Adobe, Microsoft Push Critical Security Fixes



  • Adobe andMicrosoft each released critical fixes for their products today, a.k.a :undefined:“:undefined:Patch Tuesday,:undefined:”:undefined: the second Tuesday of every month. Adobe updated itsFlash Player program to resolve a half dozen critical security holes. Microsoft issued updates to correct at least 65 security vulnerabilities inWindows and associated software.

    The Microsoft updates impact many core Windows components, including the built-in browsersInternet Explorer andEdge, as well asOffice, theMicrosoft Malware Protection Engine,Microsoft Visual Studio andMicrosoft Azure.

    The Malware Protection Engine flaw is one that was publicly disclosed earlier this month, and one for which Redmond issued an out-of-band (outside of Patch Tuesday) update one week ago.

    That flaw, discovered and reported by **Google:undefined:’:undefined:**sProject Zero program, isreportedly quite easy to exploit and impacts the malware scanning capabilities for a variety of Microsoft anti-malware products, includingWindows Defender,Microsoft Endpoint Protection andMicrosoft Security Essentials.

    Microsoft really wants users to install these updates as qucikly as possible, but it might not be the worst idea to wait a few days before doing so: Quite often, problems with patches that may cause systems to end up in an endless reboot loop are reported and resolved with subsequent updates within a few days after their release. However, depending on which version of Windows you:undefined:’:undefined:re using it may be difficult to put off installing these patches.

    Microsoft says by default, Windows 10 receives updates automatically, :undefined:“:undefined:and for customers running previous versions, we recommend theyturn on automatic updates as a best practice.:undefined:”:undefined: Microsoft doesn:undefined:’:undefined:t make it easy for Windows 10 users to change this setting, butit is possible. For all other Windows OS users, if you:undefined:’:undefined:d rather be alerted to new updates when they:undefined:’:undefined:re available so you can choose when to install them, there:undefined:’:undefined:s a setting for that inWindows Update. In any case, don:undefined:’:undefined:t put off installing these updates too long.

    Adobe:undefined:’:undefined:sFlash Player update fixes at least two critical bugs in the program. Adobe said it is not aware of any active exploits in the wild against either flaw, but if you:undefined:’:undefined:re not using Flash routinely for many sites, you probably want to disable or remove this buggy program.

    Adobe isphasing out Flash entirely by 2020, but most of the major browsers already take steps to hobble Flash. And with good reason: It:undefined:’:undefined:s a major security liability.Google Chrome also bundles Flash, but blocks it from running on all but a handful of popular sites, and then only after user approval.

    For Windows users withMozilla Firefox installed, the browser prompts users to enable Flash on a per-site basis. Through the end of 2017 and into 2018, Microsoft Edge will continue to ask users for permission to run Flash on most sites the first time the site is visited, and will remember the user:undefined:’:undefined:s preference on subsequent visits.

    The lateststandalone version of Flash that addresses these bugs is29.0.0.140 for Windows,Mac,Linux andChrome OS. But most users probably would be better off manually hobbling or removing Flash altogether, since so few sites actually require it still. Disabling Flash in Chrome is simple enough. Paste :undefined:“:undefined:chrome://settings/content:undefined:”:undefined: into a Chrome browser bar and then select :undefined:“:undefined:Flash:undefined:”:undefined: from the list of items. By default it should be set to :undefined:“:undefined:Ask first:undefined:”:undefined: before running Flash, although users also can disable Flash entirely here or whitelist and blacklist specific sites.

    More information on today:undefined:’:undefined:s updates is available from security vendorsIvanti andQualys.

    As always, if you experience problems installing any of these updates, feel free to note your issues in the comments below. Chances are, another reader here has experienced something similar and can assist in troubleshooting the issue.

    https://krebsonsecurity.com/2018/04/adobe-microsoft-push-critical-security-fixes-12/





  • Make ISO from DVD

    In this case I had an OS install disk which was required to be on a virtual node with no optical drive, so I needed to transfer an image to the server to create a VM

    Find out which device the DVD is:

    lsblk

    Output:

    NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 465.8G 0 disk ├─sda1 8:1 0 1G 0 part /boot └─sda2 8:2 0 464.8G 0 part ├─centos-root 253:0 0 50G 0 lvm / ├─centos-swap 253:1 0 11.8G 0 lvm [SWAP] └─centos-home 253:2 0 403G 0 lvm /home sdb 8:16 1 14.5G 0 disk /mnt sr0 11:0 1 4.1G 0 rom /run/media/rick/CCSA_X64FRE_EN-US_DV5

    Therefore /dev/sr0 is the location , or disk to be made into an ISO

    I prefer simplicity, and sometimes deal with the fallout after the fact, however Ive repeated this countless times with success.

    dd if=/dev/sr0 of=win10.iso

    Where if=Input file and of=output file

    I chill out and do something else while the image is being copied/created, and the final output:

    8555456+0 records in 8555456+0 records out 4380393472 bytes (4.4 GB) copied, 331.937 s, 13.2 MB/s

    Fin!

    read more
  • Recreate postrgresql database template encode to ASCII

    UPDATE pg_database SET datistemplate = FALSE WHERE datname = 'template1';

    Now we can drop it:

    DROP DATABASE template1;

    Create database from template0, with a new default encoding:

    CREATE DATABASE template1 WITH TEMPLATE = template0 ENCODING = 'UNICODE'; UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template1'; \c template1 VACUUM FREEZE;

    read more
});