|Welcome to August’s Security Newsletter!|
|This month our newsletter focuses on client security and the security implications of running software that is no longer supported by the software manufacturer. If you have been following Microsoft security news recently, you are likely aware that support for Windows XP ends on April 8, 2014. It is important to note that after this date, customers running Windows XP will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates. This means that any new vulnerabilities discovered in Windows XP after its “end of life” will not be addressed by new security updates from Microsoft.
From a security perspective, if you are running Windows XP, I cannot stress enough the importance of migrating to a newer platform that is supported and can provide increased protections. The very first month that Windows XP goes out of support, attackers will have the advantage. The first month that security updates for supported versions of Windows are released, attackers will reverse engineer those updates, find the vulnerabilities, and test Windows XP to see if it shares those vulnerabilities. If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP. Since security updates will no longer be available for Windows XP to address such vulnerabilities, Windows XP will essentially have a “zero day” vulnerability forever. I discuss this in greater detail in a recent blog post.
This should be concerning for anyone using Windows XP today. If your organization has not started the migration to a modern operating system, it is crucial that you begin planning and application compatibility testing as soon as possible. Based on historical customer deployment data, the average enterprise deployment can take 18 to 32 months from business case through full deployment. If you are looking for resources on how to get started, I encourage you to read the Windows Blog post on “365 Days Remaining Until XP End Of Support. The Countdown Begins” for more detailed questions and answers.
Have feedback on how we can improve this newsletter? Email us at firstname.lastname@example.org and share your ideas.
Per Mr. Krebs Security there is a new Java update. If you see the notification down below near the time, please update your system. This protects you from drive by downloads meaning if you browse even a legitimate website such as staradvertiser.com, Yahoo! News etc. you can still be hit if their site is compromised with hacked ads or some other exploit.
As always if you are having problems installing it, we’re available for help remotely or in shop.
Yes, Oracle has released yet another update to their Java software. Java SE 7 Update 15 has now been released. Same scenario as the last time, visit www.java.com, download the latest versions, SKIP the ASK.com toolbar or any other included software they want you to install.
Adobe released updates for Adobe Reader 11.0.2 and for Reader X, 10.1.6. For these two, visit www.adobe.com, click on download, and choose Adobe Reader. These guys also bundle random software so skip those if you can. The software they try to include is not malicious but it is annoying.
If you need help, as always, call us at 808-952-6373, we provide remote support to help you without leaving your home or office, $75/hour, this will take less than an hour to perform.
Browsing Krebs On Security and found that Oracle has released a Java update which patches 50 flaws and fixes one in particular that was being actively exploited. Again like our last recommendation, visit the Java website, www.java.com and go through with the installation.
We also offer remote support, if you need assistance with this we are offering a flat rate of $55.00+tax to help you remotely, install the Java update, Flash update and any other outdated pieces of software you may have to keep you safe. Call us at 808-952-6373 or e-mail us via our contact page.
This is a critical update that patches a 0day flaw that could be utilized by malicious hackers to gain remote access to your computer. You can be exploited simply by visiting a webpage such as the StarAdvertiser, Yahoo News, etc. By installing this update you are preventing hackers from gaining access to your computer! It’s vital and important. Please visit http://www.java.com and click on the “Free Java Download.” Follow the instructions, if you get stuck, give us a holler, 808-952-6373.
PS Please read through each screen as you are installing the update; there will be a section that asks you if you’d like to install the Ask toolbar, please UNCHECK this. This is not malicious in nature but it is unnecessary.