Time Matters v. 11.1 is now available!

 

What’s new:

Improvement in Time Matters 11.1	Benefit to Customers
Integration with Exchange Server 2010	Allows firm members to synchronize their individual Time Matters calendars and contacts with Microsoft Outlook® for anytime access on their desktops or mobile phones. Enables firms to take advantage of the latest Exchange Server enhancements from Microsoft. Click here to see what's new in Exchange Server 2010.
Handling of recurring events in Exchange Server 2007 integration	Helps firms operate more efficiently-no need to manually re-enter or update multiple events in Time Matters when a recurring event is created or changed in Microsoft Outlook.
Import calendar events and contacts from previous Time Matters and Exchange Server 2003 and 2007 integrations	Reduces the time and cost required to upgrade to Exchange Server 2010.
Include and view the location and attending contact in Time Matters Mobility calendar events **Customers must previously have installed the most current version of the Time Matters Mobility Access Manager and subscribe to a current Time Matters Annual Maintenance Plan to access the feature.	Gives Time Matters Mobility users detailed information about an appointment on their Web-enabled smartphones or other mobile devices.
Quality improvements based on customer change requests	Addresses the issues customers have reported, helping the software continue to run smoothly.

If you have an annual Maintenance plan, this software upgrade is available to you at no cost.   If you have any questions regarding this upgrade, please call Glasser Tech at 516-762-0155.

Microsoft releases latest patches

 

Microsoft released nine new security bulletins fixing 21 vulnerabilities in all supported versions of Internet Explorer and the Windows operating system, Microsoft Office and .NET/Silverlight in its February Patch Tuesday release.

Four of the nine bulletins were rated "critical" because the vulnerabilities could result in remote code execution on the computer if exploited.

The critical bulletin addressing four flaws in all versions of Internet Explorer (MS12-010) should be top priority as attackers are increasingly relying on browser exploits to compromise users, security experts advised. These flaws can potentially be used in drive-by-downloads.

Even though the IE bulletin is rated as critical, the bugs were not publicly disclosed previously. Exploits targeting Windows Media have appeared within two weeks after Microsoft released a patch fixing remote code execution vulnerabilities (MS12-004) during January's Patch Tuesday release.

The .NET/Silverlight bug is applicable to both PCs and Macs as users browsing malicious Web pages can be hit by drive-by-download attacks.

The vulnerabilities in Internet Explorer and .NET/Silverlight may result in mass exploitation.

The Microsoft C Runtime flaw in Windows Media Player (MS12-013) is also dangerous as attackers could trick users in to opening a maliciously crafted media file. However, the attack vector is very limited, as the flaw does not affect Visual Studio or other third-party applications that dynamically link to msvcrt.dll.

Microsoft released two bulletins fixing the previously disclosed DLL-preload vulnerability this month.  Microsoft has patched various affected Microsoft applications 22 times to date. "It is safe to say we will continue to see the DLL preload vulnerability being addressed by Microsoft in the coming months," said Jason Miller, manager of research and development at VMware.

The DLL-preloading issue in the Color Control Panel (MS12-012) should probably have been rated as critical because there is a potential for remote code execution. This is important because the remote attacker would be limited to having the permissions of the logged in user.

The Office bulletin (MS12-015) fixes an issue in Visio Viewer. Visio is not as widely deployed as other Office programs, so many IT administrators may not have to worry about the issue.  The Visio vulnerability would likely be exploited in a spear phishing attack, where users would be tricked into opening a maliciously crafted Visio file.

Make sure your computers are up to date.  When Windows tells you that you have an update waiting, be sure to update your machine to protect against malicious attacks.

