November 21, 2017

Microsoft Releases May 2017 Security Updates

Via US-CERT

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft’s May 2017 Security Update Summary and Deployment Information and apply the necessary updates.

May 8, 2017

Microsoft has released a critical out-of-band security update addressing a vulnerability in the Microsoft Malware Protection Engine. A remote attacker could exploit this vulnerability to take control of an affected system.

Users and administrators are encouraged to review Microsoft Security Advisory 4022344 for details and apply the necessary update.

Adobe Releases Security Updates (May 9, 2017)

Via US-CERT

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Experience Manager Forms. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletins APSB17-15 and APSB17-16 and apply the necessary updates.

Intel Firmware Vulnerability (May 7)

Via US-CERT:

Intel has released recommendations to address a vulnerability in the firmware of the following Intel products: Active Management Technology, Standard Manageability, and Small Business Technology firmware versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, and 11.6. This vulnerability does not affect Intel-based consumer PCs. An attacker could exploit this vulnerability to take control of an affected system.

Users and administrators are encouraged to review Intel Security Advisory INTEL-SA-00075 and updated mitigations and tools:

US-CERT recommends users and administrators review Vulnerability Note VU#491375 for additional information and refer to their original equipment manufacturer (OEM) for updated firmware.

May 5, 2017: Mozilla Releases Firefox Security Updates

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR.

An attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisories for Firefox 53.0.2 and Firefox ESR 52.1.1 and apply the necessary updates.

Microsoft Ending Security Updates for Windows 10 version 1507

After May 9, 2017, devices running Windows 10 version 1507 will no longer receive security updates.

US-CERT encourages users and administrators to review Microsoft’s Windows 10 version 1507 post for more information and to apply necessary updates.

via: https://www.us-cert.gov/ncas/current-activity/2017/05/04/Microsoft-Ending-Security-Updates-Windows-10-version-1507

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

via https://www.us-cert.gov/ncas/current-activity/2017/05/03/Cisco-Releases-Security-Updates

How to fix the hum/buzz of a Blue Yeti USB Microphone

We recently added a Blue Yeti USB microphone to our studio setup for recording podcasts and videos. But it continued to have an issue with humming/buzzing that we couldn’t pin down via the software settings.

As it turns out, the issue was actually an easy and cheap one to fix, and it had nothing to do with the software settings. The problem was the Blue Yeti desk stand.

Products mentioned in the video:

WordPress 4.7.2 Security Release

WordPress 4.7.2 is now available, and is a security release for all previous versions of WordPress.

We strongly encourage you to update your sites immediately.

WordPress versions 4.7.1 and earlier are affected by three security issues:

  1. The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it.
  2. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability.
  3. A cross-site scripting (XSS) vulnerability was discovered in the posts list table.

Upgrade WordPress TODAY

If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordPress Upgrade Service.

Anyone who is already subscribed to one of our upgrade packages has already been upgraded to WordPress 4.7.2.  If you’d like to ensure that your site is always up to date, please check out our WordPress Maintenance Packages.

WordPress 4.7.1 Security Release

WordPress 4.7.1 is now available, and is a security release for all previous versions of WordPress.

We strongly encourage you to update your sites immediately.

WordPress versions 4.7 and earlier are affected by eight security issues:

  1. Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was fixed in PHPMailer thanks to Dawid Golunski and Paul Buonopane.
  2. The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. Reported by Krogsgard and Chris Jean.
  3. Cross-site scripting (XSS) via the plugin name or version header on update-core.php. Reported by Dominik Schilling of the WordPress Security Team.
  4. Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by Abdullah Hussam.
  5. Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.
  6. Post via email checks mail.example.com if default settings aren’t changed. Reported by John Blackbourn of the WordPress Security Team.
  7. A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing. Reported by Ronnie Skansing.
  8. Weak cryptographic security for multisite activation key. Reported by Jack.

Thank you to the reporters for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.7.1 fixes 62 bugs from 4.7. For more information, see the release notes or consult the list of changes.

Upgrade WordPress TODAY

If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordPress Upgrade Service.

Anyone who is already subscribed to one of our upgrade packages has already been upgraded to WordPress 4.7.1.  If you’d like to ensure that your site is always up to date, please check out our WordPress Maintenance Packages.

WordPress 4.7 “Vaughan” Released

WordPress 4.7 has been released.


WordPress 4.7 Upgrade

As always, we highly recommend that you keep your WordPress installation, WordPress themes and WordPress plugins up to date to ensure that you’re running the most secure and feature rich version of WordPress.

If you need assistance with upgrading, please schedule your WordPress upgrade today via our WordPress Upgrade Service.

All current Watershed Studio WordPress Upgrade Service and Maintenance Package subscribers have been scheduled for your WordPress 4.7 upgrade.

If you’d like to ensure that your site is always up to date, please check out our WordPress Maintenance Packages.