[10226] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, May 13, 2014
daemon@ATHENA.MIT.EDU (Monique Buchanan)
Tue May 13 10:06:41 2014
Resent-From: ist-security-fyi@MIT.EDU
From: Monique Buchanan <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Tue, 13 May 2014 14:05:23 +0000
Message-ID: <64E6829C-74D4-4AA6-BE6E-0E707B9B02F0@mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0787950816=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============0787950816==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_64E6829C74D44AA6BE6E0E707B9B02F0mitedu_"
--_000_64E6829C74D44AA6BE6E0E707B9B02F0mitedu_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Security Updates from Microsoft for May 2014
2. Adobe Updates for Reader and Acrobat XI
3. Hacked, Now What?
-----------------------------------------------------------------
1. Security Updates from Microsoft for May 2014
-----------------------------------------------------------------
This week on Tuesday, May 13, Microsoft is releasing eight new security bul=
letins<https://technet.microsoft.com/library/security/ms14-may>. Two of the=
bulletins are rated critical. Microsoft systems that will be affected:
* Microsoft Windows (all current operating systems and servers)
* Internet Explorer (all supported versions)
* Microsoft Office (Windows versions only)
Four of the bulletins address flaws in Windows 8.1. To automatically receiv=
e the updates, users must apply the Windows 8.1 Update. MIT WAUS<http://ist=
.mit.edu/waus> subscribers will receive the updates after they have been te=
sted for compatibility within the MIT computing environment.
This week=92s updates do not include the out-of-band bulletin MS14-021<http=
s://technet.microsoft.com/en-us/library/security/ms14-021.aspx>, which was =
released on May 1, 2014. The patch for Internet Explorer being released on =
May 13th contains another critical patch for the browser.<http://threatpost=
.com/microsoft-to-patch-ie-again-next-week-adobe-to-clean-up-reader-acrobat=
/105993>
This month=92s bulletins do not include updates for Windows XP or Office 20=
03, as both are now retired and unsupported.
------------------------------------------------------------
2. Adobe Updates for Reader and Acrobat XI
------------------------------------------------------------
Adobe is planning to release security updates<http://helpx.adobe.com/securi=
ty/products/reader/apsb14-15.html> on Tuesday, May 13, for Adobe Reader and=
Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh. The u=
pdates address critical vulnerabilities in the software.
-------------------------------
3. Hacked, Now What?
-------------------------------
The topic of this month=92s issue of OUCH!<http://www.securingthehuman.org/=
newsletters/ouch/issues/OUCH-2014-05_en.pdf>, the security awareness newsle=
tter from SANS.org<http://SANS.org>, is about what to look for to determine=
if your computer is hacked and if so, what you can do about it.
It can happen even when you=92re being careful about browsing online and do=
wnloading software. Here are some things mentioned in the issue of OUCH! to=
keep in mind and to help you survive a computer virus:
* To see if the computer has been compromised: check your anti-virus pr=
ogram for any indicators that it was not able to remove affected files to q=
uarantine. Other indicators may be that programs are running that you did n=
ot install, windows or ads pop open without you requesting them, or the com=
puter is crashing or very slow.
* The sooner you respond to a compromise, the better. Contact the Help =
Desk and, if it involves a work computer, your supervisor.
* DO NOT turn the computer off. You may destroy valuable evidence.
* Disconnect the computer from the network and put it to sleep.
* Ways to survive a compromise: make sure you have backups running.
* Change your important passwords (all of them) from a computer you tru=
st.
* The computer may need to be rebuilt from scratch. A professional help=
desk will save your data, if possible, and wipe the computer clean of all =
software, then reinstall the operating system and files, after ensuring non=
e of them are infected.
For information on how to respond to a compromise when at MIT, see the Know=
ledge Base<http://kb.mit.edu/confluence/x/FqI7>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Read all archived Security FYI Newsletter articles and submit comments onli=
ne at http://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715
--_000_64E6829C74D44AA6BE6E0E707B9B02F0mitedu_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <37E8A93C494BD840A96ACCCEC307C953@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;">
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><span=
style=3D"font-family: Arial;">In this issue:</span></div>
<div style=3D"margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><span style=3D"font-fam=
ily: Arial;">1.
</span>Security Updates from Microsoft for May 2014 </div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. Adobe Updates for Re=
ader and Acrobat XI</div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. Hacked, Now What?</d=
iv>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><span style=3D"font-fam=
ily: Arial;">1.
