client, detected as Program:Win32/CoinMiner. The client is configured to attribute newly generated Bitcoin digital cash, or "BTC", to an attacker's Bitcoin account".

    Win32/Gamarue - "a family of malware that may be distributed by exploit kits, spammed emails or other malware, and has been observed stealing information from an affected user".

    EDIT:  for additional information onWin32/Claretore, see  http://blogs.technet.com/b/mmpc/archive/2012/04/10/msrt-april-2012-win32-claretore.aspx

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v8 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Adobe Reader X for Windows

    Sequential update (from 10.1.x) to 10.1.3  http://www.adobe.com/support/downloads/detail.jsp?ftpID=5358

    for details of this update:   http://helpx.adobe.com/content/dam/help/attachments/Acrobat_Reader_ReleaseNote_10.1.3.pdf

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v8 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • For what it's worth:   Today's Adobe Reader updates its included version of Flash Player ( authplay.dll ) to version 10.3.183.18.   As we are aware, the latest series/version of Flash is 11.2.202.228.   For whatever reason, it seems that some people can't (or don't want to??) upgrade Flash from the older 10.x series to the newer 11.x series, and as such, Adobe doesn't want to force the issue... I've found the following statement in Adobe Security Bulletin apsb12-07:

    "For users who cannot update to Flash Player 11.2.202.228, Adobe has developed a patched version of Flash Player 10.3, Flash Player 10.3.183.18"

    [See the second paragraph under SOLUTION  http://www.adobe.com/support/security/bulletins/apsb12-07.html ]

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v8 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Sandboxie 3.6.8

    This bug fix release addresses several issues that were reported shortly after the release of version 3.66.

    Use the internal updater... or download the program from http://www.sandboxie.com/index.php?DownloadSandboxie

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v8 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]