Critical Microsoft Word, Internet Explorer & Windows Updates

Microsoft Word Patch
· This vulnerability affects: All Currently Support Versions of Microsoft Word - 2003 - 2007 - 2010.
· How an attacker exploits it:  An attacker tricks a user into opening a malicious RTF document.
· Impact: per Microsoft: An attacker who successfully exploited this vulnerability could take complete control of an affected system.  An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
· What to do: Click Here to Download the Update 

Internet Explorer Patch
· This vulnerability affects: Internet Explorer Versions 6, 7, 8, 9 and 10
· How an attacker exploits it:  An attacker tricks a user into opening a malicious website.
· Impact: An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. 
· What to do: Click Here to Download the Update 

Multiple Microsoft Windows Patches
· This vulnerability affects: Supported Versions of the Microsoft Windows Operating System as well as Windows Server
· How an attacker exploits it:  Multiple points of attack, including enticing users to view maliciously crafted fonts or to view directories with specially crafted files or folder names.
· Impact: An attacker could gain control of the computer.
· What to do: Click Here to Download the Updates

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".

Michael Glasser, Glasser Tech LLC (516) 762-0155

Adobe Flash Critical Update

Summary:

· This vulnerability affects: Adobe Flash Player 11.5.502.110  and earlier, running on all platforms
· How an attacker exploits it: Multiple methods of attack, including enticing your users to open malicious files or visit specially crafted web sites
· Impact: In the worst case, an attacker can execute code on the user's computer, potentially gaining control of it
· What to do: Download and install the latest version of Adobe Flash Player

Exposure:

Adobe Flash Player displays interactive, animated web content called Flash. Although Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including mobile operating systems like Android.


Solution Path:

Adobe has released new versions of Flash Player to fix these issues. If you have Adobe Flash Player installed you should download and install the new version immediately. If you've enabled Flash Player's recent "silent update" option, you will receive this update automatically.

· Download Flash Player Update for your Computer

Worldox Special Promotion

 

Worldox is offering discounts for competitive upgrades!

If you are a firm that currently uses another document management system (DMS), you can convert to Worldox GX3 Professional for the upgrade price of only $375.00, a $50.00 per license discount.

Maintenance contracts are required to qualify, at the standard $88.00 per license.

Contact Glasser Tech for details.  This special offer is effective immediately and good through December 31, 2012.

Worldox is powerful-low cost-easy to use document management system.

Don’t miss out on this special offer!

Call us today at 516-762-0155. 

 

 

Internet Explorer is under attack again!

 

Microsoft announced this week in a security update that Internet Explorer 9 and earlier versions are vulnerable to attack if a user views a website hosting malicious code.  They have received reports of a small number of targeted attacks and are working to develop a security update to address this issue. 

Glasser Tech recommends downloading and using a different browser.  We suggest either Google Chrome or Mozilla Firefox.  

If you just have to have Internet Explorer as your browser, Microsoft recommends that you do the following:

Deploy the Enhanced Mitigation Experience Toolkit (EMET)
This will help prevent exploitation by providing mitigations to help protect against this issue and should not affect usability of websites.

Set Internet and local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones.
This will help prevent exploitation but may affect usability; therefore, trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

CAVEAT:  Putting the local zone into a high-security mode generally comes with some unexpected consequences. Some business applications may not function correctly with that setting because they generally use things like ActiveX scripting.

Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones
This will help prevent exploitation but can affect usability, so trusted sites should be added to the Internet Explorer Trusted Sites zone to minimize disruption.

MIcrosoft also encourages you to make sure your computer is protected by applying all software updates and using anti-virus and anti-spyware software as well as avoid clicking on suspicious links or opening email messages from unfamiliar senders. 

 

 

Glasser Tech Gives Back Referral Program

We have been thinking about a way to give something back.  Not just with regard to our business but with regard to society.   We have come up with a great idea and hope to get you involved. 

It's our new Client Referral Program!

