ANCHOR CYBER FEED

Microsoft Issues Updates for 19 Critical Vulnerabilities on Patch Tuesday This month's Patch Tuesday saw Microsoft issue updates for 55 vulnerabilities in all, 19 of which were classified as critical. Several of the critical patches are for Internet Explorer 11, including some that could allow an attacker to remotely execute code against a vulnerable machine. An Office vulnerability (CVE-2017-8570) was also patched; the vulnerability could allow a malicious document to run arbitrary malicious code when a user opens a specially-crafted document. Another vulnerability (CVE-2017-8563), this one is the NTLM authentication protocol has engendered a lot of discussion. The key here is not just to patch, but also to ensure that SMB signing is enabled in your domain, and that Kerberos, rather than NTLM, is your primary authentication mechanism. SANS/ISC Summary of July 2017 Microsoft Updates Microsoft July 2017 Security Update Summary Adobe Releases New Version of Flash Player to

Three Million Customers' Data Left Exposed on Web by WWE WWE (World Wide Wrestling Entertainment) was found last week to have left personal data on over three million customers openly exposed on an AWS (Amazon Web Services) server. The data included customer names, addresses, earnings range, educational background, and birthdates, as well as the names, ages, and sexes of their children. This is far from the first such incident in the recent past; it is essential that organizations storing proprietary, personal, or sensitive data on AWS or other cloud-based platform ensure that they are storing the data in a secure fashion. Many seem to be assuming that such storage is secure by default, but this is far from true. Security Week: " WWE Exposes Details of 3 Million Customers on AWS " Windows 10 Creators Update to Include New EMET-Like Security Capability The Enhanced Mitigation Experience Toolkit (EMET) is a security add-on from Microsoft that provides powerful exp

Microsoft Patches Another Critical Vulnerability in Windows Defender For the second time this year, Microsoft has pushed out an update to Windows Defender to patch a highly-exploitable vulnerability. Like the previous instance, this one was found by Google's Project Zero team, and again Microsoft pushed out the patch via the vulnerability via Windows Defender's built-in patching capability (which is independent of standard Windows updates). The good news is that the vulnerability is not believed to have been exploited by any real-world attackers, and Microsoft was able to release a patch within a few weeks of learning of the issue. The bad news is that Windows Defender is built into Windows, and if there are more similar vulnerabilities lurking in it there is little we can do to avoid them other than ensuring the automatic updates are enabled. http://www.csoonline.com/article/3203932/security/microsoft-plugs-another-critical-hole-in-windows-defender.html https://arstech