As per Sanjay’s earlier blog, the Independence Day offer of Quick Heal Technologies, provided three additional months of updates for free if the Quick Heal product was activated on 14th, 15th or 16th August 2010.

Due to the popular demand of this offer Quick Heal Technologies has extended the offer till 18th August 2010. So grab your copy of Quick Heal, and activate it immediately.

Users of iPad, iPhone and iPod Touch and can heave a sigh of relief as Apple has kept its word and released a security patch for a vulnerability that could have exposed the concerned devices to malicious attacks.

The vulnerability existed in Apple’s Safari browser and the way it handled Adobe Acrobat PDF documents. For example, if a PDF file containing malicious code was downloaded using Mobile Safari browser it gave remote attackers a chance to take complete control of a vulnerable device. This exploit was also said to have imitated JailbreakMe utility that allowed iPhone users to run non-Apple approved applications.

The iOS 4.0.2 update for iPhone and iPod Touch can be downloaded and installed using iTunes. For additional information, visit Apple's support advisory HT4291. The same process can be used to update Apple iPads to version 3.2.3 of iOS, with detailed information about the vulnerability published on Apple's support knowledgebase.

I will recommend Apple iPad, iPhone and iPod Touch users to apply this patch on priority otherwise the exposed devices may be prone to malicious attacks.

Microsoft has released its security bulletin for August 2010. This month Microsoft has released 15 bulletins, addressing total 32 vulnerabilities.

Out of the 15 bulletins, nine bulletins have been rated "Critical" and six bulletins have been rated "Important". 11 bulletins are related to "Remote Code Execution" vulnerability and four bulletins are related to "Elevation of Privilege" vulnerability.

The following vulnerabilities have been rated “Critical”:

- Bulletin MS10-046 resolves vulnerability in Windows Shell that could allow remote code execution if the icon of a specially crafted shortcut is displayed in Microsoft Windows operating system.
- Bulletin MS10-049 resolves two vulnerabilities in Secure Channel (SChannel) security package in Windows that could allow remote code execution if a user visits a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser, in Microsoft Windows operating system.
- Bulletin MS10-051 resolves vulnerability in Microsoft XML Core Services that could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer, in Microsoft Windows operating system.
- Bulletin MS10-052 resolves vulnerability in Microsoft MPEG Layer-3 audio codecs that could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content, in Microsoft Windows operating system.
- Bulletin MS10-053 resolves six vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted Web page using Microsoft Internet Explorer.
- Bulletin MS10-054 resolves three vulnerabilities in Microsoft Windows that could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system, in Microsoft Windows operating system.
- Bulletin MS10-055 resolves vulnerability in Cinepak Codec that could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content, in Microsoft Windows operating system.
- Bulletin MS10-056 resolves four vulnerabilities that could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message, in Microsoft Office.
- Bulletin MS10-060 resolves two vulnerabilities that could allow remote code execution on a client system, if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in convincing a user to run a specially crafted Microsoft .NET application.

The following vulnerabilities have been rated “Important”:

- Bulletin MS10-047 resolves two vulnerabilities that could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application, in Microsoft Windows operating system.
- Bulletin MS10-048 resolves four vulnerabilities in Windows kernel-mode drivers that could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application in Microsoft Windows operating system.
- Bulletin MS10-050 resolves vulnerability in Windows Movie Maker that could allow remote code execution if an attacker sent a specially crafted Movie Maker project file and convinced the user to open the specially crafted file in Microsoft Windows operating system.
- Bulletin MS10-057 resolves vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Excel file.
- Bulletin MS10-058 resolves two vulnerabilities that could allow elevation of privilege due to an error in the processing of a specific input buffer in Microsoft Windows operating system.
- Bulletin MS10-059 resolves vulnerability in Tracing Feature for Services that could allow elevation of privilege if an attacker runs a specially crafted application in Microsoft Windows operating system.

