IT News, Solutions and Support

Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: Current Events (page 1 of 2)

Microsoft releases 14 patches for Windows

bug-162019

Microsoft released patches for 14 vulnerabilities in its Windows operating system, Office and Internet Explorer software on Tuesday, including four it deemed critical, it’s highest severity rating.

All four of the critical bugs could allow attackers to remotely execute programs on a targeted system, something that in the past has allowed hackers to steal personal information such as passwords or take over machines for the purpose of sending spam.

The patches were released as part of the company’s monthly “patch Tuesdaysecurity update for its major software products. The company had originally planned to deliver 16 updates Tuesday, but two are marked as yet to appear. They include one that was expected to carry a critical rating.

At 14, the number of patches is a monthly record for 2013 and 2014.

They include a problem with Windows Object Linking and Embedding that could allow remote code execution if the user visits a website containing malicious code. If the user is logged in as the administrator, the attacker could gain the ability to install programs and change and delete data. A related patch for Internet Explorer fixes the vulnerability with malicious websites and 16 other problems with the software, said Microsoft.

A security update for the Microsoft Secure Channel software in Windows fixes a problem that leaves Windows Server vulnerable to attack from specially crafted packets. The fourth critical patch fixes a hole in Windows that allows attackers to invoke Microsoft XML Core Services from a malicious website and then remotely execute code on a target system.

A further seven patches are marked as important—the second highest rank.

One vulnerability in Microsoft Office allows for remote execution of code, four additional problems allow attackers to assign themselves higher privileges and two allow bypass of certain security features in Windows.

via Microsoft releases 14 patches for Windows security problems | PCWorld.

More than a million people have signed up to test Windows 10

Thinking about giving the Windows 10 preview build a shot? You aren’t the only one — according to Microsoft, its Windows Insider Program hit one million registrants over the weekend, giving a lot of potential users access to the latest build of its next-gen operating system. Joining the Windows Insider Program doesn’t necessarily translate to an installed preview, but it is the only way to get access to Windows 10 currently. While it’s not clear how many of those millions have installed the OS, Microsoft says it has received over 200,000 pieces of feedback through Windows’ native feedback application.

Microsoft has reason to believe that most of that feedback is from extensive use, not just folks dipping their toe in the OS: its stats indicate that less than half of all installs are running on virtual machines, meaning most of its users installed Windows 10 natively. It also learned that most users are using more than seven apps a day. The team says that it’s currently trying to categorize and process all of the feature requests and feedback its receiving, and promises to continue to revise and improve the OS before launch.

via More than a million people have signed up to test Windows 10.

Microsoft Patch Tuesday tackles three critical vulnerabilities, including ‘Sandworm’ | PCWorld

After a relatively quiet few months, Microsoft Patch Tuesday is back in full force, covering three zero-day vulnerabilities that administrators should attend to as quickly as possible.

Microsoft issued eight security bulletins Tuesday, covering a total of 24 vulnerabilities found in Windows, Internet Explorer, Office and the .Net framework. Three of the bulletins are marked as critical, which means administrators should test and apply these patches immediately. A single bulletin can cover multiple vulnerabilities within one technology.

Three of these vulnerabilities are already being exploited by malicious attackers, hence they are being called zero-day vulnerabilities. This is the first time in recent history—and perhaps ever—that Microsoft has fixed three zero-day vulnerabilities in a single round of patches, which Microsoft typically issues on the second Tuesday of each month.

“Sandworm” is the most notorious of the three and is a vulnerability in Microsoft Windows that has already been used in attacks on NATO and a number of European government agencies, telecommunication firms and energy companies, according to cyberthreat intelligence firm iSight. Microsoft Bulletin MS14-060 fixes this bug.

“This is an urgent one to fix,” said Wolfgang Kandek, chief technology officer for IT security firm Qualys.

Microsoft marked MS14-060 as important rather than critical because for the attack to work, it would require a user to click on a file. Qualys ranks this vulnerability as more severe in that it is pretty easy to trick a single person into clicking on a file, such as a PowerPoint presentation, which would be all that would be required for an attacker to gain access to an internal network with a well-crafted script, Kandek said.

Sandworm is a good reminder for administrators to make sure that they set the user permissions correctly on desktop and laptop computers, meaning not to give an end user full administrative privileges on the machine, Kandek said.

Internet Explorer gets patched, too

The second zero-day flaw addresses a problem in Internet Explorer and the fix is found in MS14-056. This vulnerability “could allow an attacker to break out of the sandboxing capabilities in Internet Explorer,” said Amol Sarwate, director of vulnerability research at Qualys.

The third zero-day, addressed in MS14-058, also comes from a flaw within Windows, namely from the way the operating system kernel drivers handle TrueType fonts. An attacker could embed some malicious code within a TrueType font. When a user visits a site with these ill fonts, Windows will download the font package and automatically execute the code buried within.

Beyond Microsoft’s patches, administrators will also have a busy week with patches from Adobe and Oracle, Kandek said.

On Tuesday, Adobe released a set of patches for its Flash multimedia player. Oracle is also releasing a wide range of patches for its enterprise software. In particular, administrators should take a look at the Java patches, Kandek advised.

via Microsoft Patch Tuesday tackles three critical vulnerabilities, including ‘Sandworm’ | PCWorld.

Groundskeeper Willie Makes Plea for Scottish Independence [VIDEO]

Groundskeeper Willie of ‘The Simpsons’ Makes Plea for Scottish Independence [VIDEO].

Listen up, people of Scotland: Groundskeeper Willie has some political advice for you.

