[IS&T Security-FYI] Security FYI Newsletter, March 18, 2015

Wed Mar 18 13:29:34 EDT 2015

In this issue:

1. Microsoft Security Updates for March
2. Apple Updates for iOS and OS X
3. Superfish Removed from 250,000 Windows Machines
4. FREAK Still Affects Some Cloud Services
5. Adobe Updates Flash Player

-----------------------------------------------------
1. Microsoft Security Updates for March
-----------------------------------------------------

On Patch Tuesday, Microsoft released the highest number of security bulletins<https://technet.microsoft.com/en-us/library/security/ms15-mar.aspx> in recent history with 14 bulletins containing 46 updates for March (MS15-018 through MS15-031). Systems affected are Windows and Office (whose patches are rated critical), Exchange and Internet Explorer. Not all of the updates were security-related. A break-down of what was contained in this month’s batch of updates can be found here<http://www.zdnet.com/article/what-was-in-this-months-super-sized-batch-of-windows-and-office-updates/>.

Good news is that Microsoft has covered many issues, including all the open issues from the Google Project Zero list<http://googleprojectzero.blogspot.com/2015_02_01_archive.html>; they addressed the “FREAK” vulnerability in Windows, which can be exploited to intercept communications and downgrade encryption strength; and issued a patch to fix a flaw exploited by Stuxnet that was incompletely patched in 2010.

Be sure to accept the updates as they occur, or go to the Windows Update<http://www.update.microsoft.com/> site. You may need to restart your machine after installing patches.

Read the story in the news.<http://www.networkworld.com/article/2894746/microsoft-subnet/march-2015-patch-tuesday-5-of-14-rated-critical-and-microsoft-issues-a-fix-for-freak.html>

-----------------------------------------------
2. Apple Updates for iOS and OS X
-----------------------------------------------

Apple has released security updates for iOS and OS X. Both include fixes for the FREAK vulnerability in SSL/TLS. Apple's Security Update 2015-002 addresses five vulnerabilities; Apple's iOS 8.2 addresses six vulnerabilities and includes Apple Watch capabilities. Be sure to accept the updates as they occur, or on your computer go to the App Store and click on Updates.

Read the full story in the news<http://www.eweek.com/security/apple-patches-freak-fixes-other-vulnerabilities.html>.

---------------------------------------------------------------------------
3. Superfish Removed from 250,000 Windows Machines
---------------------------------------------------------------------------

Microsoft, along with Lenovo and other software manufacturers, has managed to scrub Superfish adware from 250,000 Windows-based PCs. According to Microsoft's security team, the daily number of Lenovo machines infected has dropped below 1,000; at its peak, Superfish had been found daily on 60,000 PCs.

Read the full story in the news<http://www.computerworld.com/article/2895882/joint-effort-guts-superfish.html>.

-----------------------------------------------------------
4. FREAK Still Affects Some Cloud Services
-----------------------------------------------------------

Despite fixes from Apple and Microsoft this past week, the FREAK vulnerability still affects more than 600 cloud services, according to an estimate from Skyhigh Networks. The company scanned its registry of more than 10,000 services. Read the full story in the news<http://www.scmagazine.com/more-than-600-cloud-services-still-vulnerable-to-freak-data-shows/article/403273/>.

Learn more about FREAK<http://www.scmagazine.com/freak-vulnerability-can-be-exploited-to-cause-weak-encryption/article/401691/>.

------------------------------------------
5. Adobe Updates Flash Player
------------------------------------------

Adobe has released an update for its Flash Player that addresses at least 11 separate vulnerabilities. The most current version of Flash for Windows and Mac is now 17.0.0.134; Flash on Google Chrome and Internet Explorer on Windows 8.x should be updated automatically; Linux users are advised to update to version 11.2.202.451. Find out if you have the latest version of Flash installed on your browser<https://www.adobe.com/software/flash/about/>.

Read the story at Krebs on Security<http://krebsonsecurity.com/2015/03/adobe-flash-update-plugs-11-security-holes/>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
Social Communications Specialist
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20150318/8b1477b2/attachment.htm