The above bulletins released this month provides security updates for Microsoft Windows operating system, Microsoft Office, Microsoft Internet Explorer, Microsoft .NET Framework and Microsoft Silverlight.

For detailed information of all the bulletins and the corresponding vulnerabilities addressed, please visit Microsoft Security Bulletin Summary - August 2010 page.

I will recommend users to set Windows Update in Install updates automatically mode. So the important patches get applied automatically.

Microsoft has released its security bulletin for July 2010. This month Microsoft has released four bulletins, addressing total five vulnerabilities.

All four bulletins are related to “Remote Code Execution” vulnerability. Out of the four bulletins, three bulletins are rated “Critical” and one bulletin is rated “Important”.

The following bulletins have been rated “Critical”:

- Bulletin MS10-042 resolves a vulnerability that could allow remote code execution if a user views a specially crafted Web page using a Web browser, or clicks a specially crafted link in an e-mail message for Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003.
- Bulletin MS10-043 resolves a vulnerability that could allow remote code execution in the Canonical Display Driver (cdd.dll) for 64-bit Windows 7 and Windows 2008 Server R2.
- Bulletin MS10-044 resolves two vulnerabilities that could allow remote code execution if a user opened a specially crafted Office file or viewed a Web page that instantiated Microsoft Access ActiveX controls.

The following bulletin have been rated "Important":

- Bulletin MS10-045 resolves a vulnerability that could allow remote code execution if a user opened an attachment in a specially crafted e-mail message using an affected version of Microsoft Office Outlook.

The security bulletins released this month provide security updates for Microsoft Windows operating systems and Microsoft Office. For detailed information of all the bulletins and the corresponding vulnerabilities addressed, please visit Microsoft Security Bulletin Summary - July 2010 page.

I will recommend users to set Windows Update in Install updates automatically mode. So the important patches get applied automatically.

I recently received a mail with the subject line “Mercedes Benz Promotion (Test Questions)”. The subject line was a clear indication that a scam was in the offering. Scammers always keep changing their techniques and try to exploit scenarios that might lure people to fall for their trap.

In this scam, the scammers have tried to tempt the recipients with £ 1,850,000 (One Million Eight Hundred and Fifty Thousand Great Britain Pounds). They have also tried to capitalize on the brand value of Mercedes as the subject line “Mercedes Benz Promotion (Test Questions)” can tempt most recipients of the mail to check out its contents.

Scammers have also tried to make the mail look realistic, by sympathizing with the people who lost their jobs in the recent recession, and showing their concern by offering them a reward to help ease their burdens. The mail contains three trivia-based questions on Mercedes that also adds a touch of genuineness to the mail. The recipients need to send the right answers and personal details like Name, Sex, Phone Number, Country and Occupation to a specified email address.

Please be aware that the sole purpose of such mails is to extract personal information from the recipients. Most of the time recipients, who have fallen for such traps, have ended up paying their savings to scammers.

So I would request the recipients to not trust such emails and delete them immediately. While receiving this mail, Quick Heal AntiSpam automatically filtered it as SPAM.

A copy of the entire mail follows:

In my earlier blog, I had mentioned how scammers had used current events such as “FIFA World Cup 2010” to launch fraudulent scams. But in this latest scam a sly approach has been taken by scammers to extract personal infromation from victims.

I recently received a mail with the words LOAN APPLICATION in the subject line of the mail. The matter of the mail asked the recepients if they had bad credit or if they needed instant cash to upgrade their business. It also contains a form which the user had to fill out to obtain loan from the respective organization. The form requests personal information from the user like Name, Sex, Address, Telephone Number, Scanned copy of Passport or Driver’s License, etc.

Please be aware that such mails are sent by scammers whose sole purpose is to extract personal information from users. Most of the time users, who have fallen for such traps, have ended up paying their savings to scammers.

