Support Overview

Help Desk

Online Service Request

Emergency IT Support

Security Alerts

Computer Usage Tips

Security Alerts

Security Warning: Patch for Adobe Flash Player Vulnerability Being Exploited in The Wild

Adobe released a so called "out of band" patch for Flash Player to remove a vulnerability that is being actively exploited in the wild via large scale, targeted attacks against specific industries. Google Chrome browser and Windows 8 and later include Flash Player built-in. They will need to be updated separately. ITPS recommends ... read more >>>

Security Warning:  Vulnerability in Internet Explorer Being Actively Exploited in Targeted Attack
Updated 9/21/2012

A vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 is being actively exploited in a targeted attack to install the Poison Ivy backdoor Trojan horse program that hackers use to steal data or take remote control of PCs. read more >>>

Security Warning:  Emma Watson Tops 2012’s Most Dangerous Celebrities List #riskyceleb

Searches for Emma Watson, best known for her role as Hermione Granger in the Harry Potter movie series, yield nearly a one-in-eight chance of landing on a website that has tested positive for spyware, adware, spam, phishing, viruses or other malicious content according to McAfee's 6th annual Most Dangerous Celebrities™ research report.  read more >>>

Security Warning:   Mass SQL Injection Attack Targets ASP.NET Sites

Hackers have successfully planted malicious JavaScript on about 180,000 web pages that are built on the Microsoft ASP.Net platform.  The malicious script is using a so called "drive-by download" that does not require any user action (no need to open a file or click on a link) other than visiting a webpage that has been injected.  Web sites that you know and trust might have been affected.  The attacks take advantage of ...  read more >>>

Security Warning:  Unpatched Vulnerability in MHTML Being Exploited

A vulnerability in the Windows implementation of HTML that was first reported at the end of January is now being actively exploited in very targeted attacks.  A patch for this vulnerability is not yet available and it might require that websites install a patch.  For now, the best protection is to disable allowing scripts to run in MHTML documents.  read more >>>

Security Warning:  Emergency Patch for Microsoft ASP.NET Oracle Padding Vulnerability (MS10-070)

Microsoft released a so called "out of band" patch to fix a vulnerability in Microsoft ASP.NET that could potentially disclose sensitive information.

The vulnerability exists in ASP.NET due to improper error handling during encryption padding verification.  An attacker who successfully exploited this vulnerability could read any file within the ASP.NET application, including the web server configuration information, even if it was encrypted by the server. 

With any vulnerability that prompts an out-of-band patch, it is extremely critical that you address the vulnerability as soon as possible if you have vulnerable systems, but don't panic; most Windows systems will not be affected by this vulnerability.  
read more >>>

Security Warning:  Emergency Patch for Adobe Reader/Acrobat Vulnerability

Adobe released an emergency patch to fix three vulnerabilities in Adobe Reader and Acrobat:  (1) An integer overflow vulnerability related to how the software parses fonts, (2) a social engineering attack, and (3) Adobe Reader and Acrobat include a vulnerable version of Adobe Flash Player.  read more >>>

Security Warning: Critical Vulnerability in Adobe Flash, AIR, Reader, and Acrobat

A vulnerability affecting Adobe Flash is being actively exploited on the Internet. Adobe Flash Player and other Adobe applications that include the Flash runtime, such as Adobe Reader 9 and Acrobat 9, are also affected. 

Adobe released a patch for Flash Player on June 10, 2010.  Flash is included in other products independent of Flash Player.  Windows/Microsoft Automatic Updates will not install the Flash Player patch.  A patch is not yet available for Adobe Reader or Acrobat.  read more >>>

McAfee DAT 5958  Causing Windows XP Systems to Become Unusable

A false positive malware detection in McAfee DAT version 5958.0000 released on April 21, 2010  6:00 AM PDT (UTC -7) can cause Windows XP systems to become unresponsive, lose network connectivity, get stuck in a restart loop, and become difficult to use (lose task bar, lose icons, access denied, etc.).  read more >>>

Oracle Releases Emergency Patch for Java Deployment Toolkit Vulnerability

A vulnerability in the Java Runtime Environment is being actively exploited on the Internet.  The vulnerability was publicly disclosed on Friday, April 9th after Oracle (which recently purchased Sun Micro Systems, the maker of Java) said that they would not make an emergency patch for the vulnerability.  read more >>>

Microsoft to Release Out-Of-Band Patch for Internet Explorer on January 21st

A vulnerability in Internet Explorer that was used in attacks called "Operation Aurora" against Google, Adobe, and over 30 other companies has been publicly released. read more >>>

Security Warning: Adobe Reader and Acrobat Vulnerability Being Exploited

An un-patched vulnerability in Adobe Reader and Acrobat (for reading and creating PDF documents) is being actively exploited on the Internet.  Adobe is not planning to release a patch until January 12, 2010.  read more >>>

Windows  Automatic Update or Microsoft Update web site getting Error 403 - Access Forbidden

When using Automatic Update or the Windows/Microsoft Update web site, you might received the error "403 - Access forbidden - You do not have permission to view this directory or page using the credentials that you supplied."  We are seeing many reports of people getting this error since yesterday.