Here's how it works:

• If you know someone that would benefit from our services, we would ask that you give them our name and number and have them give us a call. 

• If they sign on with us as a client, we will give you 10% off your next consulting bill and make a $100 dollar donation to your favorite charity, in your name. 

It's a win-win situation overall.  We get something, you get something and then we pay it forward to someone else.

There's no limit to the number of referrals you may submit. 

Michael Glasser, Glasser Tech LLC (516) 762-0155

Oracle Patches Critical Java Bugs used to Commandeer Computers

 

What is Java?

Java is a programming language and computing platform first released by Sun Microsystems in 1995. It is the underlying technology that powers state-of-the-art programs including utilities, games, and business applications. Java runs on more than 850 million personal computers worldwide, and on billions of devices worldwide, including mobile and TV devices.

Why do I need Java?

There are lots of applications and websites that won't work unless you have Java installed, and more are created every day. Java is fast, secure, and reliable. From laptops to cell phones to the Internet, Java is everywhere!

Why should I update my Java?

Last week, Oracle, the creator of the Java programming framework released a critical security patch that should be installed immediately. A vulnerability was found that allows malicious hackers to take control of a user's computer through the web browser. The malware has been found on more than 100 websites as of this writing.  Unfortunately it took Oracle four months since the discovery of the vulnerability, so it has been propagating on the Internet for some time and has not been contained.  If you have any concerns of whether this vulnerability could affect your firm please contact Glasser Tech at 516-762-0155.

For more information here is a link to the Java Security Alert from Oracle:  http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

iPad for Lawyers CLE Seminar

A Glasser Tech Seminar at the Queens County Bar Association

_______________________________________________________________________
CLE Seminar Date:
• Thursday September 13, 2012 - 12pm -1:30 pm

_______________________________________________________________________


Unleash the Power of your iPad

Untether yourself from the office and increase productivity and billable hours. Learn how to use the iPad for document creation, collaboration, legal research, connecting to your office, as well as applications that are legal specific and so much more... Current and prospective iPad owners will walk away empowered to increase their productivity immediately.

Some of the topics include:
• best apps for attorneys
• courtroom applications
• legal research
• hardware and web browsing tips
• managing mail, calendar and contacts
• multitasking and iTunes
• adding files and synching
• document creation
• connecting to your office

This class gives you 1 1/2 CLE credits.

Location:  Queens County Bar Association, 90-35 148 Street, Jamaica, NY 11435

Click here to send us your contact information.  We will email you the registration form.

Patch Tuesday takes care of key XML and IE 9 issues

   

July 11, 2012

 

Yesterday was Patch Tuesday and this time Microsoft released 9 bulletins addressing 16 vulnerabilities. 

The most critical patch is a fix for an XML vulnerability that has been used for the past month and is now being integrated.  There are four version of XML and only one is being attacked at this point.  However, this is an important patch to install.

The second most critical bulletin is for Internet Explorer 9, addressing two critical problems that could enable code to be executed on your computer when accessing a malicious webpage, allowing  the device to be remote controlled.

The third critical bulletin is for the Windows MDAC component.  It is used for database access.

 

Additional bulletins are important but not deemed critical like the above.  It is important to make sure your computer is up to date.   Make sure your Windows updates get installed regularly if not automatically.    To see the latest Microsoft Security Bulletins Click Here .

More Patches for Internet Explorer

 

Severity: High

Summary:

· This vulnerability affects: All current versions of Internet Explorer, running on all current versions of Windows

· How an attacker exploits it: Typically, by enticing one of your users to visit a malicious web page

· Impact: Various, in the worst case an attacker can execute code on your user's computer, gaining complete control of it

· What to do: Deploy the appropriate Internet Explorer patches immediately, or let Windows Automatic Update do it for you

 

Exposure:

In a security bulletin released June 12, 2012, as part of Patch Day, Microsoft describes 13 new vulnerabilities in Internet Explorer (IE) 9.0 and earlier, running on all current versions of Windows. Microsoft rates the aggregate severity of these new flaws as Critical.

