What’s New
- Windows 10 – Microsoft’s aggressive push to get every Windows 7 and Windows 8 computer upgraded to Windows 10 has gone from light speed to ludicrous speed. Per Microsoft, Windows 7 is still supported until January of 2020 and we have had very good results with the Never10 utility from GRC. If you have Windows 8, Windows 10 may be a better option. Otherwise, it may be worth delaying the Windows 10 upgrade.
- Helpdesk Changes – We are excited to announce that the changes that we mentioned a few months ago to the Cyber Tech Cafe helpdesk are going well. If all goes well, we should have some exciting news in the next 10 to 14 days.
- DEF CON 24 – Piratica has invited the crew from Cyber Tech Cafe to join them at DEF CON 24 this year (4 August to 7 August) in Las Vegas. Most of us will be leaving Thursday evening but we will be leaving a skeleton crew behind Friday to cover things. Everyone will be back for normal business hours Monday.
Updates
Executive Summary – May delivered several updates from Microsoft to patch critical vulnerabilities in Windows, Internet Explorer, Edge, Office and .NET. I’ve noticed it a few times and more frequently lately, but MS16-064 was an update to Adobe Flash Player for Windows 8.1, Server 2012, Server 2012 R2, RT 8.1 and Windows 10. Two important things to note here is that Microsoft is issuing Flash Player updates and there are fears of exploits against servers using Flash vulnerabilities. It’s time to take serious look at removing Adobe Flash Player from everything but, if you’ve got Adobe Flash Player on your server, there is absolutely no question as to whether or not it should be removed. Now.
Microsoft – Microsoft released 16 bulletins this month (MS16-063 through MS16-082). Recall that MS16-064, MS16-065, MS16-067 and MS16-068 were released last month. Five of the bulletins are rated critical (by Microsoft) and all address vulnerabilities that could allow remote code execution. The remaining are rated important (by Microsoft) and range from information disclosure to remote code execution. The SANS summary basically mirrors Microsoft’s and lists the exploitability index for each of the vulnerabilities being patched. Most of the CVE’s listed in the SANS report have an exploitability of 1 and MS16-068 (Cumulative Security Update for Microsoft Edge) has a known exploit.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are catagorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critial, it’s important that the updates are installed.
Additional details are available Microsoft Here, Here (SANS) and here (Threatpost).
Adobe – As of the time of this post, Adobe has posted APSA16-03, APSB16-19, APSB16-20, APSB16-21 and APSB16-22 covering security vulnerabilities in a number of Adobe products. The most notable is, again, a critical vulnerability in Adobe Flash Player (APS16-03) affecting Windows, Macintosh, Linux and Chrome OS.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.
Java – The latest version of Java is 8 update 91. If you’ve got older versions, especially versions that start with 6 or 7, remove them. Also, we’re still seeing that the installation of newer versions of Java don’t remove the older (often vulnerable) versions so, while you’re installing the latest update, check for older versions that may still be there.
Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.
Additional details are available from Oracle here.
Security News, Sponsored by Piratica – In addition to the prep for DC24, we’ve had to pepper in some actual work to make sure that we can afford the trip. With that in mind, we have noticed an interesting trend that seemed like a good topic for this [primarily blue team] newsletter. Specifically, there seems to be a renewed focus on the shiny boxes with blinky lights at the expense of focusing on that all-important end user. Despite the much publicized success of phishing in the DBIR 2015 and DBIR 2016, resources seem to be focused on new equipment (specifically, firewalls with similar featuresets to the old ones and wireless kit with offensive capabilities and lower range). Meanwhile, targets are still falling victim to social engineering attacks that completely bypass the shiny new equipment.
Piratica is a risk management firm and we work with client organizations to help them identify and understand the risks to their organizations from cyber criminals.. We believe that the first step in any solution is to correctly and completely identify the problem. Additional information is available on our website, Facebook and Twitter.
These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.