Blog: Cybersecurity & Cyber Defense

Blog: Cybersecurity & Cyber Defense

Patch Tuesday Update - July 2014

July Patch Tuesday Brings 6 Bulletins Addressing 29 CVE's

This Patch Tuesday we have 6 bulletins — 1 Moderate, 3 Important and 2 Critical. While July's patches address 29 CVE issues none are reportedly being used in the wild. Several issues reported during the Pwn2Own hacking contest are corrected this Patch Tuesday.

Looking at the details:


  • MS14-037 is a Cumulative Security Update for IE. It is rated critical and mitigates 24 CVE issues. Only 1 was reported publicly and it addresses a certificate handling issue.

  • MS14-038 mitigates a Critical issue that impacts the Windows Journal that could allow a Click2Pwn exploit. This patch mitigates 1 CVE related issue.

  • MS14-039 is an Important issue that mitigates a vulnerability in the On-Screen Keyboard that could allow an
...

Patch Tuesday Update - June 2014

June Patch Tuesday Brings 7 Bulletins Addressing 66 CVE's
Good News Is - None Are Being Used In Active Attacks

This Patch Tuesday we have 7 bulletins — 5 Important and 2 Critical. While June's patches address 66 CVE issues none are reportedly being used in the wild. In fact only two of the 66 CVE's were publicly disclosed.

Looking at the details


  • MS14-030 is an Important issue that impacts Remote Desktop that could allow Tampering. This patch mitigates 1 CVE related issue.

  • MS14-031 is an Important issue that impacts the TCP Protocol that could allow a Denial of Service. This patch mitigates 1 CVE related issue.

  • MS14-032 is an Important issue that impacts Lync Server that could allow Information Disclosure. This patch mitigates 1 CVE related issue.

...

Patch Tuesday Update - May 2014

Yes It's A Busy Patch Tuesday — But There Is Good News In The Details

Microsoft delivers 8 Patches in total — 2 are Critical and 6 are Important. Microsoft seems to be digging in deeper and is clearly going beyond simply focusing on critical issues in its addressing of a larger numbers important level issues again this Patch Tuesday. This is good as it can actually improve our longer-term security prospects by eliminating these issues from being available in a bad guys playbook.

Suggested priorities:

As expected MS14-029 for IE is at the top of the priority list this atch Tuesday because one of the CVEs it addresses is under active attack in the wild.

The next priority is MS14-024 addressing an issue in MSCommon Control as it also has been used in active attacks to bypass ASLR. The Good News for IT this Patch Tuesday is that while this is only an Important rated issue, fixing this will go a long way in helping to protect customers

...

Patch Tuesday Update - April 2014

The End is Near Here!

We have officially reached the end of support for Windows XP today. If you have not already moved off of XP to Windows 7 or Windows 8 remember that without ongoing patch support from Microsoft for XP you are now exposed too much greater risk. An interim solution that will be able to run your current Windows XP applications may be to move to Windows 2003. This allows you to effectively buy yourself another year of operating on a supported platform that does not require modifications to your applications until you can update your applications and then move to a current generation Windows OS.

This April 2014 Patch Tuesday includes 4 bulletins — 2 Critical and 2 Important


  • MS14-017 is a Critical issue that impact Microsoft Word and Office Web Applications that could allow a Remote Code Execution. Reportedly it is under active attack. The patch mitigates 3 CVE issues; CVE-2014-1757, CVE-2014-1761
...

SEC503 Intrusion Detection In-depth Videos

Information security training video

SEC503: Intrusion Detection In-Depth. A 2-part video is available (link URL's) that demonstrates the types of hands-on exercises that are performed when you take SEC503. The scenario is that an unusually large SMTP MIME attachment is discovered from a custom Bro script and the aftermath is that a massive exfiltration is uncovered. Once determined, additional tools are used to understand the origin of the exfiltration activity.

The tools used in the demonstration are those that are taught and reinforced by hands-on exercises. The demonstrated tools are Bro, Wireshark, SiLK, and tcpdump, although many more are covered in the class.

If you are interested in seeing that types of hands-on exercises performed in the class, take a look at this 2-part video: