IT Security & Policy Alerts

Microsoft and Adobe Updates for May 2012

Tue, 08 May 2012 00:00:00 CDT

Microsoft Updates

Microsoft released 7 security bulletins (3 rated critical and 4 rated important) that address 23 vulnerabilities in Microsoft Windows, Office, Silverlight, and .NET Framework.

LSU computers will download and install the updates as scheduled by either its group policy or local security center settings. Remember to close all applications at the end of work day today because several updates require a reboot to complete installation.

More information on the Microsoft bulletins – http://technet.microsoft.com/en-us/security/bulletin/ms12-may

Adobe Updates

Adobe released 5 security bulletins that address critical vulnerabilities in Adobe Shockwave Player, Flash, Photoshop, and Illustrator. Users should update to the latest supported versions. Please note that the Adobe Flash Player update has a "Priority 1" rating by Adobe and should be applied first. A Secunia package has already been created and is being deployed to computers subscribed to the LSU Secunia CSI service.

Security bulletins from Adobe

APSB12-09 Priority 1 security update for Adobe Flash Player (http://www.adobe.com/support/security/bulletins/apsb12-09.html)
APSB12-09 Priority 3 security update for Adobe Illustrator (http://www.adobe.com/support/security/bulletins/apsb12-10.html)
APSB12-09 Priority 3 security update for Adobe Photoshop (http://www.adobe.com/support/security/bulletins/apsb12-11.html)
APSB12-09 Priority 3 security update for Adobe Flash Professional (http://www.adobe.com/support/security/bulletins/apsb12-12.html)
APSB12-09 Priority 2 security update for Adobe Shockwave Player (http://www.adobes.com/support/security/bulletins/apsb12-13.html)

Priority Level Definitions

Priority 1: This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for instance, within 72 hours).
Priority 2: This update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits. Adobe recommends administrators install the update soon (for instance, within 30 days).
Priority 3: This update resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.

Metadata

Tue, 10 Apr 2012 12:27:59 CDT

Every day computer users share photos, word processing documents, spreadsheets, presentations, audio clips, and other types of digital files with people around the world. What you may not know is that these files may inadvertently include private or sensitive information about you or your organization in the form of metadata. To help you maintain both your privacy and security, we will explain what metadata is, how you can find and remove it, and some steps to take to protect yourself.

OUCH! Newsletter for April 2012: http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201204_en.pdf

The OUCH! newsletter is a monthly security awareness publication by the SANS Securing the Human program.

Microsoft and Adobe Updates for April 2012

Tue, 10 Apr 2012 00:00:00 CDT

Microsoft Updates

Microsoft released 6 security bulletins (4 rated critical and 2 rated important) that address 7 vulnerabilities in Microsoft products.

The following two updates should be applied as soon as possible because they pose the greatest risk

MS12-027 (Windows Common Controls): This security update resolves a CVE in the MSCOMCTL.OCX ActiveX control, which could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability.
MS12-023 (Internet Explorer): This security update resolves five CVEs in Internet Explorer, which could allow a third party to gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

LSU computers will download and install the updates as scheduled by either its group policy or local security center settings. Remember to close all applications at the end of work day today because several updates require a reboot to complete installation.

More information on the Microsoft bulletins – http://technet.microsoft.com/en-us/security/bulletin/ms12-apr

Adobe Updates

Adobe released a security bulletin that address critical vulnerabilities in Adobe Reader and Acrobat. Users should update to the latest supported versions.

The vulnerability affects the following versions of Adobe Reader and Acrobat.

Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh (Priority 2)
Adobe Reader 9.5 and earlier 9.x versions for Windows and Macintosh (Priority 1)
Adobe Reader 9.5 and earlier 9.x versions for Macintosh (Priority 2)
Adobe Reader 9.4.6 and earlier 9.x versions for Linux (Priority 2)
Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh (Priority 2)
Adobe Acrobat 9.5 and earlier 9.x versions for Windows (Priority 1)
Adobe Acrobat 9.5 and earlier 9.x versions for Macintosh (Priority 2)

Priority Level Definitions

Priority 1: This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for instance, within 72 hours).
Priority 2: This update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits. Adobe recommends administrators install the update soon (for instance, within 30 days).

Adobe recommends users of Adobe Reader X and Acrobat X 10.1.2 and earlier versions for Windows and Macintosh update to 10.1.3. Users of Adobe Reader and Acrobat 9.5 and earlier versions for Windows, Macintosh, and Linux should update to 9.5.1. Departments participating in the Secunia Service from ITS will receive the update for Windows through WSUS when it becomes available. To learn more about the Secunia Service visit https://its-secunia.lsu.edu

More information on Adobe's Security Bulletin APSB12-08 - http://www.adobe.com/support/security/bulletins/apsb12-08.html

Phishing Attempt "Important Message From Helpdesk!!"

Wed, 04 Apr 2012 10:39:05 CDT

University IT security analyst have received alerts concerning a phishing attempt with a subject line "Important Message From Helpdesk!!". The message is states that your mailbox has exceeded one or more size limits set by your administrator. It asks you to click on a link to reset your account. This e-mail is a fraudulent message. Please delete the message.

A copy of the message for reference is posted below.

Critical Priority 2 Update for Adobe Flash Player

Wed, 28 Mar 2012 10:29:54 CDT

Adobe has released an update for Adobe Flash Player that is categorized as Critical Priority 2.

