MyCERT : Advisories

MA-733.072019: MyCERT Advisory - Microsoft Releases July 2019 Security Updates

19 Jul 2019
Advisory

1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software.

2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products

Microsoft Windows
Internet Explorer
Microsoft Edge
Microsoft Office and Microsoft Office Services and Web Apps
Azure DevOps
Open Source Software
.NET Framework
Azure
SQL Server
ASP.NET
Visual Studio
Microsoft Exchange Server

4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:

https://portal.msrc.microsoft.com/en-US/security-guidance/releasenotedetail/48293f19-d662-e911-a98e-000d3a33c573

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 - 8008 7000 (Office Hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my

5.0 References

https://portal.msrc.microsoft.com/en-US/security-guidance/releasenotedetail/48293f19-d662-e911-a98e-000d3a33c573

MA-732.062019: MyCERT Advisory - Microsoft Releases June 2019 Security Updates

14 Jun 2019
Advisory

1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software.

2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system

3.0 Affected Products

Adobe Flash Player
Microsoft Windows
Internet Explorer
Microsoft Edge
Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore
Skype for Business and Microsoft Lync
Microsoft Exchange Server
Azure

4.0 Recommendation
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:

Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: [email protected] or [email protected]
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: http://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps: IOS Users or Android Users

5.0 References

MA-725.052019: MyCERT Advisory - Microsoft Releases May 2019 Security Updates

15 May 2019
Advisory

1.0 Introduction

Microsoft has released updates to address multiple vulnerabilities in Microsoft products.

2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products

Adobe Flash Player
Microsoft Windows
Internet Explorer
Microsoft Edge
Microsoft Office and Microsoft Office Services and Web Apps
Team Foundation Server
Visual Studio
Azure DevOps Server
SQL Server
.NET Framework
.NET Core
ASP.NET Core
ChakraCore
Online Services
Azure
NuGet
Skype for Android

4.0 Recommendations

Users and administrators are recommended to review the below URL and perform the necessary update. Kindly refer to the below URL provided by Microsoft:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d

In this year, MyCERT had released several Alerts and Advisories on current threats and vulnerabilities. System Administrators and Internet Users must be aware of these threats and vulnerabilities by applying necessary patches and updates.

The Alerts and Advisories are available at:
https://www.mycert.org.my/portal/advisories?id=431fab9c-d24c-4a27-ba93-e92edafdefa5&year=2019&ctype=&keyword=

For incident reporting and other enquiries, please contact MyCERT through the following channels:
E-mail: [email protected] or [email protected]
Phone: 1-300-88-2999(monitored during business hours)
Fax: +603 89453442
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS:CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT
Web: https://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps: IOS Users or Andriod Users

5.0 References

MA-702.072018: MyCERT Advisory - Microsoft Releases July 2018 Security Updates

17 Jul 2018
Advisory

1.0 Introduction

Microsoft has released updates to address multiple vulnerabilities in Microsoft products.

2.0 Impact

A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

3.0 Affected Products

• Internet Explorer

• Microsoft Edge

• Microsoft Windows

• Microsoft Office and Microsoft Office Services and Web Apps

• ChakraCore

• Adobe Flash Player

• .NET Framework

• ASP.NET

• Microsoft Research JavaScript Cryptography Library

• Skype for Business and Microsoft Lync

• Visual Studio

• Microsoft Wireless Display Adapter V2 Software

• PowerShell Editor Services

• PowerShell Extension for Visual Studio Code

• Web Customizations for Active Directory Federation Services

4.0 Recommendations

Kindly refer to the below URL for further information and actions to be taken:

• https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/1c26eff2-573f-e811-a96f-000d3a33c573

The security update deployment details can be found here:

• https://support.microsoft.com/en-us/help/20180710/security-update-deployment-information-july-10-2018

MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further inquiries, please contact MyCERT through the following channels:

E-mail: [email protected] or [email protected] â€¨

Phone: 1-300-88-2999 (monitored during business hours)â€¨

Fax: +603 89453442

â€¨Mobile: +60 19 2665850 (24x7 call incident reporting)â€¨

SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888â€¨

Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYTâ€¨

Web: https://www.mycert.org.my

Twitter: http://www.twitter.com/mycert

Facebook: http://www.facebook.com/mycert.org.my

Cyber999 Mobile Apps: iOS users or Android users

5.0 References

• https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/1c26eff2-573f-e811-a96f-000d3a33c573

• https://support.microsoft.com/en-us/help/20180710/security-update-deployment-information-july-10-2018

• https://www.us-cert.gov/ncas/current-activity/2018/07/10/Microsoft-Releases-July-2018-Security-Updates

MA-692.012018: MyCERT Advisory - Microsoft Releases January 2018 Security Updates

12 Jan 2018
Advisory

1.0 Introduction

Microsoft has released updates to address vulnerabilities in Microsoft software.

