[IS&T Security-FYI] SFYI Newsletter, November 12, 2014

Wed Nov 12 10:43:38 EST 2014

In this issue:

1. Microsoft Security Updates for November 2014
2. Microsoft Ends Support Next Year for Windows Server 2003
3. DeterLab Offers Free Cybersecurity Exercises

-------------------------------------------------------------------
1. Microsoft Security Updates for November 2014
-------------------------------------------------------------------

Microsoft issued 16 security bulletins<https://technet.microsoft.com/library/security/ms14-nov> on Tuesday, November 11. Five of the bulletins were given critical ratings.

Systems affected:

  *   Windows
  *   Office
  *   Microsoft.NET<http://microsoft.net/> Framework
  *   Microsoft Server Software
  *   Internet Explorer

The updates will be available through the normal Windows Update process.

Read the full story online<http://www.zdnet.com/microsoft-to-issue-16-security-updates-7000035526/>.

-----------------------------------------------------------------------------------
2. Microsoft Ends Support Next Year for Windows Server 2003
-----------------------------------------------------------------------------------

Microsoft is ending support for the Windows Server 2003 operating system on July 14, 2015. After this date, this product will no longer receive:

  *   Security patches that help protect PCs from harmful viruses, spyware and other malicious software
  *   Assisted technical support from Microsoft
  *   Software and content updates

End of support refers to the date when Microsoft no longer provides automatic fixes, updates or online technical assistance. As of July of 2014, there were 12 million physical servers worldwide still running Windows Server 2003.

Computers running Windows Server 2003 will continue to work after support ends. However, using unsupported software may increase the risk of viruses and other security threats. Users of Windows Server 2003 should begin looking at what they’re up against in terms of migrating by next July.

Read the full story online including some suggestions for preparing the migration<http://redmondmag.com/articles/2014/09/18/server-2003-end-of-support.aspx>.

-----------------------------------------------------------------
3. DeterLab Offers Free Cybersecurity Exercises
-----------------------------------------------------------------

The free, open-infrastructure DeterLab<http://info.deterlab.net/> provides exercises for students to learn cybersecurity techniques by getting their arms around attacks and defenses. Dedicated to supporting cybersecurity education, DeterLab has been used by 99 classes, from 64 institutions and involving more than 3,500 users.

Deter stands for Defense Technology Experimental Research, and is a project started ten years ago at the University of Southern California. From the DETER Project<http://deter-project.org/> came DeterLab, which enables faculty members from all over the world to use pre-built exercises in their classes, letting students try out security activities in a safe environment. Students can work through exercises without breaking or attacking something “for real.” Included are real-world activities such as buffer overflows, man-in-the-middle attacks, worm modeling and detection, denial-of-service and distributed denial-of-service attacks, and forensics and monitoring.

Read the full story online<http://campustechnology.com/Articles/2014/11/04/Students-Get-Hands-On-Experience-with-Open-Testbed-for-Cybersecurity-Research.aspx?Page=1>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20141112/fb82cc12/attachment.htm