Looks like the hackers may have been too busy preparing for the holidays to develop exploits this month. December’s patch Tuesday brings us one of the lightest CVE counts of the year, with the total count from Microsoft at 34, none of which are known to be exploited.
Microsoft browsers are still the hot topic, with 18 critical CVEs referencing scripting engine vulnerabilities.
So, after three or so years at university you are finally gearing up to put on your graduation cap and get the picture for your parent’s mantelpiece. Of course, a part of this process is asking yourself the question ‘what next!?’
As the saying goes - as one door closes, another opens.
After a hectic month on high alert against Krack and Bad Rabbit, the desktop management team at Options welcomed a less taxing Patch Tuesday this month. Microsoft released 53 updates this month with the usual suspects, namely browsers and Office applications, taking most of the heat. What really shocked us was the 60+ updates released by Adobe.
WannaCry, NotPetya, and now Bad Rabbit! On October 24th, the third major ransomware campaign of 2017 hit Russia, Ukraine, and is now being reported globally. Although not as widespread as the first two attacks, Bad Rabbit has shut down 3 major media companies in Russia, along with Kiev Metro and Odessa International Airport.
If you haven’t been paying attention to the news, it’s time to get patching again! Another vulnerability has been exposed, affecting virtually all WiFi enabled devices globally.
Known as KRACK – short for Key-Reinstallation Attack, this vulnerability can be abused to steal sensitive information such as credit card numbers, chat messages, emails etc.
October’s security updates are now released, but are they tricks or treats? Well, it depends on how prepared your platform is!
Microsoft released a fairly large number of security patches this month, 62 in total spanning across Windows, Skype for Business, Edge and most notably, Office. Four of these were publicly known before patches were released, and one is known to be exploited.
Patch Tuesday arrived with a whirlwind of CVE’s, public disclosures and Zero Day exploits. Microsoft alone has resolved 76 unique vulnerabilities across 14 total updates. As many as 11 of the 14 updates are rated as Critical and 3 are rated as Important. There is one Zero Day this month and three Public Disclosures.
Read on for CVE's of particular interest to us this month.
I started out my professional career on a manufacturing scholarship in a FTSE 100 tobacco firm in the early 1990s. Gallaher was a leader in a wave of innovation which ultimately saw the automation of cigarette production. The process replaced floors where thousands (or tens of thousands) of workers manually rolled cigarettes, with a mechanised world where machines humming in the background spat out a thousand cigarettes a minute.
While some sit back and enjoy the last weeks of summer vacation, the team here at Options is actively on top of Desktop & Server security. Yesterday’s Patch Tuesday release by Microsoft brought us 48 fresh security risks and updates to peruse, notably for Windows and Internet Explorer.
As WannaCry and Petya ransomware attacks made headlines, May and June saw Microsoft and other vendors release a flurry of critical security patches. July may have cooled off a little in terms of active attacks but, as any cybersecurity team will know, someone somewhere is poking around those vendor bug lists in search of the next vulnerability to exploit.
This is no time for complacency.