2.0 Impact

A remote attacker could exploit some of these vulnerabilities to take control of a system.

3.0 Affected Products

• Internet Explorer

• Microsoft Edge

• Microsoft Windows

• Microsoft Office and Microsoft Office Services and Web Apps

• SQL Server

• ChakraCore

• .NET Framework

• .NET Core

• ASP.NET Core

4.0 Recommendations

Users and administrators are recommended to review the below URLs and perform the necessary update. Kindly refer to the below URL:

• https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/858123b8-25ca-e711-a957-000d3a33cf99

Security update deployment tables:

• https://support.microsoft.com/en-us/help/20180109/security-update-deployment-information-january-9-2018

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: [email protected] or [email protected]

Phone: 1-300-88-2999 (monitored during business hours)

Fax: +603 89453442

Mobile: +60 19 2665850 (24x7 call incident reporting)

SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888

Business Hours: Mon - Fri 08:30 -17:30 MYT

Web: https://www.mycert.org.my

Twitter: http://www.twitter.com/mycert

Facebook: http://www.facebook.com/mycert.org.my

Cyber999 Mobile Apps: IOS Users or Android Users

5.0 References

• https://www.us-cert.gov/ncas/current-activity/2018/01/09/Microsoft-Releases-January-2018-Security-Updates

• https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/858123b8-25ca-e711-a957-000d3a33cf99

• https://support.microsoft.com/en-us/help/20180109/security-update-deployment-information-january-9-2018

MA-677.082017: MyCERT Advisory - Microsoft Releases August 2017 Security Updates

15 Aug 2017
Advisory

1.0 Introduction
Microsoft has released updates to address vulnerabilities in Microsoft software.

2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of a system.

3.0   Affected Products
•   Microsoft Edge
•   Internet Explorer 11
•   Windows Server 2008

4.0   Recommendation
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:
•   https://portal.msrc.microsoft.com/en-us/security-guidance
•   https://support.microsoft.com/en-us/help/20170808/security-update-deployment-information

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail : [email protected] or [email protected]
Phone: 1-300-88-2999 (monitored during business hours)
Fax: +603 89453442
Mobile: +60 19 2665850 (24x7 call incident reporting)
SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: https://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps: IOS Users or Android Users

5.0   References
•   https://www.us-cert.gov/ncas/current-activity/2017/08/08/Microsoft-Releases-August-2017-Security-Updates
•   https://portal.msrc.microsoft.com/en-us/security-guidance
•   https://support.microsoft.com/en-us/help/20170808/security-update-deployment-information
•   https://krebsonsecurity.com/2017/08/critical-security-fixes-from-adobe-microsoft-2/

MA-672.072017: MyCERT Advisory - Microsoft Releases July 2017 Security Bulletin

14 Jul 2017
Advisory

1.0 Introduction

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

2.0 Affected Products

This security release consists of security updates for the following software:

• Internet Explorer

• Microsoft Edge

• Microsoft Windows

• Microsoft Office and Microsoft Office Services and Web Apps

• .NET Framework

• Adobe Flash Player

• Microsoft Exchange Server

3.0 Recommendation

Users and administrators are recommended to review the release notes and perform the update immediately. All of the patches could be done almost automatically via the Windows Update application. Kindly refer to the below URL:

• https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/f2b16606-4945-e711-80dc-000d3a32fc99

• http://www.update.microsoft.com/windowsupdate/v6/thanks.aspx?ln=en&&thankspage=5

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:â€¨

E-mail: [email protected] or [email protected]

â€¨Phone: 1-300-88-2999 (monitored during business hours)â€¨

Fax: +603 89453442 â€¨

Mobile: +60 19 2665850 (24x7 call incident reporting)

