[IS&T Security-FYI] Security FYI Newsletter, September 18, 2015

[Monique Buchanan]

In this issue:

1. Microsoft Security Updates for September 2015
2. What NCSAM will Bring in October
3. Cybersecurity Course via MITProfessionalX


1. Microsoft Security Updates for September 2015

Last week Microsoft released twelve security bulletins<https://technet.microsoft.com/en-us/library/security/ms15-sep.aspx>, five of which are critical to mitigate code execution vulnerabilities. The twelve bulletins address 52 vulnerabilities total this month.

Systems affected include: Windows, Internet Explorer, Microsoft Edge, Office, Lync, SharePoint Foundation, Microsoft .NET Framework, Exchange Server, and Skype for Business Server.

One of the most critical bulletins is for a Graphics Component buffer overflow vulnerability (MS15-097) in how the Windows Adobe Type Manager Library handles OpenType fonts. It could be exploited by convincing a user to open a specially crafted document or to visit an untrusted webpage that contains embedded OpenType fonts. A successful exploit would allow an attacker to install programs, view, change or delete data, and create new accounts with full user rights.

Microsoft Edge, the new browser for those using Windows 10, has critical vulnerabilities that are addressed with MS15-095. These are also addressed in the patches for Internet Explorer (MS15-094).

As always, you are advised to install vendor patches as they are available, run all software with least privileges required while still maintaining functionality, avoid handling files from unknown or questionable sources, and never visit sites of unknown or questionable integrity.

Read the full story in the news<http://www.networkworld.com/article/2981732/microsoft-subnet/microsoft-released-12-patches-5-rated-critical-1-being-exploited-in-the-wild.html>.


2. What NCSAM will Bring in October

Recognizing the importance of cybersecurity to our nation, President Obama has designated October as National Cyber Security Awareness Month (NCSAM). As members of a university, we can all do our share to raise awareness about cybersecurity and increase our resiliency to cyber threats. For example, download free “Stop.Think.Connect.” materials<http://www.dhs.gov/publication/stopthinkconnect-promotional-materials> to distribute in your office or dorm.

Learn about what you can do<http://www.dhs.gov/national-cyber-security-awareness-month>.



3. Cybersecurity Course via MITProfessionalX

A six-week course, Cybersecurity: Technology, Application and Policy is being offered by CSAIL. This Digital Programs course will survey state-of-the-art topics in cybersecurity, looking at systems issues, algorithmic solutions, policy issues and a range of case studies.

It is taught by a team of world-renowned security experts in hardware, software, cryptography and policy from CSAIL.

Details: The current available course starts on September 15, ends October 27, 2015. The price is $545. Registration has been extended to September 22nd. If you miss this one, it will be repeated in November and in January.

Learn more or register at MITProfessionalX<https://mitprofessionalx.mit.edu/>.



NOTE: All Security FYI newsletters will now also be posted at: ist.mit.edu/news<http://ist.mit.edu/news> in place of the WordPress blog site that was perviously used for archiving them.


Monique Buchanan
Communications Specialist
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu
tel: 617.253.2715







-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20150918/01492c30/attachment.html