Adobe Releases Critical Flash Patch

In recent months Adobe has released its patches to coincide with Microsoft’s Patch Tuesday.  This month, however, after finding many flaws in their Flash Player, Adobe has released an out of cycle patch that they are labeling as critical. 18 out of the 23 flaws found are considered critical and could allow for malicious code execution on your computer.  Other patches are for security flaws that could lead to information disclosure.

If you use Google Chrome, Microsoft Edge or Internet Explorer 10 or 11, Flash will automatically be updated through your browser and you do not need to do anything. 

If you are running a different browser or are a Mac user, you should update to Flash Player 19.0.0.185.   You can do that by clicking this link  Adobe Flash Update.

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".

Michael Glasser, Glasser Tech LLC (516) 762-0155

Microsoft Patches for August - Adobe Flash Update

Microsoft

This month’s Patch Tuesday brought with it 4 fixes for critical flaws including a patch for Windows 10.  Altogether there were 14 bulletins covering flaws in IE, Office, Windows and Window Server. 

The four major fixes are as follows:

MS15-079 affects Internet Explorer.  This patch fixes flaws having to do with memory corruption that may allow an attacker to gain access after a user has visited a specific webpage. 

MS15-080 concerns .Net Framework, Silverlight and Microsoft Lynch where vulnerabilities might allow an attacker to gain administrative rights to a computer if the user was tricked into visiting a site with malicious code on it.

MS15-081 deals with flaws in Office allowing an attacker to run code from a remote location as the user that is logged in if a malicious file was opened.

MS15-091 applies to those users currently running Windows 10.  It deals with Windows’s 10 newest browser which is called Edge.  If a user visits a specific website, malicious code would allow an attacker to access the computer as a logged-in user. 

There are various other fixes for Windows 10 for performance and additional fixes that are listed as important which affect Office, Windows and Windows Server.

Glasser Tech recommends waiting for a while before switching over to Windows 10. 

Further details on other updates can be found here MicrosoftSecurity Bulletin

Adobe Flash Player also received an update for vulnerabilities.  Nearly every vulnerability addressed by Adobe could lead to code execution – that includes 15 use-after-free vulnerabilities, eight memory corruption vulnerabilities, five type confusion vulnerabilities, and five buffer overflow and heap buffer overflow bugs, as well as an integer overflow flaw.  

For more information on Adobe updates AdobeSecurity Bulletin

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".

Michael Glasser, Glasser Tech LLC (516) 762-0155

Adobe releases Emergency Security Update for Flash Player

Yesterday, Adobe released a security patch for Adobe Flash Player for Windows, MAC and Linux.  They found that an attacker can take control of a system because of vulnerability in Flash Player.  

Generally systems running Internet Explorer for Windows 7 and below as well as Firefox on Windows XP machines are the main targets.   Since Windows XP is no longer supported by Microsoft, you should replace any computer running this operating system with a newer model. 

Those running Windows 7 or higher should update their Adobe Flash player by clicking here   Adobe Flash Player. 

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".

Michael Glasser, Glasser Tech LLC (516) 762-0155

Critical Updates from Microsoft & Adobe

Microsoft

This month’s Patch Tuesday brings with it 13 security bulletins.  Microsoft has labeled 3 of them as critical affecting Windows 7, 8.1 and Windows 10 preview. 

Probably the most critical of the security bulletins is for Internet Explorer.  Many vulnerabilities have been addressed to prevent remote code execution when visiting targeted websites.   To check this update please click here. MS15-043

The second critical update is to correct Microsoft’s font drivers.  This protects against remote code execution if you were to open a specially crafted document or webpage that contains embedded True Type fonts.  MS15-044

The third bulletin deemed critical is in connection with the Windows Journal.  Specially crafted Journal files could cause remote code execution if a user were to open them.  SM15-045

Further details on other updates can be found here Microsoft Security Bulletin

Adobe Patches

This month’s Adobe patches are for 34 vulnerabilities in versions Acrobat X, Acrobat XI, Reader X and Reader XI.  These patches are for vulnerabilities in relation to bypassing restrictions in JavaScript API execution because of how they are or can be used in exploiting vulnerabilities.  The ability to execute JavaScript code gives attackers insight into getting memory arrangements to create memory corruption bugs.

