[IS&T Security-FYI] SFYI Newsletter, May 13, 2014

Tue May 13 10:05:23 EDT 2014

In this issue:

1. Security Updates from Microsoft for May 2014
2. Adobe Updates for Reader and Acrobat XI
3. Hacked, Now What?

-----------------------------------------------------------------
1. Security Updates from Microsoft for May 2014
-----------------------------------------------------------------

This week on Tuesday, May 13, Microsoft is releasing eight new security bulletins<https://technet.microsoft.com/library/security/ms14-may>. Two of the bulletins are rated critical. Microsoft systems that will be affected:

  *   Microsoft Windows (all current operating systems and servers)
  *   Internet Explorer (all supported versions)
  *   Microsoft Office (Windows versions only)

Four of the bulletins address flaws in Windows 8.1. To automatically receive the updates, users must apply the Windows 8.1 Update. MIT WAUS<http://ist.mit.edu/waus> subscribers will receive the updates after they have been tested for compatibility within the MIT computing environment.

This week’s updates do not include the out-of-band bulletin MS14-021<https://technet.microsoft.com/en-us/library/security/ms14-021.aspx>, which was released on May 1, 2014. The patch for Internet Explorer being released on May 13th contains another critical patch for the browser.<http://threatpost.com/microsoft-to-patch-ie-again-next-week-adobe-to-clean-up-reader-acrobat/105993>

This month’s bulletins do not include updates for Windows XP or Office 2003, as both are now retired and unsupported.

------------------------------------------------------------
2. Adobe Updates for Reader and Acrobat XI
------------------------------------------------------------

Adobe is planning to release security updates<http://helpx.adobe.com/security/products/reader/apsb14-15.html> on Tuesday, May 13, for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh. The updates address critical vulnerabilities in the software.

-------------------------------
3. Hacked, Now What?
-------------------------------

The topic of this month’s issue of OUCH!<http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-2014-05_en.pdf>, the security awareness newsletter from SANS.org<http://SANS.org>, is about what to look for to determine if your computer is hacked and if so, what you can do about it.

It can happen even when you’re being careful about browsing online and downloading software. Here are some things mentioned in the issue of OUCH! to keep in mind and to help you survive a computer virus:

  *   To see if the computer has been compromised: check your anti-virus program for any indicators that it was not able to remove affected files to quarantine. Other indicators may be that programs are running that you did not install, windows or ads pop open without you requesting them, or the computer is crashing or very slow.
  *   The sooner you respond to a compromise, the better. Contact the Help Desk and, if it involves a work computer, your supervisor.
  *   DO NOT turn the computer off. You may destroy valuable evidence.
  *   Disconnect the computer from the network and put it to sleep.
  *   Ways to survive a compromise: make sure you have backups running.
  *   Change your important passwords (all of them) from a computer you trust.
  *   The computer may need to be rebuilt from scratch. A professional help desk will save your data, if possible, and wipe the computer clean of all software, then reinstall the operating system and files, after ensuring none of them are infected.

For information on how to respond to a compromise when at MIT, see the Knowledge Base<http://kb.mit.edu/confluence/x/FqI7>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20140513/ba624c43/attachment.htm