Stay Secure in the Cloud with Sophos Cloud Endpoint


Towerwall and Sophos, partnering to protect data integrity in the cloud.

Towerwall is now offering Sophos Cloud Endpoint, a new security option for small and medium sized businesses. Sophos Cloud Endpoint offers an integrated, lightweight agent that protects your business, users and their computers. 24/7, anywhere in the cloud.

Sophos Cloud Endpoint gives you endpoint security as a service. With a management console hosted by Sophos in the cloud, it’s simple to deploy, manage and maintain.

Click here for more information and to sign up for Sophos Cloud Endpoint


Internet Explorer, .NET, IPv6 and Shockwave top the February 2014 Patch Tuesday list

For today’s Patch Tuesday, Microsoft released seven bulletins (a surprise after only announcing five last week) and Adobe released one. There are four critical advisories, to me the most important of which is MS14-010 affecting Internet Explorer versions 6 through 10. This patch fixes 24 vulnerabilities, one of which has been publicly disclosed. Considering that 22 of these vulnerabilities can lead to remote code execution, this fix is priority one. MS14-007 is a flaw in the Direct2D graphics engine in Windows 7 through 8.1, including RT.

It is also related to Internet Explorer and could result in a malicious web page exploiting this flaw to achieve remote code execution. The last major one to look out for is MS14-011, flaws in the VBScript interpreter affecting Win XP through 8.1 (RT inclusive) and Internet Explorer versions 8 through 11. Server editions have mitigation implemented through blocking active scripting inside Internet Explorer, but expediting this fix is still recommended.

The fourth critical flaw is a remote code execution flaw in Forefront for Exchange, while the three important vulnerabilities are in XML, .NET and the Windows IPv6 stack. Adobe’s fix is for the Shockwave Player and resolves two critical remote code execution vulnerabilities. In addition to recommending that you remove Shockwave if you have it installed, there is another reason to avoid it. Adobe seems to think that its job includes trying to force you to install unwanted applications along with its plugins.


In my case it tried to “opt me in” to installing Chrome. It is a dodgy practice to bundle other applications by default and even worse practice when someone is downloading a security update. Shame on you Adobe.

For those who want to download Shockwave without the bundleware you can go to the Adobe alternates download page.

by Chester Wisniewski on February 11, 2014