Adobe Flash Player also received an update for vulnerabilities that would allow for code execution.  The update addresses memory corruption weaknesses.  There is also an update for two memory leak issues that may lead to information disclosure. Further, updates were released for a condition that bypasses Internet Explorer’s protected mode and one that would allow an attacker to write data to a file system with the same permission as the user. 

For more information on Adobe updates Adobe Security Bulletin

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".

Michael Glasser, Glasser Tech LLC (516) 762-0155

April Critical Updates from MIcrosoft, Adobe Flash and Oracle Java

For April Microsoft has released eleven security bulletins.  The four below are critical.  In addition see the Adobe Flash Player and Oracle Java Critical updates below.  

Microsoft Critical Patches 

Critical Patch #1 is MS115-033 which fixed a vulnerability in Office especially Word 2010.  It usually happens with an attacker gets you to open a Word DOCX file.  This file may be crafted to look like any other Word DOCX file but when opened could allow for remote code execution and run a program on your machine.
 
Critical Patch #2 is MS15-034 is to fix a vulnerability in HTTP.  This critical fix for all supported editions of Windows 7, Server 2008 R2, Windows 8, Windows Server 2012, Windows .1 and Windows Server 2012 R2 is to fix a potentially catastrophic fix for remote code execution.

Critical Patch #3 is a fix a security hole in Internet Explorer versions 6-11.  MS15-032

Critical Patch #4  is MS15-035 takes care of a flaw in Microsoft graphics component, files that are Enhanced Metafiles (EMF) can be exploited if an attacker gets you to open a file, website or brows to a specific EMF image file.

Adobe Flash Player has a critical fix.  APS15-06

Java - Oracle’s “critical patch update” plugs 15 security holes. If you have Java installed, please update it as soon as possible. Visit www.java.com and click the “Do I have Java?” link on the homepage. Updates also should be available via the Java Control Panel or from the Java website. 


As always, it is important to keep your computer up to date to avoid exploits such as those mentioned as well for optimal performance.  

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".

Michael Glasser, Glasser Tech LLC (516) 762-0155

It’s March Madness for Microsoft this month as they release 14 separate security-related updates.

MS15-018 This update is cumulative and addresses several vulnerabilities which affect all supported versions of Internet Explorer.

MS15-019 repairs a scripting vulnerability in some older Windows versions

MS15-020 fixes a flaw in the way Microsoft Text Services handles objects in memory and how Microsoft Windows handles the loading of DLL files. This fix is associated with the bugs originally associated with Stuxnet, in 2010.

MS15-021 addresses an issue with the Adobe Font Driver. These vulnerabilities may allow remote code execution.

MS15-022 applies to all supported Microsoft Office versions (2007, 2010, and 2013), as well as the server-based Office Web Apps and SharePoint Server products. It fixes three known vulnerabilities in Office document formats as well as multiple cross-site scripting issues for SharePoint Server. The worst outcome allows remote code execution.  

Eight of the remaining nine updates affect Microsoft Windows, and the ninth update is to fix a Microsoft Exchange issue.

One of these updates is to resolve a problem with Windows Task Scheduler.  This issue was that a user could bypass file access controls and run executables files. Another update is to fix a DOS (Denial of Service) that only affects systems where Remote Desktop Protocol (RDP) is enabled. (By default, RDP is off on all Windows versions.)

MS15-031, fixes what has been known as the Schannel vulnerability, more popularly known as the FREAK technique . This update means Microsoft and Apple platforms are secured for Internet Explorer in Windows 10.

Systems with Internet Explorer 11 are also receiving an update to the built-in Flash Player code.

Also this month there are a number of other recommended updates.


If you have a Server with Microsoft Windows Server 2003 please note that support for Server 2003 ends July 14, 2015.  It is time to contact us to replace your 2003 server.

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".

Michael Glasser, Glasser Tech LLC (516) 762-0155

February Microsoft Patch Tuesday

Updates this month include 9 updates to fix Internet Explorer.  Three of these updates are rated critical.  Those are:

MS15-009   This fix it for 40 reported vulnerabilities in Internet Explorer.  It includes a fix for XSS cross site scripting that allows attackers to steal credentials from visitors to a compromised website. 

MS15-010    This fix takes care of vulnerabilities that involve flaws in the Windows kernel-level component that handles TrueType fonts.

MS15-011.    This update fixes the vulnerability of devices connected to windows domains.  Users can be exploited by being convinced to connect to an untrusted network, such as a wifi hotspot.

