Wednesday, June 28, 2006

IE7 Beta 2 uninstall problem

If you remove IE7 using Add/Remove in the Control Panel……. as recommended by Microsoft

It does not remove everything… certain .dll files remain

this then causes a serious problem ?... ie: you try to install IE6 again and the computer tells you their is already a newer version of IE installed

and IE6 cannot be reloaded onto your machine… so you end up with NO browser at all….

Which then mean you would have to reinstall Windows Xp to factory settings & lose everything….. and you don’t want that do you……..

I had too last Friday……… but luckily I had most of my stuff backed up………. But it still took 8 hours to put everything back on and get IE6 SP1 back on…… and working.

Tuesday, June 13, 2006

Microsoft Support Ends for Win 98 /98SE /Me

YOU’VE BEEN WARNED! Even though there are millions of users at home and within companies still using these products every day.

Support for Microsoft Windows 98, Windows 98 Second Edition, and Windows Millennium Edition Support ends on July 11, 2006.

Microsoft will end public and technical support on July 11, 2006. This also includes security updates.

Microsoft is ending support for these products because they are outdated and can expose customers to security risks. Customers still running Windows 98 or Windows Me need to upgrade to Windows XP (recommended) or Windows Vista Beta (NOT recommended to run as still in Beta until 2007)

Both Windows 98 & Windows Millennium are at risk with a NON-PATCHABLE security vulnerability!

Microsoft Security Bulletin MS06-015 – Vulnerability in Windows Explorer Could Allow Remote Code Execution (Support Document: KB908531)

What to do until you upgrade?
Place your Windows 98 & Windows Millennium computer(s) behind a perimeter firewall which filters traffic on TCP Port 139. A properly configured firewall will block attacks attempting to exploit this vulnerability from outside of the firewall.

Today, will be the last Update Tuesday for these machines.

Friday, June 02, 2006

Archiveus Code Broken (ransomware virus)

This virus (Archiveus) is the latest example of so-called "ransomware" that tries to extort cash from victims.

"This virus swaps files found in the "My Documents" folder on Windows with a single file protected by a 30-digit password. Victims are only told the password if they buy drugs from one of three online pharmacies.

The 30-digit password locking the files is


Using the password should restore all the hijacked files.

"Now the password has been uncovered, there should be no reason for anyone hit by this ransomware attack to have to make any payments to the criminals behind it," said Graham Cluley, senior technology consultant for security firm Sophos".

Full Story from BBC website

Wednesday, May 31, 2006

New Phishing Attacks

My thanks to Tonyso for this

New Phishing Attacks

Educate your users and friends/family...Microsoft never sends patches (updates) in an e-mail. According to Techweb today, a couple of Trojans are posing as Microsoft patches/updates.
The first line of the spoofed e-mail "Microsoft Cooporation" [sic] -- is a dead give-away that the message is not genuine, the article states.
If users click on the embedded link as instructed to "download the patch and protect your computer against WinLogon attacks" they actually download a keystroke logger "BeastPWS-C" .
Direct your users to the How to tell whether a Microsoft security-related e-mail message is genuine page that reminds them that "We never attach software updates to our security e-mail notifications." "We never send notices about security updates or incidents until after we publish information about them on our Web site. Check the Security site on to see whether the information is listed there."

Monday, May 29, 2006

If your testing Vista Beta 2

If you are testing Vista Beat 2 !! well then, it's more than likely that you have realised that there isn't that many Anti Virus solutions currently available..for it. Well, check out here from CA and you can get their AV for free.

"FREE eTrust® EZ Antivirus for Windows VistaTM Beta Users"

My thanks to BRETTJO for this info

Tuesday, May 23, 2006

Security Advisory (919637)

Vulnerability in Word Could Allow Remote Code Execution

Full information here

Wednesday, May 03, 2006

Security Resource Guide

Microsoft Security Resource Guide

My Thanks to

Anil John and Steve Lamb

Jerry Bryant [MS] has an excellent post with links to Security resources that are provided by Microsoft.

