Zero day exploit identified for all current versions of Internet Explorer

On Saturday, April 26, Microsoft provided an announcement of a remote code execution vulnerability that affects all current versions of Internet Explorer (versions 6-11) and that is actively being exploited.  The vulnerability exists in how Internet Explorer manages flash code. No patch is currently available.  See the following URLs for additional information. https://technet.microsoft.com/en-US/library/security/2963983 http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html As […]

Heartbleed OpenSSL vulnerability – What is known and what should be done

This blog entry will attempt to offer some current info (and a little background) on the OpenSSL heartbleed vulnerability that became known to the public late in the day on April 7. Initial announcement – At approximately 5 p.m. Pacific time on Monday, April 7, a vulnerability was identified in the versions 1.0.1 through 1.0.1f […]

Advance notice of patches to be released on April 8

Microsoft has just provided their advance notice of the patches that will be released on Tuesday, April 8.  The information is available at – http://technet.microsoft.com/en-us/security/bulletin/ms14-apr  There are four patches scheduled to be released, two of which are designated as CRITICAL.  Critical bulletins are identified as bulletin #1 and #2. Bulletin #1 concerns the zero-day vulnerability […]

Topics on the Information Security Forum for April 3

The next Information Security Forum is scheduled for April 3 at 3 p.m. in Room 601 Rudder tower. Topics scheduled to be discussed include the following:   *Email Transition Update  *April IT Forum  *Windows XP reminder  *Code Maroon Website Update and Mobile Notifier App  *ITAC Update  *Four Winds Digital Signage The topic that is likely […]

Vulnerability in all versions of word being actively exploited

Microsoft has just provided an advisory about a vulnerability in all current versions of Word that is being actively exploited.  They have provided a fix-it utility and advise that the patch should be applied to all Office installs.  Details are available at  http://technet.microsoft.com/en-us/security/advisory/2953095 The link with the fixit utility on that page is listed as […]

Five tips on Macintosh security

I just found the article below that offers five tips for better mac security. Number 0 on their list of 5 (really 6) is upgrade to Mavericks OS.  Having had a look at the number of AgriLife Mac systems that are running OS-X prior to 10.7, I see their statement about businesses lagging behind on […]

Advance notice of patches to be released by Microsoft for March – release date March 11

Microsoft has just provided their advance notice of the patches that will be released on Tuesday, March 11.  The details are available at – http://technet.microsoft.com/en-us/security/bulletin/ms14-mar CURRENTLY (just in case MS pulls another fast one), there are five patches scheduled to be released. For workstation Operating Systems, two of the patches are designated as CRITICAL.  For […]

Update to iphone/ipad IOS 7 and Macintosh OS-X to address SSL vulnerability

During the week of February 17, a vulnerability was identified in iOS 7 and also in OS-X version 10.9.1 that could allow SSL connections to be captured or modified. Apple provided a fix to both iOS 7 and iOS 6 systems on February 21. Details are available from http://support.apple.com/kb/HT6147 (iOS 7) http://support.apple.com/kb/HT6146 (iOS 6) As […]

Zero day exploit for Internet Explorer versions 9 and 10

On Friday, February 14, a zero day exploit was identified for Internet Explorer versions 9 and 10 which run on Windows Vista and Windows 7 respectively.  Malicious content was identified on a Veteran of Foreign Wars website.  The malicious code has been subsequently removed but other examples of the code are expected.  The vulnerability is […]

Advance notice of Microsoft February patches – to be released on Feb 11

Microsoft has recently provided advance notice of the patches that are scheduled to be released on Tuesday, February 11. The details are available at – https://technet.microsoft.com/en-us/security/bulletin/ms14-feb . There are a total of five patches for February; two of which are classified as CRITICAL. The two patches designated as critical could allow remote code execution if […]