Archive | July 2015

Firmware updates released for v2/v3 Microsoft Surface models

Microsoft has issued firmware updates for Surface 3, Surface Pro 3 and  Surface Pro 2 model. These updates include drivers for Windows 10 and a cumulative update can be downloaded from Microsoft Here.

Oracle Critical Patch Update Advisory – July 2015

The Critical Patch Update released by Oracle on Tuesday contains 193 security fixes across several product families.

The update includes 25 security fixes for Oracle Java SE – 23 of the vulnerabilities could be remotely exploited without authentication.

All users of Oracle products should apply relevant patches.

Adobe releases emergency Flash patch

Adobe Systems has issued an emergency update for its Flash media player to patch two critical zero-day vulnerabilities that allow attackers to install malware on end-user computers.

Flash Patch

Shockwave Patch

Acrobat and Reader Patch

Flash vulnerability remains unpatched: Disable Adobe Flash

Last Friday, Adobe confirmed two new “critical” zero-day flaws in the Adobe Flash Player browser plugin – and earlier versions – for Windows, OS X, and Linux, now, a third flaw was found. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages.

We strongly recommend disabling Adobe Flash until the exploits are fixed.

We recommend you do the following:

  • Remove or disable Flash until Adobe sends out a fix.
  • Once a patch is released by Adobe, update immediately.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Avoid visiting websites or following links provided by unknown or untrusted sources.
  • Avoid clicking on links contained in emails or attachments from unknown sources.

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Sunrise Calendar for iOS and Android adds direct Office365 integration

SunriseThe Sunrise Calendar is hands down our recommended Calendar for mobile. Previously the app required you to use the phone (iOS or Android) accounts to access Office365. Now the access to Office365 is integrated into the app itself.

Sunrise is available from the Apple and Google app stores.

Ransomeware exploit targeting Adobe Flash

Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit.

The remote code execution vulnerability (CVE-2015-3113) allows attackers to hijack un-patched machines targeting Internet Explorer on Windows 7 and XP. Windows 7 Users and XP Users (And we hope you are not one…) need to ensure they are up to date with Adobe Flash patches.