The 13 vulnerabilities differ technically, but many of them share the same general scope and impact. More than half the flaws are remote code execution vulnerabilities having to do with how IE handles various HTML objects, elements, and properties. If an attacker can lure one of your users to a web page containing malicious code, he could exploit any one of these vulnerabilities to execute code on that user’s computer, inheriting that user’s privileges. Typically, Windows users have local administrative privileges, in which case the attacker can exploit these flaws to gain complete control of the victim’s computer.

The remaining issues include less severe cross-site scripting (XSS) flaws and information disclosure vulnerabilities.

If you’d like to know more about the technical differences between these flaws, see the “Vulnerability Information” section of Microsoft’s bulletin. Technical differences aside, the remote code execution flaws pose significant risk to IE users, and allow attackers to launch drive-by download attacks. Furthermore, attackers often hijack legitimate web sites and force them to serve this kind of malicious web code. So these types of flaws can affect you no matter what types of web sites you frequent on the Internet. If you use IE, you should download and install the cumulative update immediately.

 

Solution Path:

These updates fix serious issues. You should download, test, and deploy the appropriate IE patches immediately, or let Windows Automatic Update do it for you. You can find links to the various IE updates in the “Affected and Non-Affected Software” section of Microsoft's IE security bulletin.

 

References:

· MS Security Bulletin MS12-037

Adobe Flash Update

 

Summary:

· This vulnerability affects: Adobe Flash Player  11.2.202.233 and earlier, running on all platforms (including Android)

· How an attacker exploits it: By enticing users to visit a website containing malicious Flash content

· Impact: In the worst case, an attacker can execute code on the user's computer, potentially gaining control of it

· What to do: Download and install the latest version of Adobe Flash Player (version 11.2.202.235 for computers)

Exposure:

Adobe Flash Player displays interactive, animated web content called Flash. Although Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including mobile operating systems like Android.

In a security bulletin released today, Adobe announced a patch that fixes a critical vulnerability in Adobe Flash Player 11.2.202.233 and earlier, running on all platforms (including Android platforms).

Adobe's bulletin describes the serious flaw as an "object confusion" vulnerability (CVE-2012-0779), and warns that attackers are currently exploiting it in the wild. They don't describe the object confusion issue in detail, but they do describe its impact. If an attacker can entice one of your users to visit a malicious website, or into handling specially crafted Flash content, he could exploit this flaw to execute code on that user's computer, with that user's privileges. If your users have administrator privileges, the attacker could gain full control of their computers.

So far, Adobe has only seen attackers exploiting this vulnerability against Windows computers, which is why they rate this a "Priority 1" issue for Windows, and recommend you apply the updates as soon as possible (within 72 hours).   However, the vulnerability technically affects other platforms as well, so I recommend you update any Flash capable device as soon as you can.

Solution Path

Adobe has released new versions of Flash Player (11.2.202.235 for computers and the latest 11.1.11x.x for Android) to fix these issues. If you allow Adobe Flash in your network, you should download and install the new versions immediately. If you've enabled Flash Player's recent "silent update" option, you will receive this update automatically.

· Download Flash Player for your computer:

· Download the latest Android Flash Player from Google Play [Visit from your Android device]

NOTE: Chrome ships with its own version of Flash, built-in. If you use Chrome as you web browser, you will also have to update it separately, though Chrome often receive its updates automatically.

Beware of this Facebook phishing scam

You may get an email that looks similar to this.  It looks legitimate because it has the Facebook font, the blue color that Facebook uses.  But if you click on the link you are taken somewhere else entirely. 

 

 

 

If you get something that looks suspicious to you in your email it probably is.  It is always best just to delete the email and not click on any of the links.  If you want to be sure, contact our office and we can assist you.

Glasser Tech 516-762-0155.

