MICROSOFT: Modifies November Patches to Bypass Lenovo Server Conflicts. Microsoft released patches for Server 2016, 2012R2, and 2012 on Nov. 8 that freeze specific Lenovo servers on reboot. The servers don’t finish the POST process and hang at the Lenovo splash screen. After many complaints, Lenovo issued six new UEFI firmware patches on Nov. 22. The next day, Microsoft altered six of its security patches, including the latest Win10 version 1607 cumulative update, KB 3200970, to add logic bypassing automatic installation of those patches on the affected servers. Read more
TOR: Patched Against Zero Day Under Attack. The Tor Project has provided a browser update that patches a zero-day vulnerability being exploited in the wild to de-anonymize Tor users. “The security flaw responsible for this urgent release is already actively exploited on Windows systems. Even though there is currently, to the best of our knowledge, no similar exploit for OS X or Linux users available, the underlying bug affects those platforms as well,” the Tor Project said in its announcement. “We strongly recommend that all users apply the update to their Tor Browser immediately. A restart is required for it to take effect.” Find out more
XXS: Flaw on Wix Leaves the Door Open to Worms. A researcher found a cross-site scripting flaw in Wix templates that a worm could have used to infect all Wix-hosted sites, but couldn’t find a way to report the vulnerability. Find out more
FIREFOX: Updated for Security Bugs. Mozilla has released a number of security fixes affecting two of its Firefox browsers: the widely used consumer edition, v50, and ESR 45.5, intended for enterprises which manage client desktops. Read the rest
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems November 2016 http://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-november-2016.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.