This Patch Tuesday comes with 74 security updates, including fixes for two known vulnerabilities (CVE-2018-0808 and CVE-2018-0940); luckily this release arrives in a more timely fashion, as there have been no known exploitations of these vulnerabilities like we’ve seen in the past.
Many people considder USB to be some Serial cable like they used to have for Modems, Printers etc.
USB really is a multi-drop networking standard. And it provides for all kind of adapters like Storage Nodes, Network "routers" (=Usb Ethernet ...), Network camera's (photo equipment), ...
So USB sticks are more like a NAS on a private network then a Disk onto a Pata/Sata cable. The difference is they have no configuration items on most USB equipment.
(Rather like the original SCSI standard, only serial).
The Poison Tap (short version) provides a network adapter, with DHCP and it will provision a network with netmask 0 (so ALL packets sent by your system [ except for the local network you PC is connected to ] go to the PoisonTap..). Which also runs a transparant proxy to hijack connections. and will inject code back into the browser to redirect ALL access through another public site. After the PoisonTap is removed the attack still persists. Allowing an attacker to keep on tapping authentication data.
Fuller quote from the bottom of the article (and I have read others like it)
""We want you to use IE for the sites that need it - what I'm trying to say here is that I hope you don't use it for everything else,” Mr Jackson said in a comment on the blog post.
Microsoft will end support for Internet Explorer 10 in January 2020, while Internet Explorer 11 will remain as the final iteration of the software."
Some servers do not have (and have not been able to update to) IE 11. This was not in the article but I have read it along with the statement that Server updates would be revised to use IE 11. I am not sure about Server 2008 but certainly Server 2012.
Interesting documentary available on Hulu and Netflix right now called Zero Days. It gives a high level analysis of the Stuxnet virus which was apparently engineered to specifically target the Siemen's logic controllers used in Iran's nuclear centrifuges.