We are aware of multiple companies we work with where users utilize the Dolphin web browser on Android phones. Zero-day flaws found in Dolphin and Mercury Android browsers could allow hackers to perform remote code execution. Both browsers are available on Android devices with over 100 million downloads between the two. The Dolphin remote code execution exploit allows a hacker to replace the browser’s theme package with an infected counterpart.
Microsoft has released a security update resolves a vulnerability in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage by using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less affected than those who operate with administrative user rights.
You can install the update through Windows Update or it can be downloaded Here.
Adobe released Flash Player and AIR updates that address 35 bugs, some of which could be exploited by an attacker to take control of a vulnerable system.
Windows and Macintosh users should update Flash Player to version 188.8.131.52
Two of the four critical vulnerabilities are for Windows operating systems, one affects the Office. The most severely addressed vulnerability in the Office bulletin could allow Remote Code Execution if a user opens a specially crafted Microsoft office file.
“An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user,” Microsoft wrote. “Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”
The final critical update is for the Edge web browser in Windows 10, The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
By default Windows 10 will gather updates to the OS not only from Microsoft but from other machines that have the updates. This is enabled by default and automatically adds your workstation as an updater of Windows 10 machines.
We recommend disabling this entirely or at least changing the setting to “PCs on my local network”.
The settings can be changed under Settings, Updates, Windows Updates, Choose how updates are delivered:
To manually update Firefox:
- Click the menu button , click help and select . On the menu bar click the menu and select .
- The About Firefox window will open and Firefox will begin checking for updates and downloading them automatically.
- When the updates are ready to be installed, click
Outlook Web App (OWA), going forward, will be called “Outlook on the Web”. New features have been added including a new action bar across Mail, Calendar, People and Task experiences; a more prominent subject line; indented reading pane messages are all part of the new “cleaner” UI, according to Microsoft.
The ability to pin messages, Sweep, Archive, Undo and optional single-line view features are all coming to Outlook on the Web, too. Users will get more mail customization options, plus new Calendar additions like weather, visual cues, and mail reminders.
Recently we have reports from clients of an increase in the number of persons calling claiming to be from Microsoft. These individuals are attempting to gain access to workstations with the assistance of users. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:
- Trick you into installing software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
- Convince you to visit legitimate websites (like http://www.ammyy.com) to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable.
- Request credit card information so they can bill you for phony services.
- Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.
Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.
Telephone tech support scams: What you need to know
Cybercriminals often use publicly available phone directories, so they might know your name and other personal information when they call you. They might even guess what operating system you’re using.
Once they’ve gained your trust, they might ask for your user name and password or ask you to go to a legitimate website (such as http://www.ammyy.com) to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information are vulnerable.
Do not trust unsolicited calls. Do not provide any personal information.
Here are some of the organizations that cybercriminals claim to be from:
- Windows Helpdesk
- Windows Service Center
- Microsoft Tech Support
- Microsoft Support
- Windows Technical Department Support Group
- Microsoft Research and Development Team (Microsoft R & D Team)