</span>Security Updates from Microsoft for May 2014 </div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
------------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">This week on Tuesday, M=
ay 13, Microsoft is releasing
<a href=3D"https://technet.microsoft.com/library/security/ms14-may">eight n=
ew security bulletins</a>. Two of the bulletins are rated critical. Microso=
ft systems that will be affected:</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica;">Microsoft Windows (all c=
urrent operating systems and servers)
</li><li style=3D"margin: 0px; font-family: Helvetica;">Internet Explorer (=
all supported versions)
</li><li style=3D"margin: 0px; font-family: Helvetica;">Microsoft Office (W=
indows versions only)
</li></ul>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Four of the bulletins a=
ddress flaws in Windows 8.1. To automatically receive the updates, users mu=
st apply the Windows 8.1 Update.
<a href=3D"http://ist.mit.edu/waus">MIT WAUS</a> subscribers will receive t=
he updates after they have been tested for compatibility within the MIT com=
puting environment. </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">This week=92s updates d=
o not include the out-of-band bulletin
<a href=3D"https://technet.microsoft.com/en-us/library/security/ms14-021.as=
px">MS14-021</a>, which was released on May 1, 2014. The patch for Internet=
Explorer being released on May 13th contains
<a href=3D"http://threatpost.com/microsoft-to-patch-ie-again-next-week-adob=
e-to-clean-up-reader-acrobat/105993">
another critical patch for the browser.</a></div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">This month=92s bulletin=
s do not include updates for Windows XP or Office 2003, as both are now ret=
ired and unsupported.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
-------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">2. Adobe Updates for Re=
ader and Acrobat XI</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
-------------------------------------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Adobe is planning to re=
lease <a href=3D"http://helpx.adobe.com/security/products/reader/apsb14-15.=
html">
security updates</a> on Tuesday, May 13, for Adobe Reader and Acrobat XI (1=
1.0.06) and earlier versions for Windows and Macintosh. The updates address=
critical vulnerabilities in the software. </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
--------</div>
<div style=3D"margin: 0px; font-family: Helvetica;">3. Hacked, Now What?</d=
iv>
<div style=3D"margin: 0px; font-family: Helvetica;">-----------------------=
--------</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">The topic of <a href=3D=
"http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-2014-05_en.pd=
f">
this month=92s issue of OUCH!</a>, the security awareness newsletter from <=
a href=3D"http://SANS.org">
SANS.org</a>, is about what to look for to determine if your computer is ha=
cked and if so, what you can do about it. </div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">It can happen even when=
you=92re being careful about browsing online and downloading software. Her=
e are some things mentioned in the issue of OUCH! to keep in mind and to he=
lp you survive a computer virus:</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica;">To see if the computer h=
as been compromised: check your anti-virus program for any indicators that =
it was not able to remove affected files to quarantine. Other indicators ma=
y be that programs are running that
you did not install, windows or ads pop open without you requesting them, =
or the computer is crashing or very slow.
</li><li style=3D"margin: 0px; font-family: Helvetica;">The sooner you resp=
ond to a compromise, the better. Contact the Help Desk and, if it involves =
a work computer, your supervisor.
</li><li style=3D"margin: 0px; font-family: Helvetica;">DO NOT turn the com=
puter off. You may destroy valuable evidence.
</li><li style=3D"margin: 0px; font-family: Helvetica;">Disconnect the comp=
uter from the network and put it to sleep.
</li><li style=3D"margin: 0px; font-family: Helvetica;">Ways to survive a c=
ompromise: make sure you have backups running.
</li><li style=3D"margin: 0px; font-family: Helvetica;">Change your importa=
nt passwords (all of them) from a computer you trust.
</li><li style=3D"margin: 0px; font-family: Helvetica;">The computer may ne=
ed to be rebuilt from scratch. A professional help desk will save your data=
, if possible, and wipe the computer clean of all software, then reinstall =
the operating system and files, after ensuring
none of them are infected. </li></ul>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;"><a href=3D"http://kb.mi=
t.edu/confluence/x/FqI7">For information on how to respond to a compromise =
when at MIT, see the Knowledge Base</a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica;">Read all archived Secur=
ity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style=3D"margin: 0px; font-family: Helvetica;">=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</div>
<div style=3D"margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div apple-content-edited=3D"true">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<br>
Monique Buchanan<br>
IT Security Communications Coordinator<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href=3D"http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<br>
</div>
</div>
</div>
</div>
<br>
</body>
</html>
--_000_64E6829C74D44AA6BE6E0E707B9B02F0mitedu_--
--===============0787950816==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============0787950816==--
