Patch Tuesday, June 2018 | Pushing 11 Critical Security Updates

Are you ready for the latest in security patch updates?  I’m not, but it’s that time again.

Ref: https://www.catalog.update.microsoft.com/Search.aspx?q=windows+security+update+2018

 

Microsoft today released security patch updates for more than 50 vulnerabilities, affecting Windows, Internet Explorer, Edge, MS Office, MS Office Exchange Server, ChakraCore, and Adobe Flash Player—11 of which are rated critical and 39 as important in severity.

Only one of these vulnerabilities: CVE-2018-8267 | Scripting Engine Memory Corruption Vulnerability is a remote code execution flaw (CVE-2018-8267) in the scripting engine, is listed as being publicly known at the time of release. The flaw exists within the IE rendering engine and triggers when it fails to properly handle the error objects, allowing an attacker to execute arbitrary code in the context of the currently logged-in user.

There are a few others included are:

CVE-2018-8225 | Windows DNSAPI Remote Code Execution Vulnerability

The most critical bug Microsoft patched this month is a remote code execution vulnerability (CVE-2018-8225) exists in Windows Domain Name System (DNS) DNSAPI.dll, affecting all versions of Windows starting from 7 to 10, as well as Windows Server editions.

The vulnerability resides in the way Windows parses DNS responses, which could be exploited by sending corrupted DNS responses to a targeted system from an attacker-controlled malicious DNS server.

CVE-2018-8231 | HTTP Protocol Stack Remote Code Execution Vulnerability

The critical bug is a remote code execution flaw (CVE-2018-8231) in the HTTP protocol stack (HTTP.sys) of Windows 10 and Windows Server 2016, which could allow remote attackers to execute arbitrary code and take control of the affected systems.

CVE-2018-8213 | Windows Remote Code Execution Vulnerability

Critical remote code execution vulnerability (CVE-2018-8213) affecting Windows 10 and Windows Server exist in the way the operating system handles objects in memory. Successful exploitation could allow an attacker to take control of an affected Windows PC.

Microsoft is reportedly acquiring #GitHub

#Microsoft is reportedly acquiring #GitHub – and we are now expecting the announcement sometime this week.

New reports out of Redmond this weekend have Microsoft set to purchase the popular coding site GitHub. Bloomberg is citing “people familiar with the matter,” stating that the deal could be announced as early as tomorrow.

The new story follows similar reports late last week of discussions between the two parties. The deal certainly makes sense for Microsoft, as the software giant continues to actively court developers. As for GitHub, the company is said to have been “impressed” by Satya Nadella, who has actively courted coders and coding initiatives since taking the reins at the company, back in 2014.

“The opportunity for developers to have broad impact on all parts of society has never been greater,” Nadella told the crowd at his address during last year’s Build. “But with this opportunity comes enormous responsibility.”

Dramatic, perhaps, but acquiring GitHub would give the company access to some 27 million software developers — though not all of them are thrilled by the idea of GitHub being taken over by Microsoft.

More to come.

Kaspersky lawsuits over government ban, dismissed

Last year, the US government made moves to ban the use of Kaspersky security software in federal agencies, claiming the company’s ties to the Russian government represented a security risk. In September, the Department of Homeland Security issued an order that required federal departments and agencies to remove the company’s software from their systems. Then, Congress passed and President Trump approved a bill — the National Defense Authorization Act (NDAA) — that also banned Kaspersky software from federal government use. Kaspersky subsequently filed two lawsuits combatting both bans, but a judge has now dismissed them.

CyberScoop reports that Colleen Kollar-Kotelly, US District Judge for the District of Columbia, rejected Kaspersky’s claims that the bans were unconstitutional. Kaspersky argued that the NDAA inflicted an unconstitutional “punishment,” but Judge Kollar-Kotelly disagreed. She said the act wasn’t a punishment but instead, “eliminates a perceived risk to the nation’s cybersecurity and, in so doing, has the secondary effect of foreclosing one small source of revenue for a large multinational corporation.”

Further, because she dismissed the lawsuit against the NDAA, the suit against the Department of Homeland Security’s order was rendered moot since the act would supersede any change to the order. “These defensive actions may very well have adverse consequences for some third-parties,” she said in her opinion. “But that does not make them unconstitutional.”

The NDAA’s Kaspersky ban goes into effect on October 1st.

This article originally appeared on Engadget.

VMware vCenter 6.7a and other released

VMware has released vCenter 6.7a, vSphere Replication 8.1.0.2, vSphere Integrated Containers 1.4, and PowerCLI 10.1.

Download link

Set up the Default Domain for vCenter Single Sign-On | Tech-Short

vCenter Single Sign by default requires the user to specify the domain during authentication with vCenter.
Example: JERMSMIT\admin or admin@JERMSMIT.LAB.

You can eliminate the need to insert the domain in the username by following the following steps.

 

  1. Log in to the vSphere Web Client as administrator@vsphere.local or as another user with vCenter Single Sign-On administrator privileges.

  2. Browse to Administration > Single Sign-On > Configuration.
  3. Under the Administration, configuration locate the Identity Sources tab
  4. On the Identity Sources tab, select an identity source and click the Set as Default Domain icon.
  5. In the domain display, the default domain shows (default) in the Domain column. Set the domain of choice as your new default.

The next time when you attempt to login into vCenter, you can omit the DOMAIN from your username.

Full ref located here
Full Link: https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.psc.doc/GUID-11E651EF-4503-43BC-91F1-15502D586DE2.html