Patch Announcements

Today’s technology empowers business owners in ways that would have seemed incredible even 10 years ago. With a humming network connecting your team to the rest of the world, and with just a few simple keystrokes, your organization can complete tasks that used to take days.

However, the endless possibility that accompanies technological advancement comes with a catch: to be truly effective, IT requires investment – not just of capital, but of time and attention, resources all too dear to the harried entrepreneurs of the modern age. Perhaps this is why, everywhere you look, small to midsize business owners are not only failing to realize the full potential of their technology, but are unknowingly leaving massive gaps in their systems and processes for malicious entities to exploit. And so, budding companies that would otherwise dominate the market are prematurely stamped out by competitors with more tech savvy or are hamstrung by costly data breaches.
Read more . . .

If you use WebEx's plugin on your Chrome browser you need to patch it now.  If you happen to go to a URL that contains the string that WebEx uses to remotely start a meeting or visit your computer you may be in trouble.  This string, if on a website you visit, can remotely execute code or command to allow an attacker access to your computer. An updated version of the plug-in for WebEx will roll out automatically.  To check if you have the latest version, Go to your extensions page, If you have version 1.
Read more . . .

April's Patch Tuesday brings with it 6 fixes deemed critical and 7 that are marked important.  One of these fixes MS16-039 is for Security Update for Microsoft Graphics Component (3148522) This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts.   Other critical rated bulletins are MS16-037, MS16-038, MS16-040, MS16-042.
Read more . . .

Apple thinks you should uninstall Quicktime for Windows as soon as possible.

There are 2 reasons.  

1) Apple is no longer going to be releasing any updates for this product for Windows

2) There are apparently 2 new vulnerabilities that Apple deemed critical enough that they released 2 advisories for recently.  

Those advisories would be ZDI-16-241 which allows remote attackers to execute code through Quicktime and Read more . . .

March Patch Tuesday brings with it both security updates from Microsoft and Adobe.  Altogether there are 39 vulnerabilities that appear to affect Windows operating systems as far back as Vista.  Let's review the patches.

Most critical is a patch for Internet Explorer.  This patch takes care of 13 vulnerabilities that may allow a hacker to take over your computer if a particular website is visited.

Microsoft also released an update for their newest browser called Edge.  This fixes 11 vulnerabilities in total.

For the flaws in the Windows PDF Library, Microsoft has released a patch to avoid remote code execution when opening a malicious PDF file.

Word also gets an update this month to fix a flaw that enables a hacker to put malicious code on a machine remotely.

For more about this month's windows updates visit Microsoft Security Bulletin Summary for March 2016

Adobe's releases this month deal with fixes for Adobe Reader and Acrobat.  To learn more visit Adobe security bulletin.

It is important to keep your computer up to date.  If you have any questions regarding windows updates, please call Glasser Tech at 516-762-0155. 

As you know every first Tuesday of the month is patch Tuesday for Microsoft.  This month Microsoft released 13 bulletins, 6 of which they rate critical.   These patches apply to all versions of Internet Explorer, operating systems and other Microsoft products.

Many of these updates affect Windows 8.1 and Windows 10.   A lot of updates involve Internet Explorer or Edge which is a part of Windows 10. 

The complete list of updates can be found by clicking Here.  If windows updates are enabled on your computer, your machine should update automatically.  As always, if you have any questions, please feel free to contact our office at 516-762-0155

Java which is from the US based software company Oracle has today released an emergency patch for Java in an effort to fix a flaw that happens during installation on Windows platforms. 

This vulnerability could cause an exploitation of a critical vulnerability allowing someone to manipulate a user into going to a website containing malicious code and files and downloading them to the user’s system before Java gets installed.   This applies to Java versions 6, 7 or 8. 

Basically this site appears to be a Java site even though a user may be nowhere near the actual Java site.

Because the exposure exists only during the installation process, users need not upgrade existing Java installations to address the vulnerability. However, Java users who have downloaded any old version of Java prior to 6u113, 7u97 or 8u73, should discard these old downloads and replace them with 6u113, 7u97 or 8u73 or later.

Java home users should visit www.Java.com to check that they are using the most recent version of Java.