Support information and alerts for NVDi customers and friends
Jul 24 2009
Microsoft is releasing a pair of critical Windows security updates on July 28th. This is highly unusual. Microsoft normally issues security fixes on the second Tuesday of the month — “Patch Tuesday.” When they release an out-of-band update like this, it is usually because it deals with a critical vulnerability that is being actively exploited. [...]
Jul 16 2009
Firefox 3.5.1. has just been released to fix a potentially critical vulnerability. It’s not listed on the regular download page yet, but should be shortly. A couple of days ago, proof-of-concept code was posted showing how a malicious web site could trigger a “drive-by download” when a page was viewed with Firefox 3.5. The 3.5.1 [...]
Jul 13 2009
July 14th is “Patch Tuesday,” the day each month when Microsoft issues patches for Windows and other Microsoft products. (It also happens to fall on Bastille Day this year.) Two of the three critical patches released this month are very high priority because they are already being exploited in the wild. Both deal with ActiveX-related [...]
May 08 2009
May 12th is “Patch Tuesday,” the day Microsoft traditionally issues security updates. Adobe is also issuing a patch for Adobe Reader and Acrobat. The sole Microsoft patch fixes a “critical” flaw in PowerPoint. “Critical” means it’s a big deal. In this case, opening a maliciously crafted PowerPoint presentation could allow an attacker to execute code [...]
Apr 28 2009
Here we go again. Security researchers have turned up a couple more vulnerabilities in Adobe Reader (and Adobe Acrobat for those of you running the full, pay-for package). These flaws permit running arbitrary code on a target system without the user’s knowledge. This is triggered by tricking a victim into opening a maliciously crafted, JavaScript-enabled [...]
Apr 08 2009
Adobe recently released updates to Adobe Reader and Adobe Acrobat to fix a flaw that permitted running arbitrary code on a target system without the user’s knowledge. This is triggered by tricking a victim into opening a maliciously crafted PDF document — typically, an email attachment or a document served up on an infected web [...]
Apr 03 2009
A newly discovered Powerpoint flaw is being exploited “in the wild” to install malicious software on victim’s machines. The exploit relies on tricking users into opening an infected email attachment or opening an infected PowerPoint file hosted on a web site. All major antivirus vendors should have protection in place by now. Still, the usual [...]
Apr 01 2009
Hitting your favorite search engine for Conficker virus information and tools may be a risky proposition right now. But first, what has gone before… If you have been following “best practices” — your security patches are current and you have functioning, up-to-date antivirus — you needn’t worry about Conficker. If you’ve been remiss about security, [...]
Mar 30 2009
Despite the recent hype, odds are you won’t get hit by the Conficker virus. See the earlier post on “The Conficker/Downadup panic” for background. However, if you’ve been remiss with your security updates or let your antivirus protection lapse, here are some techniques to check for and, if necessary, remove Conficker… First off, the Conficker [...]
Mar 30 2009
There has been a spate of somewhat overwrought news coverage on the “Conficker” (a.k.a “Downadup”) virus recently. Here are the basics… The best, most recent estimate of the number of Conficker-infected computers is around 10 million. This is a big number, but a very small percentage of all the computers in the world. More than [...]