[IS&T Security-FYI] SFYI Newsletter, October 9, 2012

Monique Yeaton myeaton at MIT.EDU
Tue Oct 9 16:09:27 EDT 2012 

In this issue:


1. Microsoft Security Updates for October 2012

2. Adobe Flash Player Issues Addressed

3. STOP Tags for Laptops and Tablets

4. Your Google Account May Be Under Attack



---------------------------------------------------------------

1. Microsoft Security Updates for October 2012

---------------------------------------------------------------


Today, October 9, Microsoft will release seven security bulletins<http://technet.microsoft.com/en-us/security/bulletin/ms12-oct> to address twenty vulnerabilities. One of the bulletins has the severity rating of critical, the other six are rated important. The updates will affect:


  *   Microsoft Office
  *   Microsoft Server Software
  *   Microsoft Windows
  *   Microsoft Lync
  *   Microsoft SQL Server


None of the patches this month address vulnerabilities being exploited in the wild; all were privately reported vulnerabilities. The Office vulnerability could affect both Mac OS X and Windows users.


Microsoft will also be issuing an update<http://technet.microsoft.com/en-us/security/advisory/2661254> that will deprecate the use of certificates that are less than 1024 bit encrypted. Customers may encounter issues<http://support.microsoft.com/kb/2661254> if their organization still has legacy certificates in production.


Microsoft has released a separate advisory alerting customers of compatibility issues<http://technet.microsoft.com/en-us/security/advisory/2749655> affecting signed Microsoft binaries. The issue involves specific digital certificates that were generated by Microsoft without proper timestamp attributes. To address this issue<http://support.microsoft.com/kb/2749655>, Microsoft is providing non-security updates (some of them are re-releases) for supported releases of Microsoft Windows. The update helps to ensure compatibility between Microsoft Windows and affected software binaries.



------------------------------------------------------

2. Adobe Flash Player Issues Addressed

------------------------------------------------------


On October 8, Adobe released updates for its Flash Player software<http://www.adobe.com/support/security/bulletins/apsb12-22.html> on all platforms. The fixes cover 25 different vulnerability disclosures.


You want to apply the update released by Adobe if you are running the following versions of Adobe Flash Player:


  *   Adobe Flash Player 11.4.402.278 and earlier for Windows (other than Windows 8)
  *   Adobe Flash Player 11.4.402.265 and earlier for Macintosh


After applying the patch, the correct version on both platforms should be 11.4.402.287.


Later that day Microsoft released Security Advisory 2755801<http://technet.microsoft.com/en-us/security/advisory/2755801> to update the vulnerability of Flash Player in Internet Explorer 10 (to be released with Windows 8 later this month).


Read the full story in the news<http://www.zdnet.com/adobe-and-microsoft-release-flash-security-updates-in-sync-7000005406/>.



---------------------------------------------------

3. STOP Tags for Laptops and Tablets

---------------------------------------------------


MIT Campus Police is providing three opportunities this month for community members to tag and register laptop computers and electronic devices. A STOP tag, a loss prevention measure, is a visible deterrent to theft. Take a look at this video<http://web.mit.edu/cp/www/_docs/theft_deterrent.wmv> to see the results. Each tag costs $10. Cash or a G/L account is accepted (no TechCash).


The upcoming dates are October 12, 17 and 24.


Details of dates and locations are listed here<http://kb.mit.edu/confluence/display/istcontrib/Campus+Police+Laptop+Tagging+and+Registration#CampusPoliceLaptopTaggingandRegistration-Q%3AWhereandwhencanIhaveequipmenttagged%3F>.



-------------------------------------------------------------

4. Your Google Account May Be Under Attack

-------------------------------------------------------------


Google is warning users of the occurrence of state-sponsored attacks attempting to compromise your account or computer. Last week the company began inserting a message at the top of affected users' Gmail inboxes with the warning: "We believe state-sponsored attackers may be attempting to compromise your account or computer."


If you should see this message, change your password and, if possible, enable two-factor authentication on your Google account (Google refers to this as 2-step verification<http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744>). This allows you to sign in with something you know (like your password) with something only you have (a unique code that is sent to you via text to your mobile device at the moment before you sign in). You can choose to have the code sent to you each time or only when signing in from a new device.


Read the story in the news<http://news.cnet.com/8301-1009_3-57525334-83/middle-east-cyberattacks-on-google-users-increasing/>.



===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================


Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20121009/917754cd/attachment.htm

More information about the ist-security-fyi mailing list