Nel-Barker.co.uk
IT... Innovated
Home
Services
EarlyAlert
Home PC's
About Us
Contact Us
Toolbar
EarlyAlert(c)2005
Our EarlyAlert service helps you to protect your PC and data and in doing so helps protect your identity.
Most computers have many different software applications installed. Microsoft is certainly setting the pace with its Microsoft Update service that caters for all software updates for all their products (from Office 2003 onwards!) but most software vendors are not quite so accomodating. And all the time maliscious software is spreading daily.
 
 
Although it isn't possible to have an alert for every conceivable flaw in every conceivable software title, our EarlyAlert service warns you of critical flaws in many different products. Each alert also contains either a technical explanation, or a link to such an explanation, and a link to where you should go to update the software (when updates are available).
 
 
How to get EarlyAlerts
To view the latest EarlyAlerts, you can simply scroll down to the bottom of this page. Alerts are listed below by name. 
 
The best and easiest way to ensure you don't miss an EarlyAlert is to install our toolbar, which is available from the Toolbar page on our site's menu. That way you won't miss an alert as the toolbar will clearly display the number of new alerts and you can access it from any web page.
 
EarlyAlerts
28 February

Adobe PDF flaw
 
A critical security flaw was found in Adobe's Acrobat and Acrobat Reader software that could result in affected computers being taken over completely simply because a maliscious .PDF file was opened on such computers.
All Windows XP and Server 2003 computers with Internet Explorer 7, or Acrobat or Acrobat Reader installed are affected.
As of yet there is no patch available from Adobe.
An alternative PDF reader, Foxit Reader, is also affected but to a lesser extent. With Foxit Reader you will receive a prompt asking for your permission to run commands embedded in the PDF file. Provided you don't give your permission Foxit will be otherwise unaffected by this flaw.
In view of this we suggest that you remove Acrobat Reader and instead use Foxit Reader, which is available here: http://www.foxitsoftware.com/pdf/rd_intro.php
Additionally, do not open .PDF files sent to you unexpectedly by strangers.
 
 


12:19 GMT  |  Read comments(0)

07 February

Multiple critical security flaws in Firefox and other Mozilla products
 
A number of security flaws have been found in Mozilla software. Affected products include Firefox, Seamonkey and Thunderbird. These flaws range from allowing a remote attacker to steal file off affected computers to allowing remote attackers to get the Mozilla software to run Javascript of their choosing.
 
The Mozilla foundation has released patches and also advised users of its products to disable Javascript until patches are installed. Please note that many web sites will not function when Javascript is disabled.
 
Updates are available from http://www.mozilla.com and we also urge Mozilla users to use the auto-update feature of the software.
 
Versions affected are:
  • Mozilla Firefox versions prior to 3.0.6
  • Mozilla Thunderbird versions prior to 2.0.0.21
  • Mozilla SeaMonkey versions prior to 1.1.15
    •  


    02:42 GMT  |  Read comments(0)

    Nokia PC Suite critical flaw
     
    A critical flaw has been found in the way that the Nokia PC Suite software deals with playlist files. This flaw may be exploited by a remote attacker to run code of their choosing on affected computers. Depending on how the software is configured, a user receiving a playlist from somebody else may find that the software simply opens the playlist without asking for permission. In such cases, when presented with a specially created playlist, the software will automatically hand control of affected PC's to the remote attacker.
     
    Nokia currently has no updates available. We suggest a work-around of disabling the auto-opening of playlists and also to avoid accepting playlists from others.
     


    02:48 GMT  |  Read comments(0)

    23 December

    Merry Christmas!
     
    We wish you a very merry Christmas and a happy New Year!


    01:39 GMT  |  Read comments(0)

    16 December

    Wordpad security risk
     
    A new security risk was found in Wordpad.
     
    Wordpad installs as a default component of Windows and it has converters to add the ability to open documents in Microsoft Windows Write (.wri) and Microsoft Office Word 6.0, Microsoft Office Word 97, Microsoft Office Word 2000, and Microsoft Office Word 2002 (.doc) file formats. These text converters also allow users to save documents in the Word 6.0 file format.
     
