KDE Security Advisory: URI Handler Vulnerabilities

Similar Messages

• Microsoft Security Advisory (979267) on Flash Player 9

  Someone plaease answer this.
  We are currently using Adobe Flash player 9 on Windows XP operating system. We would like to know if Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP, could Allow Remote Code Execution mentioned in Microsoft Security Advisory (979267), is resolved in Flash Player 9? For more details on vulnerability please refer "Microsoft Security Advisory (979267)".
  Since we have security related issue with this please consider this call at high priority.
  ~
  Satu28

  Updated:
  Flash player 10.2.159.1
  Uninstall the old: http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe
  Install the new for IE: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player_ax.exe
  Plugin for other browsers: http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe
  ThinkPad: T530 / X1 Gen 2 / Helix - Yoga: Tablet 2 Pro (Win) / Yoga 3 Pro
  If you find a post helpful and it answers your question, please click the "Accept As Solution" button.
  Lenovo Advocate ~ I am not employed by Lenovo or Microsoft. I am a volunteer.
  Microsoft MVP - Consumer Security
  SpywareHammer

• Cisco Security Advisory: OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

  Hello Experts,
  I need to rule out that we have affected openSSL version 1.0.1 running on our devices. I need to know what is the version of openSSL that is current on the following platforms:
  Cisco PIX
  Cisco FWSM
  Cisco ISR
  Cisco VPN Concentrator
  I know ASA runs 0.9.8f and I know that PIX and Concentrator are very old, and they might run an older version, however for a security assessment I need to rule those out too.
  Does anyone know what is the version for these platforms?
  Thanks in advance.

  The definitive source is and will continue to be the Cisco Security Advisory. It has already been updated several times today. Please keep checking back to it at the following URL:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
  That said, the Pix and VPN Concentrator development and code release ended prior to the release of openssl with the vulnerability so I would hazard an educated guess that you won't have any problems with respect to this particular vulnerability. THAT said, if you're concerned about security vulnerabilities why are you running products with associated code that has not had other documented bugs and vulnerabilities patched for at least several years?
  The ISR G2 will almost certainly depend on the IOS level and whether you are using any of the ssl-related features.

• Security advisory for ASA

  Greeting
  On cisco security advisory (http://www.cisco.com/en/US/products/products_security_advisory09186a0080a994f6.shtml) said the recommended version for 7.2 is 7.2(4)30.
  Could anyone advice me about the 7.2(4)30. I know the version like 7.2(4), not 7.2(4)30. what the 30 means?
  Any comments will be appreciated
  Thanks in advance

  Julie
  I was puzzled for a bit about where to get this software that provides fixes for these vulnerabilities. But then I figured it out. If you look in the advisory that is a section with title:
  Software Versions and Fixes
  and if you look in that section you will find this explanation:
  Fixed Cisco ASA software can be downloaded from:
  http://www.cisco.com/pcgi-bin/tablebuild.pl/ASAPSIRT
  The fixed software/interim releases are available through that link.
  Note that the advise in the section Customers with Service Contracts about obtaining fixed software does not point you in the right direction and the fixed software is not available through the link that it provides.
  HTH
  Rick

• Study security related exception handling in Java

  Hi all,
  I am required to do an indepth study on security-related exception handling in Java, their Pluses and minuses... Can ppl suggest me places where I can get a kick start? Any resource that u know can help me out?
  I appreciate ur help in this regard...FYI, I am a grad student and I am doing this as a part of my course-work...I am writing up a report on this...
  Thanx a bunch, in advance for ur help ppl..

  Take a look at the JAAS API and docs.
  - Saish

• How to disable security advisory

  hi all..
  it was sad that J2SE 5.0 had fixed the problem of turning the security advisory though we use policy files.
  did any one of you tried to find any ALTERNATIVE solution to this issue
  because i hate to see security advisory pop ups when access made to local files
  let me know

  In particularly their is no disable function provided by mozilla. Their might have been ways in previous versions. But now it's Major topic discussed on the internet. Im having the same problem too, im not able to access some websites, and mostly which is dealt with money and trade.

• Security Advisory (How to apply)

  I have a ?.  I checked the latest Security Advisory registry fix and noticed that the registry root involved is HKEY_CURRENT_USER.  I checked the registry and saw the key in the account I applied the fix, but not in other accounts.  My question is "Do I need to merge this key with each account I use Adobe Reader on?".

  Hi Ankit
  when you implemented this Note in DEV system and also deleted the report manually, it did ask for access key, both for develper access key and the object change access key, right ?
  Now, the thing is that, when the access keys are requested form marketplace to change any object in SAP system, those are requested as per 'Installation Number'. In other words, when you utilized the access key to change or delete that object/report in system DEV, then that access key was not particular to the DEV system but it was particular to the 'Installation number' of your SAP system i.e. DEV system.
  now, since you want this change/transport into QA/PRD systems of the landscape, it doesn't need you to delete the report again manually or you can say it doesn't require the 'access key' again because the 'installation number' normally same throughout the landscape and the object is already changed once as per the installation number !
  So, you can implement the Note in QA/PRD just by importing the transport.
  I hope this clears your doubt.
  Bhudev

• When attempting to download, in the Launch Application panel, it says ..."this link needs to be opened with an application" and shows send to "CC URI Handler", but also Choose an application.  How do I get past this point, as neither option seems to work?

