[2862] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, October 9, 2012
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Tue Oct 9 16:12:11 2012
From: Monique Yeaton <myeaton@MIT.EDU>
To: "ist-security-fyi@mit.edu" <ist-security-fyi@MIT.EDU>
Date: Tue, 9 Oct 2012 20:09:27 +0000
Message-ID: <CC99FC7B.2F283%myeaton@exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1880282801=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1880282801==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_CC99FC7B2F283myeatonexchangemitedu_"
--_000_CC99FC7B2F283myeatonexchangemitedu_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Microsoft Security Updates for October 2012
2. Adobe Flash Player Issues Addressed
3. STOP Tags for Laptops and Tablets
4. Your Google Account May Be Under Attack
---------------------------------------------------------------
1. Microsoft Security Updates for October 2012
---------------------------------------------------------------
Today, October 9, Microsoft will release seven security bulletins<http://te=
chnet.microsoft.com/en-us/security/bulletin/ms12-oct> to address twenty vul=
nerabilities. One of the bulletins has the severity rating of critical, the=
other six are rated important. The updates will affect:
* Microsoft Office
* Microsoft Server Software
* Microsoft Windows
* Microsoft Lync
* Microsoft SQL Server
None of the patches this month address vulnerabilities being exploited in t=
he wild; all were privately reported vulnerabilities. The Office vulnerabil=
ity could affect both Mac OS X and Windows users.
Microsoft will also be issuing an update<http://technet.microsoft.com/en-us=
/security/advisory/2661254> that will deprecate the use of certificates tha=
t are less than 1024 bit encrypted. Customers may encounter issues<http://s=
upport.microsoft.com/kb/2661254> if their organization still has legacy cer=
tificates in production.
Microsoft has released a separate advisory alerting customers of compatibil=
ity issues<http://technet.microsoft.com/en-us/security/advisory/2749655> af=
fecting signed Microsoft binaries. The issue involves specific digital cert=
ificates that were generated by Microsoft without proper timestamp attribut=
es. To address this issue<http://support.microsoft.com/kb/2749655>, Microso=
ft is providing non-security updates (some of them are re-releases) for sup=
ported releases of Microsoft Windows. The update helps to ensure compatibil=
ity between Microsoft Windows and affected software binaries.
------------------------------------------------------
2. Adobe Flash Player Issues Addressed
------------------------------------------------------
On October 8, Adobe released updates for its Flash Player software<http://w=
ww.adobe.com/support/security/bulletins/apsb12-22.html> on all platforms. T=
he fixes cover 25 different vulnerability disclosures.
You want to apply the update released by Adobe if you are running the follo=
wing versions of Adobe Flash Player:
* Adobe Flash Player 11.4.402.278 and earlier for Windows (other than W=
indows 8)
* Adobe Flash Player 11.4.402.265 and earlier for Macintosh
After applying the patch, the correct version on both platforms should be 1=
1.4.402.287.
Later that day Microsoft released Security Advisory 2755801<http://technet.=
microsoft.com/en-us/security/advisory/2755801> to update the vulnerability =
of Flash Player in Internet Explorer 10 (to be released with Windows 8 late=
r this month).
Read the full story in the news<http://www.zdnet.com/adobe-and-microsoft-re=
lease-flash-security-updates-in-sync-7000005406/>.
---------------------------------------------------
3. STOP Tags for Laptops and Tablets
---------------------------------------------------
MIT Campus Police is providing three opportunities this month for community=
members to tag and register laptop computers and electronic devices. A STO=
P tag, a loss prevention measure, is a visible deterrent to theft. Take a l=
ook at this video<http://web.mit.edu/cp/www/_docs/theft_deterrent.wmv> to s=
ee the results. Each tag costs $10. Cash or a G/L account is accepted (no T=
echCash).
The upcoming dates are October 12, 17 and 24.
Details of dates and locations are listed here<http://kb.mit.edu/confluence=
/display/istcontrib/Campus+Police+Laptop+Tagging+and+Registration#CampusPol=
iceLaptopTaggingandRegistration-Q%3AWhereandwhencanIhaveequipmenttagged%3F>=
.
