New Security Advisories / Updates from Microsoft - Heads up for Next Patch Tuesday!
Microsoft has released a number of security advisories and updates to advisories, hopefully they'll all have matching updates next Patch Tuesday
Microsoft Security Advisory 2974294 (just posted today)
Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service
https://technet.microsoft.com/library/security/2974294
MS14-036 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution (2967487) (June 10 advsiory, updated today)
https://technet.microsoft.com/library/security/ms14-036
MS14-035 Cumulative Security Update for Internet Explorer (2969262) (June 10 advsiory, updated today)
https://technet.microsoft.com/library/security/ms14-035
You can track June's list as it is built here:
https://technet.microsoft.com/library/security/ms14-JUN
===============
Rob VandenBrink
Metafore
Canada's Anti-Spam Legislation (CASL) 2014
Canada recently passed anti-spam legislation. Starting July 1 2014, organizations now need consent to send unsolicited emails or other electronic communications, which includes text messages, faxes and anything else you might think of. This doesn't cover just mass marketing, a single email to a single person is covered in this new legislation.
Starting Jan 15,2015, the installation of apps, plug-ins and other programs need similar consent.
With fines up to $1 million for individuals and $10 million for organizations, there's a bit of a scramble to get consent from us Canadians . Everyone from car companies wanting to send service bulletins to insurance companies who this this applies to emails on our insurance claims are sending "click here to consent" emails. And of course, a similar scramble for folks that we've bought something from once, who want to send us sales flyers forever.
See the problem yet? There was a clue in the note above
In this onslaught of "Click here" notes, it's oh-so-easy to slip in a few malicious emails, and of course if you do click in those notes, there's some special malware just for you!
To make things more interesting, many of the legit emails of this type are loaded with graphics with the links point to third party sites, so they also look like malicious content all on their own.
So in an effort to protect us Canadians from our collective compulsion to open every email and click every link (this isn't confined to just Canadians mind you), this legislation is actually resulting in a new "easy button" attack vector, so we have a spike of the very activity this is trying to prevent!
I wonder if the folks in Ottawa who wrote this legislation realize that this also applies to their campaign material at election time? Or if they understand that a telephone call is also "electronic communication"? <Just the first two gotcha's that came to mind>
If you've seen malware in email of this type, or if you have a slow day and want to read the legislation and look for similar "oops" situations, please share using our comment form !
http://www.crtc.gc.ca/eng/casl-lcap.htm
http://fightspam.gc.ca
===============
Rob VandenBrink
Metafore
Comments