Critical: A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.
Priority 2: This update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits. Adobe recommends administrators install the update soon (for instance, within 30 days).

The vulnerability affects the following versions of Adobe Flash Player.

Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x

Adobe recommends users of Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.228. Users of Adobe Flash Player 11.1.102.63 and earlier versions for Solaris should update to Adobe Flash Player 11.2.202.223. Departments participating in the Secunia Service from ITS will receive the update through WSUS when it becomes available.

For users who cannot update to Flash Player 11.2.202.228, Adobe has developed a patched version of Flash Player 10.3, Flash Player 10.3.183.18. Users with Flash Player 9 or previous should upgrade to Flash Player 10 or 11 as soon as possible.

Users of Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.8 by browsing to the Android Marketplace on an Android device.

For more information on this update, read Adobe's Security Bulletin APSB12-07 (http://www.adobe.com/support/security/bulletins/apsb12-07.html)

Microsoft Remote Desktop Protocol Exploit

Fri, 16 Mar 2012 16:44:30 CDT

The exploit code for the dangerous vulnerability in Microsoft Remote Desktop Protocol(RDP) has been released in the wild. Currently, the exploit code remotely causes the target computer to blue screen, but it won't be long before someone figures out how to make it run arbitrary codes. *All* versions of Windows are affected.

MS12-020 was patched by Microsoft this Tuesday. Windows machines on the LSU domain with default Windows Update policy should have already installed the patch automatically and rebooted. However, please make sure that your critical servers and workstations have this patch and got rebooted.

In addition, it is highly recommended that you restrict RDP port 3389/TCP on all Windows machines that you manage to specific machines or subnet(s). This will cut down on the attack surface for this vulnerability as well as the RDP brute force attacks that we experience constantly. On Windows Vista, 7, Server 2008, 2008R2, network level authentication should be enabled for RDP.

For more information, please visit:

http://technet.microsoft.com/en-us/security/bulletin/ms12-020

http://www.zdnet.com/blog/security/exploit-code-published-for-rdp-worm-hole-does-microsoft-have-a-leak/10860

http://aluigi.org/adv/ms12-020_leak.txt

http://www.scmagazine.com.au/News/293996,rdp-proof-of-concept-triggers-blue-screen-of-death.aspx

As always, if you have any questions or concerns, please feel free to contact us (its-security@lsu.edu).

Microsoft and Adobe Updates

Wed, 14 Mar 2012 07:50:11 CDT

Microsoft Updates

Microsoft released 6 security bulletins (1 rated critical, 4 rated important, and 1 rated moderate)

that address 7 vulnerabilities in Microsoft products.

Critical Bulletin MS 12-020 is a remote code execution in the Remote Desktop Protocol. All

versions of Microsoft Windows should apply this update as soon as possible.

LSU computers will download and install the updates as scheduled by either its group policy

or local security center settings. Remember to close all applications at the end of work day today

because several updates require a reboot to complete installation.

More information on the Microsoft bulletins – http://technet.microsoft.com/en-us/security/bulletin/ms12-mar

Adobe Updates

Adobe released 2 security bulletins that address critical vulnerabilities in Adobe Flash Player

and important vulnerabilities in Coldfusion. Users should update to the latest supported versions.

A Secunia package for Adobe Flash Player should be deployed later this week to patch clients

participating in the Secunia Service from ITS.

More information on the Adobe bulletins – http://www.adobe.com/support/security/

E-mail Dos and Don'ts

Thu, 01 Mar 2012 00:00:00 CST

E-mail has become one of the primary ways we communicate, both in our personal and professional lives. However, e-mail can be confusing to use, resulting in mistakes that can hurt you or your organization Quite often we can be our own worst enemy when using e-mail. In this newsletter we will explain the most common mistakes people make with e-mail and how you can avoid them in your day-to-day life.

OUCH! Newsletter for March 2012: http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201203_en.pdf

The OUCH! newsletter is a monthly security awareness publication by the SANS Securing the Human program.

Securing Your Mobile Device Apps

Wed, 01 Feb 2012 00:00:00 CST

Mobile devices have become one of the primary tools we use in both our personal and professional lives. One of the things that makes mobile devices so powerful is that there are thousands of apps we can select from and use. However, with the tremendous power and flexibility of apps come a number of risks you must be aware of. In this newsletter we cover the dangers of mobile device apps and how you can install, use, and maintain them secure.

OUCH! Newsletter for February 2012: http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201202_en.pdf

The OUCH! newsletter is a monthly security awareness publication by the SANS Securing the Human program.

Securing Your Home Wi-Fi Network

Sun, 01 Jan 2012 00:00:00 CST

Wi-Fi networks (sometimes called by their technical name 802.11) allow people to wirelessly connect devices to the Internet, such as smartphones, gaming consoles, tablets, and laptops. Because Wi-Fi networks are simple to setup, many people install their own Wi-Fi networks at home. However, many home Wi-Fi networks are configured insecurely, allowing strangers or unauthorized people to easily access your home network or anonymously abuse your Internet connection. To ensure you have a safe and secure home Wi-Fi network, here are a few simple steps you should take.

OUCH! Newsletter for January 2012: http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201201_en.pdf

The OUCH! newsletter is a monthly security awareness publication by the SANS Securing the Human program.