There are also updates for Microsoft Excel and Visual Studio 2010 Tools for Office.

If you are Running Windows Server 2003 please note that MS15-011 will not be released for that operating system.  Extended support for Server 2003 ends July 14, 2015.  Given this vulnerability it is time to contact us to replace this soon to be unsupported product.

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".

Michael Glasser, Glasser Tech LLC (516) 762-0155

May’s Patch Tuesday

 

 

Patch Tuesday this month brought 8 bulletins from Microsoft and Adobe patches as well.    Microsoft has labeled two of the eight bulletins as critical, but none of the bulletins address any issues with Windows XP.  This seems to mean that while Microsoft continued to patch Windows XP with the last update, they will no longer be considering XP going forward.  Windows XP users are now vulnerable as Microsoft will no longer be focusing resources to patch this out of date operating system.  This will probably lead to many attacks as hackers now know that XP machines are vulnerable. 

The two critical patches concern the possibility of remote code execution.   This would be in IE versions 6-11.  There is also a patch for a flaw in the Windows shell interface that could allow a user to gain administrator privileges with the right set of code.

Users of SharePoint should review the windows update MS14-022 which is a fix for a vulnerability that that might allow an attacker to update a file with malicious code.

It is important to keep your computer up to date.  If your computer is not set to run windows update automatically, you should check it so that you can update it manually when needed.

Also released this month are Adobe patches for Reader, Flash and Illustrator.   Keep in mind that Adobe also no longer releases updates or patches for versions of its software that are running on the Windows XP machines.

If you are running Windows XP on any of your machines, it is critical that you replace those machines.  Now that Microsoft has stopped support for Windows XP, you are leaving your network open to attack. 

Internet Explorer Flaw poses Serious Risk to Users

 

Last Saturday, Microsoft reported that because of a new security flaw found in Internet Explorer, hackers can take over your computer remotely if you go to certain malicious websites.

All you need to do is visit a website that hackers have attacked, then malware gets downloaded onto your computer that allows them to be able to gain control of your PC.  This allows them to obtain passwords and other private information or see everything you are doing.  This flaw applies to Internet Explorer versions 6-11.

What is Microsoft going to do?

Microsoft plans to roll out a windows update for newer operating systems.  This will probably happen during the next Patch Tuesday which will be in May.  If your Windows updates are enabled, it will be done automatically.  If you do not have Windows Updates enabled you should check if there are any updates available.

Important Info for those with Windows XP!

If you have a computer with the  Windows XP operating system you will continue to remain vulnerable as Microsoft stopped supporting this operating system April 8, 2014 and it will no longer be patched.  It is best to replace any Windows XP machines to keep your network safe. 

What can be done prior to Microsoft releasing the fix?

 

 

We recommend using an alternate browser like Google Chrome instead of Internet Explorer.  You can download Chrome by clicking here.

 

Adobe has also issued a Patch

 

 

 

Adobe released a flash update fixing a new exploit as well. The patch will fix a flaw in Flash media player, where hackers could run code on your system if you are lured to a website with specially crafted Flash content.

To fix this flaw go to Adobe Flash Player.  Remember to uncheck the free offer.  It may be for Google or McAfee.  Also remember that some browsers like Chrome and IE 11 embed Flash directly, so you will also have to update those browsers individually.

Of course we are always happy to assist you.  If you have any questions, please call us at 516-762-0155. 

This month’s Patch Tuesday is all about flaws in Internet Explorer

 

Patch Tuesday brings with it a fix for 18 new patches for Internet explorer.  These updates are critical.  After a review of the new patches, it appears that most of them have to do with flaws causing memory corruption and how Internet Explorer handles HTML.  There is a possibility if you get on a website containing certain code that an attacker could gain control of your computer.  It is important to always keep your computer up to date. 

If your computer is set to update automatically you have no reason to be concerned.  If you want to know more about this month’s security patches, please click HERE.

As always, please feel to contact our office if you have any questions.

Emergency Flash and IE fixes

 

I know you are probably thinking that patch Tuesday already happened this month, so why are Adobe and Microsoft releasing further patches?  It was recently discovered that hackers were able to exploit certain websites through security holes in Adobe Flash and Internet Explorer versions 9 and 10.  The latest version of Flash should be 12.0.0.70.  To find out what version of Flash you have, click here.

To find out more about the Internet Explorer 9 and 10 fix, click here. 

