Adobe, Microsoft Patch Critical Cracks

Patch Tuesday has come and gone and there are several new Microsoft and Adobe patches that warrant our attention.  Most interesting is probably the Microsoft Office vulnerability that was 17 years in the making.  I remain astonished that a bug existed in the wild for 17 years undetected.

Please review all of your relevant systems and platforms and patch accordingly.

https://krebsonsecurity.com/2017/11/adobe-microsoft-patch-critical-cracks/

https://threatpost.com/microsoft-patches-17-year-old-office-bug/128904/

Microsoft issues advisory to users after macro-less malware attacks – And yet, most Organizations find themselves running out of date Office products

Given the situation, I believe these two articles should be read together and discussed.  On a day when Microsoft is discussing and warning users about another zero day vulnerability in an Office product, we need to take a moment and realize that updating, patching and ultimately upgrading Office is a truly important component of any IT security program.

https://www.tripwire.com/state-of-security/security-data-protection/microsoft-advisory-office-dde-malware/

https://www.infosecurity-magazine.com/news/most-organizations-run-outofdate/

London Heathrow Airport’s security laid bare by one lost USB stick

This issue at London Heathrow Airport certainly speaks to issues associated with both physical security and the potential for insider threats.  It is an eery reminder of the potential damage associated with lost or stolen portable media as well.

https://www.infosecurity-magazine.com/news/security-alert-usb-containing/

https://nakedsecurity.sophos.com/2017/10/31/london-heathrow-airports-security-laid-bare-by-one-lost-usb-stick/