Security Mailer Volume 19 Number 52

• Linux updates & patches;
• General Security review of last weeks vulnerabilities

HAPPY NEW YEAR!!

Microsoft Releases Security Advisory for Windows Hello for Business

Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack (ROCA), to take control of an affected system.

Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains

– THANKS TO BRIAN KREBS

“n Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States.”

I haven’t heard of anyone else reporting this, but just in case, here’s what happened:

I installed the   November Cumulative Update (KB4524570)  followed by Feature update to Windows 10, version 1909 shortly after 1909 was available (yeah, I’m a “bleeding edge” kind of guy!). Both were installed with no apparent issues.

It was only after I first tried to load TT 2019 that problems popped up. I would get the startup logo, but it would then disappear. The process would show up in Task Manager, but disappear in a second or two. After trying various suggestions via Intuit, I was ready to uninstall one or both of the updates.

One suggestion was to uninstall TT and reinstall it. When you start the uninstall, TT offers to “repair” the installation. Seemed like worth a try.

That was my fix. After the “repair”, TT loaded just fine. I’m posting this in case someone else runs into this “conflict”.

November 5, 2019

Office 2016
Update for Microsoft Access 2016 (KB4475539)
Update for Microsoft Office 2016 (KB4484138)
Update for Microsoft Office 2016 (KB4484137)
Update for Microsoft Office 2016 (KB4475588)
Update for Microsoft Office 2016 (KB4475552)
Update for Microsoft Office 2016 (KB4484145)
Update for Microsoft Outlook 2016 (KB4484139)
Update for Microsoft PowerPoint 2016 (KB4484134)
Update for Microsoft Word 2016 (KB4484135)

https://support.microsoft.com/en-us/help/4484139/november-5-2019-update-for-outlook-2016-kb4484139

This update adds a PreferProvidedEmailInAutoDiscoverAuthPrompts registry key that enables Exchange administrators to specify whether users will be authenticated by using the configured account email or the user principal name (UPN) during AutoDiscover scenarios.

Registry key

Location: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover

Value Type: DWORD

Value name: PreferProvidedEmailInAutoDiscoverAuthPrompts

Value data:

• 0: It’s the default value. Outlook will use the UPN when it’s available.
• 1: If the value is set to 1, Outlook will ignore the UPN and just use the provided account email

Avast Network Breached As Hackers Target CCleaner Again

“Avast said that it believes that the intrusion, first detected on Sept. 25, was likely targeting its CCleaner business in a supply chain attack. CCleaner, which is software that fights infections in PCs, was previously infiltrated by attackers in 2017 and led to the compromise of 2.27 million people’s systems.”

Avast, NordVPN Breaches Tied to Phantom User Accounts

“Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.”

Oracle Critical Patch Updates, Security Alerts and Bulletins

This page contains the following sections:

• Critical Patch Updates
• Security Alerts
• Solaris Third Party Bulletins
• Oracle Linux Bulletins
• Oracle VM Server for x86 Bulletins
• Map of CVE to Advisory
• Policy on information provided in Critical Patch Update Advisories and Security Alerts
• Applicability of Critical Patch Updates and Security Alerts to Oracle Cloud
• References

Security Mailer Volume 19 Number 40

• Browsers
  • Firefox update
  • Vendors begin depricating TLS 1.0 and TLS 1.1
• Cisco Security Advisories
• Open Source
  • Linux Kernel getting new Lockdown feature
  • Linux updates;
• Microsoft Updates released
  • Updates revised
  • SDX Helper issues
• General Security reviews last week,
• Updates for TCPDUMP and LIBPCAP

CU 17 for SQL Server 2017 RTM

CU 10 for SQL Server 2016 SP2

CU 9 for SQL Server 2016 SP2

.NET Framework October 2019 Security and Quality Rollup
(No security fixes)

Security Mailer Volume 19 Number 37

• Adobe security update
  • Flash Player
  • Application Manager
• Cisco Security Advisory
• Linux updates
• Microsoft Tuesday updates and patches
  • Two 0-days
  • Security bulletins revised
  • Security advisories
• General Security review of last week
• Wireshark updates
• Word Press security updates