Categories
Uncategorized

Announcement: Microsoft Security Advisory 2490606: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

This just published on TechNet’s Microsoft Security Advisories and notred on the MSRC Blog: details on Microsoft Security Advisory 2490606, Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution…

Microsoft is investigating new public reports of a vulnerability in the Windows Graphics Rendering Engine. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Affected Software:

  • Windows XP Service Pack 3 and Windows XP Professional x64 Edition Service Pack 2 
  • Windows Server 2003 Service Pack 2, x64 SP2 and SP2 for Itanium-based systems
  • Windows Vista Service Pack 1 and SP2, as well as Windows Vista x64 Edition SP1 and SP2
  • Windows Server 2008 RTM

Non-Affected Software: Windows 7 for 32-bit and x64-based Systems, Windows Server 2008 R2 for x64-based and Itanium-based systems.

As noted, teams are are working to develop a security update to address this vulnerability. The circumstances around the issue do not currently meet the criteria for an out-of-band release; however, we are monitoring the threat landscape very closely and if the situation changes, we will post updates here on the MSRC blog.

As always, we encourage Internet users to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at Home.

For more details on the Security Advisory you can subscribe to our comprehensive alerts here to receive email when there’s new information.

 

Tags: Security, what I read, Microsoft, Windows 7.

MSRC references: Security Advisory, Workarounds, Defense-in-depth, Exploitability

Delicious Bookmark this on Delicious Bookmark and Share

Also available via http://bit.ly/fQLtln

Categories
Uncategorized

Announcement: Microsoft Windows December 2010 Updates to Daylight Saving Time and Time Zones

Check out Microsoft Knowledge Base Article 2443685, “December 2010 cumulative time zone update for Windows operating systems”, which the Windows team just posted.  This is the December Daylight Saving Time and Time Zone (DST & TZ) Cumulative Update (CU), and the current KB/blog text focuses on the less common changes, such as adding the timezone for Magadan. 
 
The good folks in Windows (thanks, KC) provided some additional commentary and clarifications to the posts…

  1. Explaining that the Namibia DST support changes begin in 2011
  2. Listing other regions with dynamic support which get routine annual updates

The December 2010 DST Cumulative Update for Windows operating systems focuses on the following changes:

Magadan

  • A new timezone has been created for Magadan. The Magadan timezone has support for Daylight Saving Time, with 2011 DST running from March to October.
  • The existing timezone “(UTC +11:00) Magadan, Solomon Islands, New Caldonia” has been renamed “(UTC +11:00) Solomon Islands, New Caledonia”.   This is only a  displayname update – the rules for this timezone have not changed. As before, this timezone does not have DST support.
Namibia: The offset has been changed from UTC +2:00 to UTC +1:00. In addition, for 2011 and forward, the DST start date will occur in September, and the DST end date will occur in April.
Egypt :  the 2011 DST start date is set to occur in April and the DST end-date is set to occur in September. This is provided to address cases in which 2010 Fix-its for temporary DST changes were only partially applied.
In addition to these changes, the December DST CU contains 2011 adjusted DST start and end-dates for the following timezones:
·    Israel Standard Time
·    Morocco Standard Time
·    Pacific SA Standard Time
·    Samoa Standard Time
·    Syria Standard Time
For more information on these adjustments, refer to this Microsoft KnowledgeBase article: http://support.microsoft.com/kb/2443685 
The following blogs have been updated  – the KB updates are coming :

For more information about how daylight saving time changes may affect other Microsoft products, click the following article number to view the article in the Microsoft Knowledge Base: 914387  (http://support.microsoft.com/kb/914387/ ) How to configure daylight saving time for Microsoft Windows operating systems.

A holiday nod of thanks to the good folks across our company working on our effort to help manage time (particularly in daylight saving time and time zone changes) — documented and followed at http://www.microsoft.com/time and over at the blog at http://blogs.technet.com/dst2007 — and to the folks coordinating the efforts on our daylight saving time and time zone updates and releases for current products across the various product groups at Microsoft.  As noted, this is a tough job, to say the least.

