New version of Firefox is out an available, it fixes the following problems:

MFSA 2008-58 Parsing error in E4X default namespace
MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals
MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners() same-origin violation
MFSA 2008-55 Crash and remote code execution in nsFrameManager
MFSA 2008-54 Buffer overflow in http-index-format parser
MFSA 2008-53 XSS and JavaScript privilege escalation via session restore
MFSA 2008-52 Crashes with evidence of memory corruption (rv:1.9.0.4/1.8.1.18)
MFSA 2008-51 file: URIs inherit chrome privileges when opened from chrome
MFSA 2008-47 Information stealing via local shortcut files

Security Advisories for Firefox 3.0.4

As usual evil empire update day is upon us with the Microsoft Security Bulletin Summary for November 2008:

• MS08-068: Vulnerability in SMB could allow remote code execution (957097)
• MS08-069: Vulnerabilities in Microsoft XML Core Services could allow remote code execution (955218)

SANS - November Black Tuesday Overview

Microsoft has dropped an out of cycle patch on everyone, the patch covers a fault in RPC which is very similar to the fault in RPC/DCOM that was exploited by Blaster Worm. The consequences of not patching could potentially be the same, thousands of computer infected to do the bidding of those who would exploit it. Patch or die folks, patch or die.

Info Links:

• Microsoft out-of-band patch - Severity Critical
• MS08-067 Released
• Microsoft Windows RPC Vulnerability MS08-067 (CVE-2008-4250) FAQ

So I was surfing around the Internet when I came across this awesome example of EA (Electronic Arts) trying to kill one of it's customers via it's support system and a little thing called Fire. Lets just say that if Jim had followed EA Technical Supports second help message, fire would have occurred. This just goes to show and pretty much prove that EA Support is non-existent and by the looks of it is an automated computer system spitting out emails based roughly on what you send to it and a random list of staff names. Are there actually any staff at EA Support besides the guys keeping the Automated system working.

Jim sent this wonderful replay to EA, I love this bit:

THERE WAS A FIRE. YOUR PRODUCT STARTED A FIRE. I DO NOT NEED AN AUTOMATED WARRANTY REPLACEMENT. I NEED TO SPEAK WITH SOMEONE WHO WILL ADDRESS THIS ISSUE.

FIRE = BAD.
YOU = UNAWARE OF FIRE.

It’s that glowy orange stuff. If you touch it, you die. Understand?
F-I-R-E.

Yes you would think that's causing F-I-R-E would be something that actually got their attention, well apparently no.

The full story, Rock Band tried to burn my house down - by Jim Squires

Adobe Flash Player 10 is available for download from www.adobe.com/go/getflashplayer, support is avalible for Windows, Macintosh and Linux platforms. MSI's for network deployment are also available.

This is especially important for Firefox users being that Flash 10 fixes a bug specific to Firefox.

Some Adobe Flash 10 Examples - Require Adobe Flash 10

• Flash Player 10 : rotation (x,y,z) properties example
• Alternativa 3D 5.0 FP10 — Flash Player 10 “Astro” version

As usual black Tuesday is upon us with the Microsoft Security Bulletin Summary for October 2008:

• Vulnerability in Active Directory Could Allow Remote Code Execution (957280)
• Cumulative Security Update for Internet Explorer (956390)
• Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
• Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
• Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege (956803)
• Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (954211)
• Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
• Vulnerability in SMB Could Allow Remote Code Execution (957095)
• Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege (956841)
• Vulnerability in Message Queuing Could Allow Remote Code Execution (951071)
• Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)

There is now a new version replacing 1.84 of Real Alternative, version 1.90. A change log for real alternative is available here. If you want the normal Real Alternative 1.90 and not the MSI installer version that is bellow, you can find it at Codec Guide.

MSI Installer Downloads
P2P - ED2K
HTTP - Site 1
HTTP - Site 2

Details on the build process can be found here at my first Real Alternative 1.75 MSI Install. As always you should actively virus scan these files if you don't trust them.

A new version of Quicktime Alternative is available, version 2.70. Here is the new MSI file for deployment. If you want the normal QuickTime Alternative package it can be found at Codec Guide.

MSI Installer Downloads
P2P - ED2K
HTTP - Site 1
HTTP - Site 2

Details on the build process can be found here at my first MSI installer for Real Alternative 1.75, the process for producing a QuickTime Alternative MSI installer is exactly the same as a Real Alternative MSI installer. As always you should actively virus scan these files if you don't trust them.

There is now a new version replacing 1.82 of Real Alternative, version 1.84. A change log for real alternative is available here. If you want the normal Real Alternative 1.84 and not the MSI installer version that is bellow, you can find it at Codec Guide.

MSI Installer Downloads
P2P - ED2K
HTTP - Site 1

Details on the build process can be found here at my first Real Alternative 1.75 MSI Install. As always you should actively virus scan these files if you don't trust them.

As usual at this time of the month:

• Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
• Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
• Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
• Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)

Microsoft Security Bulletin Summary for September 2008