Tired of worrying about all of these fixes and patches? The best way to keep your systems up to date, is with proactive patching.  With Glasser Tech’s Proactive Care, we take care of all of the patching for you.  We will make sure that your computers have the latest patches and fixes as soon as they are available.  It’s one less thing for you to worry about.  To find out more, give us a call at 516-762-0155 

February Patch Tuesday

 

Patch Tuesday has arrived with multiple patches for Windows.  Twenty four vulnerabilities lie in Internet Explorer.   There is a cumulative update  MS14-010: Cumulative Security update for Internet Explorer (2909921) This is considered to be a critical update for Internet Explorer.  This update corrects how Internet Explorer handles objects in memory and adds additional permission validations to internet Explorer. It also corrects flaws that could allow remote code execution where an attacker could get into a computer if the user went to a particular website. If automatic updates are enabled on your computer, this security update will be downloaded and installed automatically.

Other patches include MS14-005: Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure (2916036) 

MS14-006 Vulnerability in IPv6 Could Allow Denial of Service (2904659)

MS14-007 Vulnerability in Direct2D Could Allow Remote Code Execution (2912390)

MS14-008 Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)

MS14-009 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2916607)

MS14-010 Cumulative Security Update for Internet Explorer (2909921)

MS14-011 Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)

 

 

Also today, Adobe released a new patch for their Shockwave Player to fix two vulnerabilities.     You can download the latest player by visiting Adobe's Shockwave Player Site. 

 

As always, if you have any questions or concerns, please feel free to contact us as 516-762-0155. 

Your Adobe Flash Player needs an update!

 

 

Adobe has recently released a software upgrade to Adobe Flash.  This update is encouraged as Adobe feels that a vulnerability in lower versions would allow attackers to take control of your system.  This most recent version of Adobe Flash Player can be downloaded by going to the Adobe site.  click here

 

Be aware of other installers within the Adobe site such as Google Chrome or McAfee.  To make sure you are only downloading the latest version of Adobe Flash Player, uncheck where it also says to install Google Chrome or McAfee.  The most recent version of Flash should be 12.0.0.44.

 

If you have any questions regarding this recent update, please feel free to contact our office at 516-762-0155.

Make sure your computer is up to date!

This month there were some serious updates released.  First, we will start with the most recent JAVA update.  

 

Oracle released several updates including 36 fixes for Java SE.  These fixes are to prevent hackers from getting into your computer.  Oracle feels strongly that customers should update their computer as soon as possible.  The easiest way to know if you have a current version of JAVA is to go to their website www.java.com and click on the free download. 

The next update to talk about is for Adobe.

 

Adobe has released an update for Flash, Reader and Acrobat Players.  Without this update, you could unknowingly allow an attacker to cause crashes and gain control of your computer.  You can find the full bulletin for Adobe Reader and Acrobat by logging on to this site Adobe Security Bulletin.  Updates for Flash Player can be found at this site Adobe Flash Security Bulletin.

Last on the list are Microsoft Windows XP updates. 

  

Microsoft has released some updates for Windows XP, an operating system which will no longer be supported after April of this year. If you have the Windows XP operating system, you should probably replace the machine but if for some reason you can’t, you should make sure it is  up to date.  To view the 4 updates provided this month, go to Microsoft Security Bulletin Summary. Microsoft would also like to make sure you are on the latest version of Internet Explorer, however, keep in mind that some older versions of software will not work with the newest version.  If your computer is not set to update Windows automatically, go to the start button, then Control Panel and click on Windows updates.

Should you have any questions regarding these or any updates, please feel free to contact us at 516-762-0155.

December’s Patch Tuesday

 

It’s the last Patch Tuesday of the year!  Microsoft released patches for 24 vulnerabilities yesterday along with 11 security bulletins.  For the Patch Tuesday bulletin click here.

 

Critical Bulletins include:

 

Bulletin MS13-097 which is regarding Internet Explorer.  This fix prevents users being exploited by maliciously crafted web pages.

 

Bulletin MS13-098  is to assist with attackers being allowed to add their own malware to software being installed on a computer over a network.

 

Bulletin MS13-099 is about vulnerability in the Windows Script functionality that allows remote attackers access though a website that hosts special content.

 

Bulletin MS-105 is to take care of problems with Outlook Web Access that could allow an attacker to gain access to Microsoft Exchange.

