What’s New
Tech News – Of course, there are still lots of threats out there for those who do not keep their computer systems up to date. Be sure to check out our facebook page for posts on the latest threats and malware that we have found as well as other items of interest. The rest of this article is about the most recent updates from Microsoft, Adobe and Java.
Very few single viruses or virus signatures cause enough of a stir to warrant specific mention here. The so called FBI Virus (or DHS virus or whatever persona it takes on tomorrow / next) is however one. The signature of this virus is that it seizes control of your computer and posts an ominous warning on your screen tha the FBI | DHS | whoever has seized your computer because of some activity on your part (surfing porn, downloading files, etc). The warning *looks* official and has caused nothing short of panic on the part of some victims. We have actually had some customers who have called 911 in an absolute panic that the FBI may be just around the corner. If you find yourself the victim of this virus, let us know and we can take care of it for you.
Updates
Microsoft – There were a total of 10 bulletins from Microsoft this month, 4 of which were considered critial and allowed a remote attacker access to vulnerable computers with no user interaction required. The remaining 6 were rated as Important with their impacts ranging from remote code execution to denial of service. The vulnerabilities affect basically the full range of supported products. Users are encouraged to update as soon as the updates are tested for your environment.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories is available here. The updates can include any *supported* Microsoft product from Windows (Windows XP, Windows 7, Windows Vista, Windows 8, Windows Server, etc.) to Office (Word, Excel, PowerPoint, Outlook, Publisher, OneNote, and even MS Office for Mac) to Internet Explorer to server products like Exchange, SQL Server and more. If you have one of these products installed, especially if the update is listed as Important or Critical, it’s important that the update be installed.
Additional details are available from Microsoft here.
Adobe – Adobe has released significant updates for Shockwave, Flash and Reader as of 10 September. The updates address vulnerabilities that could allow an attacker access to a vulnerable system with no user interaction required and affects both Windows and Macintosh systems. The Flash Player vulnerability affects all platforms.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos like YouTube and in interactive web content like games) and Adobe Shockwave.
Additional details and downloads are available from Adobe here.
Java – The latest version of Java, as of the time of this writing, is Java 7 update 40. Please note that, as of Java 7 update 25, the update process automatically removes older versions of Java. If you have a Java app that relies on an older version of Java (we have seen this with a number of EMR applications), this *will* impact you. That said, leaving an older version of Java installed does pose a significant security vulnerability.
Java is a tool that’s widely used by Banks, online service providers and even security companies for VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ for the past several months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s worth removing it altogether (this can be done from Add / Remove programs).
Additional details and downloads are available from Oracle here.
Monthly Update Clients
* If you are not currently taking advantage of our monthly update service and would like more information or to sign up, additional information is available here.
For our Monthly Update clients, if a date and time hasn’t already been scheduled to install your updates, we will be contacting you shortly to schedule.
If you aren’t already taking advantage of our monthly update service, there’s no time like the present to get started. We offer a monthly update service to keep all of your computers up-to-date for a low monthly fixed price with no long-term commitment. Additional information is available on our website.