Internet Explorer New Zero Day Critical Vulnerability

Internet Explorer new Zero Day critical vulnerability ( CVE-2014-1776 ) allow remote code execution. Microsoft release Security Advisory ( 2963983 ) and confirmed:

“Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.

The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

Follow us on Google+Twitter or Facebook

Microsoft Releases April 2014 Security Bulletins

Microsoft Releases April 2014 Security Bulletins.
Below you’ll find all the latest information on these updates.

1.Bulletin ID: MS14-017
Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Affected Software: Microsoft Office,
Microsoft Office Services,
Microsoft Office Web Apps

Bulletin Executive Summary:

Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660)

This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a specially crafted file is opened or previewed in an affected version of Microsoft Office software. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

2.Bulletin ID: MS14-018
Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Affected Software: Microsoft Windows,
Internet Explorer

Bulletin Executive Summary:

Cumulative Security Update for Internet Explorer (2950467) 

This security update resolves six privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

3.Bulletin ID: MS14-019
Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Affected Software: Microsoft Windows

Bulletin Executive Summary:

Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2922229)

This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user runs specially crafted .bat and .cmd files from a trusted or semi-trusted network location. An attacker would have no way to force users to visit the network location or run the specially crafted files. Instead, an attacker would have to convince users to take such action. For example, an attacker could trick users into clicking a link that takes them to the location of the attacker’s specially crafted files and subsequently convince them to run them.

4.Bulletin ID: MS14-020
Severity Rating: Important
Vulnerability Impact: Remote Code Execution
Affected Software: Microsoft Office

Bulletin Executive Summary:

Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (2950145)

This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted file in an affected version of Microsoft Publisher. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Follow us on Google+Twitter or Facebook

Business Computer Security Checklist

Business computer security is essential to protecting your company from viruses, spyware, hackers, and other threats. To ensure you’re fully protected, you should begin by matching your current and future security needs to the required security technologies.
Here’s a business computer security checklist to get you started.

1. Update Your Software

To help keep your PC more secure and reliable, it’s a good idea to install new updates as soon as they’re available. The easiest way to install updates is to use the Windows Update service and make sure automatic updating is turned on.

2. Install Virus and Spyware Protect

Antivirus software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware.

3. Set Up a Firewall

A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer applications based upon a set of rules and other criteria.

4. Back Up Your Data

Backup Software is an enterprise-level data protection solution that backs up and restores data and applications for a variety of operating systems. It has data protection, disaster recovery and business continuity planning capabilities.

5. Guard Against Computer Theft

Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices.

6. Secure Your Private Network

Network Security consists of computer network infrastructure, policies adopted by the network administrator to protect the network and the network accessible resources from unauthorized access, and consistent and continuous monitoring and auditing together.

7. Secure Your WEB site

Protect your Web site and Web applications against hacker attacks. Use Web Application Firewall to protect your WEB site against SQL Injection, Cross-site scripting, brute force, Path Traversal and more.

8. Create a Security Plan

All businesses benefit from having a security plan. Creating a security plan helps you identify risks relevant to your business, and gives you a checklist to follow in training staff.