2016

The 2016 presidential election put the spotlight on cybersecurity in a way that no one could have imagined ahead of time. When we looked at cybersecurity as an election issue earlier this year, the focus was on how cybersecurity policy in general might emerge as a campaign issue in relation to issues such as privacy and surveillance.

Instead, cybersecurity became a leading driver of the presidential campaign — including concerns about security posture of the election itself. In the process, the election offered many cybersecurity lessons, and a year of teachable moments about protecting data and networks.

Cybersecurity Lessons From the Campaign Trail

Most recent public and business awareness about data security has revolved around personally identifiable information (PII), especially financial information such as credit card data. Consumers fear identity theft and companies fear theft of customers’ account data.

Thanks to the presidential election, we have all learned — again — that email is insecure. It can easily be compromised and released online with potentially dramatic consequences. It is unlikely that analysts will ever be able to conclude whether controversies over email had a major impact on the election, but the very word became an effective campaign slogan.

More Than Meets the Eye

At the basis of this surprising turn are issues related to how email is secured and the consequences of email being compromised, whether it contains classified materials or merely unguarded and potentially embarrassing remarks. These considerations figured into the high-profile Sony breach of 2014, but the election brought them back into the public spotlight. The lesson here is applicable beyond just email: All kinds of unstructured data, such as social media content, is potentially sensitive and potentially vulnerable to compromise.

Similarly, the cybersecurity lessons of the 2016 election extend to the election process itself. Worries about compromised voting machines are not entirely new, but they were front and center this year. The Department of Homeland Security (DHS) also warned that state election systems were being probed and encouraged officials to share information regarding election cybersecurity.

Cybersecurity in the National Spotlight

The 2016 election ultimately went smoothly, with unexpected results but no hint of cybercrime. U.S. elections are, in fact, difficult to breach. This is partly because they are decentralized, carried out by thousands of local authorities, and partly because voting machines are simple devices and not connected to the internet, even where votes are tabulated electronically.

Nevertheless, election security has now emerged as a key component of national security policy. Although there was little formal discussion about cybersecurity as a policy issue, the 2016 election offered countless cybersecurity lessons and informed the public about the need to protect all kinds of information, not just financial or health data.


Security Intelligence

Dyn Confirms DDoS Attack Affecting Twitter, Github, Many Others

October 21, 2016 , 10:01 am

IoT Botnets Are The New Normal of DDoS Attacks

October 5, 2016 , 8:51 am

Leftover Factory Debugger Doubles as Android Backdoor

October 14, 2016 , 9:00 am

Threatpost News Wrap, November 18, 2016

November 18, 2016 , 9:15 am

iPhone Call History Synced to iCloud Without User Consent, Knowledge

November 17, 2016 , 1:51 pm

Microsoft Patches Zero Day Disclosed by Google

November 8, 2016 , 2:57 pm

Microsoft Says Russian APT Group Behind Zero-Day Attacks

November 1, 2016 , 5:50 pm

Google to Make Certificate Transparency Mandatory By 2017

October 29, 2016 , 6:00 am

Microsoft Extends Malicious Macro Protection to Office 2013

October 27, 2016 , 4:27 pm

Dyn DDoS Work of Script Kiddies, Not Politically Motivated Hackers

October 25, 2016 , 3:00 pm

Mirai-Fueled IoT Botnet Behind DDoS Attacks on DNS Providers

October 22, 2016 , 6:00 am

FruityArmor APT Group Used Recently Patched Windows Zero Day

October 20, 2016 , 7:00 am

Experts ‘Outraged’ by Warrant Demanding Fingerprints to Unlock Smartphones

October 18, 2016 , 4:58 pm

Researchers Break MarsJoke Ransomware Encryption

October 3, 2016 , 5:00 am

OpenSSL Fixes Critical Bug Introduced by Latest Update

September 26, 2016 , 10:45 am

500 Million Yahoo Accounts Stolen By State-Sponsored Hackers

September 22, 2016 , 3:47 pm

Yahoo Reportedly to Confirm Breach of Hundreds of Millions of Credentials

September 22, 2016 , 12:31 pm

Experts Want Transparency From Government’s Vulnerabilities Equities Process

September 20, 2016 , 2:41 pm

Bruce Schneier on Probing Attacks Testing Core Internet Infrastructure

September 15, 2016 , 11:15 am

Generic OS X Malware Detection Method Explained

September 13, 2016 , 9:14 am

Patched Android Libutils Vulnerability Harkens Back to Stagefright

September 9, 2016 , 2:06 pm

Chrome to Label Some HTTP Sites ‘Not Secure’ in 2017

September 8, 2016 , 3:43 pm

Threatpost News Wrap, September 2, 2016

September 2, 2016 , 9:00 am

Insecure Redis Instances at Core of Attacks Against Linux Servers

September 1, 2016 , 1:08 pm

Dropbox Forces Password Reset for Older Users

August 29, 2016 , 9:58 am

Cisco Begins Patching Equation Group ASA Zero Day

August 24, 2016 , 5:53 pm

New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption

August 24, 2016 , 8:00 am

Cisco Acknowledges ASA Zero Day Exposed by ShadowBrokers

August 17, 2016 , 4:06 pm

Pokémon GO Spam, Ransomware, On the Rise

August 17, 2016 , 12:58 pm

ProjectSauron APT On Par With Equation, Flame, Duqu

August 8, 2016 , 1:40 pm

Miller, Valasek Deliver Final Car Hacking Talk

August 4, 2016 , 3:26 pm

Researchers Go Inside a Business Email Compromise Scam

August 4, 2016 , 10:00 am

Export-Grade Crypto Patching Improves

August 3, 2016 , 10:00 am

Kaspersky Lab Launches Bug Bounty Program

August 2, 2016 , 9:00 am

Threatpost News Wrap, July 29, 2016

July 29, 2016 , 10:45 am

KeySniffer Vulnerability Opens Wireless Keyboards to Snooping

July 26, 2016 , 9:30 am

Upcoming Tor Design Battles Hidden Services Snooping

July 25, 2016 , 3:51 pm

EFF Files Lawsuit Challenging DMCA’s Restrictions on Security Researchers

July 21, 2016 , 1:18 pm

Oracle Patches Record 276 Vulnerabilities with July Critical Patch Update

July 20, 2016 , 9:21 am

Threatpost News Wrap, July 15, 2016

July 15, 2016 , 11:00 am

Academics Build Early-Warning Ransomware Detection System

July 14, 2016 , 1:05 pm

xDedic Hacked Server Market Resurfaces on Tor Domain

July 12, 2016 , 11:40 am

Conficker Used in New Wave of Hospital IoT Device Attacks

June 30, 2016 , 11:48 am

655,000 Healthcare Records Being Sold on Dark Web

June 28, 2016 , 10:00 am

Windows Zero Day Selling for $ 90,000

May 31, 2016 , 5:44 pm

Millions of Stolen MySpace, Tumblr Credentials Being Sold Online

May 31, 2016 , 1:37 pm

OTR Protocol Patched Against Remote Code Execution Flaw

March 10, 2016 , 10:23 am

Facebook Debuts Open Source Detection Tool for Windows

September 27, 2016 , 12:24 pm

Serious Dirty Cow Linux Vulnerability Under Attack

October 21, 2016 , 11:21 am

Popular Android App Leaks Microsoft Exchange User Credentials

October 14, 2016 , 8:00 am

Cisco Warns of Critical Flaws in Nexus Switches

October 7, 2016 , 10:55 am

Free Tool Protects Mac Users from Webcam Surveillance

October 7, 2016 , 7:00 am


Threatpost | The first stop for security news

j003-content-microsoft-patch-tuesday-2016_sqAlong with 14 patches, Microsoft introduced a new Security Update Guide web site, as the new location for information on security vulnerabilities.

This month’s Patch Tuesday was also election day in the U.S. and I imagine for once, IT pros are actually happy to see a big load of security updates released – it’s something to take our mind off the culmination of this contentious campaign season.

Along with the fourteen patches released today, the Microsoft Security Response Center (MSRC) team  published a blog post that introduces the new Security Update Guide web site, which the company sees as the “new single destination for security vulnerability information.”

It’s in preview now, and the Microsoft Security Bulletin site is still operational, so if you’re one of many who don’t like change, you can still access the information in the traditional way – at least for a few months. After January 2017, the information about the security fixes will no longer be published to the Bulletins site; you’ll have to transition to the Update Guide.

The good news is that the new portal does give you far more flexibility. You can filter by release date, KB number, CVE identifier, or product. This is great for those who don’t want to waste time scrolling through information about software and services that they don’t have deployed or don’t use.

This month’s updates include six that are rated critical and eight classified as important. There are updates for both Microsoft web browsers, Adobe Flash, and various components of Windows, as well as one for SQL Server and one for Microsoft Office.

Let’s take a look at each of these updates in a little more detail.

MS16-129 (KB 3199057) This is the usual cumulative update for the Edge browser and applies to Edge on all iterations of Windows 10. It is rated critical for all.

The update addresses seventeen vulnerabilities, including multiple memory corruption issues, information disclosure, and a spoofing vulnerability. Twelve of these could be exploited to accomplish remote code execution.

The update fixes the problems by changing how Microsoft browsers handles objects in memory, changing how the XSS filter in Microsoft browsers handle RegEx, modifying how the Chakra JavaScript scripting engine handles objects in memory, and correcting how the Microsoft Edge parses HTTP responses.

MS16-130 (KB 3199172) This is an update for all currently supported versions of the Windows client and server operating systems, including the server core installation. It is rated critical for all.

This update addresses three vulnerabilities: two elevation of privilege issues and one remote code execution vulnerability. The update fixes the problems by correcting how the Windows Input Method Editor (IME) loads DLLs and requiring hardened UNC paths be used in scheduled tasks.

MS16-131 (KB 3199151) This is an update for the Microsoft Video Control component in Windows Vista, 7, 8.1, RT 8.1 and 10. It is rated critical for all. It also affects Windows Server 2016 Preview 5.

The update addresses a single vulnerability based on the way the Video Control component handles objects in memory, which can be exploited to accomplish remote code execution. The update fixes the problems by correcting how Microsoft Video Control handles objects in memory.

MS16-132 (KB 3199120) This is an update for the Graphic component in all currently supported versions of Windows client and server operating systems, including the server core installation. It is rated critical for all.

The update addresses four vulnerabilities: an open type font information disclosure issue (for which a workaround is provided in the security bulletin), two memory corruption vulnerabilities – one in Windows Animation Manager and one in Media Foundation – and an open type font remote code execution vulnerability, which also has a workaround. You can find instructions for the workarounds at https://technet.microsoft.com/en-us/library/security/ms16-132.aspx

The update fixes the problems by correcting how the ATMFD component, the Windows Animation Manager, and the Windows Media Foundation handle objects in memory.

MS16-141 (KB3202790) This is an update for Adobe Flash Player running on Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. It does not include the server core installation, which doesn’t have a web browser installed by default. It is rated critical for all affected systems.

The update addresses nine vulnerabilities in the Flash Player software, which include type confusion vulnerabilities and use-after-free vulnerabilities, both of which can be exploited to accomplish code execution. The update fixes the problems by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.

MS16-142 (KB3198467) This is the usual cumulative update for the Internet Explorer web browser. It is rated Critical for IE 9 and IE 11 on affected Windows clients, and rated Moderate for IE 9, IE 10 and IE 11 on affected Windows server operating systems.

The update addresses seven vulnerabilities, which include four memory corruption issues and three information disclosure vulnerabilities. The most severe of these could be exploited to accomplish remote code execution. The update fixes the problems by correcting how Internet Explorer modifies objects in memory and the way it uses the XSS filter to handle RegEx.

MS16-133 (KB 3199168) This is an update for Microsoft Office that applies to Office 2007, 2010, 2013, 2013 RT, and 2016, as well as Office for Mac 2011 and 2016, the Office Compatibility Pack, and the Excel and PowerPoint Viewers. Also affected are Excel Services and Word Automation Services on SharePoint 2010, Word Automation Services on SharePoint 2013, and Office Web Apps 2010 and 2013. It is rated important for all.

The update addresses twelve vulnerabilities, ten of which are memory corruption issues. The other two are information disclosure and denial of service vulnerabilities. The update fixes the problems by correcting how Microsoft Office initializes variables and how affected versions of Office and Office components handle objects in memory.

