Blog: Cybersecurity & Cyber Defense

Blog: Cybersecurity & Cyber Defense

Patch Tuesday Update - April 2014

The End is Near Here!

We have officially reached the end of support for Windows XP today. If you have not already moved off of XP to Windows 7 or Windows 8 remember that without ongoing patch support from Microsoft for XP you are now exposed too much greater risk. An interim solution that will be able to run your current Windows XP applications may be to move to Windows 2003. This allows you to effectively buy yourself another year of operating on a supported platform that does not require modifications to your applications until you can update your applications and then move to a current generation Windows OS.

This April 2014 Patch Tuesday includes 4 bulletins — 2 Critical and 2 Important

  • MS14-017 is a Critical issue that impact Microsoft Word and Office Web Applications that could allow a Remote Code Execution. Reportedly it is under active attack. The patch mitigates 3 CVE issues; CVE-2014-1757, CVE-2014-1761

SEC503 Intrusion Detection In-depth Videos

Information security training video

SEC503: Intrusion Detection In-Depth. A 2-part video is available (link URL's) that demonstrates the types of hands-on exercises that are performed when you take SEC503. The scenario is that an unusually large SMTP MIME attachment is discovered from a custom Bro script and the aftermath is that a massive exfiltration is uncovered. Once determined, additional tools are used to understand the origin of the exfiltration activity.

The tools used in the demonstration are those that are taught and reinforced by hands-on exercises. The demonstrated tools are Bro, Wireshark, SiLK, and tcpdump, although many more are covered in the class.

If you are interested in seeing that types of hands-on exercises performed in the class, take a look at this 2-part video:

Patch Tuesday Update - March 2014

Large IE Cumulative Update Leads March Patch Tuesday Priorities

After a short break in January from cumulative updates for IE, February and now March Patch Tuesday remind us that large cumulative updates in IE are expected occurrences on Patch Tuesday.

From Microsoft today we have 5 bulletins shown below in priority order (highest priority first) this Patch Tuesday only 2 are critical and 3 are important:

  • MS14-012 is a cumulative security update for IE, it handles multiple critical issues that could allow for Remote Code Execution. This patch is the highest priority as reportedly at least 2 of the issues are actively being exploited in the wild. The patch provides mitigations for 24 CVE's; CVE-2014-0314; CVE-2014-0322; CVE-2014-0324; CVE-2014-0302; CVE-2014-0298; CVE-2014-0308; CVE-2014-0304; CVE-2014-0305; CVE-2014-0306; CVE-2014-0309; CVE-2014-0297; CVE-2014-0313; CVE-2014-0307; CVE-2014-0321; CVE-2014-0311; CVE-2014-0297; CVE-2014-0312;

Patch Tuesday Update - February 2014

The Big Patch Tuesday Story Is Not About Microsoft

Last month the primary focus for many on Patch Tuesday was all about Oracle and their huge quarterly patch release. This month the big story is an emergency patch for an Adobe Zero-Day with ongoing active attacks currently being seen in the wild.

This emergency patch is set as the highest priority because of its widespread usage. Adobe released an emergency fix this week to handle active attacks currently being seen in the wild against Flash Player plug in for IE and other browsers. Get the details on Adobe's site.

From Microsoft today we have 7 bulletins shown below, highest priority first. Of these Patch Tuesday bulletins 4 are listed as "critical" and 3 are labeled "important:"

  1. MS14-010 is a cumulative security update for IE, ...

Patch Tuesday Update - January 2014

2014 Is Off To A Good Start With Microsoft - Not So Good With Oracle

A collective sigh of relief from IT & Cyber Security professionals after reviewing Microsoft's January Patch Tuesday security bulletins.a light workload! Microsoft released four (4) bulletins this January 2014 Patch Tuesday and none are rated critical. Security patches to mitigate a Remote Execution issue in SharePoint Sever and Microsoft Word, Kernel issue in XP and Windows 2003, Kernel issue associated with Elevation of Privileges in Windows 7 and Windows Server 2008 R2, and Denial of Service issue in Microsoft Dynamic AX.

Oracle is more than making up for Microsoft's light workload in January! Oracle is releasing just fewer than 150 fixes that will impact about 47 of their products. Approximately 85 of the issues are remotely exploitable and without any need for user authenticationOuch! While Oracle will be the focus this Patch Tuesday for IT flaw remediation, do not discount the risk