May 2015 News and Updates
What’s New
- Episode Two, The Mobile Threat – The latest episode was released on 19 March and follows our attackers Myles and Ian as they use an executives mobile phone to gain access to (at least) one corporate network, completely under the radar. Episode Two can be found here.
- Hacker Play Date – Cyber Tech Cafe will be co-hosting a Hacker Play Date on Saturday, 20 June 2015 at 10:00am EDT. We have it scheduled until 6:00pm EDT but, depending on interest and turn out, may make adjustments. Our goal is an informal gathering for any tech enthusiasts from the layman to the systems / security engineer to discuss the possibility of some kind of regular gathering on a monthly or quarterly basis (think 2600 meeting or similar). Ideally, for each event we would have a presenter to kick things off and then discussions, practical excercises, entertainment (Red Team / Blue Team excercises, installfests, etc.) for the remainder of the event. Lite refreshments would be provided by the host(s). There would be no charge for the event and it would be open to anyone.
Updates
Executive Summary – There are a number of updates addressing cricital vulnerabilities from both Microsoft and Adobe for May in a range of widely deployed products including Microsoft Windows, Internet Explorer, Microsoft Office, .NET Framework, Lync, Adobe Reader and Adobe Flash Player. All of the critical updates from both vendors address problems that can allow a remote attacker full access to affected computers. Users and administrators are encouraged to review the details of the patches and, if possible, patch immediately.
Microsoft – Microsoft released 13 bulletins this month (MS15-043 through MS15-055). Four of the bulletins were listed as critical and addressed issues that could allow remote code execution and the 9 remaining were listed as important and addressing a range of issues from Information Disclosure to Remote Code Execution. Bulletins MS15-43 through MS15-47 all have an exploitability index of either 1 or 2 (Exploitation More Likely).
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are catagorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critial, it’s important that the updates are installed.
Additional details are available Microsoft Here and Here (SANS).
Adobe – Adobe seems to be in a bit of a slup for the last couple of months, and May was no exception. As of 12 May 2015, there are 2 bulletins from Adobe affecting Reader and Flash Player (APSB15-9 and APSB15-10 respectively), both rated critical. Additional details on ths are available from Adobe here.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.
Java – The most up-to-date release version of Java, as of the time of this newsletter, is still Java 8 update 45. We’ve noticed that the Java installer / updater doesn’t consistently remove previous versions of Java (including Java 7 and even Java 6). That said, even if you have the most up-to-date version [of Java] installed, it’s possible that you still have an older version installed as well. In Windows, you can check this by going to Add / Remove Programs and looking for older versions.
Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.
Additional details are available from Oracle here.
These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are availalbe in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.