Watch for these security vulnerabilities for PCI and other compliance

Watch for these security vulnerabilities for PCI and other compliance

a)     Adobe received a number of “Black Tuesday” patches for Flash and Shockwave players in mid-February – see:

https://isc.sans.edu/diary/Adobe+Feb+2013+Black+Tuesday+patches/15145.

Vulnerabilities still persisted in Adobe Reader which was patched last week. see:

https://isc.sans.edu/diary/More+adobe+reader+and+acrobat+%28PDF%29+trouble/15151 and

https://isc.sans.edu/diary/Adobe+Acrobat+and+Reader+Security+Update+Planed+this+Week/15181.

b)    Microsoft has released an out-of-cycle patch to address a critical vulnerability in IE 6, 7 and 8. See:

https://isc.sans.edu/diary/January+2013+Microsoft+Out+of+Cycle+Patch/14941

c)     Microsoft released patches to address several key vulnerabilities on 2/12. See:

https://isc.sans.edu/diary/Microsoft+February+Patch+Tuesday+Advance+Notification/15127 and

https://isc.sans.edu/diary/Microsoft+February+2013+Black+Tuesday+Update+-+Overview/15142

d)    ALL VERSIONS OF JAVA PRIOR TO VERSION 7 UPDATE 13 STILL NEED TO BE UNINSTALLED ASAP. Java remains problematic, despite Oracle’s recent patch to Update 13. FireFox recommends disabling Java in all browsers. MIS Alliance is still working on a way to programmatically remove all earlier versions of Java from systems at Healthworks. See:

http://isc.sans.edu/diary/+%22Get+Java+Fixed+Up%22/15031 and https://isc.sans.edu/diary/Oracle+quitely+releases+Java+7u13+early/15061.

e)     Exposed UPNP devices at the network edge present security vulnerability. See:

http://isc.sans.edu/diary/Exposed+UPNP+Devices/15040

We recommend a scan for exposed UDP port 1900 and TCP port 5431 on network edge devices such as firewalls and ISP routers. Please let MIS Alliance know if you’d like us to schedule this work.

f)      Symantec: The only threat of note on Symantec’s blog is the zero-day Adobe PDF. Symantec has released an update to mitigate the risk on systems running SEP. For more details, see:

http://www.symantec.com/connect/blogs/new-adobe-pdf-zero-day-unleashes-trojanswaylib

No Comments

Post A Comment

REQUEST FREE QUOTE

REQUEST A QUOTE

Submit a quick form and we'll be in touch soon

Name *

Email *

Phone Number

How Can We Help?

Your Information is safe with us