Watch for these security vulnerabilities for PCI and other compliance

Watch for these security vulnerabilities for PCI and other compliance

a)     Adobe received a number of “Black Tuesday” patches for Flash and Shockwave players in mid-February – see:

Vulnerabilities still persisted in Adobe Reader which was patched last week. see: and

b)    Microsoft has released an out-of-cycle patch to address a critical vulnerability in IE 6, 7 and 8. See:

c)     Microsoft released patches to address several key vulnerabilities on 2/12. See: and

d)    ALL VERSIONS OF JAVA PRIOR TO VERSION 7 UPDATE 13 STILL NEED TO BE UNINSTALLED ASAP. Java remains problematic, despite Oracle’s recent patch to Update 13. FireFox recommends disabling Java in all browsers. MIS Alliance is still working on a way to programmatically remove all earlier versions of Java from systems at Healthworks. See: and

e)     Exposed UPNP devices at the network edge present security vulnerability. See:

We recommend a scan for exposed UDP port 1900 and TCP port 5431 on network edge devices such as firewalls and ISP routers. Please let MIS Alliance know if you’d like us to schedule this work.

f)      Symantec: The only threat of note on Symantec’s blog is the zero-day Adobe PDF. Symantec has released an update to mitigate the risk on systems running SEP. For more details, see:

No Comments

Post A Comment



Submit a quick form and we'll be in touch soon

Name *

Email *

Phone Number

How Can We Help?

Your Information is safe with us