Wednesday, July 13, 2016

Security update available for Adobe XMP Toolkit for Java - July 2016




- wong chee tat :)

Patch Tuesday - July 2016

Webpages, Word files, print servers menacing Windows PCs, and disk encryption bypasses – yup, it's Patch Tuesday

Plus: 52 security bugs fixed in Adobe Flash

Cthulu emerges from a printer. Image created by illustrator Andy Davies. Copyright: The Register

reddit

Twitter

Facebook
19

linkedin
Microsoft will fix critical holes in Internet Explorer, Edge, Office and Windows with this month's Patch Tuesday security bundle. Meanwhile, Adobe has patched dozens of exploitable vulnerabilities in its Flash player.
Redmond's July release includes 11 sets of patches, six rated as "critical" and five classified as "important." The highlights are: a BitLocker device encryption bypass, evil print servers executing code on vulnerable machines, booby-trapped webpages and Office files injecting malware into PCs, and the usual clutch of privilege elevation flaws.
Get patching now before miscreants develop and distribute code exploiting the programming blunders. As far as we can tell, none of the bugs below are being exploited in the wild right now.
  • MS16-084 is a cumulative fix for Internet Explorer that addresses 15 CVE-listed vulnerabilities, including five memory corruption bugs and four scripting engine memory corruption bugs that can be exploited to execute code remotely on vulnerable machines. In other words, opening up a booby-trapped website that exploits these flaws could lead to malware infecting your PC.
    "The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user," said Microsoft.
  • MS16-085 is also a cumulative browser fix, this time for the new Edge browser. Among the 13 CVE-listed holes in Edge are five remote code execution flaws in the Chakra JavaScript engine. Also patched are three information disclosure flaws, three spoofing vulnerabilities, and two other memory corruption flaws. Again, a malicious webpage could use these security holes to infect PCs with software nasties.
  • MS16-088 patches seven memory corruption vulnerabilities in Office. The flaws could allow remote code execution if opened as local documents or information disclosure if targeted at SharePoint or Office Web Apps server. Office for Mac users will receive an update as well. Basically, malicious software can be smuggled in Office documents and will infect computers when opened.
  • MS16-094 remedies a security bypass flaw in Windows Secure Boot. An attacker with admin or physical access – such as a thief or someone who has seized your PC – can exploit the vulnerability to install a policy that bypasses BitLocker and disk encryption.
    "A security feature bypass vulnerability exists when Windows Secure Boot improperly applies an affected policy," Microsoft explained.
    "An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded on a target device. In addition, an attacker could bypass the Secure Boot Integrity Validation for BitLocker and the Device Encryption security features.
    "To exploit the vulnerability, an attacker must either gain administrative privileges or physical access to a target device to install an affected policy. The security update addresses the vulnerability by blacklisting affected policies."
  • MS16-093 is Microsoft's distribution of this month's Adobe Flash Player security fixes. In all, 24 CVE-listed flaws are addressed, including remote code execution vulnerabilities. Users running Windows 8.1 and later and Server 2012 will get this update automatically. Older versions will need to get the update from Adobe (more details below).
  • MS16-086 covers a single remote code execution flaw in the JScript and VBScript engines for Windows Vista and Server 2008. Later versions are not affected. "The vulnerability could allow remote code execution if a user visits a specially crafted website," admitted Microsoft.
  • MS16-090 addresses six elevation of privilege vulnerabilities in all supported versions of Windows and Windows Server. An attacker can run a specially crafted application that exploits the kernel-level flaws to increase their user permissions and take over the system.
  • MS16-087 is an update for flaws in the print spooler component of Windows: a man-in-the-middle attacker on a network can execute code on a remote vulnerable machine, or elevate their privileges if already running code on a system. Essentially, a rogue printer server on a network can inject malware into connected PCs. All supported versions of Windows and Windows Server are vulnerable.
  • "A remote code execution vulnerability exists when the Windows Print Spooler service does not properly validate print drivers while installing a printer from servers," Microsoft confessed. "An attacker who successfully exploited this vulnerability could use it to execute arbitrary code and take control of an affected system.
  • "An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application."
  • MS16-089 fixes a single information disclosure flaw triggered when the Windows 10 kernel improperly handles objects in memory.
  • MS16-091 is a patch for an information disclosure flaw in the .NET Framework triggered by running an XML file on a web application. The bug is found in all supported versions of Windows and Windows Server.
  • MS16-092 addresses two flaws in the Windows kernel, one that discloses information about the kernel and another bypassing security access checks. All supported versions of Windows and Windows Server should be updated.
Meanwhile, Adobe is applying a few more strips of duct tape to holes in the internet's screen door with the July Flash Player update.
Windows, OS X, Linux, and ChromeOS users should check to make sure they have the latest version of the software.
In total, this month's patch remedies 52 CVE-listed vulnerabilities. If targeted, 49 of those would allow remote code execution, while the other three would allow information disclosure and memory leaks.
Adobe has also released an update for Acrobat/Reader and XMP Toolkit for Java. ®