Patch for Internet Explorer to Avoid Drive by Downloads

 

Severity: High

Summary:

· This vulnerability affects: All current versions of Internet Explorer, running on all current versions of Windows (to varying extents)

· How an attacker exploits it: By enticing one of your users to visit a malicious web page

· Impact: Various; in the worst case an attacker can execute code on your user's computer, gaining complete control of it

· What to do: Deploy the appropriate Internet Explorer patches immediately, or let Windows Automatic Update do it for you

Exposure:

In a security bulletin released today as part of Patch Day, Microsoft describes four new vulnerabilities in Internet Explorer (IE) 9.0 and earlier versions, running on all current versions of Windows. Microsoft rates the aggregate severity of these new flaws as Critical.

The four vulnerabilities differ technically, but two of them share the same general scope and impact. These two issues involve memory corruption flaws related to the way IE mishandles various HTML objects. If an attacker can lure one of your users to a web page containing malicious web code, he could exploit either of these vulnerabilities to execute code on that user's computer by inheriting that user's privileges. Typically, Windows users have local administrative privileges, in which case the attacker gains complete control of your users' computers.

This update also fixes two less severe information disclosure vulnerabilities, which you can read more about in Microsoft's bulletin.

Today's attackers commonly hijack legitimate web pages and booby-trap them with malicious code. Often, even recognizable and authentic websites get hijacked in this way, and are forced to deliver drive-by download attacks. To avoid these types of attacks, we recommend that you install Microsoft's IE updates as quickly as you can.

Solution Path:

These patches fix serious issues. You should download, test, and deploy the appropriate IE patches immediately, or let Windows Automatic Update do it for you.

This link takes you directly to the “Affected and Non-Affected Software” section of Microsoft's IE bulletin, where you can find links for the various IE updates.

Adobe Flash Update Plugs 7 vulnerabilities

 

Summary:  

· This vulnerability affects: Adobe Flash Player 11.1.102.55 and earlier, running on all platforms. This also affects the Android version of Flash.

· How an attacker exploits it: By enticing your users to visit a website containing malicious Flash content

· Impact: In the worst case, an attacker can execute code on your computer, potentially gaining control of it

· What to do: Download and install the latest version of Adobe Flash Player

Exposure:

Adobe Flash Player displays interactive, animated web content called Flash. Though Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including some mobiles like Android.

In a security bulletin released yesterday, Adobe warned of seven vulnerabilities (based on CVE numbers) that affect Adobe Flash Player 11.1.102.55 and earlier running on all platforms (including Android). Adobe's bulletin doesn't describe the flaws in much detail. However, it does warn that if an attacker can entice one of your users to visit a malicious website containing specially crafted Flash content, he could exploit many of these unspecified vulnerabilities to execute code on that user's computer, with that user's privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PCs.

Adobe also warns that attackers are exploiting one of these flaws, a zero day XSS vulnerability, in the wild. If you use Adobe Flash Player in your network, we recommend you download and deploy the latest version throughout your network immediately to mitigate the risk of this current attack.

Solution Path

Adobe has released new versions of Flash Player (11.1.102.62 for computers and 11.1.11x.x for Androids) to fix these issues. If you allow Adobe Flash in your network, you should download and install the new versions immediately:

· Download Flash Player for your computer [any platform]:

· Download Flash f0r Android 4.x [Visit from your Android device]

· Download Flash Player for Android 3.x and below [Visit from your Android device]

Adobe’s Shockwave update will help you avoid attacks

 

Adobe’s shockwave update takes are of 9 critical vulnerabilities that affect Adobe Shockwave Player 11.6.3.633 for windows and Macintosh (as well as all earlier versions). 

Without this update, an attacker can exploit Adobe shockwave by enticing users to visiting a website containing malicious shockwave content.  This allows attackers to execute code on your computer, potentially gaining control of it.

 

What you should do:  If you allow use of Shockwave in your network, you should download and deploy the latest version (11.6.4.634) of Adobe Shockwave Player as soon as possible.  Click below.

 

  

 

Keeping your computers up to date helps prevent you from malicious attacks.   If you have any questions or need help downloading this latest version of Adobe Shockwave Player, please feel free to call our office at 516-762-0155.