MS16-134 (KB3193706) This is an update for the Common Log File System Driver in all currently supported releases of Windows client and server operating system, including the Server Core installation. It is rated important for all.

This update addresses ten vulnerabilities, all of which are elevation of privilege issues. The update fixes the problem by correcting how CLFS handles objects in memory.

MS16-135 (KB3199135) This is an update for the Windows Kernel-mode Drivers in all currently supported releases of Windows client and server operating system, including the Server Core installation. It is rated important for all.

This update addresses five vulnerabilities, which includes two information disclosure issues and three elevation of privilege vulnerabilities. The update fixes the problem by correcting how the Windows kernel-mode driver handles objects in memory.

MS16-136 (KB3199641) This is an update for all currently supported editions of Microsoft SQL Server 2012, 2014 and 2016. It is rated important for all.

The update addresses six vulnerabilities, which includes three SQL RDBMS Engine Elevation of Privilege vulnerabilities, one MDS API XSS vulnerability, and one SQL Analysis Services information disclosure vulnerability, along with one SQL Server agent elevation of privilege vulnerability. The most severe of these vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The update fixes these most severe vulnerabilities by correcting how SQL Server handles pointer casting.

MS16-137 (KB3199173) This is an update for Windows Authentication Methods in all currently supported releases of Windows client and server operating system, including the server core installation. It is rated important for all.

The update addresses three vulnerabilities, which include a Virtual Secure Mode Information Disclosure vulnerability, a Local Security Authority Subsystem Service Denial of Service vulnerability and a Windows NTLM Elevation of Privilege vulnerability.

The update fixes the problems by updating Windows NTLM to harden the password change cache, changing the way that LSASS handles specially crafted requests and correcting how Windows Virtual Secure Mode handles objects in memory.

MS16-138 (KB3199647) This is an update for the Microsoft Virtual Hard Disk Driver in Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016, including the server core installation. It is rated important for all.

The update addresses four vulnerabilities, all of which are elevation of privilege issues that an attacker could exploit to manipulate files in locations not intended to be available to the user. The update fixes the problem by correcting how the kernel API restricts access to these files.

MS16-139 (KB3199720) This is an update for the Windows kernel in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, including the server core installation. It is rated important for all.

The update addresses a single vulnerability in the way the kernel API enforces permissions, which an attacker could exploit to gain access to information that is not intended for the user, but the attacker would have to be able to locally authenticate. The update fixes the problem by helping to ensure the kernel API correctly enforces access controls.

MS16-140 (KB3193479) This is an update for the Boot Manager in Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016, including the server core installation. It is rated important for all.

The update addresses a single vulnerability when Windows Secure Boot improperly loads a boot policy that is affected by the vulnerability. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded onto a target device. The update fixes the problem by revoking affected boot policies in the firmware.

You can find the full summary of all these updates, with links to each security bulletin, at https://technet.microsoft.com/en-us/library/security/ms16-nov.aspx

If you don’t want to miss out on future information about important Microsoft vulnerabilities and patches, subscribe to our blog and receive regular news updates in your inbox.

You may also like:

  • IT automation comes to the rescue for sysadmins
  • Microsoft Patch Tuesday – October 2016
  • Microsoft Patch Tuesday has changed and now all patches are…


GFI Blog

ICS Cyber Security Conference

Admiral Michael Rogers, Director of the U.S. National Security Agency (NSA) and Commander, U.S. Cyber Command to Keynote SecurityWeek's 2016 ICS Cyber Security Conference on Oct. 25

Security professionals from various industries will gather next week at the 2016 edition of SecurityWeek’s ICS Cyber Security Conference, the longest-running event of its kind. The conference takes place on October 24-27 at the Georgia Tech Hotel & Conference Center in Atlanta, Georgia.

SecurityWeek is honored to host Admiral Michael S. Rogers, Director of the U.S. National Security Agency (NSA) and Commander, U.S. Cyber Command, as our keynote speaker.

The event kicks off on Monday with a series of open and advanced workshops focusing on operational technology (OT), critical infrastructure, SCADA systems, and management. Participants will have the opportunity to learn not only how an organization can be protected against attacks, but also how attackers think and operate when targeting control systems.

Following his keynote on Tuesday, Admiral Rogers will take part in a conversation and questions session with SecurityWeek's Mike Lennon and conference attendees.

On the same day, Yokogawa’s Jeff Melrose will detail drone attacks on industrial sites, ICS cybersecurity expert Mille Gandelsman will disclose new vulnerabilities in popular SCADA systems.

ICS Cyber Security ConferenceIn addition to an attack demo targeting a Schweitzer SEL-751A feeder protection relay, the day will feature several focused breakout sessions and a panel discussion on risk management and insurance implications.

The third day of the event includes presentations on PLC vulnerabilities, attacks against air-gapped systems, cyberattack readiness exercises, and management issues.

Also on Wednesday, ExxonMobil Chief Engineer Don Bartusiak will detail the company’s initiative to build a next-generation process control architecture. Breakout sessions will focus on risk management, incident response, safety and cybersecurity programs, emerging technologies, and the benefits of outside cybersecurity services in the automation industry.

On the last day of the ICS Cyber Security Conference, attendees will have the opportunity to learn about the implications of the Ukrainian energy hack on the U.S. grid, practical attacks on the oil and gas industries, and how technologies designed for video game development and engineering can be used to simulate cyberattacks and evaluate their impact.

Speakers will also detail the status of ICS in developing countries, the need for physical security, the implications associated with the use of cloud technologies in industrial environments, and the implementation of a publicly accessible database covering critical infrastructure incidents. 

Produced by SecurityWeek, the ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze their causes and cooperate on solutions. Since its first edition in 2002, the conference has attracted a continually rising interest as both the stakes of critical infrastructure protection and the distinctiveness of securing ICSs become increasingly apparent.

Register Now

*Additional reporting by Ed Kovacs

view counter

For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the enterprise IT security space and the threat landscape. In his role at SecurityWeek he oversees the editorial direction of the publication and manages several leading security conferences.

Previous Columns by Mike Lennon:

Tags:


SecurityWeek RSS Feed

J003-Content-Microsoft-Patch-Tuesday-Oct2016_SQThis Tuesday’s update addresses 49 vulnerabilities within 10 security bulletins, of which five are rated as critical, and four of them are zero-day flaws.

