Wednesday, September 23, 2015

Adobe Releases Critical Flash Patch



In recent months Adobe has released its patches to coincide with Microsoft’s Patch Tuesday.  This month, however, after finding many flaws in their Flash Player, Adobe has released an out of cycle patch that they are labeling as critical. 18 out of the 23 flaws found are considered critical and could allow for malicious code execution on your computer.  Other patches are for security flaws that could lead to information disclosure.

If you use Google Chrome, Microsoft Edge or Internet Explorer 10 or 11, Flash will automatically be updated through your browser and you do not need to do anything. 

If you are running a different browser or are a Mac user, you should update to Flash Player 19.0.0.185.   You can do that by clicking this link  Adobe Flash Update.
Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".
Michael Glasser, Glasser Tech LLC (516) 762-0155
Posted by at No comments:

Friday, August 14, 2015

Microsoft Patches for August - Adobe Flash Update



Microsoft

This month’s Patch Tuesday brought with it 4 fixes for critical flaws including a patch for Windows 10.  Altogether there were 14 bulletins covering flaws in IE, Office, Windows and Window Server. 

The four major fixes are as follows:

MS15-079 affects Internet Explorer.  This patch fixes flaws having to do with memory corruption that may allow an attacker to gain access after a user has visited a specific webpage. 

MS15-080 concerns .Net Framework, Silverlight and Microsoft Lynch where vulnerabilities might allow an attacker to gain administrative rights to a computer if the user was tricked into visiting a site with malicious code on it.

MS15-081 deals with flaws in Office allowing an attacker to run code from a remote location as the user that is logged in if a malicious file was opened.

MS15-091 applies to those users currently running Windows 10.  It deals with Windows’s 10 newest browser which is called Edge.  If a user visits a specific website, malicious code would allow an attacker to access the computer as a logged-in user. 

There are various other fixes for Windows 10 for performance and additional fixes that are listed as important which affect Office, Windows and Windows Server.

Glasser Tech recommends waiting for a while before switching over to Windows 10. 

Further details on other updates can be found here MicrosoftSecurity Bulletin

Adobe Flash Player also received an update for vulnerabilities.  Nearly every vulnerability addressed by Adobe could lead to code execution – that includes 15 use-after-free vulnerabilities, eight memory corruption vulnerabilities, five type confusion vulnerabilities, and five buffer overflow and heap buffer overflow bugs, as well as an integer overflow flaw.  

For more information on Adobe updates AdobeSecurity Bulletin

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".
Michael Glasser, Glasser Tech LLC (516) 762-0155
Posted by at No comments:

Wednesday, June 24, 2015

Adobe releases Emergency Security Update for Flash Player



Yesterday, Adobe released a security patch for Adobe Flash Player for Windows, MAC and Linux.  They found that an attacker can take control of a system because of vulnerability in Flash Player.  

Generally systems running Internet Explorer for Windows 7 and below as well as Firefox on Windows XP machines are the main targets.   Since Windows XP is no longer supported by Microsoft, you should replace any computer running this operating system with a newer model. 


Those running Windows 7 or higher should update their Adobe Flash player by clicking here   Adobe Flash Player

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".
Michael Glasser, Glasser Tech LLC (516) 762-0155
Posted by at No comments:

Wednesday, May 13, 2015

Critical Updates from Microsoft & Adobe



Microsoft
This month’s Patch Tuesday brings with it 13 security bulletins.  Microsoft has labeled 3 of them as critical affecting Windows 7, 8.1 and Windows 10 preview. 

Probably the most critical of the security bulletins is for Internet Explorer.  Many vulnerabilities have been addressed to prevent remote code execution when visiting targeted websites.   To check this update please click here. MS15-043

The second critical update is to correct Microsoft’s font drivers.  This protects against remote code execution if you were to open a specially crafted document or webpage that contains embedded True Type fonts.  MS15-044

The third bulletin deemed critical is in connection with the Windows Journal.  Specially crafted Journal files could cause remote code execution if a user were to open them.  SM15-045

Further details on other updates can be found here Microsoft Security Bulletin

Adobe Patches
This month’s Adobe patches are for 34 vulnerabilities in versions Acrobat X, Acrobat XI, Reader X and Reader XI.  These patches are for vulnerabilities in relation to bypassing restrictions in JavaScript API execution because of how they are or can be used in exploiting vulnerabilities.  The ability to execute JavaScript code gives attackers insight into getting memory arrangements to create memory corruption bugs.

Adobe Flash Player also received an update for vulnerabilities that would allow for code execution.  The update addresses memory corruption weaknesses.  There is also an update for two memory leak issues that may lead to information disclosure. Further, updates were released for a condition that bypasses Internet Explorer’s protected mode and one that would allow an attacker to write data to a file system with the same permission as the user. 