I am copying this here so that you do not have to go looking for them later:

My thanks to everyone who posted about this resource

Microsoft Baseline Security Analyzer (MBSA)
Use this tool to identify common security misconfigurations and missing security updates. MBSA runs on the Windows Server™ 2003, Windows® 2000, and Windows XP operating systems and will scan for vulnerabilities in multiple products and technologies, including Microsoft Internet Information Services (IIS) and SQL Server™.
Software Update Services (SUS) / Windows Update Services (WUS)
Quickly and reliably deploy the latest security updates, and service packs with Software Update Services. This new site now has the latest info on WUS.
Windows Update
Scans your computer and provides a selection of updates tailored for your operating system, software, and hardware.
Microsoft Office Product Updates
Scans and updates Microsoft Office products.
IIS Web Server Lockdown Wizard
Reduces the attack surface of Internet Information Services (IIS) and includes URLScan to provide multiple layers of protection against attackers.
UrlScan Security Tool
helps prevent potentially harmful HTTP requests from reaching IIS Web servers.

Microsoft Update

Removal Tools:
Mydoom, Zindos and Doomjuice worms
Blaster Removal Tool for Windows XP and 2000
Sasser (A-F) Worm Removal Tool
MS04-028 Enterprise Scanning Tool

Other Tools:
Security Risk Self-Assessment for Midsize Organizations

Understanding Update Management: Microsoft’s Software Update Strategy
Updated white paper talks about the need for strong update management process.
Other Update Management info in the TechNet Topics Page
Isolation and Resiliency
Listing of resources for the IT Pro to evaluate and deploy XP SP2
Network Access Protection
Internet Security and Acceleration (ISA) Server 2004 whitepapers updated
Read about secure remote Outlook access in the Unique Protection for Microsoft Exchange Server whitepaper, a very viable business scenario with ISA Server
Engineering Excellence

Trustworthy Computing: Security
Whitepapers on Security Enhancements: Describes the Trustworthy Computing initiative as applied to the Windows Server, Office 2003 and Exchange Server 2003 development processes respectively.
Windows Server 2003Office 2003Exchange Server 2003
Get the Facts:
Windows and Linux

Guidance and Training

Security Guidance Centres on
Prescriptive guidance to help provide defence-in-depth security.
E-Learning Security Training
E-Learning self-paced clinics - 4 Developer and 8 ITPro modulesNow available in French, German, Spanish and JapaneseXP SP2
Security Guidance Kit CD (now shipping in US and Canada)
CD-ROM with tools, templates, and how-to guides
Microsoft IT Security Showcase
An insider view into Microsoft's process of deploying, and managing its own enterprise solutions.
Security Newsletter
Register for our free monthly e-mail newsletter that's packed with security news, guidance, updates, and community resources to help you protect your network.
Security Program Guide: Events and Training Information
Events, webcasts and training available for both IT Professionals and Developers.
US Security Summit Keynote and Training Content
Security Notifications via e-mail
Sign up today to get e-mail alerts when an important security bulletin or virus alert has been released.
Security Update RSS Feed
Security Bulletin Search Page
Search on product, technology or KB article
Security Bulletin Webcasts
Join Microsoft experts on the day after bulletin announcements to get the latest information and have the opportunity to ask questions.
How to Tell If a Microsoft Security-Related Message Is Genuine
Writing Security, 2nd edition
Best practices for writing Security and stopping malicious hackers.
Building and Configuring More Secure Web Sites
Best Practices used at OpenHack.

Recent Security Guidance Centre additions:
Windows XP Guide, includes SP2New Security Risk Management GuideWindows NT 4.0 and Windows 98 Threat Mitigation GuideMicrosoft Identity and Access Management SeriesAntivirus Defence-in-DepthSecuring Wireless LANs with PEAP and Passwords
Small Business Guidance
Guidance specifically for the smaller business
Configuring Windows XP 802.11 Wireless Networks for the Home / Small Business
Consumer Information:
Newsletter for home users
Security bulletin notifications for home users