Joe Hackman

Joe Hackman

Digital Transformation, Industry 4.0, Tesla, maker, and more...

You are here: Home / Archives for CERT

Update Your Adobe Acrobat Products Immediately

by 9 Comments

Here at Managed Solutions we do not raise the red flag often, but after reviewing the latest CERT advisory, we’ve done just that. Do not delay, upgrade your Adobe Acrobat and Acrobat Reader Products immediately to the latest version, apply the security patches or install adobe updater recommended updates. The US-CERT Bulletin for today SB10-018 indicates 6 different CVSS Score of 10 vulnerabilities for Adobe Acrobat and Acrobat Reader. Basically a CVSS Score of 10 indicates the highest threat level due to the remote code execution capability and these issues should be taken very seriously. There is a link at the bottom of this article to the resources at Adobe’s website as well as a download for the Windows Version of Adobe Acrobat, please pass the word.

Access the security updates

We’ve learned that some people are having problems downloading the update directly from Adobe’s website so we’ve put the Windows version of Adobe Acrobat Reader 9.3 here for download.

Sun Java Vulnerability

by Leave a Comment

We have received a notice from US-CERT about a security flaw involving Sun Microsystems Java Platform. The flaw affects JDK and JRE 6 Update 4 and earlier versions of Java. This flaw has been labelled critical, and we are prioritizing addressing this flaw with our customers.

Who should be concerned?

  1. Anyone who accesses the Internet with a Web Browser and/or using Java JRE 6 Update 4 and earlier (nearly everyone!).

If I meet the criteria that makes me vulnerable, what should I do?

  1. You should apply an update for Sun Java as soon as possible.
  2. You can download this update at java.com .

Where can I get more information about this problem?

IE7 and Adobe Security Alert

by Leave a Comment

We have received a notice from US-CERT about a security flaw involving Internet Explorer 7 and Adobe Acrobat. The flaw only affects windows based machines that have Internet Explorer 7 and Adobe Acrobat products. If you have both of these products installed your system could be compromised if you opened a pdf file that was crafted to exploit this flaw. This flaw has been labelled critical, and we are prioritizing addressing this flaw with our customers.

Who should be concerned?

  1. Anyone with both Internet Explorer version 7 and Adobe Acrobat installed.
  2. Anyone using Adobe Acrobat products version 8.1 or earlier in conjunction with Internet Explorer 7.

If I meet the criteria that makes me vulnerable, what should I do?

  1. You should avoid opening PDF files from untrusted sources.
  2. You should apply an update for your Adobe Acrobat as soon as possible.
  3. If unable to install an update, you should disable the mailto: URI handler on your Adobe Product (See Adobe Security Bulletin APSB07-18 for details on how to do this).

Where can I get more information about this problem?

3 Critical Updates for Microsoft Products

by Leave a Comment

There are some critical patches available today to address bugs in Internet Explorer (nearly all versions), Outlook (numerous versions) and Excel (numerous version). We recommend you take these precautions for the coming few days even if you are able to install the update.

  • Exercise caution with your web access habits.
  • Do not open any attachments in Outlook that you are not expecting.
  • Delete any suspicious emails you receive.

These updates will be available immediately from microsoft, to download them manually:

Microsoft Windows Update

We will also push these updates out to customers machines that have requested in advanced that we do so. If you would like to see to it that this is done for your systems please contact us. Otherwise advise your users that when prompted by windows update to install critical updates to do so. These issues are significant and could cause extensive problems if they were to be exploited on one or more of your systems.

It is likely that you will not actually be prompted to install these updates until Wednesday January 9th as most windows update servers synchronize early in the morning. Running a manually synchronization is not adding the updates as of the authoring of this notice.

If you’d like to read more about this:

Microsoft’s Security Bulletin

Or:

Advisories for Week of January 8th @ Cert