This appears to be caused by ... read more >>>

Security Watch: Microsoft Out-of-Band Patches for ATL

Microsoft released two security bulletins today--one Internet Explorer bulletin and one Visual Studio bulletin--in a so called Out-of-Band release (outside their normal schedule of the second Tuesday of each month).  We previously warned that the flaw in Microsoft Video ActiveX control is deeper than the patch in Microsoft security bulletin MS09-032. These two security bulletins address that deeper flaw.

The fact that these security bulletins were released out-of-band is an indication that Microsoft feels ... read more >>>

Security Warning: Vulnerable Adobe Flash Being Exploited in The Wild

A vulnerability affecting Adobe Flash is being actively exploited in limited, targeted attacks on the Internet. Adobe Flash Player and other Adobe applications that include the Flash runtime, such as Adobe Reader 9 and Acrobat 9, are also affected. There is currently no vendor patch available.

Adobe expects to release a patch ... read more >>>

Security Watch: Vulnerability in Microsoft Video ActiveX Deeper Than Current Fix
Updated 7/24/2009

The vulnerability in the Microsoft Video ActiveX control that is being exploited on the Internet, which we previously warned about, and for which Microsoft released security bulletin MS09-032 on so-called Patch Tuesday in July, goes deeper than most people realized.  Microsoft announced that they are planning an out-of-band security update that we are assuming is to fix this vulnerability, not just avoid it as the previous patch did.

The patch in Microsoft security bulletin MS09-032 does not fix the vulnerability ... read more >>>

Security Warning: Vulnerability in Microsoft Office Web Components Control Being Exploited in The Wild

Since yesterday, IT Professional Services has been monitoring a vulnerability in Microsoft Office Web Components Control that is being exploited on the Internet.  Yesterday the SANS Internet Storm Center raised the Infocon threat level status to yellow for 24 hours to raise awareness of active exploitation of the Office Web Components ActiveX vulnerability.  So far we know of a couple hundred web sites (mostly in China (.cn)) that are hosting this exploit, but we expect ... read more >>>

Security Warning: Vulnerable Microsoft Video ActiveX Control Being Exploited in The Wild
Updated 7/14/2009

On so-called Patch Tuesday in July Microsoft released security bulletin MS09-032 with a patch for a vulnerability in a Microsoft Video ActiveX Control (msVidCtl) that is being actively exploited on the Internet through drive-by downloads.  Initially, there were limited in-the-wild attacks; however, the vulnerability is now being exploited to a greater extent, and exploit code has been publicly published (making it easier for more use of the exploit).  Currently the vulnerability is mostly being exploited by web sites in China where thousands of hacked web sites have the malicious code added.  Many of these web sites would not be considered irreputable.  The web sites appear to have been compromised using an exploit kit.  The scope of this attack is likely to increase.

ActiveX control are one of the top targets of malicious web exploit toolkit developers. ... read more >>>

Security Warning: New Variant Conflicker Worm to Activate on April 1

The Conflicker worm is the most prolific malicious software ("malware") to appear since the SQL Slammer worm epidemic of 2003.  Researchers claim that today 1 in every 16 PCs across the world is affected by Conflicker Worm and the worm had now infected an estimated 12 million or more PCs worldwide.

A new variant (C) of the Conflicker worm was discovered on March 6, 2009.  Researchers have found that the worm is set to take some action on April 1st ...  read more >>>

Tricks that Could Potentially Open Up Your Computer to Attacks by Malicious Software

A recent study conducted by North Carolina State University psychology researchers found that most Internet users are susceptible to tricks that could potentially open them up to attacks by malicious software.

A common way that bad guys try to ... read more >>>

Just Say "No" to E-Cards

Most people never consider the dangers of e-cards, and unfortunately, there are plenty of dangers. Since there are quite a few e-card scams going around right now, we want to help you make sure you don't become an e-card scam victim.

We recommend... read more >>>

Privacy Policy

© 2009-2013 IT Professional Services All rights are reserved.  (805) 650-6030