March 2018 News and Updates

Cyber Tech Cafe

Updates

Executive Summary – March was a relatively dull week in the computer world. Microsoft and Adobe churned out their monthly fixes as usual but nothing particularly noteworthy. As usual, we here at Cyber Tech Cafe urge all our customers to review the updates addressed below as well as any other updates you may have for your applications and apply them as needed. As always, current MyIT customers will have their updates installed automatically by us. More information on how to become a MyIT customer can be found at the end of this newsletter or as always we are just a call or email away. Enjoy!

MicrosoftMicrosoft – Microsoft patched approximately 75 vulnerabilities this month (though many of them share the same KB number and will present to the user as far fewer due to the new “Rollup” update process in place) with at least 10 of them rated with a max severity of “Critical”.  This month was relatively uneventful as far as the mainstream Microsoft products were concerned but we did see 8 critical vulnerabilities patched in the Microsoft Chakra Engine which is the javascript engine that powers the Microsoft Edge browser. Traditionally, despite MS claiming that Edge is wholly different than Internet Explorer, its much despised predecessor, we would see close to or identical vulnerabilities pop up for IE that we do for Edge (and vice versa). This time surprisingly there are no vulnerabilities listed as being patched for the JScript engine (the javascript engine powering Internet Explorer and the code base Chakra engine was forked from originally). It will be interesting to see if Microsoft issues a similar set of patches for the JScript engine in the next or future months.

Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critical, it’s important that the updates are installed.

Additional details are available Here and Here.

AdobeAdobe – Adobe released only 3 update this month (APSB18-05,06,07).  Vulnerabilities were patched in Dreamweaver CC, Connect, and Flash Player (which for those of you keeping count, we are, only 1,016 days at most until “by the end of 2020” rolls around and Flash Player is finally EOL once and for all).

Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).

Additional details are available from Here including links to download the update(s) and instructions for installation.

JavaJava / Oracle – No new updates from Java this month, we are still at Version 8 Update 161 released on 16 January 2018.

Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.

Additional details are available from Oracle here.

Piratica

Security News, Sponsored by Piratica – The response to our free vulnerability scan has been overwhelming.  More overwhelming though has been the organizations that took advantage of the free scan, found vulnerabilities (exposed servers, unpatched firewalls, thought-to-be retired Remote Desktop servers and more) and addressed them.  To that end, we are happy to extend the free vulnerability scan (we haven’t set an end date yet).  If you would like to take advantage of this free scan, complete the request form on our website.

Piratica is a risk management firm. We work with client organizations to help them identify and understand the risks to their organizations so that those metrics can be incorporated into the organizations overall security strategy. We believe that the first step in any solution is to correctly and completely identify the problem. Additional information is available on our websiteFacebook and Twitter or via our free weekly email newsletter (signup available on our website here).

These updates will be automatically reviewed, approved and installed for MyIT Customers. If you would like more information about the Cyber Tech Cafe MyIT services for your business, please let us know. The Cyber Tech Cafe MyIT services are available in three different levels (Bronze, Silver and Gold) and can provide updates only (Bronze), updates and proactive network auditing and monitoring (Silver) or updates, proactive auditing and monitoring and up to 10 hours of priority support at a significantly discounted rate (Gold). Pricing is based on the number of physical locations, servers and workstations that you have.