MS Updates, DDoS, and the Need for Threat-Centric Security

CastleBrn

If you have read anything in the media about security on the Internet you know that attacks on the web and on web sites are increasing.   In this month’s discussion, we’ll talk about the new Microsoft Updates rolling out today,  the current news on DDoS attack increases across the web, and finally the need for threat-centric security for your website.

Microsoft Updates For Multiple Vulnerabilities

There are a number of MS products that have been discovered to have vulnerabilities among them are:

  • Microsoft Windows,
  • Internet Explorer
  • Microsoft .NET Framework
  • Microsoft Lync
  • Microsoft Office
  • Microsoft Windows Essential

All of these products have had flaws privately discovered (as Microsoft stated in their recent bulletin) that allow:

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Breaking this down, it means the Windows flaw could allow a Denial of Service (DoS) attack,  the Microsoft .NET Framework (off which several programs run) could allow spoofing through a “specially crafted XML file” that can let an attacker gain the rights of an authenticated user to access functions on your computer.  Lync, Publisher and Word all have flaws that could allow remote code execution.  Both Microsoft Visio and Windows Essential have flaws that expose potential information exposure to an attacker.  Internet Explorer has flaws that could allow a user to gain the user rights of the current user and this is especially a vulnerability for those who operate their systems solely through the administrative user.

Advice:

If you haven’t already, enable Windows Automatic Updates.  Here’s how

DDoS and DoS (Denial of Service) Attacks

We won’t dwell too much on this one except to say that it is one of the least sophisticated ways of attacking a network or a website …but its one of the most effective at bringing both down.  They have increased in frequency and severity over the last few months and industry predictions are that this trend is expected to continue.  So what can you do to protect yourself?

Advice:

Make sure your web  designer/developer or server admin has set you up with a security layer to slow down attacks and isolate and block attackers.   Give me a call at Switched-On-Sites (use our free call widget)  to discuss how I can implement this to protect your site.

Threat-Centric Security For Your Web Site

What’s the advantage of having a threat-centric security package for your web site?  With the increased capabilities of hackers to attack multiple  end points on the web, your site is always at risk.  What does it mean to have a threat-centric web designer/developer?  It means your web designer/developer has developed a proactive plan for continuously monitoring and detecting threats against your web site.  It means they know how to respond to these threats and block them.  It means that your web site getting breached isn’t the issue so much as how they respond when the breach happens.   Give me a call at Switched-On-Sites to discuss how a Threat-Centric Security Package can protect your site.

Speak Your Mind

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.