Archive for January, 2011

Unpatched mhtml vulerability in all current windows operating systems

Friday, January 28th, 2011

An unpatched windows vulnerability affecting all current windows operating systems has been identified. Microsoft has supplied a ‘fix it’ utility or users can  implement several options identified in the 2501696 security advisory.  As of this time, no active exploits have been identified.  Recommendations include users not clicking on unknown web links in e-mail and […]

Printer Security – vendor links

Friday, January 28th, 2011

The issue of securing printers is not one to be taken lightly.  I am not aware of any printers that have been bought on ebay lately with sensitive information on them but it probably won’t be long, let’s just make sure it’s not one of ours.  Below are several links to vendor documents on printer […]

Use of Administrator logon IDs on workstations – Terms of use agreement

Thursday, January 27th, 2011

In the ever tightening security procedures and practices, for some departments it has become standard operating procedure to not only require the primary workstation user account to be a limited logon ID ( as opposed to an administrator ID) but also the primary workstation user not even have any knowledge of the password for the […]

Advance announcement of January Microsoft patches

Thursday, January 6th, 2011

On Thursday, January 6, Microsoft provided advance notification of the patches that are scheduled to be released for January 2011. There are only two patches (known as bulletins by Microsoft) that are scheduled to be released. One is classified as critical for all workstation operating systems (32 and 64 bit versions of Windows 7, Vista […]

Update to PHP to address floating point bug on 32 bit systems

Thursday, January 6th, 2011

An update for PHP was released late in the day on January 5 that addresses a floating point bug in the previous versions.  While not a security risk, the bug could cause a system running PHP to exhibit a denial of service condition due to an exhaustion of system resources when attempting to calculate the […]

Unpatched Vulnerability in all current Windows OSs except Windows 7 and Server 2008R2

Thursday, January 6th, 2011

Late in the day on Tuesday, January 4, Microsoft released security advisory 2490606 for an unpatched vulnerability in the Windows Graphics Rendering engine for Windows XP, Vista, Server 2003 and Server 2008 (32bit, 64 bit and Itanium versions) NOT designated as R2.  A working exploit of the vulnerability (on Windows XP systems) has been released. […]