- Two Big Stories This Month
- RIP Windows XP – As of 8 April 2014, Microsoft will no longer be providing support for Microsoft Windows XP, Microsoft Office 2003, Windows Server 2003 or Exchange Server 2003. If you are using any of these products, you need to consider upgrading as soon as possible. If you are subject to compliance regulations like HIPAA or PCI, you need to review these compliance guidelines and plan accordingly.
- PLEASE READ THIS – We reported that the Cryptolocker virus was making it’s way around the Internet again back on 17 October 2013 and have reported a few additional times since then of specific incidences. We have seen a few computers in the shop with this virus from people with no backups of their data and have had to deliver the unpleasant news that, without a backup, their options are a) pay up (typically between $1,000 and $4,000 USD) or b) lose the data. The virus encrypts all pictures, documents, etc. with very strong encryption and, without the encryption key (which is what you purchase for $1,000 to $4,000 USD), there is no way to recover them. Please stay on top of updates, make certain that your antivirus software is enabled and up-to-date and be cautious about opening files or clicking on links in emails.
Microsoft – According to the Advanced Notification for April 2014, there are only 4 bulletins this month, with 2 listed as critical and 2 listed as important. Affected products include the usual suspects, Windows, Office and Internet Explorer primarily. The critical bulletins address vulnerabilties that could allow remote code execution (an attacker can run programs on your computer) and the important bulletins address vulnerabilities that could allow an attacker to bypass various security security features.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories is available here. The updates can include any *supported* Microsoft product from Windows (Windows XP, Windows 7, Windows Vista, Windows 8, Windows Server, etc.) to Office (Word, Excel, PowerPoint, Outlook, Publisher, OneNote, and even MS Office for Mac) to Internet Explorer to server products like Exchange, SQL Server and more. If you have one of these products installed, especially if the update is listed as Important or Critical, it’s important that the update be installed.
Please note that this will be the last updates *ever* to Windows XP, Windows Server 2003 and Office 2003.
Adobe – The latest advisories from Adobe were on 8 April 2014 and addressed critical vulnerabilities in Adobe Flash Player. I do not have confirmation of this yet but I believe that this has been (or is being) used as an attack vector for spreading the Cryptolocker virus.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos like YouTube and in interactive web content like games) and Adobe Shockwave.
These updates have already been staged for install for MyIT Clients. If you have a MyIT plan in place, please be certain to reboot your computer(s) by close of business on 14 January 2014 to ensure that the updates are properly applied. If you do not have a MyIT plan in place and would like additional information, please contact us.
Java – As of the time of this email, Java 7 update 51 is still the latest Java 7 version available. According to the Oracle website, Java 7 update 51 is stable, supported and (caugh) secure but Java 8 is also available here. Java 8 appears to be targed primarily at developers and doesn’t really appear to be tarted at end users yet.
Java is a tool that’s widely used by Banks, online service providers and even security companies for VPN connections. Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ for the past several months. It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s worth removing it altogether (this can be done from Add / Remove programs).
* We still have a few MyIT clients that do not have their Network Ninja installed and are working as quickly as possible to get those taken care of. We have gotten all MyIT clients configured for automatic updates and are pushing updates regularly at this time. One thing that’s worth noting is that the upates are installed during the shutdown process, so we recommend all MyIT users reboot their computers at the end of the day. This will give the computers a chance to check for and, if any are found, install updates. This does slow down the shutdown process (significantly), which is why we recommend doing it at the end of the day.
* If you are not currently taking advantage of our MyIT service and would like more information or to sign up, additional information is available here.