 

Adobe Patches

 

Adobe also release a patch for Flash and Shockwave Player

 

An attacker could try to get you to run malicious Flash or Shockwave content from a website or from content embedded within some documents.  To install these updates go to for Shockwave click here and for Adobe Flash update click here.

 

Remember

 

Windows XP machines will no longer be supported by Microsoft as of April, 2014.  Microsoft will stop issuing security patches or fixes for known issues leaving your computer and/or network at risk.  Be proactive and replace your XP machines prior to April, 2014. 

 

Summary:

The latest patches from Microsoft illustrate the need for companies to initiate automated patching as well as move from older versions of Microsoft Software that pose security risks. 

Keeping your computer up to date is critical for your systems security.  Keep in mind that if have our GT Proactive Care all patches and updates would be done automatically for you.  If you have any questions regarding the latest round of updates or GT Proactive Care, please call us. (516) 762-0155.

November’s Patch Tuesday

 

 

 

Yesterday’s Patch Tuesday brought lots of updates.  One of the key updates was a fix for Adobe’s Flash Player Software for Windows, Mac, Linux and Android devices.  If you have Windows 8, you will want to update manually if your Flash is not set to update automatically.  This update of Flash is version 11.9.900.152.  You can download the latest version of Flash by clicking here.

 

Also there are 5 important Microsoft updates to fix vulnerabilities in Microsoft Active X Control, Graphics Device Interface overflow, Ancillary function driver and Digital Signature Handling.  There are also fixes for Multiple word Memory Corruption Vulnerabilities and the Outlook S/MIME information disclosure flaw.  To get to these updates you can go to this page or go to automatic updates and choose for your updates to run automatically.  If your computer is set to automatic your computer was probably already updated.

 

**Note to Windows XP users.  Tuesdays updates have cause some issues with the SVChost.exe taking up all of the CPU usage.  If you experience this problem, please call our office.  516-762-0155. 

 

Keeping your computer up to date is the best way for it to function optimally.  Keep in mind that if you have Glasser Tech’s Proactive Care all patches and updates would be done automatically for you.  If you have any questions regarding November’s updates or Proactive Care, please feel free to call us. 516-762-0155.

 

Be aware of attackers exploiting TIFF Image Files

 

On November 5, 2013, Microsoft release a critical advisory warning customers of a vulnerability regarding TIFF images. 

 

Basically it has to do with how versions of Windows, Office and Lync handle TIFF images.  If you are lured into viewing a malicious image, including ones that are already embedded into Office documents, code can be executed on your computer that would allow the attacker to gain control of your computer.

 

Mostly these images have been arriving as malicious Word documents that have an embedded TIFF in them.  They would probably be sent to you in an email. 

 

Microsoft is working on a patch for this.  However, in the meantime, they have released a FixIt which you can apply.  While a FixIt is not considered a full patch, it is helpful.  When bulletins arrive like this, we can easily block TIFF images for you if you had a Watchguard Firewall.  To find out more about Watchguard Firewalls, please give us a call at Glasser Tech at 516-762-0155.

D-Link Router Backdoor Security Alert

D-Link will address by the end of October a security issue in some of its routers that could allow attackers to change the device settings without requiring a username and password.  The issue consists of a backdoor-type function built into the firmware of some D-Link routers that can be used to bypass the normal authentication procedure on their Web-based user interfaces.  D-Link will release firmware updates to address the vulnerability in affected routers by the end of October, the networking equipment manufacturer said via email.  This backdoor poses a threat because any user who connects to the wireless or any piece of malware running on a computer inside the network can exploit it to make unauthorized changes to the router’s configuration. Such changes can have serious security consequences.  For example, changing the DNS (Domain Name System) servers used by the router—and inherently every device on the network—with DNS servers controlled by an attacker would enable the attacker to redirect users to rogue websites when trying to access legitimate ones.  If you receive unsolicited emails that relate to security vulnerabilities and prompt you to action, please ignore it.  When you click on links in such emails, it could allow unauthorized persons to access your router. 

It is our recommendation to utilize a Business Class Firewall instead of a Router meant for home use.  Low cost home routers have features that automatically open potential security holes (UPNP).  While the UPNP feature makes it easy to get an XBOX Game Console or home automation thermostat working on the internet, a malicious piece of software could open your whole network to the world.  Firewalls inherently have enhanced security features that protect the network.  Firewalls such as the one we utilize (WatchGuard) do not have UPNP and include subscription services that allow us to proactively protect the network including blocking known and emerging malicious websites and antivirus scanning of all downloaded files.  Here is a link that describes some of the services available for the WatchGuard Firewall.  