Fraudulent American Express Email

 

If you get an email claiming to be from American Express asking you to change or update your email address, DO NOT click on the links.  While this email looks legitimate, it is a fraudulent phishing email and the links do not point to American Express.

 

Please alert your staff to not respond or click on the links in this email.  AS always, if you have any question or doubt regarding an email is is always better to contact our office before opening.  Glasser Tech 516-762-0155.

LinkedIn for Lawyers CLE Seminar

Event Location:            Nassau County Bar Association

CLE Seminar Date:        Tuesday, May 22^nd - 8:30am-10am

LinkedIn for Lawyers - Unleash the Power of LinkedIn – “The Professional Network”.  Learn what LinkedIn is. Understand the Ethical Implications of Social Media.  This course will demonstrate how to setup LinkedIn, maximize your profile and use connections to foster business relationships.  Whether you already have a LinkedIn account or not, you will walk away with the knowledge to grow your practice.

Some of the topics include:
• What LinkedIn can do for you
• Setting up an account
• Maximizing your profile
• Connecting with people
• Ethical Implications
• Group participation
• Utilizing Status Updates to increase exposure


This class gives you 1.5 CLE credits.
- Ethics and Professionalism    .50
- Law Practice Management   1.00


Serminar Co-Presented by: 
Allison Shields, Legal Ease Consulting, Inc.
Michael Glasser, Glasser Tech LLC

To sign up Contact Maureen at the Nassau County Bar Association Tech Center: (516) 747-4464 ext. 228

Microsoft releases Windows, IE Critical Updates and Adobe releases update for harmful PDF’S

 

On April 10, 2012, Microsoft released 4 critical updates. The most critical update called MS12-027, is one that affects a diverse set of products including Office, SQL Server, Biztalk, Commerce Server, Visual FoxPro and Visual Basic.  Experts say the patch should be installed immediately because malware exploiting the vulnerability has already been used in attacks.

Nearly as critical is MS12-023, an update that fixes security flaws in all versions of Internet Explorer.  Microsoft has given the vulnerabilities an exploitability index of 1, which means malware attacking the flaws is likely within the next 30 days.  Patching IE is one of the most important things a company can do to maintain a strong security posture.

The remaining two critical updates, MS12-024 and MS12-024, fix flaws that leave Windows systems vulnerable to remote code execution.  the same danger is avoided in Office 2007 SP2 by deploying one of the important patches.

 

 

Adobe is encouraging you to update Adobe Reader and Adobe X 10.12 and earlier running on Windows, Mac and Linux

 

Adobe released a security bulletin describing four vulnerabilities in Adobe Reader and Acrobat X 10.1.2 and earlier, running on all supported platforms. Adobe doesn’t describe these flaws in much technically detail, but most of them involve integer overflow and memory corruption issues within Reader and Acrobat components. Despite their technical differences, all four vulnerabilities share a similar scope and impact. If an attacker can entice you into opening a specially crafted PDF file, he can exploit any of these issues to execute code on your computer, with your privileges. If you have root or system administrator privileges, the attacker gains complete control of your machine.

If you use Adobe Reader to open PDF documents, you should download and install this Reader update as soon as you can.

Summary:

• This vulnerability affects: Adobe Reader and Acrobat X 10.1.2 and earlier, running on Windows, Mac, and Linux
• How an attacker exploits it: By enticing your users into viewing maliciously crafted PDF documents
• Impact: An attacker can execute code on your computer, potentially gaining control of it
• What to do: Windows users should install Adobe’s Reader and Acrobat X 10.1.3 or 9.5.1 updates as soon as possible (or let Adobe’s Updater do it for you).

Solution Path

Adobe has released Reader and Acrobat X 10.1.3 (and 9.5.1 for legacy users) to fix these vulnerabilities. You should download and deploy the corresponding updates immediately, or let the Adobe Software Updater program do it for you.

