It has been a slow and painful death for IE 10, and now it appears Microsoft has decided to drive the final nail in the coffin of this often despised web browser.
https://www.theregister.co.uk/2019/01/29/microsoft_internet_explorer_10/
End of Life
Russian APT Compromised Cisco Router in Energy Sector Attacks
The phrase I think you need to focus on in this article is “end of life”. The Cisco router in question was end of life and therefore no longer capable of receiving security updates or patches*. No level of diligence by downstream corporations or government agencies can defend against upstream entities running out of date and indefensible network components…or can they? A mandatory vulnerability scan or penetration test against the vendor network in question would have revealed this weakness.
Two pieces of advice this morning:
- Maintain your hardware and software investments. IT spends are not forever. Hardware must be updated on a regular basis based on manufacturer support standards. Software must be upgraded and regularly patched. Do not roll the dice. They always eventually come up snake eyes.
- Hold your vendors to a reasonable IT security standard. Require and review periodic testing. build enforceable language into your contracts and SLA’s. You are only as strong as the weakest link in your supply chain!
*Point of clarification – Thank you to @MrJeffMan for reminding me that “end of life” technically means that patches and updates are no longer being developed. Previously developed updates can be applied and special (often expensive) extended support options are often available for purchase.
Adobe Announces Flash Distribution and Updates to End
No one can say that they did not know this was coming, but I must admit I am excited that the light at the end of the tunnel is visible. We are getting closer to a day when this patch management nightmare will be over. Rest in peace Adobe Flash….as soon as possible.
https://webkit.org/blog/7839/adobe-announces-flash-distribution-and-updates-to-end/
Microsoft Ending Support for Windows Vista
This should not come as a surprise to many of you, but we can all use this as a friendly reminder to evaluate all of our legacy systems and plan accordingly for decommissioning and replacement.
https://www.us-cert.gov/ncas/current-activity/2017/03/17/Microsoft-Ending-Support-Windows-Vista
Microsoft to Bid Farewell to SHA-1 in February
The death of SHA-1 is closer than you may think. Time to prepare and move forward.
http://www.infosecurity-magazine.com/news/microsoft-to-bid-farewell-to-sha-1/
Microsoft extends EMET end of life date
EMET has been an important security tool for admins supporting older Windows OS versions and to see its end of life drawing near concerns me. This has the feel of another play to guide/force more users to Windows 10.
http://www.itnews.com.au/news/microsoft-extends-emet-end-of-life-date-440707
Stop using Internet Explorer after next Tuesday! (Sort of)
If you did not seeing this coming with Internet Explorer, given the all but forced upgrade process for Windows 10, then you were lying to yourself. I am especially surprised to see the complete abandonment of Windows 8.
https://nakedsecurity.sophos.com/2016/01/07/stop-using-internet-explorer-after-next-tuesday-sort-of/
Windows Server 2003: The “Window” Is Closing For You and 1.76 Million Others
This is a strong summary of the pitfalls associated with continuing to run Windows Server 2003 after the July deadline. Upgrading is an absolute necessity from a security and/or compliance perspective.
