Here are the updates Microsoft has released today:

Critical:

• Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
  This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system.

Important:

• Vulnerability in SChannel Could Allow Spoofing (960225)
  This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means.
• Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)This security update resolves two privately reported vulnerabilities and two publicly disclosed vulnerabilities in Windows DNS server and Windows WINS server. These vulnerabilities could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.

With the economy being as it is, one thing that people want to know is how to get a super-fast for very little money. Over the past few weeks I've put together a number of posts over on Hardware 2.0 to help people with that.

Monster PC upgrades - Without the monster price tag!

Here I looked at two different upgrades to an existing PC - the all-rounder upgrade package and the super overclocker package.

Here's what was in each package:

All rounder

• AMD Athlon X2 4850e CPU
• Foxconn A7GM-S motherboard
• NVIDIA GeForce 9600 GSO graphics card

Super overclocker

• Intel Core 2 Duo E7300 CPU
• BioStar TForce TP45HP motherboard
• NVIDIA GeForce 9800 GT graphics card

These upgrades packages cost in the region of $215 and $370 respectively.

Hardware 2.0 'Very Best Kit List' for Mar/Apr 09

I publish a best kit list every couple of months and it's always very popular. This month I posted the best budget, mid-range and extreme components in the following categories:

• CPUs
• Motherboards
• RAM
• Graphics cards
• Hard disks
• Sound cards
• PSUs
• Cooling
• Cases
• Monitors
• Keyboards/Mice

Recommendation for Dwight Silverman's $300 PC upgrade

Finally, Dwight Silverman of TechBlog asked for recommendations for PC upgrades for under $300.

Here's my parts recommendation:

• Intel E7400 2.80GHz Core 2 Duo CPU
• 2×2GB Corsair RAM
• MSI P45 Neo3-FR or BioStar TForce TP45HP motherboards

Have fun, and happy PC building/upgrading!

Here's a toolkit that should be installed on every PC geek's USB flash drive - Technibble's Computer Repair Utility Kit!

Loads of amazing tools all contained in a single download!

File Management

• CCleaner - Cleans up Windows systems. Clears temporary internet files, cookies, history etc..
• JkDefragGUI - An advanced defragging tool far superior to the built in Windows one
• DriveimageXML - Hard drive imaging tool. Allows you to get a single file out of a whole image too
• Explore2fs - Allows you to explore hard drives with Linux file systems
• Double Killer - Finds duplicate files and deletes them
• Deep Burner - CD/DVD Burning software
• 7-Zip Portable - Archive creating and extraction tool. Can handle most compression formats
• PC-Decrapifier - Cleans out the crap that comes installed on new brand name computers (Norton trials, toolbars etc.)

Information

• Process Explorer - Allows you to view system processes
• System Information - View lots of information about a system (specs, passwords, temperatures etc.)
• ProduKey - View software cdkeys and serials
• Autoruns - Autostart program viewer
• HWMonitor - View hardware information
• GPU-Z - Show video card information (chipset, bios version, shaders, memory size etc.)
• Wireless Key View - Shows saved wireless network keys
• TreeSize Free - Show how much space each folder on a system uses
• Game Key Revealer - View CDKeys and Serials for popular games
• USBDView - Allows you to list and manage USB devices (including devices that arent currently plugged in)
• TrID - Identifies file types for extension-less files
• Codec Installer - Finds and analyzes video codecs
• Unknown Devices - Tells you what a “Unknown Device” in system properties actually is
• GSpot - Video analyizer

Repair Tools

• Norton Removal Tool - Removes Symantec products
• McAfee Removal Tool - Removes McAfee products
• LSPFix - Fixes broken Winsock entries
• Dial-a-Fix - Repair Windows files and registries

Recovery

• Recuva - Recovers deleted files
• Restoration - Recovers deleted files
• Photorec - Recover deleted/damaged files from Flash memory (like digital cameras)
• DBXTract - Recover emails from damaged DBX files (like Outlook Express)

Network Tools

• Wireshark - View network packets
• Network Scanner - Scans the network for devices
• Putty - SSH/Telnet/RLogin client
• Network Stumbler - Wireless Network Scanner

Virus and Malware Removal Tools

• Clamwin Antivirus - Virus scanner/remover
• Rootkit Revealer - Detects rootkits on a system
• Combofix - Malware finder and remover
• SmitFraudFix - Malware finder and remover
• RogueFix - Malware finder and remover
• Hijack This! - Malware remover
• SUPERAntiSpyware - Malware scanner and remover
• Malwarebytes - Malware scanner and remover

Misc

• Mozilla Firefox - Web browser
• JavaRa - Find and remove old Java versions
• Monitor Tester - Test monitors from problems
• Dead Pixel Tester - Finds and fixes dead pixels on LCDs
• ChkFlsh - Check flash drives for errors or test their real size (as fake ones appear on eBay)
• Double Driver - Driver backup tool
• SumatraPDF - Lightweight PDF viewer
• Revo Uninstaller - Advanced application uninstaller

Tweaks

• TweakUI - Windows XP tweaking tool
• VistaTweaker - Vista tweaking tool

Scripts

• Quickly Make a System Restore Point - Makes restore point
• Reset Network - Releases/Renews IP and flushes DNS
• Clear Printer Spooler - Clears stuck print jobs from spooler
• Stop Automatic Updates - Stops “Windows has installed updates, restart now” dialog temporarily
• Start Automatic Updates - Switches it back on

(via TechBlog)

One of the oddest things I've seen in a long time:

Shamelessly branded a ‘cat-vertising campaign’, the scheme will see the specially trained black moggies sporting F.E.A.R. 2 cat clothing, and then roaming the streets of London. The idea, according to Warner Bros, is that the creepy kitties will ‘capture the attention of superstitious passers-by,’ as Friday 13 is famous for its supposed bad luck and a black cat crossing your path was listed at number 5 in a recent survey of Britain’s superstitions and signs of bad luck. Friday 13 was listed at number 3, while breaking a mirror was listed as the number 1.

I'm not sure which is scariest ... the idea of trying to put one of those suits on my cat (I really don't fancy it since I only have two eyes and replacements are pretty hard to come by) or the idea that a bunch of ad folks sitting in some smoke-filled room somewhere giving this idea the go ahead ...

That said, I couldn't resist adding a caption to one of the images:

Some important patches from Microsoft for this month.

Critical:

• Cumulative Security Update for Internet Explorer (961260)This security update resolves two privately reported vulnerabilities. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)
  This security update resolves two privately reported vulnerabilities in Microsoft Exchange Server. The first vulnerability could allow remote code execution if a specially crafted TNEF message is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could take complete control of the affected system with Exchange Server service account privileges. The second vulnerability could allow denial of service if a specially crafted MAPI command is sent to a Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could cause the Microsoft Exchange System Attendant service and other services that use the EMSMDB32 provider to stop responding.

Important:

• Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)
  This security update resolves a privately reported vulnerability in Microsoft SQL Server. The vulnerability could allow remote code execution if untrusted users access an affected system or if a SQL injection attack occurs to an affected system. Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue.
• Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)
  This security update resolves three privately reported vulnerabilities in Microsoft Office Visio that could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.