For more information on Adobe updates Adobe Security Bulletin

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".
Michael Glasser, Glasser Tech LLC (516) 762-0155
Posted by at No comments:

Wednesday, April 15, 2015

April Critical Updates from MIcrosoft, Adobe Flash and Oracle Java



For April Microsoft has released eleven security bulletins.  The four below are critical.  In addition see the Adobe Flash Player and Oracle Java Critical updates below.  

 Microsoft Critical Patches 

 Critical Patch #1 is MS115-033 which fixed a vulnerability in Office especially Word 2010.  It usually happens with an attacker gets you to open a Word DOCX file.  This file may be crafted to look like any other Word DOCX file but when opened could allow for remote code execution and run a program on your machine.
 
Critical Patch #2 is MS15-034 is to fix a vulnerability in HTTP.  This critical fix for all supported editions of Windows 7, Server 2008 R2, Windows 8, Windows Server 2012, Windows .1 and Windows Server 2012 R2 is to fix a potentially catastrophic fix for remote code execution.

Critical Patch #3 is a fix a security hole in Internet Explorer versions 6-11.  MS15-032

Critical Patch #4  is MS15-035 takes care of a flaw in Microsoft graphics component, files that are Enhanced Metafiles (EMF) can be exploited if an attacker gets you to open a file, website or brows to a specific EMF image file.

Adobe Flash Player has a critical fix.  APS15-06

Java - Oracle’s “critical patch update” plugs 15 security holes. If you have Java installed, please update it as soon as possible. Visit www.java.com and click the “Do I have Java?” link on the homepage. Updates also should be available via the Java Control Panel or from the Java website. 
As always, it is important to keep your computer up to date to avoid exploits such as those mentioned as well for optimal performance.  

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".
Michael Glasser, Glasser Tech LLC (516) 762-0155
Posted by at No comments:

Monday, March 23, 2015

It’s March Madness for Microsoft this month as they release 14 separate security-related updates.



MS15-018 This update is cumulative and addresses several vulnerabilities which affect all supported versions of Internet Explorer.

MS15-019 repairs a scripting vulnerability in some older Windows versions

MS15-020 fixes a flaw in the way Microsoft Text Services handles objects in memory and how Microsoft Windows handles the loading of DLL files. This fix is associated with the bugs originally associated with Stuxnet, in 2010.

MS15-021 addresses an issue with the Adobe Font Driver. These vulnerabilities may allow remote code execution.

MS15-022 applies to all supported Microsoft Office versions (2007, 2010, and 2013), as well as the server-based Office Web Apps and SharePoint Server products. It fixes three known vulnerabilities in Office document formats as well as multiple cross-site scripting issues for SharePoint Server. The worst outcome allows remote code execution.  

Eight of the remaining nine updates affect Microsoft Windows, and the ninth update is to fix a Microsoft Exchange issue.

One of these updates is to resolve a problem with Windows Task Scheduler.  This issue was that a user could bypass file access controls and run executables files. Another update is to fix a DOS (Denial of Service) that only affects systems where Remote Desktop Protocol (RDP) is enabled. (By default, RDP is off on all Windows versions.)

MS15-031, fixes what has been known as the Schannel vulnerability, more popularly known as the FREAK technique . This update means Microsoft and Apple platforms are secured for Internet Explorer in Windows 10.

Systems with Internet Explorer 11 are also receiving an update to the built-in Flash Player code.

Also this month there are a number of other recommended updates.


If you have a Server with Microsoft Windows Server 2003 please note that support for Server 2003 ends July 14, 2015.  It is time to contact us to replace your 2003 server.

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".
Michael Glasser, Glasser Tech LLC (516) 762-0155
Posted by at No comments:

Wednesday, February 11, 2015

February Microsoft Patch Tuesday


Updates this month include 9 updates to fix Internet Explorer.  Three of these updates are rated critical.  Those are:

MS15-009   This fix it for 40 reported vulnerabilities in Internet Explorer.  It includes a fix for XSS cross site scripting that allows attackers to steal credentials from visitors to a compromised website. 

MS15-010    This fix takes care of vulnerabilities that involve flaws in the Windows kernel-level component that handles TrueType fonts.

MS15-011.    This update fixes the vulnerability of devices connected to windows domains.  Users can be exploited by being convinced to connect to an untrusted network, such as a wifi hotspot.

There are also updates for Microsoft Excel and Visual Studio 2010 Tools for Office.

 If you are Running Windows Server 2003 please note that MS15-011 will not be released for that operating system.  Extended support for Server 2003 ends July 14, 2015.  Given this vulnerability it is time to contact us to replace this soon to be unsupported product.

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".
Michael Glasser, Glasser Tech LLC (516) 762-0155
Posted by at No comments:
Subscribe to: Posts (Atom)