June 2020 News & Updates

10Jun 2020 by nathan

Executive Summary

  • Criminals continue to take advantage of remote workers connecting to work resources via home networks with (often) lax security controls. In many cases, these unprotected home networks that are connected via VPN connections back to the office are giving attackers an opportunity to completely bypass the corporate firewall.
  • Based on number of bugs patched, June 2020 marks Microsoft’s largest Patch Tuesday to date with 129 (or 130, depending on who you ask) bugs patched, with 115 in March 2020 and 113 in April 2020 pulling a close second and third.
  • Adobe released significant security updates for Flash Player and Framemaker that could allow an attacker remote access to vulnerable systems.
  • Windows 7 and Windows Server 2008 are now six months out of support from Microsoft, meaning they are no longer being supported with security updates. If you or your organization still have Windows 7 or Windows Server 2008 systems in production, they should be considered high risk and replaced as soon as possible. If your organization has regulatory compliance requirements (HIPAA, PCI, GLBA, etc.), the presence of Windows 7 or Windows Server 2008 could jeopardize your compliance.

News

  • Microsoft has released build 2004 (umm, yeah, that’s 2004 and not 2003, due to concerns that a build 2003 would be confused with the now long retired Server 2003) without much fanfare. The option to install 2004 is being pushed out gradually, so it won’t show as immediately available for everyone. One (other) interesting thing about 2004 is that it’s kicked off the 18-month support lifecycle.
  • DC770 in person meetings have returned. We will continue using the online virtual meeting for the foreseeable future but are now able to return to Jefferson’s as long as we meet state and Jefferson’s requirements. The next DC770 will meet on Tuesday, 7 July 2020.
  • MyIT – The response to the enhanced MyIT Services has been overwhelmingly positive. For our MyIT Silver and Gold clients, we’re now able to alert in real-time on potential indications of compromise that could lead to things like ransomware. Some of these new capabilities include the ability to alert in real-time on events like failed logins, newly created users or users added to new groups or the installation of new software (like ransomware). If your organization doesn’t currently have these capabilities and is concerned about attacks on your IT infrastructure, we’d love an opportunity to earn your business.

Updates

MicrosoftMicrosoft released updates to address 129 vulnerabilities this month including 11 that it deems critical. The critical updates are primarily in Windows itself, patching vulnerabilities in the Windows Graphic Device Interface (GDI) and Server Message Block (SMB), and office with two vulnerabilities in Excel. Any of these vulnerabilities could be used to allow an attacker to gain remote access to a vulnerable system. It’s worth noting that proof of concept code has also been published this week that could allow a remote, unauthenticated attacker full control over a system using a vulnerability patched back in March (CVE-2020-0796).

Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critcial, it’s important that the updates are installed.

Additional details on this months Microsoft updates are available from Microsoft, Brian Krebs, SANS (who note 130 updates) and ZDNet.

Not to be outdone, Adobe released only three updates this month, but all three are cross platform (Windows, Mac and Linux) and two of the three (Framemaker and Flash PLayer) could be exploited to grant attacker remote control of a vulnerable system in the context of the current user. Adobe Flash Player vulnerabilities are typically a favorite for criminals because they can be targeted and exploited via the web (Flash ads, games, cartoons, elf bowling games, etc.). Thankfully though, Chrome and Firefox now disable Flash by default, mitigating the risk somewhat.

Additional details on this months Adobe updates are available from Adobe, Brian Krebs and (oddly enough) Microsoft.

Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently?  Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of?  Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?

Cyber Tech Cafe an  IT Service Company with a focus on helping small to medium business get the most out of their technology investment.  As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar.  We offer on-call, as needed support if you just need a quick fix or extra set of hands right now.  We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract.  We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.

If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know.  We look forward to the opportunity to earn your business.