  When attempting to download, in the Launch Application panel, it says ..."this link needs to be opened with an application" and shows send to "CC URI Handler", but also Choose an application.  How do I get past this point, as neither option seems to work?

  Code 6 & Code 7 http://helpx.adobe.com/creative-suite/kb/errors-exit-code-6-exit.html
  or
  A chat session where an agent may remotely look inside your computer may help
  Creative Cloud chat support (all Creative Cloud customer service issues)
  http://helpx.adobe.com/x-productkb/global/service-ccm.html

• What is the recommended action in response to Adobe's 6-4-10 security advisory for Flash Player?

  Adobe security advisory: http://www.adobe.com/support/security/advisories/apsa10-01.html
  "A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems..."
  Is the Flashblock 1.5.13 addon capable of preventing this vulnerability? I hesitate to install this because of the recent poor user reviews.
  Any suggestions or advice are appreciated. Thank you.

  Hi Bill.
  Flashblock will block Flash objects from running unless you explicitly allow them. I used to use Flashblock but I haven't in quite some time. So, yes, it will do the job. I only see one double-posted bad review for Flashblock. The average rating is still 5 stars.
  Instead I use [https://addons.mozilla.org/en-US/firefox/addon/722 NoScript], which blocks Flash, other plugins, and all page scripts unless explicitly allowed by you. It might be overkill to deal with this vulnerability.
  You could disable the Flash plugin until you are sure you are on a safe site that needs it, such as YouTube, in Tools -> Add-ons -> Plugins.
  You could also try the [http://labs.adobe.com/technologies/flashplayer10/ pre-release of Flash 10.1], which, according to Adobe, does not seem to be vulnerable. Make sure to follow instructions to uninstall any previous Flash version before installing 10.1. I have been using it without problems for awhile.
  You may be fine as long as you avoid unfamiliar sites. Once a malicious site is reported, Firefox will block it with the built in attack site and phishing site protection.

• Microsoft Security Advisory 2963983

  https://technet.microsoft.com/library/security/2963983
  I called MS today not sure i had the right department, but the gentleman didn't know what I was referencing does anyone know of a site to get up to date information of this issue and when MS plans on releasing a patch?
  Also were advising everyone to disable the Adobe flash in internet explorer Add-on's, anything else that we can do to remedy this is greatly valued.
  Thank you,

  Summary:
  For more information on these and other remediation options, please see
  Security Advisory 2963983.  Additional information on this limited, targeted attack can be found on the
  MSRC blog. 
  IE is widely recognized as the most secure browser against socially-engineered malware, the most common form of attack, blocking 99.9% of malware in a
  recent NSS Labs test. 
  We encourage you to consider upgrading to the latest version of IE for improved security features such as Enhanced Protected Mode, better backward compatibility through
  Enterprise Mode, increased performance, and support for the modern web standards that run today’s websites and services.
  On April 26, 2014, Microsoft released a
  Security Advisory (2963983) to notify customers of a vulnerability in IE.  At this time we are aware of limited, targeted attacks.  We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is
  finalized.
  Guidance on suggested mitigations:
  Our investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in IE10 and IE11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, could help protect against this potential
  risk.  We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.
  The Enhanced Mitigation Experience Toolkit 4.1: (EMET)
  helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit.  EMET 4.1 is supported by Microsoft, and is automatically configured to help protect Internet Explorer.  EMET
  can also be configured using Group Policy.  For more information, see
  Microsoft Knowledge Base Article 2458544.
  More details:
  Deploy the Enhanced Mitigation Experience Toolkit 4.1
  Pros:  Blocks potential exploits of this vulnerability
  Cons:  May be incompatible with some web apps
  Enable Enhanced Protected Mode
  Pros: Blocks potential exploits of this vulnerability
  Cons:  May be incompatible with some web apps; not available on 32-bit Windows 7
  Businesses who have upgraded to IE11 or IE10 can enable
  Enhanced Protected Mode
  (EPM) for additional security protection.   On Windows 8 and Windows 8.1, EPM is enabled by default for the modern, immersive browsing experience.  Customers using the touch-friendly IE11 browser on Windows tablets, for example, are already
  using EPM and may not be susceptible to this and similar attacks.   
  Enhanced Protected Mode can be enabled and managed through Group Policy.  To manually enable EPM in IE, perform the following steps:
  On the IE Tools menu, click Internet Options.
  In the Internet Options dialog box, click the Advanced tab, and then scroll down to the Security section of the settings list.
  Ensure the checkboxes next to Enable Enhanced Protected Mode and Enable 64-bit processes for Enhanced Protected Mode (for 64-bit systems) are selected.
  Click OK to accept the changes and return to IE.
  Restart your system.
  While Enhanced Protected Mode provides significant additional protection, it may not be compatible with some add-ons and enterprise web apps.  Also, while EPM is available for
  64-bit Windows 7, it is not an option for 32-bit Windows 7 installations. 
   Unregister VGX.DLL
  Pros:  Relatively simple workaround
  Cons:  May not protect against other exploits
  Known attacks currently take advantage of VGX.DLL, which provides support for Vector Markup Language (VML).  VML is not natively supported by most web browsers today,
  so this remediation option may have the least impact on enterprise web app compatibility. 
  To unregister VGX.DLL:
  Click Start, click Run, and type "%SystemRoot%\System32\regsvr32.exe" /u /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
  After an update has been released and installed, you can re-register VGX.DLL with:  "%SystemRoot%\System32\regsvr32.exe" /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
  These commands can be issued as batch files via Microsoft System Center Configuration Manager or other infrastructure management solutions. 
  Rob^_^

• Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks

  I recieved this Cisco Advisory e-mail today. I have 1200 access points that I upgraded yesterday to 12.3(7)JA2, in which this problem was corrected. In the advisory it states to upgrade to this software release and to make a configuration change on each radio interface. I made this change on Dot11Radio0 interface and it took. I have 2 more interfaces ( Dot11Radio0.2 and Dot11Radio0.75) in which I get an error when I try to make this configuration change. I don't quite understand these interfaces, so I would like to know if I really need to make this change on the other 2 interfaces or is making the change on the 1st one enough. Any information is certainly appreciated. Thanks, Laurie Coles

  Since you have subinterfaces configured, you are apparently using
  VLANs on your APs. The ARP table is only relevant for the VLAN
  with the management IF, that is the native VLAN.
  For all other VLANs it's simply bridging, therefore no ARP table,
  and therefore this vulnerability doesn't apply here.
  So your only concern should be the native VLAN, and unless you
  need wireless access for managing your APs the best way for
  securing this would be to not configure a SSID for this VLAN.
  Then the only access to the AP would be over the Ethernet-IF.
  The security advisory is more important for APs configured
  without VLANs where wireless clients and the management IF
  of the AP are in the same (W)LAN.

• Microsoft security Advisory 2028859

  A serious security flaw has been found in Windows 7 systems running Aero.Untill microsoft releases a security patch users can disable the Aero theme to  prevent the issue from being exploited.
  To disable Windows Aero by changing the theme, perform the following steps for each user on a system:
  Click Start, select the Control Panel, and then click on Appearance and Personalization.
  Under the Personalization category, click on Change the Theme.
  Scroll to the bottom of the listed themes and select one of the available Basic and High Contrast Themes.
  For further information go through the below given link 
  http://www.microsoft.com/technet/security/advisory/2028859.mspx
  The above mentioned vulnerability only affects Windows 7 and Windows server 2008 R2 users.
  Cheers and regards,
  • » νιנαｿѕαяα∂нι ѕαмανє∂αм ™ « •
  ●๋•کáŕádhí'ک díáŕý ツ
  I am a volunteer here. I don't work for Lenovo

  Here is more information on Microsoft security advisory 2269637, mitigating it from Cisco devices:
  Vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=21268
  Mitigation buletin: http://tools.cisco.com/security/center/viewAlert.x?alertId=22317
  All security related advisories for cisco can be found from the Cisco SIO (Security Intelligence Operations):
  http://tools.cisco.com/security/center/home.x
  Hope that helps.

• Remove a contact using Skype URI Handler

  The Skype URI handler allows us to add contacts, call contacts and many other options using a syntax similar to skype:<skypename>?add
  Is there a similar way to remove a skype contact from my list?
  Thank you in advance.

  So if I wanted to use a csv file to port in names for the $member, would that work with this also?
  Just as an example if you're not sure how to do this:
  Import-Csv .\userList.csv | ForEach {
  $member = $_.Name
  Write-Output "Current member: $member"
  This assumes the header of your CSV is 'Name'. You can change that if necessary.
  Don't retire TechNet! -
  (Don't give up yet - 13,085+ strong and growing)

• Microsoft Security Advisory (2269637)

  Microsoft Security Advisory (2269637)
  Insecure Library Loading Could Allow Remote Code  Execution
  This  vulnerability came out in August and is there a signature that will cover this in the ips and if not is there an idea if one is being reviewed?

  Here is more information on Microsoft security advisory 2269637, mitigating it from Cisco devices:
  Vulnerability alert: http://tools.cisco.com/security/center/viewAlert.x?alertId=21268
  Mitigation buletin: http://tools.cisco.com/security/center/viewAlert.x?alertId=22317
  All security related advisories for cisco can be found from the Cisco SIO (Security Intelligence Operations):
  http://tools.cisco.com/security/center/home.x
  Hope that helps.

• Microsoft Security Advisory 3046015

  One of the workarounds for Microsoft Security Advisory 3046015 is to disable the RSA key exchange ciphers in Windows Vista and later systems by modifying the SSL Cipher Suite
  order in the Group Policy Object Editor but the cipher list in the Advisory is 1185 characters long but the max size for that GPO setting (SSL Cipher Suite order) is 1023 characters.

  Hi,
  Thank you for your update and feedback. It will be very beneficial for other community members who have similar questions.
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]