Executive Summary – 2017 has been an explosive year for ransomware and a wake-up call for administrators of the importance of installing updates in a timely fashion. The WannaCry virus in May wreaked havoc when it took advantage of an already patched bug in Microsoft Windows. The Petya and Not Petya viruses struck in June, leveraging the same already patched vulnerability.
Microsoft – Microsoft patched a total of 54 vulnerabilities this month in Windows, Edge, Internet Explorer Office and Exchange, 19 of which were rated critical, 32 rated important and three rated as moderate. Several of the critical vulnerabilities are remotely exploitable and could give an attacker full control with little or no action on the part of the user.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critcial, it’s important that the updates are installed.
Additional details are available ThreatPost and SANS.
Adobe – Adobe released two updates this month addressing six vulnerabilities, one for Adobe Flash Player (APSB17-21, rated critical) and one for Adobe Connect (APSB17-22, rated moderate / important).
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here including links to download the update(s) and instructions for installation. Additional information is available here (Threatpost).
Java / Oracle – Oracle has apparently missed the spotlight and, in their quarterly update, has released their largest patch update ever addressing a total of 308 vulnerabilities, 165 of which are remotely exploitable. To be clear, these were not all problems / vulnerabilities in Java (I’ve amended the section name) but, if you’re running *anything* from Oracle and you’ve been somewhat lax in your updates, now may be a really good time to get back on track.
Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.
Additional details are available from Oracle here, and Threatpost.
Security News, Sponsored by Piratica – One interesting challenge when talking to potential clients about the services that we offer (vulnerability assessments, penetration tests, etc.) is quantifying the value of hiring someone to identify flaws in your security strategy or taking it further and actually exploiting those flaws to gain access and see how far we can go. The recent exploits (WannaCry, Petya, Not Petya) against MS17-010 exploited a flaw in Windows that was patched by Microsoft in March 2017 on hosts / computers that the owners, in many cases, had no idea were a) exposed and b) vulnerable. As much publicity as these attacks got worldwide, a quick Shodan search shows that there are still more than 376,000 hosts exposed to the Internet and potentially open to attack. A vulnerability assessment is an excellent way to identify potential vulnerabilities before they can be exploited and, in many cases, can be far less expensive.
Piratica is a risk management firm and we work with client organizations to help them identify and understand the risks to their organizations from cyber criminals.. We believe that the first step in any solution is to correctly and completely identify the problem. Additional information is available on our website, Facebook and Twitter or via our free weekly email newsletter (signup available on our website here).
These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.