    Currently there is no patch for this security risk, but there is a simple workaround to stop this risk. To implement the workaround, run the following command on your computer:
    echo y| cacls "%ProgramFiles%\Windows NT\Accessories\mswrd8.wpc" /E /P everyone:N
     


    14:28 GMT  |  Read comments(0)

    New Internet Explorer flaw
     
    A newly discovered vulnerability in Internet Explorer could allow a remote attacker to run code of their choosing on your computer. This flaw has even been reported on the BBC web site.
     
    This is a serious flaw that can leave you seriously exposed, but the situation is not quite as bad as some sources want to paint it.
     
    According to Microsoft (who announced the flaw) there are several measure you can do to reduce the risk to your computer, which are detailed here:
     
     
     


    14:21 GMT  |  Read comments(0)

    09 December

    Facebook virus
     
    Facebook users are directly targeted by a new virus called Koobface.
     
    Koobface attempts to intercept and record credit card details (amongst other things) or to recover such detail from stored locations on infected computers.
    It spreads by arriving as a message in people's Facebook inboxes, typically with the message "you look funny in this new video" or "you look just awesome in this new video".
    Clicking the link in the message will result in the the Facebook user being informed that they are about watch "secret video by Tom", followed shortly afterwards by an alert telling them that they need a newer version of Flash Player before they can watch the video.
     
    The software that then prompts the user to run is NOT a version of Flash Player, but is an installer for Koobface.
     
    We urge all our customers to ensure their computers are adequately protected with up-to-date anti-virus software, such as that from Trend.
     
    Should you have any doubts regarding the integrity of your own system, we would urge you to do a full scan of your system prior to changing all passwords.
     


    12:47 GMT  |  Read comments(0)

    31 October

    OpenOffice vulnerabilities
     
    Two new flaws were found in OpenOffice, either of which could lead to a computer running affected versions being completely taken over via the Internet.
     
    All versions of OpenOffice before version 2.4.2 are affected.
     
    The simplest fix is to upgrade to OpenOffice 3. OpenOffice also has an option to auto-update - we suggest you keep this activated so as to ensure you always have the latest version. You may download the latest version of OpenOffice from here: www.openoffice.org
     
     
     


    12:59 GMT  |  Read comments(0)

    F-Secure vulnerability
     
     
    A new vulnerability was found in several F-Secure software products. This flaw could lead to computers running affected versions of the software being completely taken over via the Internet.
     
    Affected versions are listed below:
     
    F-Secure Internet Security 2008
    F-Secure Internet Security 2007 Second Edition
    F-Secure Internet Security 2007
    F-Secure Internet Security 2006
    F-Secure Anti-Virus 2008
    F-Secure Anti-Virus 2007 Second Edition
    F-Secure Anti-Virus 2007
    F-Secure Anti-Virus 2006
    F-Secure Client Security 7.12 and earlier versions
    F-Secure Anti-Virus for Workstations 7.11 and earlier versions
    F-Secure Linux Security 7.01 and earlier versions
    F-Secure Anti-Virus Linux Client Security 5.54 and earlier versions
    Solutions based on F-Secure Protection Service for Consumers version 8.00 and earlier versions
    Solutions based on F-Secure Protection Service for Business version 3.10 and earlier versions
    F-Secure Home Server Security 2009
    F-Secure Anti-Virus for Windows Servers 8.00 and earlier versions
    F-Secure Anti-Virus for Citrix Servers 7.00 and earlier versions
    F-Secure Linux Security 7.01 and earlier versions
    F-Secure Anti-Virus Linux Server Security 5.54 and earlier versions
    F-Secure Anti-Virus for Linux Servers 4.65
    F-Secure Anti-Virus for Microsoft Exchange 7.10 and earlier versions
    F-Secure Internet Gatekeeper for Windows 6.61 and earlier versions
    F-Secure Internet Gatekeeper for Linux 2.16 and earlier versions
    F-Secure Anti-Virus for Linux Gateways 4.65
    F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier versions
    F-Secure Messaging Security Gateway 5.0.4 and earlier versions
     
    F-Secure has released patches that are available by following the following link: http://www.f-secure.com/security/fsc-2008-3.shtml
     


    12:52 GMT  |  Read comments(0)

    Multiple Internet Explorer flaws
     
    Six vulnerabilities were discovered in Internet Explorer, some of which could allow a remote attacker to completely take over an affected computer.
     
