Microsoft
The first round of updates for 2013 out of Redmond are mercifully small. There are a total of 7 bulletins with 2 listed as critical and 5 listed as important. Both of the critical updates address issues in MS Windows (between the two, all supported versions), Office, Developer tools and server products that can allow an attacker full control of your computer remotely. Three of the 5 important address Elevation of Privilege vulnerabilities, 1 addresses a security bypass vulnerability and the remaining 1 addresses a DoS (denial of service) vulnerability. Multiple reboots are required for the updates. Additional details are available from Microsoft here.
One additional note from Microsoft is the recent zero day vulnerability in Internet Explorer acknowledged in KB2794220. Details on the vulnerability and the workaround were posted last week. Unless you absolutely require Internet Explorer (the blue E on your desktop), take a moment to download Google Chrome. It’s free, it’s fast, it’s easy and it’s far more secure than Internet Explorer. If you still need Internet Explorer for specific sites, just use it for those sites and use Google Chrome for everything else.
Adobe
As of the time of this article, there are only two security bulletins from Adobe, one addressing an issue with ColdFusion and one addressing an issue with Reader and Acrobat. Additional details are available from Adobe here.
Java
Ok, Java. If you don’t need it, remove it. If you do need it, check daily (or hourly) to make sure that you have the latest version. Java downloads are available here.
Misc
Cell phone security. Many of you already know that my phone was recently stolen and have read the rant. There was a positive that came out of that though in that it reminded me to install PreyProject.com on my new phone and to tell you about PreyProject.com. PreyProject.com is a free tool that you can install on your phone, laptop or even your desktop computer in about 5 minutes that, if stolen, will report back to you with information like GPS coordinates, screenshots and even pictures from your camera via email. On most devices, you also have the option to lock the device so that it’s worthless to the dirtbag that steals it. It’s free. It’s easy. It works. This is not a paid endorsement.
We’re written in the past about the growing popularity of ‘crimeware kits’, or tools that criminals can use to execute phishing scams, drive-by-downloads, etc. Expect these to drop in price and continue to increase in popularity. Keep your antivirus up to date, keep your software up to date (at least Microsoft, Adobe and Java) and stay ‘in the know’ on new vulnerabilities.
Monthly Update Clients
* If you are not currently taking advantage of our monthly update service and would like more information or to sign up, additional information is available here
For our Monthly Update clients, if a date and time hasn’t already been scheduled to install your updates, we will be contacting you shortly to schedule. If you aren’t already taking advantage of our monthly update service, there’s no time like the present to get started. We offer a monthly update service to keep all of your computers up-to-date for a low monthly fixed price with no long-term committment. Additional information is available on our website.