Advance notification of July 2012 updates from Microsoft

Microsoft has released its monthly “head’s up” for the Windows and Office updates scheduled to arrive on July 10, 2012.

There are nine bulletins/updates in total, ranging in impact from Important to Critical, affecting Windows (XP and newer) and Office (2003 and newer). One of the critical updates affects only Internet Explorer 9. Another addresses the Windows XML Core Services (MSXML) vulnerability that has been exploited increasingly in recent weeks. A total of 16 vulnerabilities will be addressed by these updates. An updated version of the Malicious Software Removal Tool is also included. A system restart will be required.

Windows computers configured for auto update should start seeing these patches in the early hours of July 10. If you are responsible for any Windows computers that don’t use auto update, you should run Microsoft Update on those computers as soon as possible after July 10. If you’d like to avoid using Internet Explorer (required for Microsoft Update), you can download the updates as a disc image. Microsoft no longer provides a web-based resource for system administrators to download offline updates.

Recent phishing emails

VRT reports on a phishing campaign seen recently. This particular phishing attempt arrives as an unsolicited email that appears to be from UPS, about a delivery failure.

As with all phishing attempts, the goal is to trick the email recipient into thinking that this is a legitimate email from UPS. Once the user has been tricked into clicking one of the embedded links, software is installed surreptitiously. This software then attempts to steal usernames, passwords and banking information.

Other phishing attacks may use slightly different approaches, such as tricking the user into entering their banking information onto a malicious web page.

There are very few anti-malware packages that can prevent this sort of attack. The exceptions are typically expensive and geared toward corporate clients. Average users must rely on their own common sense to detect these attacks and simply delete the offending email.

What the heck is boot13?

Why boot13?  It’s the first program I ever ran on a microcomputer.  The computer was an Apple II+, and the full command was BRUNBOOT13:

BRUNBOOT13

I was trying to run a game for the first time: The Dragon’s Eye.  It wouldn’t boot from the 5 ¼” floppy disk I had.  So I called Wally, the guy who provided the computer.

Wally realized that the game disk used a slightly older format, with 13 sectors per track, instead of the newer 16 sector format.  The solution was to boot from the Apple II+ System Disk, then enter the command above from the command line.

On the Apple II+, parsing of command lines was a bit strange, in that commands built into the operating system were reliably parsed even when not separated from arguments.  In this case, the built in command was BRUN, which loads a binary program from disk and runs it.  The program was BOOT13, which, when run, allowed booting from 13 sector disks.

It worked.  The Dragon’s Eye turned out to be one of my favourite games, and I ended up figuring out how to modify it, first removing the copy protection, converting it to a 16 sector disk format, then changing the game’s Applesoft BASIC code.  I added a few features, most notably a system for recording and displaying high scores.

I still have a heavily-customized, home-built Apple II+ and that hacked version of the game, but these days when I want to play it, I use an Apple II+ emulator like AppleWin.

So: first program run, first command entered, so that I could run the first game on my first microcomputer. BOOT13.

News for me, stuff that matters… to me. Windows, Linux, security, tools & miscellany.