After the start of the announced changes on the way patches are delivered on Patch Tuesday, which we covered in our yesterday’s blog post, Microsoft has released the security bulletins for October 2016. Among affected products are Edge, Internet Explorer, Office, Windows, Skype for Business, and of course Adobe Flash Player, and most of the critical updates are for Remote Code Execution issues.

MS16-118 (KB 3192887) This is a cumulative security update for Internet Explorer fixing issues which could allow remote code execution if a user views a specially crafted webpage using IE9, 10 or 11, gaining the attacker the same user rights as the current user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The update addresses the vulnerabilities by correcting how Internet Explorer handles objects in memory and namespace boundaries.

MS16-119 (KB 3192890) This is a similar cumulative security update like the previous one, this time for Edge browser, resolving remote code execution issues on Windows 10-based computers using Edge as a primary browser.

The patch modifies how Microsoft Edge and certain functions, like the Chakra JavaScript scripting engine, handle objects in memory, and restricts what information is returned to Microsoft Edge. It also changes the way Microsoft Browsers store credentials in memory and handle namespace boundaries, and corrects how Microsoft Edge Content Security Policy validates documents.

MS16-120 (KB 3192884) Yet another critical fix for remote code execution, but this time for the Microsoft Graphics Component, and it resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync.

This update is rated critical for all supported Windows versions, Office 2007 and 2010, Lync/Skype for Business 2010, 2013 and 2016, .NET Framework and Silverlight, and it addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts.

Since it affects Windows operating systems since Vista SP2 and Server 2008 SP2 until Windows 10, including Windows RT 8.1, and covers seven vulnerabilities verified by CVE, this patch should not be taken lightly. Also, this is the only zero-day vulnerability on this batch which there were already registered exploits.

MS16-122 (KB 3195360) This vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. Of course, if the user is logged on with administrative user rights, an attacker could take control of the affected system.

This security update is rated Critical for Windows Vista, 7, 8.1, RT 8.1, and Windows 10, and it fixes the vulnerability by correcting how Microsoft Video Control handles objects in memory.

MS16-127 (KB 3194343) And, as usual, this Patch Tuesday brought another update for Adobe Flash Player. It updates the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge, on all supported editions of Windows 8.1, RT 8.1, 10, and on Windows Server 2012 and 2012 R2.

The patch covers a set of 13 CVE vulnerabilities, described in Adobe Security Bulletin APSB16-32, and there are several known workarounds and mitigation actions for these issues. Apart from blocking Adobe Flash Player completely, of course.

MS16-121 (KB 3194063) This update resolves an Office RTF remote code execution vulnerability which exists in Microsoft Office, when the Office software fails to properly handle RTF files. It affects Office 2007, 2010, 2013 (including the RT version), 2016, Office for Mac 2011 and 2016, and some other Office apps and services, such as SharePoint Server 2010 and 2013.

An attacker who would successfully exploit this memory corruption vulnerability could run arbitrary code as the current user, and the update fixes the issue by changing the way Microsoft Office apps handle RTF content.

MS16-123 (KB 3192892) This security update resolves several vulnerabilities in various editions of Microsoft Windows, from Vista to 10 and Servers 2008 and 2012, where the more severe ones could allow elevation of privilege of an attacker.

Microsoft has not identified any mitigating factors or workarounds for these five CVE vulnerabilities, and this security update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory.

MS16-124 (KB 3193227) Like the previous one, this update fixes a vulnerability that allows attackers to perform unauthorized privilege elevation and gain access to registry information, and corrects it by changing the way how the kernel API restricts access to this information.

It applies to variants of Microsoft operating systems from Windows Vista SP2 to Windows 10, and addresses four known CVE vulnerabilities, all marked as important.

MS16-125 (KB 3193229) This security update is rated Important for all supported editions of Windows 10, and resolves a vulnerability which could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

The security update addresses this vulnerability by correcting how the Windows Diagnostics Hub Standard Collector Service sanitizes input, to help preclude unintended elevated system privileges.

MS16-126 (KB 3196067) The last update in today’s batch is marked as Moderate, and addresses an information disclosure vulnerability, when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploits this vulnerability could test for the presence of files on disk, but for an attack to be successful an attacker must persuade a user to open a malicious website.

The security update affects Windows Vista, 7, Server 2008 and 2008 R2, and is rated moderate on client and low on server operating systems. Also, note that you must install two updates to be protected from this vulnerability: this one, and the update in MS16-118.

You will find more details about all the updates listed above in the Security Bulletin Summary for October 2016.

You may also like:

  • Microsoft Patch Tuesday has changed and now all patches are…
  • Third Party Patch Roundup – September 2016
  • Microsoft Patch Tuesday – September 2016