• Adobe Reader X 10.1.3
  • For Windows
  • For Mac
  • For Linux
• Adobe Acrobat X 10.1.3
  • Standard and Pro for Windows
  • Pro Extended for Windows
  • Pro for Mac

 

Free iPad Seminar for Lawyers at the Suffolk Academy of Law

 

Glasser Tech will be holding a seminar at the Suffolk Academy of Law on Friday April 20, 2012.  A free lunch will be offered.

The luncheon will begin at noon with the presentation following from 12:30 to 2:10 PM. 

 

If you were among those who stood in line for the release of the new iPad in mid-March or even if you have a prior version you will want to be a part of the Academy’s free seminary, iPad for Lawyers. This program is presented by Glasser Tech and it will teach you all sorts of new tricks for the device, many of which you will undoubtedly find to be true time saving, practice enhancing applications for the busy attorney.

 

The program agenda includes such topics as documentation, collaboration, legal research, connecting to your office and applications that are legal specific software applications and comments from a laywers perspective will be added by Barry M. Smolowitz, Esq. (SCBA Technology Director and Past SCBA President), John R. Calcagni, Esq. (former Academy Dean and a current member of the SCBA Executive Committee), and Allison Shields, Esq. (principal of Legal Ease Consulting and a member of the Academy’s Advisory Committee).

 

The program agenda includes such topics as documentation, collaboration, legal research, connecting to your office, applications that are legal specific. Current and prospective iPad owners will walk away empowered to increase their productivity immediately.

 

The Academy anticipates that its April 20 complimentary lunch program on "iPads for Lawyers"will fill up early. To reserve your spot in the lecture hall, please call the Academy (631-234-5588) to enroll as soon as possible. If you must cancel after registering, please let the Academy know so that the spot may be given to another.

Bring your iPad if you have one.

4 Features of the New iPad

Retina Display - A screen with pixel density that more closely matches that of the human retina, there's a resolution of 2,048 x 1,536. That's significantly greater than that of the monitor you're looking at right now. At 264 pixels per inch, the new iPad's display is a thing of beauty, literally doubling that the of its predecessor.

iSight - The back camera (now classified as an iSight camera) can capture 1,080p video at 30 fps with audio and image stabilization. This is due to a new 5-megapixel sensor and is a big step up from iPad 2's 720p capability.

Cores - With the addition of four graphics cores in its A5X system-on-chip, the new iPad does not sacrifice a bit of its great battery life - according to Apple, which claims the same 10 hours of Wi-Fi Web surfing or media consumption and nine hours of cellular use on either device.

Communications - The biggest difference of the new iPad is in its communications capabilities. A new version of iOS now allows the iPad to be configured as a Wi-Fi hot spot for as many as five devices. The new iPad is equipped with Bluetooth 4.0, which adds high-speed and low-energy protocols and is backward-compatible. Wi-Fi capabilities are identical between old and new models. Pricing starts at $499 for Wi-Fi-only models and $629 for 4G. 

Michael Glasser
Glasser Tech LLC  
(516) 762-0155

Time Matters v. 11.1 is now available!

 

What’s new:

Improvement in Time Matters 11.1	Benefit to Customers
Integration with Exchange Server 2010	Allows firm members to synchronize their individual Time Matters calendars and contacts with Microsoft Outlook® for anytime access on their desktops or mobile phones. Enables firms to take advantage of the latest Exchange Server enhancements from Microsoft. Click here to see what's new in Exchange Server 2010.
Handling of recurring events in Exchange Server 2007 integration	Helps firms operate more efficiently-no need to manually re-enter or update multiple events in Time Matters when a recurring event is created or changed in Microsoft Outlook.
Import calendar events and contacts from previous Time Matters and Exchange Server 2003 and 2007 integrations	Reduces the time and cost required to upgrade to Exchange Server 2010.
Include and view the location and attending contact in Time Matters Mobility calendar events **Customers must previously have installed the most current version of the Time Matters Mobility Access Manager and subscribe to a current Time Matters Annual Maintenance Plan to access the feature.	Gives Time Matters Mobility users detailed information about an appointment on their Web-enabled smartphones or other mobile devices.
Quality improvements based on customer change requests	Addresses the issues customers have reported, helping the software continue to run smoothly.