Aye Or Die

Groundskeeper Willie – The Simpsons

The beloved Simpsons character is taking a stand in a video recently released by Fox, saying he is pro-independence. Scotland will be voting on Sept. 18 to decide if the country will separate from the United Kingdom.

In the video, the kilt-wearing Springfield Elementary School janitor makes a case for independence, touting the country’s oil reserves and whiskey-making capabilities.

“Scotland is the home to two-thirds of Europe’s oil reserves,” Willie says. “Notice how in no country rich in oil does a man wear pants. We also make a fine damn whiskey. And we spell whiskey right, too!” (Scots prefer spelling it “whisky.”)

He even volunteers himself to lead the potentially newly independent country, instead of “safe choice” Alex Salmond: “Willie won’t back down to world leaders because I haven’t a clue who they are, and I’m not willin’ to learn!”

Sounds like the ideal candidate. Willie, if things don’t work out in Scotland, we hear Toronto is looking for a new mayor…

The 26th season of The Simpsons premieres on Sept. 28.

BONUS: 5 ‘Simpsons’ Facts You Might Not D’oh!

 

 

 

Why Breach Detection Is Your New Must-Have, Cyber Security Tool | TechCrunch

Why Breach Detection Is Your New Must-Have, Cyber Security Tool | TechCrunch.

Cyber attacks are all over the news, and it seems like no one is immune — Home Depot, Target, Adobe and eBay included. So why are CIOs still fighting cyber criminals with one hand tied behind their backs?

Shockingly, most companies are still relying on outdated, only partially effective methods to protect their sensitive data, mainly with technology that focuses on preventing incoming attacks. But actually stopping bad guys from slipping inside enterprise networks and getting their hands on sensitive data is nearly impossible these days. In fact, among organizations with over 5,000 computers, over 90 percent have an active breach of some sort at any given time. What’s worse, those organizations may not even know about it…

…The most concerning part of all this is that very few organizations are now using new breach-detection technologies and can actually discover these ongoing breaches themselves, meaning attacks are even more destructive for their victims. Despite numerous alerts, Target, for example, didn’t detect the recent breach that led to 40 million stolen credit card numbers….Read More

 

 

Apple’s next iPhone event confirmed for September 9th

Apple’s next iPhone event confirmed for September 9th.

In case you haven’t heard. iPhone 6, bigger screens, smart watch, hype and ballyhoo.

 

1000 businesses hit with Target cyberattack

Over 1,000 US businesses hit with the same cyberattack as Target

With cyber attacks happening almost daily these days, when was the last time you changed your password?

So far, only seven of the more than 1000 companies have come forward and acknowledged they were hacked, according to the Secret Service, supposing they are still unaware that they were attacked. So how safe is your data online?

Target’s massive data breach grabbed headlines right in the middle of holiday shopping that year, and the fallout continues. According to a Department of Homeland Security advisory this afternoon, the attacks that hit the red-hued retailer, along with Supervalu and UPS, are much more widespread than first reported. The so-called “Backoff” malware in various versions has actually hit more than 1,000 businesses in the States, allowing hackers to snag info from millions of credit card payments. Remote network access for contractors provides the avenue for entry, and the announcement suggests that companies have vendors take a close look at their systems for possible criminal activity. It’s also calling for businesses to put cash registers on a separate network and employ two-factor authentication to help combat would-be intruders.

[Photo credit: Joe Raedle/Getty Images]

via Over 1,000 US businesses hit with the same cyberattack as Target.

1000 businesses hit with Target cyberattack

Related: Most U.S. Businesses Don’t Know They Were Caught Up In Massive Cyberattack

Dialog boxes may be killing Internet Explorer

Internet Explorer running slow? Dialog boxes could be at fault

Internet Explorer running slow? Dialog boxes could be at fault | PCWorld

 

If you’ve noticed Internet Explorer running slowly lately—or just halting altogether—here’s one possible cause: dialog boxes.

On Friday, the same day that Microsoft recommended users download the latest updates for Windows 7 and 8, Microsoft issued a hotfix for Internet Explorer. According to asupport article issued Friday, “web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time.”

Microsoft issued the hotfix for Internet Explorer versions 7 through 11—basically every major version.

For more information about how Dialog boxes may be killing Internet Explorer, follow the source link below to check out the PC World article to find out how to fix the problem.

via Internet Explorer running slow? Dialog boxes could be at fault | PCWorld.

Looking Ahead To Windows 10 | TechCrunch

A preview of Windows 10 will be made available in either September or October, according to ZDNet’s Mary Jo Foley. That timeline keeps ‘Threshold’ — Windows 10’s codename — out into the public market as a finished product likely in early 2015.

The Windows 8 era isn’t merely closing, it’s racing to an end.

via Looking Ahead To Windows 10 | TechCrunch.

Net Neutrality – Bravo Mr. President

Tech Companies Praise The President For Speaking Out In Favor Of Net Neutrality | TechCrunch.

President Barack Obama spoke in favor of net neutrality this week. Finally.

One of the issues around net neutrality is whether you are creating different rates or charges for different content providers. That’s the big controversy here. So you have big, wealthy media companies who might be willing to pay more and also charge more for spectrum, more bandwidth on the Internet so they can stream movies faster.

I personally, the position of my administration, as well as a lot of the companies here, is that you don’t want to start getting a differentiation in how accessible the Internet is to different users. You want to leave it open so the next Google and the next Facebook can succeed.

That’s correct. Bravo Mr. President.

Tech Companies Praise The President For Speaking Out In Favor Of Net Neutrality | TechCrunch

Older posts