GFI Blog

Pokémon GO Spam, Ransomware, On the Rise

August 17, 2016 , 12:58 pm

Cisco Begins Patching Equation Group ASA Zero Day

August 24, 2016 , 5:53 pm

Yahoo Challenged on Claims Breach Was State-Sponsored Attack

September 29, 2016 , 2:15 pm

OpenSSL Fixes Critical Bug Introduced by Latest Update

September 26, 2016 , 10:45 am

500 Million Yahoo Accounts Stolen By State-Sponsored Hackers

September 22, 2016 , 3:47 pm

Yahoo Reportedly to Confirm Breach of Hundreds of Millions of Credentials

September 22, 2016 , 12:31 pm

Experts Want Transparency From Government’s Vulnerabilities Equities Process

September 20, 2016 , 2:41 pm

Bruce Schneier on Probing Attacks Testing Core Internet Infrastructure

September 15, 2016 , 11:15 am

Generic OS X Malware Detection Method Explained

September 13, 2016 , 9:14 am

Patched Android Libutils Vulnerability Harkens Back to Stagefright

September 9, 2016 , 2:06 pm

Chrome to Label Some HTTP Sites ‘Not Secure’ in 2017

September 8, 2016 , 3:43 pm

Threatpost News Wrap, September 2, 2016

September 2, 2016 , 9:00 am

Insecure Redis Instances at Core of Attacks Against Linux Servers

September 1, 2016 , 1:08 pm

Dropbox Forces Password Reset for Older Users

August 29, 2016 , 9:58 am

New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption

August 24, 2016 , 8:00 am

Cisco Acknowledges ASA Zero Day Exposed by ShadowBrokers

August 17, 2016 , 4:06 pm

ProjectSauron APT On Par With Equation, Flame, Duqu

August 8, 2016 , 1:40 pm

Miller, Valasek Deliver Final Car Hacking Talk

August 4, 2016 , 3:26 pm

Researchers Go Inside a Business Email Compromise Scam

August 4, 2016 , 10:00 am

Export-Grade Crypto Patching Improves

August 3, 2016 , 10:00 am

Kaspersky Lab Launches Bug Bounty Program

August 2, 2016 , 9:00 am

Threatpost News Wrap, July 29, 2016

July 29, 2016 , 10:45 am

KeySniffer Vulnerability Opens Wireless Keyboards to Snooping

July 26, 2016 , 9:30 am

Upcoming Tor Design Battles Hidden Services Snooping

July 25, 2016 , 3:51 pm

EFF Files Lawsuit Challenging DMCA’s Restrictions on Security Researchers

July 21, 2016 , 1:18 pm

Oracle Patches Record 276 Vulnerabilities with July Critical Patch Update

July 20, 2016 , 9:21 am

Threatpost News Wrap, July 15, 2016

July 15, 2016 , 11:00 am

Academics Build Early-Warning Ransomware Detection System

July 14, 2016 , 1:05 pm

xDedic Hacked Server Market Resurfaces on Tor Domain

July 12, 2016 , 11:40 am

Conficker Used in New Wave of Hospital IoT Device Attacks

June 30, 2016 , 11:48 am

655,000 Healthcare Records Being Sold on Dark Web

June 28, 2016 , 10:00 am

Windows Zero Day Selling for $ 90,000

May 31, 2016 , 5:44 pm

Millions of Stolen MySpace, Tumblr Credentials Being Sold Online

May 31, 2016 , 1:37 pm

OTR Protocol Patched Against Remote Code Execution Flaw

March 10, 2016 , 10:23 am

Keystroke Recognition Uses Wi-Fi Signals To Snoop

August 25, 2016 , 2:19 pm

Critical MySQL Vulnerability Disclosed

September 12, 2016 , 11:00 am

PLC-Blaster Worm Targets Industrial Control Systems

August 5, 2016 , 4:49 pm

Android Patch Fixes Nexus 5X Critical Vulnerability

September 2, 2016 , 12:49 pm

WordPress Update Resolves XSS, Path Traversal Vulnerabilities

September 8, 2016 , 12:23 pm

Browser Address Bar Spoofing Vulnerability Disclosed

August 17, 2016 , 12:54 pm


Information Security Podcasts

J003-Content-3rdPartyRoundup_SQAutumn season brings falling leaves and a new set patches, with an unusually large security patch bunch coming from Apple, and a regular monthly number of patches from other vendors.

Autumn is in the air, the trees are displaying their finest fall colors, the weather is getting cooler, and many of us are already getting psyched up for the holidays ahead. The seasons change, but in the IT industry there’s one constant: pumpkin patches won’t be the only kind of patches we’ll be dealing with as we head into this time of the year.

While we’re in the produce section of the grocery store, try not to upset the Apple cart because you might get buried under the large number of security updates that have been released for iProducts this month. We’re used to seeing only perhaps five or six actual updates, although often one will contain fixes for fifty or more vulnerabilities. This time, Apple has put out a whopping thirteen security patches as of this writing on September 28th.

Other vendors had more typical numbers of patch releases.

Apple released only two patches in August, so I guess they’re making up for that – with a vengeance – this time. The Safari web browser was updated twice, and the iOS mobile operating system got three updates in fewer than thirty days.

On September 1, Apple released two patches:

  • Security update 2016-001 for OS X El Capitan and 2016-005 for OS X Yosemite. These update for the Mac OS X operating system address two kernel vulnerabilities, one of which could be exploited to disclose kernel memory and the other to execute arbitrary code with kernel privileges.
  • Safari 9.1.3 for OS X Mavericks and Yosemite. This update patches a memory corruption vulnerability that could be exploited to allow a malicious web site to execute arbitrary code.

On September 13, Apple released six patches:

  • iOS 10 for iPhone 5 and above, iPad 4th gen and above, iPod Touch 6th gen and above. This update addresses 49 separate vulnerabilities in the mobile operating system, in components including the kernel, WebKit, Safari Reader, S2 Camera, Messages, Printing UIKit, Mail, GeoServices, FontParser, CoreCrypto, Audio, and more. It also updates the certificate trust policy.
  • iOS 10.0.1 for iPhone 5 and above, iPad 4th gen and above, iPod Touch 6th gen and above. This update, released the same day as the above, addresses a single validation issue that could allow an application to disclose kernel memory.
  • Xcode 8 for OS X Capitan and later. This update also addresses a single validation issue that could allow an application to disclose kernel memory.
  • watchOS 3, all models. This update addresses nineteen vulnerabilities in Apple’s smart watch operating system, which include memory corruption, input validation, memory disclosure, arbitrary code execution and other issues. Many of these are the same issues addressed in the updates for iOS and OS X.
  • tvOS 10 for Apple TV 4th This update addresses twenty-nine vulnerabilities in the operating system software for the Apple TV media device, which include many of the same issues addressed in the updates for iOS and OS X.
  • iTunes 12.5.1 for Windows 7 and above. This update address eleven vulnerabilities in the WebKit component of the iTunes application for Windows, which include parsing and permissions issues, multiple memory corruption issues, a cross-protocol exploitation of non-HTTP services vulnerability, and a certificate validation issue.
  • macOS Sierra 10.12 for OS X El Capitan. This update addresses sixty-five vulnerabilities in various components of Apple’s latest desktop and server operating system, macOS Sierra. (macOS was previously OS X; Apple changed the name to correspond more closely to iOS). The vulnerabilities exist in many components, including apache, the Application Firewall, audio, Bluetooth, crypto and display components, FontParser, the Intel graphics driver, Kerberos, the kernel, S2 Camera, security components, Terminal, WindowServer and more. The vulnerabilities include type confusion, information disclosure, arbitrary code execution, bypass of protection mechanisms, memory corruption, out-of-bounds read issues, denial of service vulnerability, user account vulnerability, a spoofing issue, session management issues, input validation issues, and more.
  • Safari 10 for OS X Yosemite, OS X El Capitan and macOS Sierra. This update addresses twenty-one vulnerabilities in the Safari web browser, which include multiple memory corruption issues, certificate validation vulnerability, cross-protocol exploitation of non-HTTP services, permissions issues, a parsing issue, a state management issue and more in Safari Reader, Safari Tabs and WebKit components.
  • macOS Server 5.2 for macOS Sierra. This update addresses a pair of vulnerabilities in apache and ServerDocs Server components that include an issue in the handling of the HTTP_PROXY environment variable that could allow an attacker to proxy traffic through an arbitrary server and an RC4 cryptographic weakness.
  • iCloud for Windows v6 for Windows 7 and above. This update addresses a single memory corruption vulnerability in the WebKit component of Apple’s iCloud application for Windows that could be exploited to accomplish arbitrary code execution.
  • iOS 10.0.2 for iPhone 5 and above, iPad 4th gen and above, and iPod Touch 6th gen and above. This update for Apple’s mobile operating system includes the security content from iOS 10.0.1.