We strongly suggest you take a Proactive approach rather than a Reactive approach.    
Call us to find out more about solutions to protect your network and your data.


Michael Glasser, Glasser Tech LLC (516) 762-0155

Beware of new malware that holds your data hostage

 

You probably have had some exposure to spyware, malware and viruses.  There are the typical spyware/malware instances that have been around for years that display tons of pop ups or look like an antivirus program that is telling you that you have spyware and you should scan with their scan.  Then there is spyware/malware that locks up your desktop by displaying a message that the government is watching you.  But this new malware causes so much damage it can be put into a category all by itself.

 

What is does is this:  It looks at your local and network drives and share folders and will ENCRYPT files matching a set of extensions from common applications that you probably use.  These include Word, Word Perfect, Excel, etc. 

 

What this means:   You can’t get into ANY of your files. 

 

How it gets in:  Malware/spyware comes in through e-mail attachments, drive-by downloads from websites that are infected, a trojan-downloaded or backdoor scenario or manual infiltration though remote desktop protocol.

 

What can you do? 

 

1)  First, be sure that you are checking your back up every day.  A good backup is the best chance for restoration of your data. 

 

2) You should also have a firewall to proactively block known websites that tend to be infected. 

 

3) All of your computers should be up to date with the latest windows updates installed. 

 

4) Restrict all Users from being able to install Applications to their computers.  While some users may find this annoying, we have found that this reduces the risk of a network breach/compromise.

 

5) Patch Management.  Patch management would automatically apply updates such as Windows, Flash, Java, Acrobat Reader, etc.  Quite often we find clients that do not have Patch Management have security holes because not all users are applying all the patches.

 

Let us help you pro-actively block spyware, malware and viruses.  Call Glasser Tech at 516-762-0155

Microsoft Releases Critical Temporary Fix for Internet Explorer

Microsoft “Fix it”

Vulnerability affects: All Internet Explorer Versions.

How an attacker exploits it:  Microsoft says:  "This would typically occur when an attacker compromises the security of trusted websites regularly frequented, or convinces someone to click on a link in an email or instant message" 

Impact:  In the worst case, an attacker can execute code on your user’s computer, potentially gaining complete control of it.

What to do: Click Here to Connect to the Website and Download the Fix it

The ‘Fix it' applies only to 32-bit versions of Internet Explorer.  If you are running 64-bit, the ‘Fix it' cannot be applied.

Three Other Microsoft Recommendations on the Advisory:  

1) "Enable the MHTML protocol lockdown"

2) "Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones"

3) "Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone."

In its advisory, Microsoft said that it was actively working to release a patch for the issue, either in its next monthly security update – due out Oct. 8 – or in an out-of-cycle release.

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".

Michael Glasser, Glasser Tech LLC (516) 762-0155

What’s important for you to know about this month’s Patch Tuesday

 

Patches are available this month for Microsoft, Adobe and Java.

 

First, let’s start with Adobe.

 

This month’s patches are for Reader (and Acrobat) Adobe Flash Player and Shockwave Player.

 

To reach the appropriate patches for Adobe, click on these links.

 

· APSB13-23: Two Shockwave Player Memory Corruption Vulnerabilities

· APSB13-22: Multiple Reader and Acrobat  Vulnerabilities

· APSB13-21: Four Flash Player Memory Corruption Flaws

 

There were also updates released for Microsoft’s Office and Internet Explorer

 

September’s Microsoft Patch includes fixes for 47 issues and 13 bulletins.  A list of these updates can be found at Microsoft Security Bulletin Summary for September 2013.

 

Some of the more important vulnerabilities include:

· MS13-070: OLE Code Execution Vulnerability

· MS13-071:  Windows Theme Code Execution Vulnerability

· MS13-076: Multiple Kernel-Mode Driver Elevation of Privilege Vulnerabilities

· MS13-077:  Service Control Manager Elevation of Privilege Vulnerabilities

· MS13-079:  Active Directory DoS Flaw

 

Also have you updated your Java recently?

 

The website theregister.co.uk states that 81 percent of businesses run outdated Java.  What is Java?  Java is a programming language.  Many websites need Java to run properly. 