Tags: Windows, Microsoft, Daylight Saving Time, Daylight Savings Time, RSS, DST; 18,600,000 (up a bunch from just six months ago); 18,800,000 (down ~2M)

Delicious Bookmark this on Delicious Bookmark and Share

Also available via http://bit.ly/hSHwXz

Categories
Uncategorized

Announcement: Microsoft Windows May 2010 Updates to Daylight Saving Time and Time Zones

Check out Microsoft Knowledge Base Article 981793, "May 2010 cumulative time zone update for Microsoft Windows operating systems", which the Windows team just posted. 

Changes / updates from the previous cumulative Windows time zone update include…

The following changes were made since the previous Windows cumulative time zone update:

  • Bangladesh Standard Time: Cancels DST.
  • Fiji Standard Time: DST change.
  • Kamchatka Standard Time: Deprecates this time zone.
  • Morocco Standard Time: DST change.
  • Pacific SA Standard Time: DST change for 2010.
  • Paraguay Standard Time:  DST change.
  • Syria Standard Time: Creates a new “(UTC+02:00) Damascus” time zone with DST for Syria.

A nod to the good folks across our company working on our effort to help manage time (particularly in daylight saving time and time zone changes) documented and followed at http://www.microsoft.com/time and over at the blog at http://blogs.technet.com/dst2007.  Thanks to the folks coordinating the efforts on our daylight saving time and time zone updates and releases for current products across the various product groups at Microsoft.  As noted, this is a tough job, to say the least.

For more information about how daylight saving time changes may affect other Microsoft products, click the following article number to view the article in the Microsoft Knowledge Base: 914387  (http://support.microsoft.com/kb/914387/ ) How to configure daylight saving time for Microsoft Windows operating systems

Tags: Windows, Microsoft, Daylight Saving Time, Daylight Savings Time, RSS,DST; 18,000,000 (up from 3M six months ago); 20,400,000 (up >3M)

Delicious Bookmark this on Delicious Bookmark and Share

Also available via http://bit.ly/bR40Oo

Categories
Uncategorized

Announcement: Security Advisory 979682 Released for Elevation of Privilege (EoP) vulnerability in the Windows kernel

Yesterday, Jerry Bryant announced here on the MSRC blog that Security Advisory 979682 Released. Click on the link for the details: essentially Security Advisory 979682 addresses an Elevation of Privilege (EoP) vulnerability in the Windows kernel, affecting all currently supported versions of 32-bit Windows. Please note that 64-bit versions of Windows, including Windows Server 2008 R2, are not affected.

As noted, we’re not currently aware of any active attacks against this vulnerability and as Jerry noted…

"… [we] believe risk to customers, at this time, is limited. We continue to recommend customers review the mitigations and workarounds detailed in the Security Advisory.

"We are also working with our Microsoft Active Protections Program (MAPP) partners to help provide broader protections for customers.

"Our teams are continuing to work on an update and we will take appropriate action to protect customers when the update has met the quality bar for broad distribution. That may include releasing the update out-of-band."

For more details on the Security Advisory you can subscribe to our comprehensive alerts here to receive email when there’s new information. The team will also post updates on the MSRC Blog.

 

Tags: IE, Security, what I read, Internet Explorer, twitter, Microsoft, Windows 7.

Clubhouse Tags: Clubhouse, how-to, Windows 7, Security, IE, Internet Explorer (IE)

MSRC references: Security Advisory, Internet Explorer (IE), Workarounds, Defense-in-depth, Exploitability, Zero-Day Exploit

Delicious Bookmark this on Delicious Bookmark and Share

Also available via http://bit.ly/5TO6wk

Categories
Uncategorized

Advisory: Bangladesh makes a last-minute decision to end daylight saving time on December 31, 2009

j0189360[1] Yes, it’s true, Virgina: once again a government has decided on making a last minute change to their daylight saving time. Quite reminiscent of when Argentina made a change to their their daylight saving time back in 2007 and brought me into the office virtually whilst I was on vacation.