If you have an annual Maintenance plan, this software upgrade is available to you at no cost.   If you have any questions regarding this upgrade, please call Glasser Tech at 516-762-0155.

Microsoft releases latest patches

 

Microsoft released nine new security bulletins fixing 21 vulnerabilities in all supported versions of Internet Explorer and the Windows operating system, Microsoft Office and .NET/Silverlight in its February Patch Tuesday release.

Four of the nine bulletins were rated "critical" because the vulnerabilities could result in remote code execution on the computer if exploited.

The critical bulletin addressing four flaws in all versions of Internet Explorer (MS12-010) should be top priority as attackers are increasingly relying on browser exploits to compromise users, security experts advised. These flaws can potentially be used in drive-by-downloads.

Even though the IE bulletin is rated as critical, the bugs were not publicly disclosed previously. Exploits targeting Windows Media have appeared within two weeks after Microsoft released a patch fixing remote code execution vulnerabilities (MS12-004) during January's Patch Tuesday release.

The .NET/Silverlight bug is applicable to both PCs and Macs as users browsing malicious Web pages can be hit by drive-by-download attacks.

The vulnerabilities in Internet Explorer and .NET/Silverlight may result in mass exploitation.

The Microsoft C Runtime flaw in Windows Media Player (MS12-013) is also dangerous as attackers could trick users in to opening a maliciously crafted media file. However, the attack vector is very limited, as the flaw does not affect Visual Studio or other third-party applications that dynamically link to msvcrt.dll.

Microsoft released two bulletins fixing the previously disclosed DLL-preload vulnerability this month.  Microsoft has patched various affected Microsoft applications 22 times to date. "It is safe to say we will continue to see the DLL preload vulnerability being addressed by Microsoft in the coming months," said Jason Miller, manager of research and development at VMware.

The DLL-preloading issue in the Color Control Panel (MS12-012) should probably have been rated as critical because there is a potential for remote code execution. This is important because the remote attacker would be limited to having the permissions of the logged in user.

The Office bulletin (MS12-015) fixes an issue in Visio Viewer. Visio is not as widely deployed as other Office programs, so many IT administrators may not have to worry about the issue.  The Visio vulnerability would likely be exploited in a spear phishing attack, where users would be tricked into opening a maliciously crafted Visio file.

Make sure your computers are up to date.  When Windows tells you that you have an update waiting, be sure to update your machine to protect against malicious attacks.

Patch for Internet Explorer to Avoid Drive by Downloads

 

Severity: High

Summary:

· This vulnerability affects: All current versions of Internet Explorer, running on all current versions of Windows (to varying extents)

· How an attacker exploits it: By enticing one of your users to visit a malicious web page

· Impact: Various; in the worst case an attacker can execute code on your user's computer, gaining complete control of it

· What to do: Deploy the appropriate Internet Explorer patches immediately, or let Windows Automatic Update do it for you

Exposure:

In a security bulletin released today as part of Patch Day, Microsoft describes four new vulnerabilities in Internet Explorer (IE) 9.0 and earlier versions, running on all current versions of Windows. Microsoft rates the aggregate severity of these new flaws as Critical.

The four vulnerabilities differ technically, but two of them share the same general scope and impact. These two issues involve memory corruption flaws related to the way IE mishandles various HTML objects. If an attacker can lure one of your users to a web page containing malicious web code, he could exploit either of these vulnerabilities to execute code on that user's computer by inheriting that user's privileges. Typically, Windows users have local administrative privileges, in which case the attacker gains complete control of your users' computers.

This update also fixes two less severe information disclosure vulnerabilities, which you can read more about in Microsoft's bulletin.

