I did not post about Patch Tuesday last week,
So here is the rundown of what happened:
Microsoft:
Cisco issued an Advisory on the 13th (Wednesday actually)
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp
It is for their TelePresence products.
http://windowsitpro.com/patch-tuesday/patch-tuesday-may-2015-brings-unlucky-13-3-critical-updates
I had to show this picture of me on the switchboard after seeing the image in WindowsITPRo
The early IT personnel of first part of last century were the communications people (or signals officers/nco etc)
In this century we have to contend with Patch Tuesday for the foreseeable future. WindowsITPro has a list of the 13 patches.
10 patches are “important” with 3 rated “critical” MS15-045, MS15-044, and MS15-043 where 44, and 45 can affect all versions of Windows and cause remote code execution.
So after testing in your environment I highly recommend the patching of all Windows systems with MS015-043 and 044 at least.
then there are Adobe patches: https://helpx.adobe.com/security/products/flash-player/apsb15-09.html
The most critical updates:
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093).
These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2015-3088).
Notice I am always focusing on the code execution vulnerabilities.
These vulnerabilities are now being incroporated by crimnals into spam phishing attempts because not all of us patch our systems on a regular basis.
These guys remember (post from last week) http://oversitesentry.com/does-it-pay-to-be-a-criminal-hacker/
These criminals are actively looking for ways to attack your computers and make money from you while you are actively trying to just live your life.
Most people do not want to think about Security as they are more interested in life’s other pursuits.
But we have to spend a little time even if it is just to lock our doors, leave valuables outside of view etc.
So how much time spent on IT security is enough?
Is patching your computers once a month enough?
Purchase IPS systems and manage them and they also need care. Firewalls and anti-virus systems need care. These “security” systems need definition files updated and every time a new software is purchased and requires a new connection to the Internet to make it work right somebody has to modify these security systems.
Is 10% of your IT budget enough to be spent on Security items?
Contact us for a second opinion, we are here for that.