Archive

Archive for the ‘Fix it’ Category

Security Advisory 3010060 released

October 21st, 2014 No comments

Today, we released Security Advisory 3010060 to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file.

As part of this Security Advisory, we have included an easy, one-click Fix it solution to address the known cyberattack. Please review the "Suggested Actions" section of the Security Advisory for additional guidance. Applying the Fix it does not require a reboot. We suggest customers apply this Fix it to help protect their systems.

The Enhanced Mitigation Experience Toolkit (EMET) also helps to defend against this cyberattack when configured to work with Microsoft Office software. The necessary configuration steps for EMET, are provided in the "Suggested Actions" section of the Security Advisory.

We also encourage you to follow the "Protect Your Computer" guidance by enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. In addition, we recommend that individuals avoid clicking suspicious links, or opening email messages from unfamiliar senders. More information can be found at www.microsoft.com/protect.

We continue to work on a security update to address this cyberattack. We're monitoring the threat landscape very closely and will continue to take appropriate action to help protect our global customers.

Tracey Pretorius
Director, Response Communications

Security Advisory 3010060 released

October 21st, 2014 No comments

Today, we released Security Advisory 3010060 to provide additional protections regarding limited, targeted attacks directed at Microsoft Windows customers. A cyberattacker could cause remote code execution if someone is tricked into opening a maliciously-crafted PowerPoint document that contains an infected Object Linking and Embedding (OLE) file.

As part of this Security Advisory, we have included an easy, one-click Fix it solution to address the known cyberattack. Please review the "Suggested Actions" section of the Security Advisory for additional guidance. Applying the Fix it does not require a reboot. We suggest customers apply this Fix it to help protect their systems.

The Enhanced Mitigation Experience Toolkit (EMET) also helps to defend against this cyberattack when configured to work with Microsoft Office software. The necessary configuration steps for EMET, are provided in the "Suggested Actions" section of the Security Advisory.

We also encourage you to follow the "Protect Your Computer" guidance by enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. In addition, we recommend that individuals avoid clicking suspicious links, or opening email messages from unfamiliar senders. More information can be found at www.microsoft.com/protect.

We continue to work on a security update to address this cyberattack. We're monitoring the threat landscape very closely and will continue to take appropriate action to help protect our global customers.

Tracey Pretorius
Director, Response Communications

Microsoft Releases Security Advisory 2953095

March 24th, 2014 No comments

Today we released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. An attacker could cause remote code execution if someone was convinced to open a specially crafted Rich Text Format (RTF) file or a specially crafted mail in Microsoft Outlook while using Microsoft Word as the email viewer.

As part of the security advisory, we have included an easy, one-click Fix it to address the known attack vectors. The Fix it is available to all customers and helps prevent known attacks that leverage the vulnerability to execute code. Additionally, applying the Fix it does not require a reboot. We encourage all customers using Microsoft Word to apply this Fix it to help protect their systems.

The Enhanced Mitigation Experience Toolkit (EMET) also helps to defend against this vulnerability when configured to work with Microsoft Office software. If you are using EMET 4.1 with the recommended settings, this configuration is already enabled and no additional steps are required.

We also encourage you to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. In addition, we encourage everyone to exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders. More information can be found at www.microsoft.com/protect.

We continue to work on a security update to address this issue. We are monitoring the threat landscape very closely and will continue to take appropriate action to help protect our global customers.

Thank you,
Dustin Childs
Group Manager, Response Communications
Trustworthy Computing

Download fix for Internet Explorer vulnerability

September 17th, 2013 No comments

We’ve confirmed that cybercriminals are currently targeting a limited number of Internet Explorer customers through trusted websites.

If you’re not running a modern version of Internet Explorer, we recommend upgrading immediately to ensure that you receive the benefit of additional security features that can help prevent successful attacks. We also recommend installing the newly released Fix it (an easy, one-click download to help keep your computer protected), which does not require a reboot. Not sure if you are running a modern version of Internet Explorer? Learn how to check your web browser version

To find tips on how to stay safer online, visit the Microsoft Safety & Security Center.

Addendum: This Fix it was designed for all versions of Internet Explorer. If you have automatic updating turned on, you already received this update as part of our normal updating process on Security Update Tuesday, October 8.

 Learn more about how to get security updates automatically.

Categories: Fix it, Internet Explorer, malware Tags:

Download fix for Internet Explorer 8 vulnerability

May 9th, 2013 No comments

For years, hackers have targeted computer users by infecting websites. And based on recent reports, we have confirmed that cyber criminals are up to the same, no good behavior—this time targeting Internet Explorer 8. If you use Internet Explorer 6, 7, 9 or 10, this issue will not affect you.

If you are running Internet Explorer 8, we recommend upgrading immediately or installing the newly released Fix it (an easy, one-click download to help keep your computer protected). Not sure if you are running Internet Explorer 8? Learn how to check your web browser version

We’ll continue to monitor the situation and provide further updates here as needed. Tomorrow, we’ll publish information about the monthly Security Updates planned for May. 

To find tips on how to stay safer online, visit the Microsoft Safety and Security Center.

Categories: Fix it, Internet Explorer 8, malware Tags:

Download security update for Internet Explorer

September 21st, 2012 No comments

Today Microsoft released a security update for Internet Explorer. To help protect your computer, visit Windows Update to download and install the update and ensure that you have automatic updating turned on.

Note: This update replaces the Fix it that we posted earlier this week. If you install this update, you do not need the Fix it. If you already installed the Fix it, you still need to install this update.

For technical details, see:

“Fix it” available for Internet Explorer

September 19th, 2012 No comments

Today we released a downloadable tool called a “Fix it” for Internet Explorer that we mentioned in this blog yesterday.

On September 21, we will release a cumulative update for Internet Explorer through Windows Update.  We recommend that you install this update immediately. If you have automatic updating enabled on your computer, you won’t need to take any action – it will automatically update your machine. This update will reinforce the issue that the Fix it addressed and it will also cover other issues.

For more information, see Security Advisory 2757760.

For tips on how to stay safe online, visit the Microsoft Safety and Security Center.

Recent Internet Explorer advisory

September 18th, 2012 No comments

Microsoft released Security Advisory 2757760 yesterday about an issue in Internet Explorer.

The Microsoft Security Response Center (MSRC) is actively monitoring the situation and so far the issue has impacted only an extremely limited number of people.

For more information, see Microsoft Releases Security Advisory 2757760.

Full-strength solution available soon

Within the next few days Microsoft will release an easy-to-use tool (called a “Fix it”) that you can download for free. When the Fix it is available, we will post the link to download it here on this blog. You will also find it on the MSRC blog.

For more information, see Additional information about Internet Explorer and Security Advisory 2757760.