<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Garamond, sans-serif;">
<div>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;">In this issue:</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">1. December 2013 Security Updates from Microsoft</p>
<p style="margin: 0px; font-family: Helvetica;">2. The Notorious ZeroAccess Botnet Disrupted</p>
<p style="margin: 0px; font-family: Helvetica;">3. Widespread Attacks on Online Bankers Predicted</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">---------------------------------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica;">1. December 2013 Security Updates from Microsoft</p>
<p style="margin: 0px; font-family: Helvetica;">---------------------------------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">Today, Tuesday December 10, Microsoft is releasing eleven new
<a href="http://technet.microsoft.com/en-us/security/bulletin/ms13-dec">security bulletins</a>. Five of the bulletins are rated critical. Microsoft systems affected are:</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<ul>
<li style="margin: 0px; font-family: Helvetica;">Windows operating systems </li><li style="margin: 0px; font-family: Helvetica;">Office </li><li style="margin: 0px; font-family: Helvetica;">Lync </li><li style="margin: 0px; font-family: Helvetica;">Internet Explorer </li><li style="margin: 0px; font-family: Helvetica;">Exchange </li><li style="margin: 0px; font-family: Helvetica;">Windows Server operating systems
</li><li style="margin: 0px; font-family: Helvetica;">Developer Tools </li></ul>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">It is recommended to accept the updates. MIT WAUS subscribers will receive the updates after they have been tested for compatibility. Installing the bulletins manually may require a restart.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">This is the last update of the year, finishing the 10th anniversary of Microsoft’s formularized process for security updates. Six of this month’s bulletins close potential remote code execution holes. All Windows
platforms are affected, from XP to 8.1 and from Server 2003 to 2012. In addition, this month’s Internet Explorer update covers IE 6 through 11.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">--------------------------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica;">2. The Notorious ZeroAccess Botnet Disrupted</p>
<p style="margin: 0px; font-family: Helvetica;">--------------------------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">According to <a href="http://blogs.technet.com/b/microsoft_blog/archive/2013/12/05/microsoft-europol-fbi-and-industry-partners-disrupt-notorious-zeroaccess-botnet-that-hijacks-search-results.aspx">
Microsoft’s official blog</a>, their Digital Crimes unit successfully disrupted a botnet that has impacted millions of innocent people. Microsoft, in conjunction with Europol’s European Cybercrime Center (EC3), the FBI and technology leaders, has taken action
against the botnet known as ZeroAccess. The botnet has infected nearly two million computers all over the world and cost online advertisers upwards of US $2.7 million each month.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;"><a href="http://blogs.technet.com/b/microsoft_blog/archive/2013/12/05/microsoft-europol-fbi-and-industry-partners-disrupt-notorious-zeroaccess-botnet-that-hijacks-search-results.aspx">Read the full story online</a>.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">---------------------------------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica;">3. Widespread Attacks on Online Bankers Predicted</p>
<p style="margin: 0px; font-family: Helvetica;">---------------------------------------------------------------------</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">Kaspersky Lab has recorded several thousand attempts to infect computers used for online banking with a malicious program (a Trojan called Neverquest) that its creators claim can attack “any bank in any country.”
The Trojan uses every trick to bypass online security banking systems, including web injection, remote system access and social engineering. Due to the Trojan’s self-replication capabilities, Kaspersky Lab is warning that a sharp rise in attacks can be expected,
resulting in financial losses for users all over the world.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;"><a href="http://www.net-security.org/malware_news.php?id=2638">Read the full story online</a>.</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</p>
<p style="margin: 0px; font-family: Helvetica;">=======================================================================================</p>
<p style="margin: 0px; font-family: Helvetica;">Read all archived Security FYI Newsletter articles and submit comments online at
<a href="http://securityfyi.wordpress.com/"><span style="color: rgb(4, 46, 238);">http://securityfyi.wordpress.com/</span></a>.</p>
<p style="margin: 0px; font-family: Helvetica;">=======================================================================================</p>
</div>
<div><span class="Apple-style-span" style="border-collapse: separate; font-family: Calibri; font-size: medium; border-spacing: 0px;"><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; font-family: Helvetica; font-size: 14px; orphans: 2; widows: 2;">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px;"><span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; font-size: 12px;">
<div><br>
</div>
<div><br>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class="khtml-block-placeholder">
</div>
<br class="Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>