Make sure you patch and update your systems

0 Shares

by Dr. Grigorios Fragkos, VP CyberSecurity

 

It is strongly suggested you verify that the Web Browsers you are using have been updated to the latest version and if you have Adobe Flash Player installed in your system, make sure you have downloaded the latest version from the official URL: https://get.adobe.com/flashplayer/.

 

In order to check if your browser is running the latest version of Adobe Flash Player you can visit the following URL: https//www.adobe.com/uk/software/flash/about/

 

Webpage URL

Find out more about our Cyber Security and Compliance Solutions

Request a Callback

Patches released

Microsoft released a number of updates for Patch Tuesday (14th July 2015) which according to the published security bulletin summary, address remote code execution flaws for both the Windows OS and Internet Explorer.

 

One of the patches addresses last week’s security issue CVE-2015-2425 which was uncovered due to the recent Hacking Team breach and the leak of a number of zero day (0day) exploits. This Tuesday’s updates, which also marks the end of support for Windows Server 2003, includes nine bulletins directly related to servers.

 
It is very important for CISOs, and CyberSecurity decision makers in general, to plan for the day after support ends for this product as it is expected that attackers will launch targeted attacks against Windows Server 2003.

Not ready?

For those who are not in a position to transition to a new server by the end of the support date, Microsoft will continue to support the OS during the first year for US $600/year. Due to the fact that no single solution fits all scenarios, you may need to consider alternatives which might help in this case.

 

  •  One option is to upgrade to Windows Server 2008 but keep in mind that the support will end in five years.
  •  Another option is to upgrade to Windows Server 2012 R2 which allows IT to take advantage of IPv6, virtualisation software with Hyper-V and other added features.

If you cannot migrate to a newer server at this moment, it is highly advisable to review the server’s hardening settings and segregate the server onto its own network. Of course, make sure that the traffic to and from the server is filtered and monitored by using a firewall and IPS. For some companies, this might provide an opportunity for a swift move to the Cloud.

 

Depending on the available budget of each company, a transition to a Cloud based server might be an ideal solution to cut down cost of maintenance, gain on performance, and be hardware independent.

 

Furthermore, Oracle addressed Java zero day (0day) vulnerabilities with its quarterly Critical Patch Update (CPU). The security fixes Oracle released address an astonishing 193 vulnerabilities across all of its products. One of the patches addresses the CVE-2015-2629 issue which received a CVSS Base Score of 9.0 for the Windows platform and a 7.5 for Linux based platforms.

 

The CPU also addresses the actively exploited Java 0day vulnerability (CVE-2015-2590) that goes by the name Operation Pawn Storm which targets primarily military targets, embassies and defence contractor personnel from the US and its allies.

 

It is strongly suggested to apply this security update as soon as possible even though your industry is not within the primary targets of this exploitation campaign.

 

Sysnet Risk & Assurance is available to assist with pragmatic solutions to help improve security posture and meet compliance initiatives, for more information, please visit Risk & Assurance or email sales@sysnetgs.com

 

Like this Article?

Subscribe to receive more tips & news about Cyber Security, Compliance and a lot more!

  • Sysnet Global Solutions will use the information you provide on this form to be in touch with you regarding non-promotional as well as promotional material by email and phone. If you agree to same, then please select the ‘I consent’ box after reading the terms and conditions listed below in relation to consent. You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, update your preferences for communications, content etc. by clicking on the update my preferences button in any email we send you or by contacting us at marketing@sysnetgs.com We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms. We use Pardot as our marketing automation platform. By clicking below to submit this form, you acknowledge or agree that the information you provide will be transferred to Pardot for processing in accordance with their Privacy Policy and Terms