It’s time for a quick review of important security updates released in November.
But before we get started, I want you to imagine your house, apartment, condominium… wherever you call home. Obviously you do not want random people entering this place, so you close the doors and lock them tight. Imagine your surprise then when you receive the following note from the company that makes your door locks:
ACME Lock Company is writing to notify you of a problem with the locks you’ve installed. Attackers have found a way to enter your house with no effort, but don’t worry, it’s only a problem IF YOUR DOORS ARE CLOSED.
Sound far fetched? Well, that’s exactly what Microsoft did with MS11-083. This update fixes a problem where attackers can crash or take over a system through an attack against closed UDP ports. . . something every system has. The only difference between the Microsoft problem and my ridiculous house example is you can patch the Microsoft problem, so please go patch.
Yes, now. I can wait.
…
All patched? Good. Here are the other patches and fixes you should know about.
Microsoft
Other than the problem mentioned above, there were three additional patches. They are unlikely to be exploited en mass, so patch when you can. Odds are they were patched when you updated MS11-083, as directed above.
Adobe
Adobe updated Shockwave Player. Most people are running Flash these days, so if you have Shockwave, take a moment and ask yourself if you really need it. If you don’t, remove it and you’ll be a lot safer. If, however, you must run Shockwave, apply the update.
Adobe Air has also been updated.
Apple
Apple released a plethora of updates. Per usual, there are many and you cannot pick and choose which ones to apply. They also don’t tell you which ones are critical, so you better apply them all. It is known that this updates Java to 1.6.0_29.
Duqu
A new malware attack called Duqu hit the news recently. This is another example of the increasingly malicious sort of malware that zeroes in on specific environments. Supposedly based on Stuxnet, it leverages a fundamental design flaw in Windows to run code by manipulating the font system.
Use this or this to see if you’re infected. Visit here to apply a temporary fix from Microsoft.
WordPress
The TimThumb problem from earlier this year is still spreading through WordPress sites. Frameworks, like WordPress, Drupal and Joomla are not inherently bad, but you must keep them patched at all times. If you are using modules that do not have active updates, they should be replaced. If you don’t know if this is the case, ask your administrators or hosting company. If they don’t know, it might be time to bring in some outside help.
As always, if you need assistance with any security issues, please feel free to drop us a note or give us a call.