For more information about this and the previously issued patches and the vulnerabilities that they address, see the Apple Support web site at https://support.apple.com/en-us/HT201222

Adobe released only one update in August, so we might have expected a deluge this time – but instead we got a pretty typical three patches, all of them originally released on their normal Patch Tuesday schedule, which this month fell on September 13.

  • APSB16-28. This is an update for Adobe Digital Editions for Windows, Mac OS, iOS and Android. Digital Editions (ADE) is Adobe’s ebook reader software. The update addresses seven memory corruption issues and a use-after-free vulnerability, all of which could be exploited to accomplish code execution. The rating is critical.
  • APSB16-29. This is an update for Adobe Flash Player for Windows, Mac OS, Linux and ChromeOS. It addresses twenty-six vulnerabilities including integer overflow, use-after-free, security bypass, and memory corruption issues. Impacts include code execution and information disclosure and the rating is critical.
  • APSB16-31. This is an update for Adobe AIR SDK and Compiler on Windows and Mac OS, which addresses a single vulnerability and adds support for secure transmission of runtime analytics for AIR applications on Android.

For more information about these vulnerabilities and updates, see Adobe’s Security Bulletins and Advisories web site at https://helpx.adobe.com/security.html or see the individual bulletins linked in each bullet point above.

On September 13th, Google released a security update for the Chrome web browser on Windows, Mac and Linux desktop operating systems that address multiple vulnerabilities. These include two use-after-free issues in Blink, an arbitrary memory read in v8, an extension resource access issue, a popup not correctly suppressed, and a SafeBrowsing bypass issue.

For more information, see the Google Chrome Releases blog at http://googlechromereleases.blogspot.com

Oracle normally releases security updates on a quarterly cycle, in January, April, July and October, so the next regularly scheduled patch release will occur on October 18.

Mozilla released Firefox v49 on September 20th, which contains four critical security fixes, ten rated as high severity, two rated with moderate severity and two rated low, for a total of eighteen vulnerabilities addressed.

  • Buffer overflow when working with empty filters during canvas rendering – critical
  • Potentially exploitable crash caused by buffer overflow when encoding image frames – critical
  • Memory corruption issues – critical
  • More memory corruption issues – critical
  • Heap buffer overflow – high
  • Bad cast when processing layout with input elements – high
  • Potentially exploitable crash in accessibility – high
  • Use-after-free vulnerability triggered by aria-owns attribute – high
  • Use-after-free vulnerability in web animations during restyling – high
  • Use-after-free vulnerability in web animation when destroying timeline – high
  • Use-after-free when changing text direction – high
  • Use-after-free when manipulating SVG content through script – high
  • Timing attack vulnerability using iframes – high
  • Add-on update site certification pin expiration – high
  • Full path to local files available to scripts – moderate
  • Favicons can be loaded through non-whitelisted protocols – moderate
  • Content security policy containing referrer directive with no values can cause crash – low
  • Out-of-bounds read during processing of text runs – low

For more information about those vulnerabilities and fixes, and to check for new version releases, see Mozilla’s web site at https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/

Popular Linux distros, as usual, have seen a number of security advisories and updates this month. As of the date of this writing (September 28), Ubuntu has issued twenty-eight security notices this month, which is fewer than usual. Many of these address multiple vulnerabilities and in some cases there are multiple advisories for the same vulnerabilities. Other commercial Linux vendors issued a similar number of updates. Here are the Ubuntu security advisories for September:

  • USN-3093-1: ClamAV vulnerabilities – 28th September 2016. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile.
  • USN-3092-1: Samba vulnerability – 28th September 2016. Stefan Metzmacher discovered that Samba incorrectly handled certain flags in SMB2/3 client connections. A remote attacker could use this issue to disable client signing and impersonate servers by performing a man in the middle attack. Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
  • USN-3090-1: Pillow vulnerabilities – 27th September 2016. It was discovered that a flaw in processing a compressed text chunk in a PNG image could cause the image to have a large size when decompressed, potentially leading to a denial of service.
  • USN-3088-1: Bind vulnerability – 27th September 2016. It was discovered that Bind incorrectly handled building responses to certain specially crafted requests. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.
  • USN-3089-1: Django vulnerability – 27th September 2016. Sergey Bobrov discovered that Django incorrectly parsed cookies when being used with Google Analytics. A remote attacker could possibly use this issue to set arbitrary cookies leading to a CSRF protection bypass.
  • USN-3087-2: OpenSSL regression – 23rd September 2016. USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem.
  • USN-3087-1: OpenSSL vulnerabilities – 22nd September 2016. Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2016-6304) Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointer arithmetic.
  • USN-3073-1: Thunderbird vulnerabilities – 22nd September 2016. Christian Holler, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew McCreight, and Phil Ringnalda discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code.
  • USN-3076-1: Firefox vulnerabilities – 22nd September 2016. Atte Kettunen discovered an out-of-bounds read when handling certain Content Security Policy (CSP) directives in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash.
  • USN-3085-1: GDK-PixBuf vulnerabilities – 21st September 2016. It was discovered that the GDK-PixBuf library did not properly handle specially crafted bmp images, leading to a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted bmp file, a remote attacker could use this flaw to cause GDK-PixBuf to crash.
  • USN-3086-1: Irssi vulnerabilities – 21st September 2016. Gabriel Campana and Adrien Guinet discovered that the format parsing code in Irssi did not properly verify 24bit color codes. A remote attacker could use this to cause a denial of service (application crash).
  • USN-3084-4: Linux kernel (Qualcomm Snapdragon) vulnerabilities – 19th September 2016. Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing.
  • USN-3084-3: Linux kernel (Raspberry Pi 2) vulnerabilities – 19th September 2016. Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing.
  • USN-3084-2: Linux kernel (Xenial HWE) vulnerabilities – 19th September 2016. USN-3084-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel.
  • USN-3084-1: Linux kernel vulnerabilities – 19th September 2016. Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing.
  • USN-3083-2: Linux kernel (Trusty HWE) vulnerabilities – 19th September 2016. USN-3083-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Dmitry Vyukov discovered that the IPv6 implementation in the Linux kernel did not properly handle options data.
  • USN-3083-1: Linux kernel vulnerabilities – 19th September 2016. Dmitry Vyukov discovered that the IPv6 implementation in the Linux kernel did not properly handle options data, including a use-after-free. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
  • USN-3082-2: Linux kernel (OMAP4) vulnerability – 19th September 2016. Chiachih Wu, Yuan-Tsung Lo, and Xuxian Jiang discovered that the legacy ABI for ARM (OABI) had incomplete access checks for epoll_wait(2) and semtimedop(2). A local attacker could use this to possibly execute arbitrary code.
  • USN-3082-1: Linux kernel vulnerability – 19th September 2016. Chiachih Wu, Yuan-Tsung Lo, and Xuxian Jiang discovered that the legacy ABI for ARM (OABI) had incomplete access checks for epoll_wait(2) and semtimedop(2). A local attacker could use this to possibly execute arbitrary code.
  • USN-3081-1: Tomcat vulnerability – 19th September 2016. Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges. (CVE-2016-1240) This update also reverts a change in behaviour introduced in USN-3024-1 by setting mapperContextRootRedirectEnabled to True by default.
  • USN-3080-1: Python Imaging Library vulnerabilities – 15th September 2016. Eric Soroos discovered that the Python Imaging Library incorrectly handled certain malformed FLI or PhotoCD files. A remote attacker could use this issue to cause Python Imaging Library to crash, resulting in a denial of service. (CVE-2016-0775, CVE-2016-2533) Andrew Drake discovered that the Python Imaging Libray incorrectly validated input.
  • USN-3058-1: Oxide vulnerabilities – 14th September 2016. An issue was discovered in Blink involving the provisional URL for an initially empty document. An attacker could potentially exploit this to spoof the currently displayed URL. (CVE-2016-5141) A use-after-free was discovered in the WebCrypto implementation in Blink.
  • USN-3079-1: WebKitGTK+ vulnerabilities – 14th September 2016. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
  • USN-3078-1: MySQL vulnerability – 13th September 2016. Dawid Golunski discovered that MySQL incorrectly handled configuration files. A remote attacker could possibly use this issue to execute arbitrary code with root privileges. MySQL has been updated to 5.5.52 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04 LTS has been updated to MySQL 5.7.15.
  • USN-3077-1: OpenJDK 6 vulnerabilities – 12th September 2016. A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. (CVE-2016-3458) Multiple vulnerabilities were discovered in the OpenJDK JRE related to availability.
  • USN-3075-1: Imlib2 vulnerabilities – 8th September 2016. Jakub Wilk discovered an out of bounds read in the GIF loader implementation in Imlib2. An attacker could use this to cause a denial of service (application crash) or possibly obtain sensitive information. (CVE-2016-3994) Yuriy M. Kaminskiy discovered an off-by-one error when handling coordinates in Imlib2.
  • USN-3074-1: File Roller vulnerability – 8th September 2016. It was discovered that File Roller incorrectly handled symlinks. If a user were tricked into extracting a specially-crafted archive, an attacker could delete files outside of the extraction directory.

For more information about any of these patches, visit the Ubuntu web site at http://www.ubuntu.com/usn/

You may also like:

  • Top 10 features in Windows Server 2016 sysadmins need to…
  • Microsoft Patch Tuesday – September 2016
  • Third Party Patch Roundup – August 2016


GFI Blog

A daily summary of network and system security news from the SANS Internet Storm Center
Author:Johannes B. Ullrich, Ph.D.
Created: Wednesday, September 28th 2016
Length: 5:07 minutes

iTunes Download MP3 RSS Feed

To subscribe, use one of the following URLs:
RSS feed: https://isc.sans.edu/dailypodcast.xml (any podcast player should support this in some way)

Keywords: Security Network Technology Windows Linux Apple iOS Android Firewall

Show Notes

Rig Exploit Kit Used to Spread Locky Ransomware
https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+from+the+Afraidgate+Campaign/21531/

Facebook Releases osquery for Windows
https://blog.trailofbits.com/2016/09/27/windows-network-security-now-easier-with-osquery/

Update Cowrie and "New" Default Password used in Internet Wide Scans
https://isc.sans.edu/ssh.html?pw=xc3511

BIND Name Server Update
https://kb.isc.org/article/AA-01393/74/CVE-2016-2775%3A-A-query-name-which-is-too-long-can-cause-a-segmentation-fault-in-lwresd.html

Various Cisco DoS Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x?product=NonCisco#~Vulnerabilities

Discussion

Login here to join the discussion.


Information Security Podcasts

blog_windows_server_2016_GA_SQThe new Microsoft’s server operating system is finally here, and we’ve prepared a list of the most important new features, including the ones you won’t find on other blogs.

The newest release of Microsoft’s server operating system, Windows Server 2016, hit general availability on September 26th, along with System Center 2016. We’ve been hearing about new and improved things coming in Windows Server 2016 for months, so you most probably know about the container support and the improved security and networking tools. Maybe you’ve even used some of them in the technology preview versions.

But in case you’ve been holding out for GA, or your working day consisting of endless tickets simply doesn’t allow you to find time to tryout betas and technology previews, we’ve prepared a closer look at the top 10 features in Windows Server 2016 that every sysadmin needs to know about.

