SIA Alert - Microsoft Patch Tuesday - 3/11/14

Microsoft for March released two critical and three important security bulletins today covering 23 vulnerabilities. The most important fix is to all versions Internet Explorer and is referred to as a zero day bug. This means it is being actively exploited now.

The second critical patch is a remote execution vulnerability in Windows and should be addressed quickly as well. The ‘Important’ bulletins patch problems in Silverlight and Elevation of Privilege issues with Windows. Also covered is a password issue where an attacker makes multiple attempts to enter a Windows system.

An article today by Ms. Smith of Networkworld summarized the IE patch:

…. It's Patch Tuesday again and MS14-012 is the first one to jump on for March 2014 in order to patch the critical zero-day vulnerability in Internet Explorer that attackers have been actively exploiting in the wild since at least last month. On Feb. 11, FireEye researchers identified a zero-day exploit in Internet Explorer 10 being used in Operation SnowMan that compromised the U.S. Veterans of Foreign Wars website. Shortly thereafter, Seculert reported that a different set of attackers used the same zero-day exploit but tweaked the credential-stealing malware to impersonate a French aerospace manufacturer……

Her complete article can be found at: http://www.networkworld.com/community/blog/march-2014-patch-tuesday-microsoft-closes-critical-holes-ie-windows?source=NWWNLE_nlt_daily_pm_2014-03-11

Quotes of the Month:

"Learning without thought is labor lost; thought without learning is perilous." –Confucius

"The only place success comes before work is in the dictionary." --Vince Lombardi

Tip of the Month:

Support for Windows XP and Windows Server 2003 is still scheduled to be discontinued after April 8th, just four weeks away. So far, Microsoft has not budged from this position, so we caution anyone who still has XP machines, and in particular systems connected to the Internet or a work network, to be concerned.