SECURITY PATCHES
GOOGLE: Patches Critical ‘Broadpwn’ Bug in July Security Update. Google released a security patch that addresses a critical vulnerability dubbed “Broadpwn” found in millions of Android devices that could allow remote attackers to execute code on targeted devices. Read more
[THREATPOST.COM]
WINDOWS XP: Microsoft Releases New Windows XP Security Patches, Warns of State-Sponsored Cyberattacks. Microsoft issued a “highly unusual” patch for Windows XP last month to help prevent the spread of the massive WannaCry malware. At least 75,000 computers in 99 countries were affected by the malware which encrypts a computer and demands a $300 ransom before unlocking it. Microsoft stopped supporting Windows XP in April 2014, but the software giant is now taking the unprecedented move of including it in the company’s Patch Tuesday round of security updates. Read more
[THEVERGE.COM]
MICROSOFT OFFICE: Microsoft Releases 15 Office Patches for July, but Some June Bugs Still Stink. Microsoft has shipped a fix for the bugs introduced by last month’s patches to Outlook 2010. Dubbed KB 4011042, the fix appears to be a non-security patch that fixes bugs created by a security patch—a red flag for many advanced patchers. Microsoft released a “fix” that was supposed to take care of this group of bugs on June 27, 2017—KB 3015545—but quickly pulled the patch when it started crashing 32-bit versions of Outlook 2010. Thus, this week’s non-security update KB 4011042 is a fix for a bug in a bug fix for a botched security patch. Find out more
[COMPUTERWORLD.COM]
LINUX: Don’t Panic, but Linux’s Systemd Can Be Pwned Via an Evil DNS Query. Systemd, the Linux world’s favorite init monolith, can be potentially crashed or hijacked by malicious DNS servers. Patches are available to address the security flaw, and should be installed ASAP if you’re affected. Read more
[THEREGISTER.CO.UK]
==========
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems May 2017 https://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-may-2017.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
==========
