BREAKING NEWS!
Okay, it’s time to secure the perimeters again. Flaws have been found and the updates are ready to be installed. If you are running software from Microsoft, Adobe or Oracle, the updates are available.
Adobe released a fix for 22 flaws, while Microsoft has 11 updates bundles to fix more than two dozen bugs in Windows and associated software. Oracle in the mean time has an update for its Java software that fixes at least 15 flaws, all of which are exploitable remotely without authentication. Yes, you read that right! Exploitable by cybercriminals who are waiting by the sidelines for an opportunity to pounce on you.
Adobe’s patch includes a fix, click this link, https://helpx.adobe.com/security/products/flash-player/apsb15-06.html, for a zero-day bug (see Definition) (CV-2015-3043) that is already being exploited. Windows are Mac user are advised to update Adobe Flash Player to 17.0.0.169. Adobe Flash Player for Google Chrome and Internet Explorer on Windows 8.x should automatically update to the current version. Alternatively, you may click the triple bar on the right of the address bar on chrome and select “About Google” Chrome, click the apply update button and restart the browser.
Do take note when you download the recent version of Flash from its homepage, disable unwanted add-ons, like McAfee Security Scan. Uncheck the pre-checked box before downloading it.
Microsoft released eleven security bulletins this month, four of which are deemed critical of which are exploitable, allowing cybercriminals to break into vulnerable systems. The patch fixes flaws for Windows, Internet Explorer, Office and .NET. Since .NET takes a considerable time to update – you could make yourself a cup of coffee or tea, a snack, and it would have yet to update when you get back – it’s best to apply the other updates, restart Windows and then install .NET update, if it is available for your system.
Please take note that critical security update, MS-15-.35, isn’t needed on Windows running 8.1 or Windows Server 2012 and later. It does, however, apply to Windows Vista and Windows 7 as well as Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2.
Click here for a detail list of the Windows updates.
In the mean while, Oracle quarterly critical patch update fixes fifteen security holes. If you have Java installed, you are advice to update it as soon as possible. To check if you have Java installed, Windows users can check the listing in the Add/Remove Program list or visit Java.com and click “Do I Have Java?” A point to note is that Oracle has ended support for Java 7 after this update. Oracle is quietly migrating Java 7 users to Java 8.
As advice by the experts, if you do not have a specific use for Java, remove it. This may not apply to businesses, which often have a legacy and custom applications that rely on Java. To quote Brian Krebs of KrebsonSecurity, “This widely installed and powerful program is riddled with security holes, and is a top target of malware writers and miscreants.”
If you really need to use Java, you can minimize the chance of the bad guys taking advantage of it by unplugging it from the browser unless and until you are at site that requires it.
Definition
Zero-day bug – is unknown to the vendor and is exploited by cybercriminals before the vendors becomes aware of it and fixes it.
Source
- Krebs On Security.
- ZDNet.
- Security TechCenter (Microsoft).