- wong chee tat :)

Security updates available for Adobe Flash Player - July 2016


- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas



- wong chee tat :)

McAfee DAT version = 8224 (jul 12th 2016)

McAfee DAT version = 8224 (jul 12th 2016)

Link: here ( Select Yes. And it keeps getting updated daily. Region=US)




- wong chee tat :)

Cashflow and Milk



Need to improve my cashflow so that I can buy more fresh milk!


- Pic from Internet


- wong chee tat :)

Om Mani Padme Hum

Om Mani Padme Hum


- wong chee tat :)

Om Mani Padme Hum

Om Mani Padme Hum

- wong chee tat :)

Om Mani Padme Hum

Om Mani Padme Hum


- wong chee tat :)

六字真言頌 怙主三寶

六字真言頌 怙主三寶

虔心皈依怙主三寶,真心憐憫慈母眾生,嗡瑪尼巴美吽……

佛為導師法為正道,僧為善侶同為救主,嗡瑪尼巴美吽……
登山階梯過河船舟,驅愚慧燈險隘坦途,嗡瑪尼巴美吽……
口誦真言心中祈禱,地獄烈火從此熄滅,嗡瑪尼巴美吽……
唱頌六字胸中發願,冷獄冰雪消融變暖,嗡瑪尼巴美吽……
誦持六字威力無比,十八地獄變成樂土,嗡瑪尼巴美吽……
世間無實因緣難料,生死輪回行善為要,嗡瑪尼巴美吽……
萬物無常善惡交替,向善精進矢志不渝,嗡瑪尼巴美吽……
暇滿人身難得至寶,虛度此生實為可惜,嗡瑪尼巴美吽……
貪心無盡欲望皆空,惡趣業因棄之從善,嗡瑪尼巴美吽……
萬惡煩惱罪孽根源,時刻提防凡夫癡念,嗡瑪尼巴美吽……
強壯身軀入土荒野,驅走死神上師引路,嗡瑪尼巴美吽……
瑪尼頌詞怙主三寶,諾言活佛順口編唱,嗡瑪尼巴美吽……
虔誠頂禮觀音菩薩,消除罪孽速證佛果,嗡瑪尼巴美吽……
如來佛子慈悲引路,眾生往生極樂佛土,嗡瑪尼巴美吽……


六字斷除六道苦難頌


嗡字放光照耀天界,死苦難忍觀音救度,嗡瑪尼巴美吽……
瑪字光照阿修羅界,爭斗死傷觀音救度,嗡瑪尼巴美吽……
尼字放光照亮人間,生老病死觀音救度,嗡瑪尼巴美吽……
巴字放光照亮畜生,蠢啞痛苦觀音救度,嗡瑪尼巴美吽……
美字放光照亮惡鬼,饑餓難熬觀音救度,嗡瑪尼巴美吽……
吽字放光照亮地獄,冷熱煎熬觀音救度,嗡瑪尼巴美吽……


- wong chee tat :)

