[ale] semi OT - critical Windows security updates / MySQL security flaw

[Ron Frazier (ALE)]

Hi all,

Here are a couple of security notes I thought I'd pass along that I 
heard about on the Security Now podcast.

Some kind of flaw in MySQL was discovered.  I don't know anything about 
it, but it might affect some of you.  A little googling found this:

https://www.esiss.ac.uk/general/mysql-security-flaw/

I haven't had a chance to research it further.

------------------------

I know some of you are required (kicking and screaming) to work with 
Windows.  Microsoft just released a number of critical patches which 
should be implemented as quickly as possible.  If this affects you, go 
run windows update, check for updates, and keep installing them until 
there are no more found.  Note that, on some of my systems, for some 
weird reason, the definition updates for the Microsoft Security 
Essentials anti malware system are flagged as optional.  I have to go in 
manually and tell the system to install them.  I don't know if they 
would get automatically installed later or not.  I don't want to take 
the chance.

There is another critical update which didn't get into the patch batch.  
Here's how to install it manually with the Microsoft Fix It function.

Normally, I would advise against clicking links in email like the one 
I'm about to share.  However, this one is safe, and you can click the 
link below.  As an alternative, you could type it into the browser 
address bar.

Using Internet Explorer, not FireFox, navigate to this link: 
http://support.microsoft.com/kb/2719615 .

For this to work, support.microsoft.com or *.microsoft.com will have to 
be in the trusted sites list under Options, Security if the security 
settings have been increased past the defaults.  Also, I recommend that 
microsoft.com be allowed to post cookies and to create popup windows.

This leads to a Microsoft knowledge base article about a vulnerability 
which was not patched in the automatic patches.  Scroll down a little 
ways to what would be about page 2 if the page were printed.  You will 
see two graphical buttons which have a picture of a man with a wrench, 
and the words Fix It.  Click the button under the heading Enable.  This 
will eliminate the vulnerability which would, otherwise, allow an 
attacker to take over the computer remotely if a malicious website were 
inadvertently visited which exploited this problem.

You may then have to click a Run button on one window, then on a second 
window.  Agree to the terms.  Click next.  Say yes to authorize the 
process when asked.

In the UNLIKELY event that running the fix causes any operational 
problems, you can go back and disable it.  However, this is NOT 
recommended, since that would leave the computer vulnerable to attack.

Just thought I'd pass this along in case it affects some of you.

Sincerely,

Ron

-- 

(To whom it may concern.  My email address has changed.  Replying to former
messages prior to 03/31/12 with my personal address will go to the wrong
address.  Please send all personal correspondence to the new address.)

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new email messages very quickly.)

Ron Frazier
770-205-9422 (O)   Leave a message.
linuxdude AT techstarship.com