The following software updates were released last week. Citadel Information Group strongly recommends that readers upgrade these programs on their computers.

Moodle: Some vulnerabilities have been reported in Moodle, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks. Update to version 1.9.12 or 2.0.3.

WordPress: A highly critical vulnerability has been discovered in the is_human() plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is confirmed in version 1.4.2 and other versions may also be affected. No patch is available at this time.

Special Cyber Security Warnings

Mississippi Flooding Disaster Email Scams, Fake Antivirus, and Phishing Attack Warning
Users should be aware of potential email scams, fake antivirus, and phishing attacks regarding the Mississippi flooding disaster. Email scams may contain links or attachments that may direct users to phishing or malicious websites. Fake antivirus attacks may come in the form of pop-ups that flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus charitable organizations commonly appear after these types of natural disasters. http://www.us-cert.gov/current/#mississippi_flooding_disaster_email_scams

Newly Announced Unpatched Vulnerabilities (Zero-Days)

None

Important Unpatched Zero-Day Vulnerabilities.

Adobe Flash: Adobe has updated its Flash player to version 10.3.181.14 to correct 11 vulnerabilities, many of which are highly critical. Updates may be found here. If you run multiple browsers, including IE, then you may have to install the update in each browser separately.

Google Chrome: Google has updated Google Chrome to version 11.0.696.68 to correct multiple, highly critical vulnerabilities. The update may be found here.

Microsoft Office: Microsoft has updated Office to correct two highly critical vulnerabilities in PowerPoint. The update can be installed from the Security Section of the Windows Control Panel.

Microsoft Office for Mac: A highly critical vulnerability had been discovered in Microsoft Office for the Mac which could be exploited by cyber criminals to take control of a user’s computer.

Microsoft Windows: Microsoft has updated Windows to correct a moderately critical vulnerability. The update can be installed from the Security Section of the Windows Control Panel.

Skype for Mac: Skype has updated its Mac program to version 5.1.0.922 to correct a moderately critical vulnerability. The update is available here.

SlimPDF Reader: A moderately critical vulnerability had been discovered in this PDF reader. Readers are advised to refrain from opening PDF files in this reader from untrusted sources.

If you are responsible for keeping your computer secure, our weekly report is for you. We strongly urge you to take action to keep your workstation secure.

If someone else is responsible for keeping your computer secure, protect it by forwarding our Weekend Vulnerability and Patch Report to them and following up to make sure your computer has been patched.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they will issue an update patch to fix the code running in their customer’s computers.

Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.