Category Archives: Security Updates

August 2013 Microsoft Security newsletter repost

Welcome to August’s Security Newsletter!
This month our newsletter focuses on client   security and the security implications of running software that is no longer   supported by the software manufacturer. If you have been following Microsoft   security news recently, you are likely aware that support for   Windows XP ends on April 8, 2014. It is important to note that   after this date, customers running Windows XP will no longer receive new   security updates, non-security hotfixes, free or paid assisted support   options, or online technical content updates. This means that any new   vulnerabilities discovered in Windows XP after its “end of life”   will not be addressed by new security updates from Microsoft.

From a security perspective, if you are running Windows XP, I cannot stress   enough the importance of migrating to a newer platform that is supported and   can provide increased protections. The very first month that Windows XP goes   out of support, attackers will have the advantage. The first month that   security updates for supported versions of Windows are released, attackers   will reverse engineer those updates, find the vulnerabilities, and test   Windows XP to see if it shares those vulnerabilities. If it does, attackers   will attempt to develop exploit code that can take advantage of those   vulnerabilities on Windows XP. Since security updates will no longer be   available for Windows XP to address such vulnerabilities, Windows XP will   essentially have a “zero day” vulnerability forever. I discuss this   in greater detail in a recent blog   post.

This should be concerning for anyone using Windows XP today. If your   organization has not started the migration to a modern operating system, it   is crucial that you begin planning and application compatibility testing as   soon as possible. Based on historical customer deployment data, the average   enterprise deployment can take 18 to 32 months from business case   through full deployment. If you are looking for resources on how to get   started, I encourage you to read the Windows Blog post on “365 Days   Remaining Until XP End Of Support. The Countdown Begins” for   more detailed questions and answers.

  Best regards,
Tim Rains, Director
Microsoft Trustworthy Computing

Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.com and share your   ideas.

New Java update, Java 7 Update 21

Per Mr. Krebs Security there is a new Java update.  If you see the notification down below near the time, please update your system.  This protects you from drive by downloads meaning if you browse even a legitimate website such as staradvertiser.com, Yahoo! News etc. you can still be hit if their site is compromised with hacked ads or some other exploit.

As always if you are having problems installing it, we’re available for help remotely or in shop.

Source: http://krebsonsecurity.com/2013/04/java-update-plugs-42-security-holes/

Oracle and Adobe both release critical updates to their software; make sure you patch!

Yes, Oracle has released yet another update to their Java software.  Java SE 7 Update 15 has now been released.  Same scenario as the last time, visit www.java.com, download the latest versions, SKIP the ASK.com toolbar or any other included software they want you to install.

Adobe released updates for Adobe Reader 11.0.2 and for Reader X, 10.1.6.  For these two, visit www.adobe.com, click on download, and choose Adobe Reader.  These guys also bundle random software so skip those if you can.  The software they try to include is not malicious but it is annoying.

If you need help, as always, call us at 808-952-6373, we provide remote support to help you without leaving your home or office, $75/hour, this will take less than an hour to perform.

Thank you!

February 2013 Java update: fixes 50 security issues

Browsing Krebs On Security and found that Oracle has released a Java update which patches 50 flaws and fixes one in particular that was being actively exploited.  Again like our last recommendation, visit the Java website, www.java.com and go through with the installation.

We also offer remote support, if you need assistance with this we are offering a flat rate of $55.00+tax to help you remotely, install the Java update, Flash update and any other outdated pieces of software you may have to keep you safe.  Call us at 808-952-6373 or e-mail us via our contact page.

Oracle releases Java update Java 7 update 11 ***MUST DOWNLOAD***

This is a critical update that patches a 0day flaw that could be utilized by malicious hackers to gain remote access to your computer.  You can be exploited simply by visiting a webpage such as the StarAdvertiser, Yahoo News, etc.  By installing this update you are preventing hackers from gaining access to your computer!  It’s vital and important.  Please visit http://www.java.com and click on the “Free Java Download.”  Follow the instructions, if you get stuck, give us a holler, 808-952-6373.

PS Please read through each screen as you are installing the update; there will be a section that asks you if you’d like to install the Ask toolbar, please UNCHECK this.  This is not malicious in nature but it is unnecessary.