So I would request users to not trust such emails and delete them immediately. While receiving this mail, Quick Heal AntiSpam automatically filtered it as SPAM.

A copy of the entire mail follows:

Adobe has released a Security Bulletin on the second week of June that lists out vulnerabilities identified for the following software:

- Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris
- Adobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux

A total of 32 vulnerabilities were identified. Adobe has categorized these vulnerabilities as 'Critical' and recommends all affected users to update their installations to the newest versions.

Users of Adobe Flash Player 10.0.45.2 and earlier versions can update to Adobe Flash Player 10.1.53.64 by downloading it from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted.

Users of Adobe AIR 1.5.3.9130 and earlier versions can update to Adobe AIR 2.0.2.12610 by downloading it from the Adobe AIR Download Center.

I recommend users of Adobe Flash Player and Adobe AIR 1.5.3.9130 to update to the newest versions, as the mentioned vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. For detailed information of the Security Update please visit Adobe’s Security Bulletin page.

Microsoft has announced that it will discontinue support for Windows XP Service Pack 2 and Windows 2000 after July 13, 2010. Support for Windows Vista Release to Manufacturing (RTM) has already been discontinued since April 2010.

Microsoft has also announced that users with unsupported version of Windows or Service Pack will not be eligible for any support options. Updates, including security updates released with bulletins from the Microsoft Security Response Center, will be reviewed and built for the supported versions and service packs only.

To know complete details of this announcement please visit the following webpage: http://www.microsoft.com/windows/enterprise/products/windows-7/end-of-support.aspx

Microsoft has released its security bulletin for June 2010. This month Microsoft has released 10 bulletins, addressing total 30 vulnerabilities.

Out of the 10 bulletins three bulletins have been rated “Critical” and seven bulletins have been rated “Important”. Six bulletins are related to “Remote Code Execution” vulnerability, three bulletins are related to “Elevation of Privilege” vulnerability and one bulletin is related to "Tampering" vulnerability.

The following vulnerabilities have been rated Critical:

• Bulletin MS10-033 resolves two vulnerabilities in media decompression and could allow remote code execution in Microsoft Windows operating system.


• Bulletin MS10-034 resolves two vulnerabilities for ActiveX Kill Bits and could allow remote code execution in Microsoft Windows operating system.


• Bulletin MS10-035 resolves six vulnerabilities that could allow remote code execution in Microsoft Windows operating system and Microsoft Internet Explorer.

The following vulnerabilities have been rated Important:

• Bulletin MS10-032 resolves three vulnerabilities in Windows kernel-mode drivers that could allow elevation of privilege in Microsoft Windows operating system.


• Bulletin MS10-036 resolves vulnerability in COM validation that could allow remote code execution in Microsoft Office.


• Bulletin MS10-037 resolves vulnerability in the open type Compact Font Format (CFF) driver that could allow elevation of privilege in Microsoft Windows operating system.


• Bulletin MS10-038 resolves fourteen vulnerabilities that could allow remote code execution in Microsoft Office.


• Bulletin MS10-039 resolves three vulnerabilities that could allow elevation of privilege in Microsoft SharePoint Server.


• Bulletin MS10-040 resolves vulnerability that could allow remote code execution in Internet Information Services (IIS) of Microsoft Window operating system.


• Bulletin MS10-041 resolves vulnerability that could allow tampering in Microsoft .NET Framework.

The above bulletins released this month provide security updates for Microsoft Windows operating systems, Microsoft Office, Microsoft Internet Explorer, Microsoft SharePoint Servers, Microsoft SharePoint Services and Microsoft .NET Framework.

For detailed information of all the bulletins and the corresponding vulnerabilities addressed, please visit Microsoft Security Bulletin Summary - June 2010 page.

I will recommend users to set Windows Update in Install updates automatically mode. So the important patches get applied automatically.