    Affected versions of Internet Explorer are listed below:
    Microsoft Internet Explorer 5.01
    Microsoft Internet Explorer 6 Service Pack 1
    Microsoft Internet Explorer 6
    Microsoft Internet Explorer 7

    The following link will take you to the Microsoft page from where you may download a patch:     http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx
    Please note systems set to auto-update will automatically receive the patch.
     
     


    03:31 GMT  |  Read comments(0)

    Excel vulnerabilities
     
    Three vulnerabilities were found in Microsoft Excel (and Excel web services), any one of which can allow a remote attacker to take complete control over affected computers, over the Internet.
     
    The following versions are affected:
    Microsoft Excel 2000 Service Pack 3
    Microsoft Excel 2002 Service Pack 3
    Microsoft Excel 2003 Service Pack 2
    Microsoft Excel 2003 Service Pack 3
    Microsoft Excel 2007
    Microsoft Excel 2007 Service Pack 1

    Microsoft Office 2000 Service Pack 3
    Microsoft Office XP Service Pack 3
    Microsoft Office 2003 Service Pack 2
    Microsoft Office 2003 Service Pack 3
    2007 Microsoft Office System
    2007 Microsoft Office System Service Pack 1
    Microsoft Office Excel Viewer 2003
    Microsoft Office Excel Viewer 2003 Service Pack 3
    Microsoft Office Excel Viewer
    Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
    Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
    Microsoft Office SharePoint Server 2007
    Microsoft Office SharePoint Server 2007 Service Pack 1
    Microsoft Office SharePoint Server 2007 x64 Edition
    Microsoft Office SharePoint Server 2007 x64 Edition Service Pack 1
    Microsoft Office 2004 for Mac
    Microsoft Office 2008 for Mac
    Open XML File Format Converter for Mac The following Microsoft article gives more information on the issue, as well as links from where to download patches:     http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx
    Customers using Microsoft Updates should have received this patched automatically.
     
     


    03:17 GMT  |  Read comments(0)

    19 August

    Windows Serious Security Risk
     
    A new and serious security hole was discovered in Microsoft Windows, which could allow a remote attacker to run code of their choosing on your computer, simply by getting you to visit a maliscious web site, or by opening a maliscious image file.
     
    Microsft has released fixes for this and those fixes are available here: http://www.microsoft.com/technet/security/bulletin/ms08-046.mspx
     
    The following versions of Windows are affected:
    Windows 2000 Professional (Service Pack 4)
    All versions of Windows XP
    All versions of Server 2003
     


    23:57 GMT  |  Read comments(0)

    PowerPoint Security Risks
     
    A number of new flaws were found in Microsoft PowerPoint. These flaws can be used to attack your computer, but you'd need to open a maliscious PowerPoint presentation first.
     
    Microsoft has released fixes, available here: http://www.microsoft.com/technet/security/bulletin/ms08-051.mspx
    As ever we strongly urge you to use Microsoft Update, which includes updates for most Microsoft products.
     


    23:51 GMT  |  Read comments(0)

    RealPlayer Security Risks
     
    Three serious security holes were found in RealPlayer. These holes could allow somebody else to take complete control of computers running RealPlayer, via the Internet.
     
    All affected versions are detailed below:
    RealPlayer 11
    RealPlayer 10.5
    RealPlayer 10
    RealPlayer Enterprise
    Mac RealPlayer 10.1
    Mac RealPlayer 10
    Linux RealPlayer 10

    If you have RealPlayer installed on your computer we suggest that you upgrade to the latest version without delay. You can start that by visiting this link: http://service.real.com/realplayer/security/07252008_player/en/

    Alerts brought to you by Nel-Barker.co.uk (c) 2008




    23:44 GMT  |  Read comments(0)

    iPhone and iPod Touch - many security risks found
     
    No less than thirteen serious security flaws have been found in Apple's iPhone and iPod Touch. These security flaws can lead to sensitive information stored on either device being disclosed to third parties, to display incorrect web sites when using the device to browse the web, or simply to cause a denial of service attack against the devices, thus preventing them from functioning.
     
    The versions of each device affected by these flaws are listed below:
    Apple iPhone from versions 1.0 to 1.1.4 inclusively
    Apple iPod touch from versions 1.1 to 1.1.4 inclusively

    Apple's advice is to upgrade to version 2.0 for either device.

