First, thanks for taking time out of your day to read my posts.  I will continue to keep them simple and written for users, not techies….  I’m going to post monthly because it does a few things for everyone:

1. Allows me to introduce a new feature soon, which will be demonstrations of some of these exploits.  I might make a little program that uses an exploit to open your calculator on your desktop. Maybe I’ll link to a trustworthy site that offers a demo.  Sometimes I might offer video demonstrating the exploit.  Regardless, you will have to clink a link to see the exploit or test your machine to see if it is patched and requires your interaction to see it.

2. Our customers who are maintenance customers get phone calls from us for severe issues that are zero day or need immediate attention, so what’s the point of posting an urgent message on the blog.

3.  It limits emails that you get and makes better use of your time…

Firefox has an exploit that can give a user limited access to your computer.  The exploit works by putting a fake error message on your computer, which once you acknowledge by hitting “OK”, it then actually runs the exploit on your computer.  Free updates are available at Firefox’s website for version 3.0 and 3.5

Quicktime, an Apple made media player that competes with Windows Media player (default on Windows XP, 2000, vista, and 2008) and Flash player (youtube), has an exploit where if someone sends you a specially crafted file (think email and funny videos), they can execute some commands and code to gain some access to your machine.  Check out Quicktime for a new download of Quicktime for free if you are a user of Quicktime. If you are not sure that you even use Quicktime, check out the link above still and you’ll probably recognize the blue Q that is the logo for Quicktime.  Or, you can go into control panel and hit “Add/Remove Programs” in Windows XP or older to see if you have it installed.  In Vista, you can go into control panel and choose “programs and features” instead of “Add/Remove Programs”.

Microsoft released five patches for Windows, including some high threat patches that allow hackers to gain control of the computer.  You can skip all of this below and just visit WindowsUpdate for the patches:

1. Patch for the JavaScript Engine, that can be exploited to give a hacker or automated program access to your machine with your current access (user or admin). Usually, this will be done with using Internet Explorer and viewing a specially crafted page.

2. Another vulnerability that can be exploited by directing a user to a tampered webpage.  Once the page is viewed, the hacker or automated program can gain control of the computer with current access (user or admin).  A real world example of this is a tinyurl link that someone has in an email, once viewed and if you are not patched, you are exploited.

3. If a user is tricked into opening a video file with this third exploit, the attacker gains full control of the system regardless of your current user status.  It’s important to point out that a great vehicle for this exploit would be through a “funny email” that would be forwarded.  Do you look at those emails when they are sent to you?  If so, make sure you are patched and remember that the friend who forwards you the video didn’t make the video, so keep yourself patched.

4. A special type of data packet can be sent to your computer that can  allow a hacker to gain full control of your computer. This exploit is rated critical by Microsoft, but this is more for servers and computers that are fully exposed to the internet.  If you are on the internet through a wireless card from Sprint, Verizon, etc., you are at a little more risk than regular users.  If you use cellphone wireless cards, you should really be running your firewall in Windows anyway.

5.  Finally, Vista has an exploit that if you use the automatic wireless configuration tool to join new networks, that can be exploited for a gain in access.  This exploit isn’t that critical as a user would have to go to that compromised network and join it rather than just surfing on the web.