 

You should download the latest version of Java by going to their website java.com

 

Updates are important because they protect you from vulnerabilities.  When your computer is updated, you are less apt to be hacked. 

Internet Explorer Gets Another Patch

 

 

The latest IE Patch fix is to protect all versions of Internet Explorer.  Currently attackers are trying to exploit users by luring them to web pages containing malicious content.  If your users go to these sites an attacker can execute code that allows them to control the computer. 

What can you do?   Install any of Microsoft’s Internet Explorer updates immediately. 

If you want to see Microsoft’s complete security bulletin describing the 11 holes fixed by the recent update, Click Here.

If you feel uncomfortable doing updates yourself and would like us to assist you.  Please call Glasser Tech at 516-762-0155. 

Get your Java fix here

 

 

Java has released a fix for 40 vulnerabilities (including Apple)

These vulnerabilities affect the Oracle Java Runtime Environment (JRE) and Java Development Kit (JDK) 7 Update 21 and earlier on all platforms.

An attacker can exploit users by luring them to a malicious web page containing specially crafted Java. 

The best thing to do is Install JRE and JDK 7 Update 25 (or Apple’s OS X update)

Oracle released JRE and JEK Update 25 to correct 40 vulnerabilities which they consider to be high risk.  Most of the flaws are remote code execution issues in the worst case scenario, this malicious code could allow someone to take control of your computer.   If you own an Apple Computer, Apple has released a Java update for OS X.  Mac users should update their Java as well.

If you use Java, download and install the Java update to protect your computer.  You may often see pop-ups on your screen asking you to update Java.  If you do, please do the update.  Otherwise you can get to the update by clicking this link  Oracle's June Java Security Advisory.

If you don’t use Java, uninstall it.

If you need help with this update, please contact our office, Glasser Tech 516-762-0155. 

Critical IE update is released as part of June’s Patch Tuesday.

June 11, 2013

As part of Today’s Patch Tuesday, Microsoft has released five security bulletins, one for Internet Explorer (IE), three for Windows and it’s components and one for Microsoft Office. 

The Internet Explorer patch is rated critical.  We suggest that if your computer hasn’t already updated automatically that you run windows updates to fix these Internet Explorer issues. 

This patch fixes 19 vulnerabilities, most of them could allow attackers to gain control of your computer. 

To find out more about this particular Microsoft patch Click Here

Microsoft releases patches for Word

 

If you use Word in your office for Word Processing, you should know that this week  Microsoft released a patch for a vulnerability within Word having to do with RCE which stands for remote code execution. 

An attacker may entice one of your users to download and open a document that includes malicious code.  This might grant an attacker full access to the end user computer.  This flaw affects Word and Word Viewer 2003.  You can update Word using the following patch:

MS13-043

IE Vulnerability

 

As part of Microsoft’s Patch day, two security bulletins were released regarding security issues with Internet Explorer.  Both updated are rated critical.  

The new flaws are that  attackers can lure of of your users to a web page containing malicious HTML.  Because of this, an attacker can exploit these vulnerabilities and execute code on the end user’s computer. 

As always, it is important to download and install Windows updates or set your computer to do it automatically to install the latest patches and prevent problems.  The two security bulletins are as follows:

MS13-037

MS13-038

Adobe releases patch for 4 Flash Security Holes

If you have Adobe Flash Player 11.6.602.171 and earlier, running on any platform you need to install the latest patch to avoid possibly being enticed to visit a website containing malicious Flash content.  The the worst case scenario, an attacker can execute code on your computer potentially gaining control of it.  

The fix is easy.  Download the latest version of Adobe Flash Player Click Here. 

Adobe has rated this update a Priority 1 for windows users and recommends you apply the update as soon as possible.   If you’ve enabled Flash Player’s recent “silent update” option, you will receive this update automatically.

Microsoft Patch Tuesday-March 2013

 

Most of the patches this month are for Microsoft Office.   Click here to see the official Microsoft release

The most important vulnerabilities are listed below:

There is a Cumulative Security Update for Internet Explorer 6-10. 

There is an Update for Silverlight for vulnerability that could allow Remote Code Execution.