六字真言頌 怙主三寶

六字真言頌 怙主三寶

虔心皈依怙主三寶,真心憐憫慈母眾生,嗡瑪尼巴美吽……

佛為導師法為正道,僧為善侶同為救主,嗡瑪尼巴美吽……
登山階梯過河船舟,驅愚慧燈險隘坦途,嗡瑪尼巴美吽……
口誦真言心中祈禱,地獄烈火從此熄滅,嗡瑪尼巴美吽……
唱頌六字胸中發願,冷獄冰雪消融變暖,嗡瑪尼巴美吽……
誦持六字威力無比,十八地獄變成樂土,嗡瑪尼巴美吽……
世間無實因緣難料,生死輪回行善為要,嗡瑪尼巴美吽……
萬物無常善惡交替,向善精進矢志不渝,嗡瑪尼巴美吽……
暇滿人身難得至寶,虛度此生實為可惜,嗡瑪尼巴美吽……
貪心無盡欲望皆空,惡趣業因棄之從善,嗡瑪尼巴美吽……
萬惡煩惱罪孽根源,時刻提防凡夫癡念,嗡瑪尼巴美吽……
強壯身軀入土荒野,驅走死神上師引路,嗡瑪尼巴美吽……
瑪尼頌詞怙主三寶,諾言活佛順口編唱,嗡瑪尼巴美吽……
虔誠頂禮觀音菩薩,消除罪孽速證佛果,嗡瑪尼巴美吽……
如來佛子慈悲引路,眾生往生極樂佛土,嗡瑪尼巴美吽……


六字斷除六道苦難頌


嗡字放光照耀天界,死苦難忍觀音救度,嗡瑪尼巴美吽……
瑪字光照阿修羅界,爭斗死傷觀音救度,嗡瑪尼巴美吽……
尼字放光照亮人間,生老病死觀音救度,嗡瑪尼巴美吽……
巴字放光照亮畜生,蠢啞痛苦觀音救度,嗡瑪尼巴美吽……
美字放光照亮惡鬼,饑餓難熬觀音救度,嗡瑪尼巴美吽……
吽字放光照亮地獄,冷熱煎熬觀音救度,嗡瑪尼巴美吽……


- wong chee tat :)

六字真言頌 怙主三寶

六字真言頌 怙主三寶

虔心皈依怙主三寶,真心憐憫慈母眾生,嗡瑪尼巴美吽……

佛為導師法為正道,僧為善侶同為救主,嗡瑪尼巴美吽……
登山階梯過河船舟,驅愚慧燈險隘坦途,嗡瑪尼巴美吽……
口誦真言心中祈禱,地獄烈火從此熄滅,嗡瑪尼巴美吽……
唱頌六字胸中發願,冷獄冰雪消融變暖,嗡瑪尼巴美吽……
誦持六字威力無比,十八地獄變成樂土,嗡瑪尼巴美吽……
世間無實因緣難料,生死輪回行善為要,嗡瑪尼巴美吽……
萬物無常善惡交替,向善精進矢志不渝,嗡瑪尼巴美吽……
暇滿人身難得至寶,虛度此生實為可惜,嗡瑪尼巴美吽……
貪心無盡欲望皆空,惡趣業因棄之從善,嗡瑪尼巴美吽……
萬惡煩惱罪孽根源,時刻提防凡夫癡念,嗡瑪尼巴美吽……
強壯身軀入土荒野,驅走死神上師引路,嗡瑪尼巴美吽……
瑪尼頌詞怙主三寶,諾言活佛順口編唱,嗡瑪尼巴美吽……
虔誠頂禮觀音菩薩,消除罪孽速證佛果,嗡瑪尼巴美吽……
如來佛子慈悲引路,眾生往生極樂佛土,嗡瑪尼巴美吽……


六字斷除六道苦難頌


嗡字放光照耀天界,死苦難忍觀音救度,嗡瑪尼巴美吽……
瑪字光照阿修羅界,爭斗死傷觀音救度,嗡瑪尼巴美吽……
尼字放光照亮人間,生老病死觀音救度,嗡瑪尼巴美吽……
巴字放光照亮畜生,蠢啞痛苦觀音救度,嗡瑪尼巴美吽……
美字放光照亮惡鬼,饑餓難熬觀音救度,嗡瑪尼巴美吽……
吽字放光照亮地獄,冷熱煎熬觀音救度,嗡瑪尼巴美吽……


- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

Medicine Master Buddha


- Pic from Internet


- wong chee tat :)