Category: Monthly Newsletters

   Updates Executive Summary - 2017 is starting out with a relatively low number of updates with only four bulletins from Microsoft (Edge, Office and Windows [LSA]) and two updates from Adobe (Flash, Acrobat & Reader) but all resolve issues that could allow an attacker full access (remote code execution or RCE) to vulnerable systems.   Microsoft - Microsoft released 4 bulletins this month (MS17-001 through MS17-004). The bulletins affect Microsoft Edge (oddly enough, nothing mentioned about Internet Explorer), Microsoft Office, Adobe Flash and an internal component of Windows called LSA (Local Security Authority).  The bulletins for Microsoft Office and Adobe Flash Player are rated critical and allow remote code execution (RCE) and the bulletins for Microsoft Edge and LSA are rated important allowing privilege escalation and denial of service respectively.  Multiple…

   Updates Executive Summary - Microsoft released a total of 10 bulletins, most of which are rated critical and most of those can allow an attacker full access to a vulnerable computer remotely (remote code execution, or RCE).  Once again, the first two bulletins address vulnerabilities in Internet Explorer and Edge (Edge is supposed to be a completely separate product from Internet Explorer, but the two seem to share a lot of similar vulnerabilities).  Adobe has patched an impressive 81 vulnerabilities in it's product line (including Acrobat, Reader and Flash, most notably) with several of those listed as critical with successful exploitation leading to remote code execution.   Microsoft - Microsoft released 10 bulletins this month (MS16-118 through MS16-127). Six of the 10 are rated critical, one is rated moderate (information disclosure)…

   What's New DC770 - A quick reminder that DC770 meets the first Tuesday of each month at 7:00pm EDT in the basement at Jefferson's. Updates Executive Summary - This month's Microsoft updates looked oddly familiar to last month, with the descriptions of many of the issues patched sounding eerily similar to last month, which as you may remember was a particularly "exploitable" month of updates. As always, it is extremely important for all available updates to be installed as soon as possible. Adobe is back on the   Microsoft - Microsoft released 14 bulletins this month (MS16-104 through MS16-117). Seven of the 14 are rated critical and the remaining are rated important (by Microsoft).  It should come as no surprise that updates for Internet Explorer and Edge are leading the pack (again)…

   What's New DEF CON 24 - Huge thank you to the folks at Piratica for the invite to DEF CON in Las Vegas, NV.  Definitely an eye opening experience to see things from a different perspective.  DC770 - A quick reminder that DC770 meets the first Tuesday of each month at 7:00pm EDT in the basement at Jefferson's. Updates Executive Summary - No patches for Adobe Flash Player this month.  For the first time since January, the monthly Adobe patch release does not include a patch for Flash Player.  In an interesting bit of irony though, there is a bulletin from Microsoft (MS16-102) that patches a vulnerability in the Microsoft PDF Library that could lead to remote code execution.  Also, MS16-099 affects multiple versions of Office including Office for Mac…

   What's New Windows 10 - Microsoft's aggressive push to get every Windows 7 and Windows 8 computer upgraded to Windows 10 has gone from light speed to ludicrous speed.  Per Microsoft, Windows 7 is still supported until January of 2020 and we have had very good results with the Never10 utility from GRC.  If you have Windows 8, Windows 10 may be a better option.  Otherwise, it may be worth delaying the Windows 10 upgrade. DEF CON 24 - Piratica has invited the crew from Cyber Tech Cafe to join them at DEF CON 24 this year (4 August to 7 August) in Las Vegas.  Most of us will be leaving Thursday evening but we will be leaving a skeleton crew behind Friday and Monday to cover things.  Everyone will…