An update for a vulnerability in Microsoft Visio Viewer 2010 that could allow Remote Code Execution

There are vulnerabilities in SharePoint that could allow Elevation of Privilege

An update for a Vulnerability in Microsoft OneNote that could allow information disclosure

Vulnerabilities in Office Outlook for MAC that could allow information disclosure

Vulnerabilities i Kernel-Mode Drivers that could allow elevation of Privilege

You can watch a webcast of this Security Bulletin release by clicking here .

Keeping your machine current by running Windows updates makes your machine more secure.  This can also be done automatically through GlasserTech’s ProActive Care.  With ProActive Care, we update your computer for you.  For more information on ProActive Care give us a call at 516-762-0155 or email us at solutions@glassertech.com.

Updates and more updates. Another reason to get managed services from Glasser Tech

Do you notice while you are sitting there trying to concentrate that you are getting pops ups for updates for Windows, Java, Adobe and other programs?  We know it’s annoying and distracting.  Ultimately, it’s just one more thing to worry about.  Do I need this update? does it matter?.  How does it affect me? 

Again this week Java released an update to fix two NEW flaws. Java is a programming language that enhances web pages. They consider these flaws to be putting you at risk for exposure.  

With Glasser Tech ProActive Care you won’t ever have to worry about updates again.  We take care of all the updates automatically.  So while we do our work, you can do your work with no distractions. 

In addition to updates, Glasser Tech takes care of all of your network monitoring.  We can schedule preventative IT maintenance designed to keep your network operating efficiently. Overall, this reduces the number of emergency incidents you encounter.

Managed services costs so little compared to expensive downtime. 

Glasser Tech Proactive Care offers 24/7, 365 day network monitoring coupled with preventative IT maintenance that ensures optimum network uptime.

Call Glasser Tech today and ask for a complimentary network evaluation.   516-762-0155 or email us at Solutions@glassertech.com

Free Law Firm CLE Seminar

Glasser Tech LLC and Thomson Reuters

Free Lunch & Learn Legal Productivity Seminar

_______________________________________________________________________
CLE Seminar Date:
• Thursday March 7, 2013 - 12pm -1:30 pm
_______________________________________________________________________

The program features top productivity solutions offered by Thomson Reuters.

Michael Glasser and Ken Hale from Glasser Tech LLC will be bring insight to being able to work from anywhere at any time.

To Register Click Here

This class gives you 1 NYMCLE Credits.

Location:  Nassau County Bar Association, 15th & West Streets, Mineola, NY 11501

February 2012 Java Update

Java Emergency Update
This vulnerability affects: All Java Windows and Mac Versions.
How an attacker exploits it:  Multiple vectors of attack, including luring your users to a malicious web page containing specially crafted Java
Impact: This type of attack could result in: the installation of malware; lead to identity theft; the computer could become a botnet - which can then be used in denial-of-service attacks against other sites.
What to do Part 1: Click Here to Download the Patch 7u13 
What to do Part 2: We suggest disabling Java in your Browser unless you absolutely need it. Click Here to Learn How to Disable Java in your Browser
What to do Part 3: If you absolutely need Java enabled in your Web Browser we suggest the following:  Install a Firewall at your office.  Set the Firewall to Block All Java Applets.  Allow Exceptions only for those that are required for your business.  

If you don't have Java, don't install it.   Click Here to see if you have Java enabled

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".

Michael Glasser, Glasser Tech LLC (516) 762-0155

Java Emergency Patch Released...However, we Recommend Disabling Java in your Web Browser

Java Emergency Patch
This vulnerability affects: Java Windows and Mac Versions.
How an attacker exploits it:  The issue could be exploited if someone visits a Web site that's been set up with malicious code to take advantage of the hole.
Impact: This type of attack could result in: the installation of malware; lead to identity theft; the computer could become a botnet - which can then be used in denial-of-service attacks against other sites.
What to do Part 1: Click Here to Download the Patch
What to do Part 2: We suggest disabling Java in your Browser unless you absolutely need it. Click Here to Learn How to Disable Java in your Browser
What to do Part 3: If you absolutely need Java enabled in your Web Browser we suggest the following:  Install a Firewall at your office.  Set the Firewall to Block All Java Applets.  Allow Exceptions only for those that are required for your business.  

If you don't have Java, don't install it.   Click Here to see if you have Java enabled

Clients with our Proactive Solution to Patch Management Automatically get the Updates.  

Contact us to find out how you can become "Proactive" instead of "Reactive".

Michael Glasser, Glasser Tech LLC (516) 762-0155