Adobe has released an update for Adobe Photoshop CS4 to provide remedial measures for the vulnerabilities identified in Adobe Photoshop CS4 11.0.1 and its earlier versions. The vulnerabilities identified in Adobe Photoshop CS4, allows an attacker to take control of an affected system whenever a user opens a malicious file having extensions like ‘.ASL’, ‘.ABR’ or ‘.GRD’.

Adobe has categorized these vulnerabilities as ‘Critical’ and encourages all customers to update their installations to Adobe Photoshop 11.0.2. The vulnerabilities identified do not affect Adobe Photoshop CS5.

Adobe Photoshop CS4 users are recommended to download and apply this update. For detailed information of the Security Update please visit Adobe’s Security Bulletin page.

This blog is the second part of Prominent and efficient tools of Quick Heal Admin Console blog series. In this part, I will provide information about the inception and features of yet another prominent and efficient tool of Quick Heal Admin Console i.e. Quick Heal Admin Console Standalone Update Manager.

Let me tell you how Quick Heal Admin Console Standalone Update Manager was conceptualized. Quick Heal Admin Console, installed on the server uses its integrated Update Manager tool to fetch updates from Quick Heal Internet Center and the clients on the network, in turn fetches the updates from Quick Heal Admin Console. Many organizations have network setups in which the server was not connected to the Internet for security concerns or other reasons. If Quick Heal Admin Console is installed on such network setups then the console installed on the server will not receive updates from Quick Heal Internet Center, and in turn the clients would not receive the updates from the console.

To tackle this scenario we came up with Quick Heal Admin Console Standalone Update Manager tool which will fetch updates on behalf of Quick Heal Admin Console.

I will now list out the steps that can help the administrator to easily and efficiently deploy Quick Heal Standalone Update Manager.

1. Quick Heal Admin Console Standalone Update Manager needs to be installed on a Windows-based system on the network that is connected to the Internet.

2. Please verify the Updates downloaded for Quick Heal Clients. You can uncheck Quick Heal AntiVirus for Linux in case your network doesn’t have Linux systems.

3. The system having Quick Heal Admin Console Standalone Update Manager will download the updates to the default location or to the location of your choice.


4. The path or location where the updates are downloaded will be configured as a website using IIS or Apache web server (IIS or Apache needs to be installed, if it is not already installed on the system). The URL of the configured website will be used by the Update Manager, integrated with Quick Heal Admin Console on the server.


Once these settings are applied the Quick Heal Admin Console installed on the server will fetch the updates from the system having Quick Heal Admin Console Standalone Update Manager.

This tool is freely available for download from following webpage: http://www.quickheal.co.in/admin40.asp

To know more about the deployment, functionalities and working of Quick Heal Admin Console Standalone Update Manager please refer its user guide.

That concludes the two-part blog series of Prominent and efficient tools of Quick Heal Admin Console.

In an earlier blog of mine, I had announced the release of Quick Heal Admin Console 4.2 along with the host of enhancements incorporated with it.

In this two-part blog series related to prominent tools of Quick Heal Admin Console, I will provide you some information about the inception and features of the two prominent and efficient standalone tools that have been bundled with Quick Heal Admin Console 4.2. The tools are:

1. Quick Heal Admin Console Remote Management
2. Quick Heal Admin Console Standalone Update Manager

In this blog I will discuss about Quick Heal Admin Console Remote Management tool. Quick Heal Admin Console Remote Management evolved from the needs of Enterprises, with multiple Quick Heal Admin Consoles, needing centralized management of all the Quick Heal Admin Consoles. For example, if an organization has branches in different cities and each branch has Quick Heal Admin Console installed on the network, then maintaining all the Quick Heal Admin Consoles from a centralized location would be a cumbersome task. The person responsible to maintain the same would be required to remember the URL, Username and Password of each Quick Heal Admin Console.


The standalone Quick Heal Admin Console Remote Management tool addresses this situation by allowing you to assign the URL, Username and Password of a specific Quick Heal Admin Console to a desired location name. Just accessing the location name will connect you to the desired Quick Heal Admin Console. This will relieve the administrator from remembering the URLs and respective login credentials.