    Alerts brought to you by Nel-Barker.co.uk (c) 2008




    23:18 GMT  |  Read comments(0)

    Coolplayer flaw
     
    Coolplayer is an media player and recently a serious security flaw was discovered in the software. This flaw can allow somebody to gain complete control via the Internet over a PC running Coolplayer.
     
    Affected versions of Coolplayer are version 219 and earlier. As far as we know there is no patch or fix for this matter, so we would urge you to remove Coolplayer from your computer.
     


    23:10 GMT  |  Read comments(0)

    09 July

    Multiple Firefox & Seamonkey flaws
     
    Twelve new critical security flaws have been found in Firefox and Seamonkey, and it affects the following versions:
     
    Mozilla Firefox versions prior to 2.0.0.15
    Mozilla Thunderbird versions prior to 2.0.0.15
    Mozilla SeaMonkey versions prior to 1.1.11
     
    Every one of the twelve flaws could allow somebody to take complete control of an affected computer via the Internet, so these flaws represent a massive risk to systems running affected verions of Firefox or Seamonkey.
     
    The solution is simple: upgrade to the latest versions. To upgrade to Firefox version 2.0.0.15 follow this link:
    http://www.mozilla.com/firefox/

    To upgrade to SeaMonkey version 1.1.11 follow this link:
    http://www.mozilla.org/projects/seamonkey/

    Alerts brought to you by Nel-Barker.co.uk Ltd (c) 2008




    00:56 GMT  |  Read comments(0)

    Microsoft Access Snapshot viewer critical flaw
     
    A critical flaw has been discovered in Microsoft Office's Access Snapshot viewer. This is a default component of all versions of Microsoft Office containing Access.
     
    The component that is at fault is a file called snapview.ocx. Currently there are no patches available against this flaw, but it is possible to prevent snapview.ocx from being loaded by Internet Explorer. When preventing it from being loaded you effectively stop this flaw from creating a security risk on your computer and it is done through a series of steps known as setting a kill bit.
     
    Please contact us should you wish to have this critical flaw plugged on your systems. We can do so on-site or we can supply you with a bespoke utility that will set the correct kill bit for you.
     


    00:42 GMT  |  Read comments(0)

    New Vista and Server 2008 security flaw
     
    A new security flaw was disclosed affecting all versions of Windows Vista, as well as Windows Server 2008. The flaw could lead to somebody taking complete control of affected computers via the Internet.
     
    Microsoft has released patches to address the problem and have also release this technical article:
     
    This flaw would be automatically patched on systems set to do automated Windows updates, something we urge you strongly to do.
     


    00:24 GMT  |  Read comments(0)

    01 July

    Fake PayPal e-mail
     
    A new fake PayPal message is being sent out, inviting customers to "verify" their detail on the PayPal site.
     
    PLEASE NOTE THAT PAYPAL WILL NEVER ASK YOU TO VERIFY YOUR PASSWORD IN THIS WAY. When receiving any message that claims to be from PayPal, ignore all links contained in the message and instead go directly to PayPal's site.
     
    A copy of the message is included below:
     
    Subject: PayPal password
    Importance: High

     
    Dear Member,
 
You indicated that you have forgotten your PayPal password.
 
Click the link below to verify this email address and other information:
************** FAKE LINK REMOVED ****************** 

 
Thank You
 
Yours sincerely, 
PayPal 
 
 
 
 
----------------------------------------------------------------
PROTECT YOUR PASSWORD
 
NEVER give your password to anyone, including PayPal employees. Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time you log in to your account.
 
 
----------------------------------------------------------------
 
 
Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link located in the top right corner of any PayPal page.
 
----------------------------------------------------------------
Copyright ©1999-2008 PayPal. All rights reserved.
 
PayPal (Europe) S.а r.l. & Cie, S.C.A.
Sociйtй en Commandite par Actions
Registered Office: 5th Floor 22-24 Boulevard Royal L-2449, Luxembourg
RCS Luxembourg B 118 349
 
PayPal Email ID PP316
 
    Alerts brought to you by Nel-Barker.co.uk Ltd (c) 2008


    08:22 GMT  |  Read comments(0)