[10209] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, January 13, 2014
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Jan 13 15:33:03 2014
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Mon, 13 Jan 2014 20:31:54 +0000
Message-ID: <CEF9B769.51F45%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0046534293=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0046534293==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_CEF9B76951F45myeatonexchangemitedu_"
--_000_CEF9B76951F45myeatonexchangemitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. January 2014 Security Updates from Microsoft
2. Oracle and Adobe=92s First Critical Patches of 2014
3. Bugs fixed in Ubuntu
4. Target Reveals New Data on Breach
-----------------------------------------------------------------
1. January 2014 Security Updates from Microsoft
-----------------------------------------------------------------
On Tuesday, January 14, Microsoft is releasing four new security bulletins<=
http://technet.microsoft.com/en-us/security/bulletin/ms14-jan>. None of the=
bulletins are critical. Microsoft systems affected are:
* Office
* Server Software
* Windows
* Dynamics AX
It is recommended to accept the updates. MIT WAUS subscribers will receive =
the updates after they have been tested for compatibility in the MIT enviro=
nment. Installing the bulletins manually may require a restart.
Despite the light load, the patches do address a zero-day vulnerability in =
Windows XP and Windows Server 2003, made public in early November. Attacker=
s were actively exploiting the flaw in the ND proxy driver that manages Mic=
rosoft=92s Telephony API on XP via infected PDF attachments. Exploits only =
work with an Adobe Reader vulnerability that has since been patched. Micros=
oft will end support for Windows XP in April, 2014.
---------------------------------------------------------------------
2. Oracle and Adobe=92s First Critical Patches of 2014
---------------------------------------------------------------------
Oracle and Adobe will release critical patches along side Microsoft on Patc=
h Tuesday. Expected updates:
* Adobe will patch<http://helpx.adobe.com/security/products/acrobat/aps=
b14-01.html> Reader and Acrobat for Macintosh and Windows
* Oracle=92s quarterly patch<http://www.oracle.com/technetwork/topics/s=
ecurity/cpujan2014-1972949.html> will fix 147 of the company=92s products, =
including Java SE
-------------------------------
3. Bugs fixed in Ubuntu
-------------------------------
Last week a large number of security vulnerabilities were fixed in Ubuntu, =
including a remotely exploitable font flaw that an attacker could use to ru=
n arbitrary code on vulnerable machines. A number of Linux kernel flaws wer=
e also patched in some versions of the operating system.
Read the full story online<https://threatpost.com/linux-kernel-font-bugs-fi=
xed-in-ubuntu/103500>.
----------------------------------------------------
4. Target Reveals New Data on Breach
----------------------------------------------------
According to the latest reports from the Target Corporation<http://pressroo=
m.target.com/news/target-provides-update-on-data-breach-and-financial-perfo=
rmance>, new details from the forensic investigation show that the attacker=
s not only stole credit and debit card information, but also names, mailing=
addresses, phone numbers and email addresses, impacting another 70 million=
individuals.
Perhaps it=92s time for us to stop handing over our personal information<ht=
tp://bits.blogs.nytimes.com/2014/01/10/stop-asking-me-for-my-email-address/=
?_r=3D0> to businesses, even with the assurances given that the information=
won=92t be used and will be protected.