â€¨SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888â€¨

Business Hours: Mon - Fri 08:30 -17:30 MYTâ€¨

Web: https://www.mycert.org.my

Twitter: http://www.twitter.com/mycert

Facebook: http://www.facebook.com/mycert.org.my

Cyber999 Mobile Apps: IOS Users or Android Users

4.0 References

• https://www.us-cert.gov/ncas/current-activity/2017/07/11/Microsoft-Releases-July-2017-Security-Updates

• https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/f2b16606-4945-e711-80dc-000d3a32fc99

• https://support.microsoft.com/en-us/help/20170711/security-update-deployment-information-july-11-2017

MA-666.062017: MyCERT Advisory - Microsoft Releases June 2017 Security Bulletin

15 Jun 2017
Advisory

1.0 Introduction

Microsoft has released 15 updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow remote code execution and elevation of privilege.

2.0 The list of the Important vulnerabilities are as below:

2.1 Vulnerability in Server Service Could Allow Remote Code Execution (958644)

This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft, Windows XP and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit.

• Patch: https://technet.microsoft.com/library/security/ms08-067

2.2 Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)

This security update resolves one publicly disclosed and two privately reported vulnerabilities in Server Message Block Version 2 (SMBv2). The most severe of the vulnerabilities could allow remote code execution if an attacker sent a specially crafted SMB packet to a computer running the Server service.

• Patch: https://technet.microsoft.com/library/security/ms09-050

2.3 Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)

This security update resolves a publicly disclosed vulnerability in the Print Spooler service. The vulnerability could allow remote code execution if an attacker sends a specially crafted print request to a vulnerable system that has a print spooler interface exposed over RPC. By default, printers are not shared on any currently supported Windows operating system.

• Patch: https://technet.microsoft.com/library/security/ms10-06

2.4 Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)

This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers. An attacker must have valid domain credentials to exploit this vulnerability. The affected component is available remotely to users who have standard user accounts with domain credentials; this is not the case for users with local account credentials only.

• Patch: https://technet.microsoft.com/library/security/ms14-068

2.5 Security Update for Microsoft Windows SMB Server (4013389)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

• Patch: https://technet.microsoft.com/library/security/ms17-010

2.6 Security Update for Microsoft Graphics Component (4013075)

This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.

• Patch: https://technet.microsoft.com/library/security/ms17-013

2.7 Remote Desktop Protocol Remote Code Execution Vulnerability (CVE-2017-0176 )

Remote code execution vulnerability exists in Remote Desktop Protocol (RDP) if the RDP server has Smart Card authentication enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Patch: https://support.microsoft.com/help/4022747

2.8 Internet Explorer Memory Corruption Vulnerability (CVE-2017-0222)

Remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0222

2.9 Security Update for Microsoft Windows SMB (CVEs 2017-0267 through 2017-0280)

Security updates exist in Microsoft Windows SMB. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted packets to a Microsoft Server Message Block 1.0 (SMBv1) server.

• Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0267

2.10 WebDAV Remote Code Execution Vulnerability (CVE-2017-7269)

Vulnerability exists in IIS when WebDAV improperly handles objects in memory, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

• Patch: https://support.microsoft.com/help/3197835

2.11 Windows RPC Remote Code Execution Vulnerability (CVE-2017-8461)

Remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this vulnerability could execute code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Patch: https://support.microsoft.com/help/4024323

2.12 LNK Remote Code Execution Vulnerability (CVE-2017-8464)

A remote code execution exists in Microsoft Windows that could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464

2.13 Windows olecnv32.dll Remote Code Execution Vulnerability (CVE-2017-8487)

Remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.

• Patch: https://support.microsoft.com/help/4025218

2.14 Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)

Remote code execution vulnerability exists when Windows Search handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543

2.15 Win32k Elevation of Privilege Vulnerability â€¨

An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8552

3.0 Recommendation

Users are recommended to perform the update immediately. All of the patches could be done almost automatically via the Windows Update application.