-------------------------------------------------------------
4. Your Google Account May Be Under Attack
-------------------------------------------------------------
Google is warning users of the occurrence of state-sponsored attacks attemp=
ting to compromise your account or computer. Last week the company began in=
serting a message at the top of affected users' Gmail inboxes with the warn=
ing: "We believe state-sponsored attackers may be attempting to compromise =
your account or computer."
If you should see this message, change your password and, if possible, enab=
le two-factor authentication on your Google account (Google refers to this =
as 2-step verification<http://support.google.com/accounts/bin/answer.py?hl=
=3Den&answer=3D180744>). This allows you to sign in with something you know=
(like your password) with something only you have (a unique code that is s=
ent to you via text to your mobile device at the moment before you sign in)=
. You can choose to have the code sent to you each time or only when signin=
g in from a new device.
Read the story in the news<http://news.cnet.com/8301-1009_3-57525334-83/mid=
dle-east-cyberattacks-on-google-users-increasing/>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_CC99FC7B2F283myeatonexchangemitedu_
Content-Type: text/html; charset="us-ascii"
Content-ID: <6D6AF4BD9DEF354D9428B251D00F0898@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; ">
<div>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; ">In thi=
s issue:</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">1. Microsoft Security Up=
dates for October 2012</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">2. Adobe Flash Player Is=
sues Addressed</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">3. STOP Tags for Laptops=
and Tablets</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">4. Your Google Account M=
ay Be Under Attack</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">------------------------=
---------------------------------------</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">1. Microsoft Security Up=
dates for October 2012</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">------------------------=
---------------------------------------</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">Today, October 9, Micros=
oft will release seven
<a href=3D"http://technet.microsoft.com/en-us/security/bulletin/ms12-oct">s=
ecurity bulletins</a> to address twenty vulnerabilities. One of the bulleti=
ns has the severity rating of critical, the other six are rated important. =
The updates will affect:</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<ul style=3D"font-family: Garamond, sans-serif; ">
<li style=3D"margin: 0px; font-family: Helvetica; ">Microsoft Office </li><=
li style=3D"margin: 0px; font-family: Helvetica; ">Microsoft Server Softwar=
e </li><li style=3D"margin: 0px; font-family: Helvetica; ">Microsoft Window=
s </li><li style=3D"margin: 0px; font-family: Helvetica; ">Microsoft Lync <=
/li><li style=3D"margin: 0px; font-family: Helvetica; ">Microsoft SQL Serve=
r</li></ul>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">None of the patches this=
month address vulnerabilities being exploited in the wild; all were privat=
ely reported vulnerabilities. The Office vulnerability could affect both Ma=
c OS X and Windows users.</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">Microsoft will also be <=
a href=3D"http://technet.microsoft.com/en-us/security/advisory/2661254">
issuing an update</a> that will deprecate the use of certificates that are =
less than 1024 bit encrypted. Customers
<a href=3D"http://support.microsoft.com/kb/2661254">may encounter issues</a=
> if their organization still has legacy certificates in production. <=
/p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">Microsoft has released <=
a href=3D"http://technet.microsoft.com/en-us/security/advisory/2749655">
a separate advisory alerting customers of compatibility issues</a> affectin=
g signed Microsoft binaries. The issue involves specific digital certificat=
es that were generated by Microsoft without proper timestamp attributes.