More about the data breach at Target is posted here<https://corporate.targe=
t.com/about/payment-card-issue.aspx>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
"Distrust and caution are the parents of security" - Benjamin Franklin
Monique Yeaton
IT Security Communications Consultant
MIT Information Systems & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_CEF9B76951F45myeatonexchangemitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <1F06FC34B209D84DAFC8B08885DCEABC@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif;">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;">In this=
issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">1. January 2014 Security =
Updates from Microsoft</p>
<p style=3D"margin: 0px; font-family: Helvetica;">2. Oracle and Adobe=92s F=
irst Critical Patches of 2014</p>
<p style=3D"margin: 0px; font-family: Helvetica;">3. Bugs fixed in Ubuntu&n=
bsp;</p>
<p style=3D"margin: 0px; font-family: Helvetica;">4. Target Reveals New Dat=
a on Breach</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
----------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">1. January 2014 Security =
Updates from Microsoft</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
----------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">On Tuesday, January 14, M=
icrosoft is releasing
<a href=3D"http://technet.microsoft.com/en-us/security/bulletin/ms14-jan">f=
our new security bulletins</a>. None of the bulletins are critical. Microso=
ft systems affected are:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica;">Office </li><li style=3D=
"margin: 0px; font-family: Helvetica;">Server Software </li><li style=3D"ma=
rgin: 0px; font-family: Helvetica;">Windows </li><li style=3D"margin: 0px; =
font-family: Helvetica;">Dynamics AX </li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">It is recommended to acce=
pt the updates. MIT WAUS subscribers will receive the updates after they ha=
ve been tested for compatibility in the MIT environment. Installing the bul=
letins manually may require a restart.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Despite the light load, t=
he patches do address a zero-day vulnerability in Windows XP and Windows Se=
rver 2003, made public in early November. Attackers were actively exploitin=
g the flaw in the ND proxy driver
that manages Microsoft=92s Telephony API on XP via infected PDF attachment=
s. Exploits only work with an Adobe Reader vulnerability that has since bee=
n patched. Microsoft will end support for Windows XP in April, 2014.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
--------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">2. Oracle and Adobe=92s F=
irst Critical Patches of 2014</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
--------------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Oracle and Adobe will rel=
ease critical patches along side Microsoft on Patch Tuesday. Expected updat=
es:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://helpx.=
adobe.com/security/products/acrobat/apsb14-01.html">Adobe will patch</a> Re=
ader and Acrobat for Macintosh and Windows
</li><li style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://w=
ww.oracle.com/technetwork/topics/security/cpujan2014-1972949.html">Oracle=
=92s quarterly patch</a> will fix 147 of the company=92s products, includin=
g Java SE
</li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">3. Bugs fixed in Ubuntu&n=
bsp;</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Last week a large number =
of security vulnerabilities were fixed in Ubuntu, including a remotely expl=
oitable font flaw that an attacker could use to run arbitrary code on vulne=
rable machines. A number of Linux
kernel flaws were also patched in some versions of the operating system.</=
p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"https://threat=
post.com/linux-kernel-font-bugs-fixed-in-ubuntu/103500">Read the full story=
online</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
---------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica;">4. Target Reveals New Dat=
a on Breach</p>
<p style=3D"margin: 0px; font-family: Helvetica;">-------------------------=
---------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">According to <a href=3D"h=
ttp://pressroom.target.com/news/target-provides-update-on-data-breach-and-f=
inancial-performance">
the latest reports from the Target Corporation</a>, new details from the fo=
rensic investigation show that the attackers not only stole credit and debi=
t card information, but also names, mailing addresses, phone numbers and em=
ail addresses, impacting another
70 million individuals.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Perhaps it=92s time for u=
s to <a href=3D"http://bits.blogs.nytimes.com/2014/01/10/stop-asking-me-for=
-my-email-address/?_r=3D0">
stop handing over our personal information</a> to businesses, even with the=
assurances given that the information won=92t be used and will be protecte=
d.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"https://corpor=
ate.target.com/about/payment-card-issue.aspx">More about the data breach at=
Target is posted here</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-family: Helvetica;">Read all archived Securit=
y FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica;">"Distrust and cautio=
n are the parents of security" - Benjamin Franklin</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px;"><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; orphans: 2; widows: 2;">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"border-collapse: =
separate; border-spacing: 0px;"><span class=3D"Apple-style-span" style=3D"b=
order-collapse: separate; border-spacing: 0px;"><span class=3D"Apple-style-=
span" style=3D"border-collapse: separate; border-spacing: 0px;"><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px;"><span class=3D"Apple-style-span" style=3D"border-collapse: separate; b=
order-spacing: 0px; font-size: 12px;">
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Systems & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_CEF9B76951F45myeatonexchangemitedu_--
--===============0046534293==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0046534293==--