The how-to perform of the Windows Update is available at the following URL:

• https://www.mycert.org.my/portal/articles-content?menu=b9f3fdda-c343-4cb4-99a7-a7506cfb13ba&id=62275f48-f209-4440-af1a-c5425c875fa4

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:â€¨

E-mail: [email protected] or [email protected]

â€¨Phone: 1-300-88-2999 (monitored during business hours)

â€¨Fax: +603 89453442 â€¨

Mobile: +60 19 2665850 (24x7 call incident reporting)

â€¨SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888â€¨

Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYT

Web: https://www.mycert.org.my

Twitter: http://www.twitter.com/mycert

Facebook : http://www.facebook.com/mycert.org.my

Cyber999 Mobile Apps : IOS Users or Android Users

4.0 References

MA-660.052017: MyCERT Advisory - Security Update for Microsoft Malware Protection Engine

12 May 2017
Advisory

1.0   Introduction
Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file.

2.0   Impact
An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.

•   CVE-2017-0290: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0290

3.0 Affected Product

Microsoft Forefront Endpoint Protection 2010
Microsoft Endpoint Protection
Microsoft Forefront Security for SharePoint Service Pack 3
Microsoft System Center Endpoint Protection
Microsoft Security Essentials
Windows Defender for Windows 7
Windows Defender for Windows 8.1
Windows Defender for Windows RT 8.1
Windows Defender for Windows 10, Windows 10 1511, Windows 10 1607, Windows Server 2016, Windows 10 1703
Windows Intune Endpoint Protection

4.0 Recommendations
MyCERT recommends users to review the information provided on the URL below and apply necessary update.
•   https://technet.microsoft.com/en-us/library/security/4022344

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:
E-mail: [email protected] or [email protected] â€¨
Phone: 1-300-88-2999 (monitored during business hours)â€¨
Fax: +603 89453442 â€¨
Mobile: +60 19 2665850 (24x7 call incident reporting)
â€¨SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888â€¨
Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYTâ€¨
Web: https://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps: IOS Users or Android Users

5.0   References
•   https://technet.microsoft.com/en-us/library/security/4022344
•   https://threatpost.com/emergency-update-patches-zero-day-in-microsoft-malware-protection-engine/125529/
•   https://krebsonsecurity.com/2017/05/emergency-fix-for-windows-anti-malware-flaw-leads-mays-patch-tuesday/
•   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0290

MA-654.042017: MyCERT Alert - Microsoft Addresses Shadow Brokers Exploits

19 Apr 2017
Alert

1.0 Introduction

Recently, an attacker group known as The Shadow Brokers, publicly released a large number of exploit tools targeting Microsoft Windows.

The Microsoft Security Response Center (MSRC) has published information on several recently publicised exploit tools, which affected various Microsoft products.

2.0 Impact

Exploitation of these vulnerabilities could potentially allow a remote attacker to take control of the affected system. Users and administrators are reminded that software no longer supported by Microsoft (also known as end-of-life (EOL) software) is particularly at risk for exploitation. Most of the exploits are already patched in Microsoft’s supported products.

For more information on EOL Microsoft products, kindly refer to below URL:

• Microsoft Ending Support for Windows XP and Office 2003, https://www.us-cert.gov/ncas/alerts/TA14-069A-0

• Microsoft Ending Support for Windows Server 2003, https://www.us-cert.gov/ncas/alerts/TA14-310A

• Microsoft Ending Support for Windows Vista, https://www.mycert.org.my/portal/advisory?id=MA-651.032017

3.0 Affected Products

• Microsoft End-of-Life (EOL) products

• Microsoft Windows 7, 2008, 8 and 2012

4.0 Recommendation

MyCERT recommends retiring all the EOL products. Users and administrators may any necessary updates by reviewing the information published by Microsoft Security Response Center (MSRC) are per below URL:

• https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.

For further enquiries, please contact MyCERT through the following channels:

E-mail: [email protected] or [email protected] â€¨

Phone: 1-300-88-2999 (monitored during business hours)â€¨

Fax : +603 89453442 â€¨

Mobile: +60 19 2665850 (24x7 call incident reporting)

â€¨SMS : CYBER999 REPORT EMAIL COMPLAINT to 15888â€¨

Business Hours : Mon - Fri 09:00 AM - 18:00 PM MYTâ€¨

Web: https://www.mycert.org.my

Twitter: http://www.twitter.com/mycert

Facebook: http://www.facebook.com/mycert.org.my

Cyber999 Mobile Apps: IOS Users or Android Users

5.0 References