Quick Heal Admin Console Remote Management also provides you the facility to create 3 users: Administrator, Read-only and Report Viewer. The user privileges will be similar to the privileges in Quick Heal Admin Console. The user with “Administrator” privileges has complete control over the tool and is responsible for creation of remaining two user privileges. When connected with administrative privileges you will have complete control over the respective Quick Heal Admin Console. The users with “Read-only” will be able to connect Quick Heal Admin Console and view all the settings and configurations but they cannot modify them. The users with “Report Viewer” privileges will be able to connect Quick Heal Admin Console and access reports of Quick Heal Admin Console but will not be able to view or modify any settings or configurations.

This tool is freely available. Quick Heal Admin Console user can download from following webpage: http://www.quickheal.co.in/admin40.asp

To know more about the functionalities and working of Quick Heal Admin Console Remote Management, please refer the user guide.

Watch out for the next part of the blog related to tools of Quick Heal Admin Console. In that blog I will discuss inception and features of yet another prominent and efficient standalone tool called Quick Heal Admin Console Standalone Update Manager.

Microsoft has released its security bulletin summary for May 2010. This month Microsoft has released two bulletins, addressing a total of two vulnerabilities.

Both the bulletins have been rated “Critical” and both the bulletins are related to “Remote Code Execution” vulnerability. The bulletins released this month provide security updates for Microsoft Outlook Express 5.5 (SP2), Microsoft Outlook Express 6, Microsoft Outlook Express 6 (SP1), Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office XP (SP3), Microsoft Office 2003 (SP3), Microsoft Office 2007 System Service (SP1 & SP2) and Microsoft Visual Basic for Applications.

The bulletins released are as follows:

- Bulletin MS10-030 resolves vulnerability in Outlook Express, Windows Mail, and Windows Live Mail. The vulnerability could allow remote code execution if a user visits a malicious e-mail server.

- Bulletin MS10-031 resolves vulnerability in Microsoft Visual Basic. The vulnerability could allow remote code execution if a host application opens and passes a specially crafted file to the Visual Basic for Applications runtime.

For detailed information about both the bulletins and the corresponding vulnerabilities addressed, please visit Microsoft Security Bulletin Summary - May 2010 page.

I will recommend users to set Windows Update in Install updates automatically mode. So the important patches get applied automatically.

I would like to announce that the PC2Mobile Scan feature in Quick Heal Total Security has expanded the list of mobile phones supported. The release of the latest patch, within two months of the earlier patch release, is a strong indication of our constant and increasing focus in ridding malwares from mobile devices and also ensuring compatibility with maximum and popular mobile phone brands and their versions, including brands like Apple iPhone and BlackBerry. Quick Heal PC2Mobile Scan now supports over 581 mobile phones of various brands.

Visit the News section to know more about the latest patch release.

Quick Heal Total Security 2010 users can download this patch to add the protection for newly added mobile phones. You can also visit the PC2Mobile Scan section to check out the complete list of mobile phone brands and their versions supported by the PC2Mobile Scan feature in Quick Heal Total Security.

Microsoft Security Bulletin MS10-025 has been re-released on 27 April 2010.

This security update, released on 13 April 2010, was withdrawn on 21 April 2010 due to quality issues. This bulletin released on 13 April 2010 was supposed to address "Remote Code Execution" vulnerability in Microsoft Windows 2000 Server running Windows Media Services. It was withdrawn on 21 April 2010 to ensure high quality.

This security update is rated “Critical” for all supported editions of Microsoft Windows 2000 Server running Windows Media Services. For detailed information of the bulletin, please visit Microsoft Security Bulletin MS10-025 - Critical page.

I will recommend users to set Windows Update in Install updates automatically mode. So the important patches get applied automatically.