<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin: 0px; font-family: Helvetica;">In this issue:</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">1. Microsoft Security Updates for June 2014</div>
<div style="margin: 0px; font-family: Helvetica;">2. Another Critical Flaw in OpenSSL Fixed</div>
<div style="margin: 0px; font-family: Helvetica;">3. Securely Disposing of Mobile Devices</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">-----------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">1. Microsoft Security Updates for June 2014</div>
<div style="margin: 0px; font-family: Helvetica;">-----------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">This week on Tuesday, June 10, Microsoft is releasing
<a href="https://technet.microsoft.com/library/security/ms14-jun">seven new security bulletins</a>. Two of the bulletins are rated critical. </div>
<div style="margin: 0px; font-family: Helvetica;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Microsoft systems that will be affected:</div>
<ul>
<li style="margin: 0px; font-family: Helvetica;">Microsoft Windows (all current operating systems and servers)
</li><li style="margin: 0px; font-family: Helvetica;">Internet Explorer (all supported versions)
</li><li style="margin: 0px; font-family: Helvetica;">Microsoft Office (2007, 2010) </li><li style="margin: 0px; font-family: Helvetica;">Microsoft Lync Server </li></ul>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">The critical patch for Internet Explorer addresses a
<a href="http://threatpost.com/microsoft-working-on-patch-for-ie-8-zero-day/106247">
zero-day flaw reported in May that targets IE 8</a>, but will be released as a cumulative patch, addressing flaws in all supported versions of IE. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">The second critical patch is for Microsoft Office and Microsoft Lync, the company’s messaging and video conferencing application. The vulnerability is rated critical for Lync 2013 and 2010, as well as Live Meeting
2007 Console; it is rated important for Microsoft Office 2010 and Office 2007.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><span style="text-decoration: underline"><a href="http://ist.mit.edu/waus">MIT WAUS</a></span> subscribers will receive the updates after they have been tested for compatibility within the MIT computing environment. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">This month’s bulletins do not include updates for Windows XP or Office 2003, as both are now retired and unsupported.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">--------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">2. Another Critical Flaw in OpenSSL Fixed</div>
<div style="margin: 0px; font-family: Helvetica;">--------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">The OpenSSL Project <a href="https://isc.sans.edu/forums/diary/Critical+OpenSSL+Patch+Available+Patch+Now+/18211">
has released an update</a> to address new vulnerabilities. The most serious of the bunch could be exploited in a man-in-the-middle (MitM) attack or to run arbitrary code. The disclosure of the Heartbleed vulnerability in the OpenSSL cryptographic library a
few weeks ago drew attention to the lack of support for the widely used open source software. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Experts do not believe this new flaw as threatening as the Heartbleed bug. The vulnerability, CVE-2014-0224, is considered dangerous because it enables an attacker to decrypt and modify traffic between SSL/TLS
clients and servers in a MitM attack. To exploit the bug, both the server and the client must be running vulnerable versions of OpenSSL.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><a href="http://www.scmagazine.com/seven-vulnerabilities-addressed-in-openssl-update-one-enables-mitm-attack/article/351323/">Read the full story online</a>.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">3. Securely Disposing of Mobile Devices</div>
<div style="margin: 0px; font-family: Helvetica;">------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">The June issue of OUCH!, led by Guest Editor Chris Crowley, discusses how to securely dispose of your mobile device. Most people do not realize just how much sensitive and personal information they have on their
mobile device. If you are not careful about how you dispose of your older mobile devices, almost anyone can access that information. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><a href="http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201406_en.pdf">Download the June issue of OUCH! (pdf)</a> and please feel free to share with colleagues.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Additional information about <a href="http://kb.mit.edu/confluence/display/istcontrib/Removing+Sensitive+Data">
secure disposal and data sanitizing old equipment</a> can be found in the Knowledge Base.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">=======================================================================================</div>
<div style="margin: 0px; font-family: Helvetica;">Read all archived Security FYI Newsletter articles and submit comments online at
<a href="http://securityfyi.wordpress.com/"><span style="color: rgb(4, 46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style="margin: 0px; font-family: Helvetica;">=======================================================================================</div>
<div apple-content-edited="true">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<br>
Monique Buchanan<br>
IT Security Communications Coordinator<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href="http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<br>
</div>
</div>
</div>
</div>
<br>
</body>
</html>