<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin: 0px; font-family: Arial; min-height: 16px;">In this issue:</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">1. Flash Player Updates & Microsoft Security Updates</div>
<div style="margin: 0px; font-family: Arial;">2. Microsoft Revokes Unauthorized Certs</div>
<div style="margin: 0px; font-family: Arial;">3. The Do’s and Don’ts of Email</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">------------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Arial;">1. Flash Player Updates & Microsoft Security Updates</div>
<div style="margin: 0px; font-family: Arial;">------------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">ADOBE</div>
<div style="margin: 0px; font-family: Arial;">Due to <a href="http://helpx.adobe.com/security/products/flash-player/apsb14-17.html#table">
recent security vulnerabilities</a> in Flash Player, Adobe has released version <a href="http://helpx.adobe.com/flash-player/release-note/fp_14_air_14_release_notes.html">14.0.0.145</a> (11.2.202.394 for Linux) this week for all platforms. All operating systems
on the now out-of-date versions are vulnerable and recommended to update to the latest version. Additionally because of the severity of these vulnerabilities, Apple has blocked all out-of-date Flash Player plug-ins for OS X. </div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">From Apple: “Due to security issues in older versions, Apple has updated the web plug-in blocking mechanism to disable all versions prior to Flash Player 14.0.0.145 and 13.0.0.231.”</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">Install or check your version of Flash Player in your browser
<a href="http://helpx.adobe.com/flash-player.html">here.</a> </div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">For assistance, contact the Help Desk at 617.253.1101 or
<a href="mailto:helpdesk@mit.edu">helpdesk@mit.edu</a>. You can also <a href="http://ist.mit.edu/help#form">
submit a request online</a>.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">MICROSOFT</div>
<div style="margin: 0px; font-family: Arial;">Last week on Patch Tuesday, July 8th, Microsoft released
<a href="https://technet.microsoft.com/en-us/library/security/ms14-jul.aspx">six updates</a> to address 29 security vulnerabilities.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">Systems affected:</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<ul>
<li style="margin: 0px; font-family: Arial;">Internet Explorer (all supported versions)
</li><li style="margin: 0px; font-family: Arial;">Microsoft Windows (all supported versions)
</li></ul>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">There was also updated firmware for all Microsoft Surface tablets, labeled “System Firmware Update - 7/8/2014,” available via Windows Update, improving various hardware issues.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;"><a href="http://www.theregister.co.uk/2014/07/08/microsoft_swats_29_bugs_adobe_updates_flash_for_patch_tuesday/">Read the story in the news</a>.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">-------------------------------------------------------</div>
<div style="margin: 0px; font-family: Arial;">2. Microsoft Revokes Unauthorized Certs</div>
<div style="margin: 0px; font-family: Arial;">-------------------------------------------------------</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">Microsoft has issued an emergency update to revoke 45 of the unauthorized certificates from National Informatics Centre (NIC) of India. The updates revoke trust in three intermediary certificates from NIC so that
all domain certificates, including some legitimate ones, will be invalid.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">"These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against Web properties," a
<a href="https://technet.microsoft.com/en-us/library/security/2982792">Microsoft advisory</a> warned. "The subordinate CAs may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks."</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">The update will be automatically delivered to PCs running Windows 8, 8.1, RT, RT 8.1, Server 2012, Server 2012 RS, Phone 8, and Phone 8.1. </div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">Users running Windows 7, Vista, Server 2008, and Server 2008 RS may or may not have the automatic updater installed. See the
<a href="https://support.microsoft.com/kb/2677070">Microsoft KB article 2677070</a> for details. Administrators can find details in the
<a href="https://support.microsoft.com/kb/2813430">KB article 2813430</a>.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">There is presently no way to revoke the certificates for Windows 2003.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;"><a href="http://arstechnica.com/security/2014/07/emergency-windows-update-revokes-dozens-of-bogus-google-yahoo-ssl-certificates/">Read the story in the news</a>.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">------------------------------------------</div>
<div style="margin: 0px; font-family: Arial;">3. The Do’s and Don’ts of Email</div>
<div style="margin: 0px; font-family: Arial;">------------------------------------------</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">The July issue of OUCH!, led by Guest Editor Dr. Eric Cole, discusses how we can be our own worst enemy when using email, including accidentally emailing the wrong people, not understanding the difference between
“cc” and “bcc” and the dreaded “reply all.”</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;"><a href="http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201407_en.pdf">Download the July issue of OUCH! (pdf)</a> and feel free to share with colleagues.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">Also, what should you do about all that spam??
<a href="http://ist.mit.edu/news/videos/spam_quarantine">Here’s a video</a> created by IS&T with some tips on how to keep unwanted emails at bay.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">=======================================================================================</div>
<div style="margin: 0px; font-family: Helvetica;">Read all archived Security FYI Newsletter articles and submit comments online at
<a href="http://securityfyi.wordpress.com/"><span style="color: rgb(4, 46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style="margin: 0px; font-family: Helvetica;">=======================================================================================</div>
<div style="margin: 0px; font-family: Helvetica;"><br>
</div>
<div apple-content-edited="true">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<br>
Monique Buchanan<br>
IT Security Communications Coordinator<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href="http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<br>
</div>
</div>
</div>
</div>
<br>
</body>
</html>