SECURITY PATCHES
CISCO: Releases Five Security Patches. Cisco released security updates for several products, one of which fixes a flaw that could allow remote execution if exploited. Cisco’s ASA Software Identity Firewall, CVE-2016-6432, patch repairs a buffer overflow issue that can be exploited through a specially crafted NetBIOS packet leading to the execution of arbitrary code. Cisco Firepower System Software’s flaw, CVE-2016-6439, is due to the improper handling of an HTTP packet stream that can create a Denial of Service condition if not patched. The company’s ASA Software’s problem, CVE-2016-6431, would allow an attacker to cause a reload if he sent a crafted enrollment request to the infected system. Cisco Meeting Server required two patches for CVE-2016-6446 and CVE-2016-6444. The former could allow an attacker to retrieve memory from a connected server and the latter would allow a cross-site request forgery against a Web Bridge user. Read more
[SCMAGAZINE.COM]
ORACLE: Fixes 253 Security Flaws in October Update. Oracle released its October Critical Patch Update, fixing 253 different vulnerabilities across the company product portfolio. The update, released Oct. 18, is the second-largest ever issued by Oracle, outpaced only by the company’s July CPU in which 276 vulnerabilities were patched. Overall, Oracle’s patching updates have been growing in recent years, with 2016 set to be larger than in past years. Find out more
[INFOWORLD.COM]
WINDOWS: 5 Critical Updates for October Patch Tuesday. October’s change of season brings a fundamental change to how Microsoft presents and delivers updates to Windows 7 and 8.x systems. As of this month, Microsoft will now follow the Windows 10 cumulative update model for all currently supported versions of Windows platforms — including Windows 7 and 8.x systems. This is a big departure from a more granular approach using individual updates and patches. Microsoft will now “roll-up” security, browser and system component (.NET) into aggregate patches. This month Microsoft has released ten updates with five rated as critical, four rated as important and one update with a lower security rating of moderate. This release cycle includes several “Patch Now” updates for IE, Edge, Adobe Flash Player and a small component of Microsoft Office. All of these patches will require a restart. Find out more
[COMPUTERWORLD.COM]
GOOGLE CHROME: 21 Google Chrome Security Holes You Need to Patch Now. Google released security patches for 21 vulnerabilities in its Chrome browser, including six high-severity flaws. Most of these flaws were discovered and reported by bug hunters through the tech giant’s bounty program. Chrome Update 54 is available for Mac, Windows and Linux operating systems. Read the rest
[KOMANDO.COM]
==========
NOW ON SLIDESHARE: Tech Update Summary from Blue Mountain Data Systems September 2016 http://www.slideshare.net/BMDS3416/tech-update-summary-from-blue-mountain-data-systems-september-2016.
IT SECURITY SUPPORT: Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible. We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system. Find out more about Blue Mountain Data Systems IT Security Support Services. Call us at 703-502-3416.
BLUE MOUNTAIN DATA SYSTEMS HAS THE EXPERIENCE: 1994 to Present – U.S. Dept. of Labor, Employee Benefits Security Administration. Responsible to the Office of Technology and Information Systems for information systems architecture, planning, applications development, networking, administration and IT security, supporting the enforcement of Title I of the Employee Retirement Income Security Act — ERISA. Within the EBSA, Blue Mountain is responsible for design, development and support for its various enforcement database management systems, as well as all case tracking and customer service inquiry systems. Blue Mountain also provides IT security services to the EBSA, in the form of FISMA Assessment and Authorization, System Security Plans, Risk and vulnerability assessments, monitoring and investigation support. Read more.
==========