<a href=3D"http://support.microsoft.com/kb/2749655">To address this issue</=
a>, Microsoft is providing non-security updates (some of them are re-releas=
es) for supported releases of Microsoft Windows. The update helps to ensure=
compatibility between Microsoft Windows
and affected software binaries.</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">------------------------=
------------------------------</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">2. Adobe Flash Player Is=
sues Addressed</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">------------------------=
------------------------------</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">On October 8, Adobe rele=
ased <a href=3D"http://www.adobe.com/support/security/bulletins/apsb12-22.h=
tml">
updates for its Flash Player software</a> on all platforms. The fixes cover=
25 different vulnerability disclosures. </p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">You want to apply the up=
date released by Adobe if you are running the following versions of Adobe F=
lash Player:</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<ul style=3D"font-family: Garamond, sans-serif; ">
<li style=3D"margin: 0px; font-family: Helvetica; ">Adobe Flash Player 11.4=
.402.278 and earlier for Windows (other than Windows 8)
</li><li style=3D"margin: 0px; font-family: Helvetica; ">Adobe Flash Player=
11.4.402.265 and earlier for Macintosh
</li></ul>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">After applying the patch=
, the correct version on both platforms should be 11.4.402.287.</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">Later that day Microsoft=
released
<a href=3D"http://technet.microsoft.com/en-us/security/advisory/2755801">Se=
curity Advisory 2755801</a> to update the vulnerability of Flash Player in =
Internet Explorer 10 (to be released with Windows 8 later this month). =
;</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; "><a href=3D"http://www.zd=
net.com/adobe-and-microsoft-release-flash-security-updates-in-sync-70000054=
06/">Read the full story in the news</a>.</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">------------------------=
---------------------------</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">3. STOP Tags for Laptops=
and Tablets</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">------------------------=
---------------------------</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px 0px 10px; "></p>
<p style=3D"margin: 0px; font-family: Helvetica; ">MIT Campus Police is pro=
viding three opportunities this month for community members to tag and regi=
ster laptop computers and electronic devices. A STOP tag, a loss prevention=
measure, is a visible deterrent to
theft. Take a look at <a href=3D"http://web.mit.edu/cp/www/_docs/theft_det=
errent.wmv">
this video</a> to see the results. Each tag costs $10. Cash or a G/L accoun=
t is accepted (no TechCash). </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><b>The upcoming dates ar=
e October 12, 17 and 24</b>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://kb.mit=
.edu/confluence/display/istcontrib/Campus+Police+Laptop+Tagging=
+and+Registration#CampusPoliceLaptopTaggingandRegistration-Q%3AWher=
eandwhencanIhaveequipmenttagged%3F">Details of dates and
locations are listed here</a>.</p>
<p></p>
<p style=3D"font-family: Helvetica; margin: 0px 0px 10px; min-height: 17px;=
"> </p>
<p style=3D"font-family: Helvetica; margin: 0px; ">------------------------=
-------------------------------------</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">4. Your Google Account M=
ay Be Under Attack</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">------------------------=
-------------------------------------</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">Google is warning users =
of the occurrence of state-sponsored attacks attempting to compromise your =
account or computer. Last week the company began inserting a message at the=
top of affected users' Gmail inboxes
with the warning: "We believe state-sponsored attackers may be attemp=
ting to compromise your account or computer."</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; ">If you should see this m=
essage, change your password and, if possible, enable two-factor authentica=
tion on your Google account (Google refers to this as
<a href=3D"http://support.google.com/accounts/bin/answer.py?hl=3Den&ans=
wer=3D180744">2-step verification</a>). This allows you to sign in with som=
ething you know (like your password) with something only you have (a unique=
code that is sent to you via text to your
mobile device at the moment before you sign in). You can choose to have th=
e code sent to you each time or only when signing in from a new device.&nbs=
p;</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; "><a href=3D"http://news.c=
net.com/8301-1009_3-57525334-83/middle-east-cyberattacks-on-google-users-in=
creasing/">Read the story in the news</a>.</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Helvetica; margin: 0px; min-height: 17px; "><br>
</p>
<p style=3D"font-family: Arial; margin: 0px; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
<p style=3D"font-family: Arial; margin: 0px; ">Read all Security FYI Newsle=
tter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/"><span style=3D"color: rgb(4, =
48, 244); ">http://securityfyi.wordpress.com/</span></a>.</p>
<p style=3D"font-family: Arial; margin: 0px; ">=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</p=
>
</div>
<div style=3D"font-family: Garamond, sans-serif; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; font-family: Calibri; font-siz=
e: medium; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; font-family: Helvetica; fo=
nt-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div><br>
</div>
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_CC99FC7B2F283myeatonexchangemitedu_--
--===============1880282801==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1880282801==--
