- Spectre and Meltdown vulnerabilities – There’s a LOT of buzz about the two of these. I won’t be going into any detail in this newsletter about either but we’ve been pushing information out to social media as we get it and will likely be posting an article here later.
- Mailing List – The response to (finally) getting the mailing list back online has been overwhelmingly positive (and appreciated). We have a sign-up form on the right-column of our website if you’d like to sign up.
- MyIT – The newest version of the Network Ninja (NNv2.1) is finally operational and has been deployed to a number of MyIT clients already with stellar results. We finished with the beta group last week and will be reaching out to all of our MyIT clients this week and next to schedule the install.
Executive Summary – Spectre and Meltdown have dominated the news scene this week but it’s important to note that there have been a LOT of other updates released, many of which address vulnerabilities that are potentially worse than either. Also very important this month is the fact that Microsoft will not be providing updates to customers (computers) certain antivirus products and some versions of AMD processors.
Microsoft – Between out-of-band updates to address the Spectre and Meltdown vulnerabilities and today’s scheduled updates, Microsoft has patched a total of 55 vulnerabilities this month. A total of sixteen of the vulnerabilities patched this month and twenty could allow remote code execution. ThreatPost has an excellent write-up with additional details on the vulnerabilities as well as CVE’s here and SANS has a diary with an interesting perspective here..
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critcial, it’s important that the updates are installed.
Adobe – Adobe released APSB18-01, rated important and patching vulnerabilities in multiple versions of Adobe Flash Player.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Java / Oracle – The latest update for Java is Version 8 Update 151, released on 17 October 2017.
Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.
Security News, Sponsored by Piratica – One thing that we continue to see with new clients when we deliver our after-action report for a vulnerability assessments is surprise at the size of their attack surface. It’s not unusual to find an exposed Remote Desktop server, VNC Server or even telnet servers that allow direct connections from the Internet to sensitive internal equipment. In the case of Remote Desktop, getting access to the system is a simple matter of guessing the username and password (or, in some cases, just the password because the username is saved) and, in the cases of VNC and telnet, often it’s just a matter of guessing the password (if there is one). In many cases, simply turning these services off is a quick and easy to make the environment infinitely more secure and, if the services are required, simply protecting it with a VPN is another relatively simple fix. The key though is knowing that the vulnerability is there. If you would like more information or would like to request a free vulnerability scan for your organization, complete the request form here (https://www.piratica.us/index.php/free-vulnerability-scan/) .
Piratica is a risk management firm. We work with client organizations to help them identify and understand the risks to their organizations from cyber criminals. We believe that the first step in any solution is to correctly and completely identify the problem. Additional information is available on our website, Facebook and Twitter or via our free weekly email newsletter (signup available on our website here).
These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.