- PLEASE READ THIS – We reported that the Cryptolocker virus was making it’s way around the Internet again back on 17 October 2013 and have reported a few additional times since then of specific incidences. We have seen a few computers in the shop with this virus from people with no backups of their data and have had to deliver the unpleasant news that, without a backup, their options are a) pay up (typically between $1,000 and $4,000 USD) or b) lose the data. The virus encrypts all pictures, documents, etc. with very strong encryption and, without the encryption key (which is what you purchase for $1,000 to $4,000 USD), there is no way to recover them. Please stay on top of updates, make certain that your antivirus software is enabled and up-to-date and be cautious about opening files or clicking on links in emails.
- Policy Changes for 2014 – We’ve made some changes to our pricing and policies and have posted a summary on our website here. If you have any questions or would like more information about MyIT or the Priority Blocks, don’t hesitate to give us a call (770.396.8900) or email us.
- Support Ending for Windows XP (and others) – With the March 2014 advanced notification, we are now one update cycle away from the End of Life for Windows XP, Windows Server 2003, Exchange Server 2003, Office 2003 and a host of other Microsoft Products and we still see these older systems deployed in production environments and, in some cases, sensitive environments where HIPAA and PCI compliance is a concern. This time next month, attackers will know exactly what vulnerabilities in these products will be patched / addressed and which vulnerabilities will *never* be patched / addressed. If you have these products deployed, if you believe that you may have these products deployed or if you have no idea if you have these products deployed, please contact your IT vendor as soon as possible to put a plan together to decommission, upgrade or replace them prior to 8 April 2014.
Microsoft – According to the Advanced Notification for March 2014, there are only 5 bulletins this month, with 2 listed as critical and 3 listed as important. Affected products include Windows, Microsoft Silverlight and, of course, Internet Explorer. The critical bulletins address vulnerabilties that could allow remote code execution (an attacker can run programs on your computer) and the important bulletins address vulnerabilities that could allow an attacker to bypass various security security features.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories is available here. The updates can include any *supported* Microsoft product from Windows (Windows XP, Windows 7, Windows Vista, Windows 8, Windows Server, etc.) to Office (Word, Excel, PowerPoint, Outlook, Publisher, OneNote, and even MS Office for Mac) to Internet Explorer to server products like Exchange, SQL Server and more. If you have one of these products installed, especially if the update is listed as Important or Critical, it’s important that the update be installed.
Additional details are available from Microsoft here.
Adobe – The latest advisories from Adobe were on 20 February 2014 and addressed critical vulnerabilities in Adobe Flash Player. If history is any indication though, we will see an update on Tuesday that will not be reported until Tuesday (rather than the advanced notifications that we get from Microsoft).
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos like YouTube and in interactive web content like games) and Adobe Shockwave.
Additional details and downloads are available from Adobe here.
These updates have already been staged for install for MyIT Clients. If you have a MyIT plan in place, please be certain to reboot your computer(s) by close of business on 14 January 2014 to ensure that the updates are properly applied. If you do not have a MyIT plan in place and would like additional information, please contact us.
Java – As of the time of this email, Java 7 update 51 is still the latest version available. We have reports that some vendors are not supporting the latest version and are requiring users to remain at the older, less secure 7 update 45 and we have seen at least one instance where an application frequently used for medical billing is forcing users to keep Java 6 installed because the application does not work with Java 7, which is a problem.
Java is a tool that’s widely used by Banks, online service providers and even security companies for VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ for the past several months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s worth removing it altogether (this can be done from Add / Remove programs).
Additional details and downloads are available from Oracle here.
* We still have a few MyIT clients that do not have their Network Ninja installed and are working as quickly as possible to get those taken care of. We have gotten all MyIT clients configured for automatic updates and are pushing updates regularly at this time. One thing that’s worth noting is that the upates are installed during the shutdown process, so we recommend all MyIT users reboot their computers at the end of the day. This will give the computers a chance to check for and, if any are found, install updates. This does slow down the shutdown process (significantly), which is why we recommend doing it at the end of the day.
* If you are not currently taking advantage of our MyIT service and would like more information or to sign up, additional information is available here.