The next evolution of Server Core – Nano Server, is an even more thinned down version of Windows Server 2016. A Nano server must be managed remotely and can only run 64 bit applications, but it can be optimized for minimum resources, requires far less patching, restarts very quickly, and can perform a number of specific tasks very well with minimal hardware.

Good uses for Nano Server include IIS, DNS, F&P, application servers, and compute nodes. So if you liked Server Core, you will love Nano; and if you never really understood Server Core, you should give Nano a chance, especially if patching and downtime are challenges in your 24×7 shop.

Windows Server 2016 comes with PowerShell 5.0, a part of the Windows Management Framework 5.0. There are many improvements in PS5 (you’ll find a complete list in this blog post), including support for developing your own classes, or a new module called PackageManagement, which lets you discover and install software packages on the Internet.

The Workflow debugger now supports command or tab completion, and you can debug nested workflow functions. To enter it in a running script you can now press Ctrl+Break, in both local and remote sessions, and also in a workflow script. And PS5 now runs in Nano server directly, so administration of this lightweight server platform is made even simpler.

Windows Server 2016 offers two kinds of containers to improve process isolation, performance, security, and scalability. Windows Server Containers can be used to isolate applications with a dedicated process and a namespace, while Hyper-V Containers appear to be entire machines optimized for the application.

Windows Server Containers share a kernel with the host, while Hyper-V Containers have their own kernel, and both enable you to get more out of your physical hardware investments. On top of this, Microsoft announced that all Windows Server 2016 customers will get the Commercially Supported Docker Engine for no additional cost, enabling applications delivered through Docker containers to run on Windows Server on-premise installations or in the cloud, on Azure.

WS2016 brings some huge improvements to Active Directory, security, and identity management, such as Privileged Access Management (PAM), restricting privileged access within an existing Active Directory environment. In this model you have a bastion forest, sometimes called a red forest, that is where administrative accounts live and which can be heavily isolated to ensure it remains secure. Just-in-Time administration, privileged access request workflows, and improved audition are all included, and best of all – you don’t have to replace all of your DCs to take advantage of this.

“Just Enough Administration” is a new capability in Windows Server 2016 that enables administrators to delegate anything that can be managed through PowerShell. Do you have a developer who needs to be able to bounce services or restart app pools on a server, but not log on or make any other changes? With JEA you can give him or her exactly those abilities, and nothing more. Of course, you may have to write some PS1s to let them actually do that, but the point is that now you can.

Customers who want to set up highly-available RDS environments, but not go to the trouble and expense of setting up HA SQL, can now use an Azure SQL DB for their Remote Desktop Connection Broker, making it both easier and less expensive to set up a resilient virtual desktop environment.

The RD Connection Broker can now handle massively concurrent connection situations, commonly known as the “log on storm”, and it has been tested to handle more than 10k concurrent connection requests without failures.

Software-defined storage enables you to create HA data storage infrastructures that can easily scale out, without breaking the bank. With software defined storage, even SMBs can start to take advantage of high availability storage with the existing budgets.

Three new features take over the stage: Storage Spaces Direct enables you to combine commodity hardware with availability software, providing performance for virtual machines, Storage Replica replicates data at the volume level in either synchronous or asynchronous modes, while Storage QoS guards against poor performance in a multitenant environment.

If you have set up an NTP server on your network, or subscribed to NTP services from an NTP pool, you know how important accurate time can be. Typically, Windows environments were less worried about accurate time, and more concerned with a consensus of time, with a five-minute drift being acceptable.

Now in Windows Server 2016, the new time service can support up to a 1ms accuracy, which should be enough to meet almost all needs – if you need more accuracy than that, you probably own your own atomic clock.

Immensely valuable in a virtualization environment, software-defined networking enables administrators to set up networking in their Hyper-V environment similar to what they can in Azure, including virtual LANs, routing, software firewalls, and more.

You can also do virtual routing and mirroring, so you can enable security devices to view traffic without expensive taps.

There are so many security improvements in Windows Server 2016 that we could do an entire post just on that, which, as a matter of fact, we will in the coming weeks. For now, be aware that WS2016 includes improvements to protect user credentials with Credential Guard and Remote Credential Guard, and to protect the operating system with Code Integrity, with a whole host of improvements with virtual machines, new antimalware capabilities in Windows Defender, and much more.

As stated on the Windows Server team’s blog post announcing the new version, Windows Server 2016 is immediately available for evaluation, and will be available for purchase with the first October price list, while volume licensing customers will be able to download fully licensed software at General Availability in mid-October.

Watch out for new posts on this blog for more information on Windows Server 2016, as we will take a deeper dive into some of the most significant features for SMB organizations, as well as a much closer look at the security improvements in the next few weeks. You can subscribe here and get the new blog post announcements directly in your inbox.

Until then, please leave a comment below and let us know what feature you find most interesting or have been particularly looking forward to.

You may also like:

  • New Microsoft licensing models bring new software bundles to enterprises
  • The top 23 Cmd-line tools on my computer, and where…
  • Troubleshooting the top 22 Exchange issues


GFI Blog

A daily summary of network and system security news from the SANS Internet Storm Center
Author:Johannes B. Ullrich, Ph.D.
Created: Monday, September 26th 2016
Length: 5:42 minutes

iTunes Download MP3 RSS Feed

To subscribe, use one of the following URLs:
RSS feed: https://isc.sans.edu/dailypodcast.xml (any podcast player should support this in some way)

Keywords: Security Network Technology Windows Linux Apple iOS Android Firewall

Show Notes

Analyzing Malicious .PUB files
https://isc.sans.edu/forums/diary/PUB+Analysis/21517/

iOS 10 Backup Passwords Easier to Crack
http://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break/

Windows 10 Certificate Pinning of Microsoft Domains
http://hexatomium.github.io/2016/09/24/hidden-w10-pins/

IBM Geoblocking Fail For Australian Census
http://www.aph.gov.au/DocumentStore.ashx?id=124f22ba-caaa-46ff-899d-7d96851fee3e&subId=414127

97% Of Fortune 1000 Companies Have Leaked Credentials
http://info.digitalshadows.com/rs/457-XEY-671/images/CompromisedCredentials-LearnFromtheExposureoftheWorlds1000BiggestCompanies-Download.pdf

Discussion

Login here to join the discussion.


Information Security Podcasts