<rant> Less than a week is a tough time to get everyone in the region – regardless of operating system, time piece or sundial – alerted to a change of this magnitude.  In order to achieve more seamless transitions to new DST rules and time zones, ample advance notice and concentrated efforts on promoting any change should be provided to the people and businesses impacted. </rant>

This time, Bangladesh decided to end daylight saving time on December 31, 2009 as noted on the Microsoft Daylight Saving Time & Time Zone Blog

On Monday, December 28, 2009 the Bangladesh government announced that, following a cabinet decision last week, the clocks would move back one hour to standard time at 11:59 PM on Dec 31. The decision was also reported on The Daily Star.
A notice from the power ministry on Sunday, however, clarified that clocks would be set back again one minute before midnight on Dec 31.

The notice also stated that the government has decided to continue with Daylight Saving Time from 2010 to ensure maximum utility of daylight.
Clocks will be advanced to 11:59pm (GMT+7) from 10:59 pm on March 31, to continue until Oct 31.
They will be turned back to 10:59pm (GMT+6) from 11:59 pm on Oct 31, to run until March 31.

This communication only addresses recommendations for the Dec 31, 2009 change. Microsoft will communicate future guidance for the 2010 DST transitions.

Users on all Windows OS platforms can switch their computers to the Central Asia Standard Time (Display name: (GMT+06:00) Astana. For users that did not apply KB978125, the time zone display name will look like this: (GMT+06:00) Astana, Dhaka).

Alternatively, for Windows OS versions released earlier than Vista, users may opt to update the registry key manually if they previously applied KB978125. Please note that the registry key value will be different if this operation is performed before Jan 1, 2010 than if it is performed after the start of the New Year, 2010. The reason for this is that the registry key value is different in 2009 than it is in 2010. Details on how to perform this operation can be found below in the section titled: “Manual Method to Perform DST Changes on down level platforms from Vista”.

An important note for Consumers:

For those customers (consumers, small businesses) wondering "Does this mean I have to install the updates manually?" 

No.  Generally, consumers should wait for the updates to be installed via Windows Update rather than download and install these from the DLC.  And for end users who have their PCs managed by a central administrator, your IT folks will handle the distribution and updating of your PCs over the network.  (When in doubt, ask. 😉

A note for IT Professionals:

More information including registry updates for folks who know how to do such things is available over at the Microsoft Daylight Saving Time & Time Zone Blog.

And now, a little history.

Microsoft’s product teams have moved to a regular rhythm to update their products and services to reflect time changes. For each update release, Microsoft accepts change requests at up to a few months prior to the release date.   Please refer to Microsoft’s Policy in Response to DST/TZ Requests, providing recommendations in order to achieve more seamless transitions to new DST and time zones policies. We suggest that governments should provide the following when considering changing DST or making adjustments to time zones:

  1. Ample advance notice (1 year or more) of the planned change.
  2. Official published confirmation of planned changes to DST or time zones.
  3. Concentrated efforts on promoting the change to the affected citizens.

Important notes for governments:

  • Please refer to Microsoft’s Policy in Response to DST/TZ Requests. It’s important for countries and territories to work towards seamless transitions to new DST and time zones policies, providing ample advance notice (of a year or more) with published confirmation of planned changes.
  • We suggest that entities planning DST changes consider implementing changes at the next clock tick after 01:59:59 rather than at 00:00:00. Making the change at midnight can impact daily systems, such as back-ups, financial reports, data pulls or other automated tasks.

Tags: Windows, Microsoft, Daylight Saving Time, Daylight Savings Time, RSS, DST; 18,000,000; 20,400,000 (up >3M)

Delicious Bookmark this on Delicious Bookmark and Share

Also available via http://bit.ly/4uuIzR