Microsoft Urges Azure Customers to Patch Exim Worm

This situation is a great example of the importance of patch and firmware management.  Just because a system is hosted in the cloud, it does not mean that you are not responsible for parts if not all of the patch and firmware oversight.  Pay close attention to your service level agreements and other cloud services documentation.

If you are using these particular Azure services from Microsoft, please review this content and patch accordingly.

https://www.infosecurity-magazine.com/news/microsoft-urges-azure-customers-to-1/

https://threatpost.com/microsoft-pushes-azure-users-to-patch-linux-systems/145749/

Advertisements

Adobe patches the same critical Reader flaw twice in one week

As the article author states, it has been an embarrassing few days for Adobe and their patch process.  Though we like to poke fun at Adobe and we often whine about the ongoing parade of vulnerabilities, do not get lulled into a state where patches are missed and systems are left vulnerable.  Please review your environment and patch accordingly.

https://nakedsecurity.sophos.com/2019/02/25/adobe-patches-the-same-critical-reader-flaw-twice-in-one-week/

Vulnerabilities Dip 7%, but Researchers Are Cautious

Though at its face, this sounds like good news, a slight reduction in the number of reported and identified vulnerabilities does not really point to an improvement in the overall security of technology users.  In all honesty, I believe cybercriminals are more effectively leveraging existing vulnerabilities and taking advantage of the human element (phishing, adware, social engineering) to gain the access they desire.

https://www.darkreading.com/vulnerabilities—threats/vulnerabilities-dip-7–but-researchers-are-cautious/d/d-id/1333308

US DHS Slammed for Infosecurity Deficiencies

What a wonderful case of “Do as I say…not as I do”.  The realistic labor and cost implications of information security have alluded the federal government for far too long.  DHS clearly does not grasp practical IT management.  There is no sound argument as to why basic blocking and tackling has not been performed.  DHS has a huge target on its back.  It must lead this fight for US government agencies and not hide from it.

https://www.infosecurity-magazine.com/news/us-dhs-slammed-for-infosecurity/

Intel Says to Stop Applying Problematic Spectre, Meltdown Patch

Linus Torvalds and many others have come out in protest against the hasty and often flawed patching approach to the Meltdown and Spectre vulnerabilities.  It is good to see Intel pumping the breaks on this process and taking a closer look at the architectural needs associated with the correction of this flaw.

https://www.darkreading.com/vulnerabilities—threats/intel-says-to-stop-applying-problematic-spectre-meltdown-patch-/d/d-id/1330871