Today's attackers commonly hijack legitimate web pages and booby-trap them with malicious code. Often, even recognizable and authentic websites get hijacked in this way, and are forced to deliver drive-by download attacks. To avoid these types of attacks, we recommend that you install Microsoft's IE updates as quickly as you can.

Solution Path:

These patches fix serious issues. You should download, test, and deploy the appropriate IE patches immediately, or let Windows Automatic Update do it for you.

This link takes you directly to the “Affected and Non-Affected Software” section of Microsoft's IE bulletin, where you can find links for the various IE updates.

Adobe Flash Update Plugs 7 vulnerabilities

 

Summary:  

· This vulnerability affects: Adobe Flash Player 11.1.102.55 and earlier, running on all platforms. This also affects the Android version of Flash.

· How an attacker exploits it: By enticing your users to visit a website containing malicious Flash content

· Impact: In the worst case, an attacker can execute code on your computer, potentially gaining control of it

· What to do: Download and install the latest version of Adobe Flash Player

Exposure:

Adobe Flash Player displays interactive, animated web content called Flash. Though Flash is optional, 99% of PC users download and install it to view multimedia web content. It runs on many operating systems, including some mobiles like Android.

In a security bulletin released yesterday, Adobe warned of seven vulnerabilities (based on CVE numbers) that affect Adobe Flash Player 11.1.102.55 and earlier running on all platforms (including Android). Adobe's bulletin doesn't describe the flaws in much detail. However, it does warn that if an attacker can entice one of your users to visit a malicious website containing specially crafted Flash content, he could exploit many of these unspecified vulnerabilities to execute code on that user's computer, with that user's privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PCs.

Adobe also warns that attackers are exploiting one of these flaws, a zero day XSS vulnerability, in the wild. If you use Adobe Flash Player in your network, we recommend you download and deploy the latest version throughout your network immediately to mitigate the risk of this current attack.

Solution Path

Adobe has released new versions of Flash Player (11.1.102.62 for computers and 11.1.11x.x for Androids) to fix these issues. If you allow Adobe Flash in your network, you should download and install the new versions immediately:

· Download Flash Player for your computer [any platform]:

· Download Flash f0r Android 4.x [Visit from your Android device]

· Download Flash Player for Android 3.x and below [Visit from your Android device]

Adobe’s Shockwave update will help you avoid attacks

 

Adobe’s shockwave update takes are of 9 critical vulnerabilities that affect Adobe Shockwave Player 11.6.3.633 for windows and Macintosh (as well as all earlier versions). 

Without this update, an attacker can exploit Adobe shockwave by enticing users to visiting a website containing malicious shockwave content.  This allows attackers to execute code on your computer, potentially gaining control of it.

 

What you should do:  If you allow use of Shockwave in your network, you should download and deploy the latest version (11.6.4.634) of Adobe Shockwave Player as soon as possible.  Click below.

 

  

 

Keeping your computers up to date helps prevent you from malicious attacks.   If you have any questions or need help downloading this latest version of Adobe Shockwave Player, please feel free to call our office at 516-762-0155.

Adobe Patch Day delivers One Reader and Acrobat Update

 

Adobe has release one security bulletin that describes 6 vulnerabilities in Adobe Reader and Acrobat X 10.1.1. and earlier.  Adobe says that most of them involve memory corruption issues within Reader and Acrobat components.

Why is this important? 

If an attacker can get you to open a specially crafted PDF file, he can exploit these types of issues to execute computer code on your computer.

If you have root or system administrator privileges the attacker gains complete control of your machine.  To fix these issues Adobe has released these solution paths.

You should download and deploy the corresponding updates immediately, or let the Adobe Software Updater program do it for you.

· Adobe Reader X 10.1.2

o For Windows

o For Mac

· Adobe Acrobat X 10.1.2

o Standard and Pro for Windows

o Pro Extended for Windows

o Pro for Mac