Skip to main content
Monthly Archives

December 2015

Patch Challenges: Learn to Identify Patches and Updates Accurately

By Patch ManagementNo Comments
[vc_single_image image=”7532″ img_size=”full” alignment=”center”]

In 2003 Microsoft introduced what is commonly known as Patch Tuesday, the second Tuesday of each month (sometimes the fourth) when the company releases the newest updates or malware database refreshes for its Windows operating system and software applications. These patches update individual files—specific to enabling Windows and other Microsoft software to work properly—determined by Microsoft to have security issues or “bugs” that could carry the potential of a malicious and undetectable attack to a computer or an entire system.

In order to reduce costs associated with patch deployment, Microsoft chose the day after Monday simply because the first day of the workweek presents enough challenges that demand attention. By waiting a day, it still gives IT administrators enough time to make any fixes before the weekend but allows them to focus on high-priority issues awaiting them Monday morning. Though patches are only sent out on Tuesday, if a critical fix arises it is sent out regardless of the day of the week.

Patches are not limited to Microsoft technologies alone. Today’s organizations use a myriad of applications from multiple vendors like Adobe, Java and Mozilla to fulfill their specific business needs and goals and, like Microsoft, they also release security updates and patches on a regular weekly or monthly basis. Although these patches are imperative considering the number of security breaches the world has witnessed in the past decade, by issuing them only once a month computers are still susceptible to other attacks between updates, and there are plenty of hackers happy to take advantage of those vulnerabilities. That’s why the day after Patch Tuesday is sometimes referred to as Exploit Wednesday.

While patches usually fix the issues for which they are intended, they can also become the cause of a new problem, particularly if the patches are administered by the uninitiated. In other words, someone with little or no experience can do more harm than good. And with new vulnerabilities being discovered nearly every day, it’s critical for a company to ensure that software and business applications are safe and running smoothly. With a sound, cloud-based strategy for patching and update management, your organization can minimizes risks and reduce costs in addition to other key benefits.

Getting Started: Patch I.D.

Getting safely started in the patch management environment can be daunting, particularly for companies that have an IT department of one. Challenges inherently arise and when they do, it is important to understand how to identify, prioritize, install and verify patches and updates accurately and efficiently. In order to build a patching strategy, it is important to consider the three general categories of updates when prioritizing issues: critical, important, and optional. Critical updates typically involve security, privacy and reliability, while important updates address non-critical problems to help enhance the computing experience. Optional updates can include updates to drivers, for example, or new software, and they often enhance computing as well.

Requirements for a Successful Patching Strategy

An efficient and cost-effective patch management strategy is crucial to the success of any business, considering the risks from a mobile workforce and the increasing number of employees working remotely in today’s expanding global market. But it’s one thing to deploy patches as they are released and another to confidently update all of your company devices—at any time from any location—to ensure a safe environment every day of the year.

Read the full article at virtual-strategy.com.

[vc_single_image image=”7990″ img_size=”full” alignment=”center”]
December 21, 2015
Love0
||

Syxsense Offers the Ultimate MSP Tool

By NewsNo Comments

Cloud-Enabled Software From Leading Provider of IT Solutions Helps Managed Service Providers Boost Productivity and Simplify Processes

ALISO VIEJO, CA–(Marketwired – Dec 16, 2015) – The award-winning Syxsense from Verismic, is quickly becoming an invaluable asset and an essential tool for progressive Managed Service Providers (MSPs). Hailed by MSPmentor.net as “the first and only endpoint device management software that requires no software agent on end-user devices,” the all-in-one cloud-based solution enables MSPs to realize more value by providing higher levels of service to their customers.

[vc_single_image image=”7990″ img_size=”full” alignment=”center”]

“CMS was designed specifically to simplify the management of multiple sites in highly distributed environments,” says Verismic President and CEO Ashley Leonard. “A large number of MSPs still provide services using old premise client/server management tools and even physically send out engineers to help customers with problems. CMS changes all of that by enabling MSPs to remotely monitor endpoints and intervene quickly, rather than taking a reactive approach whenever a system goes down.”

From automated patch management to energy-saving power management features, Verismic’s CMS allows MSPs and IT service providers to remotely deploy software applications with bandwidth-efficient technology and resolve technical issues. As a result, IT costs are reduced, endpoint management is simplified, and productivity is boosted.To ensure a low-maintenance overhead, CMS incorporates a self-upgrading capability, with a multi-tenancy feature that enables MSPs to proactively monitor and manage multiple customer environments. MSPs can control 30 – 30,000 endpoints, all from a single dashboard using any web browser from any location at any time. With a flexible pay-per-endpoint pricing plan, CMS eliminates the need for MSPs to maintain on-premise solutions, purchase expensive server operating systems and database software, and install agents on endpoints. CMS, which is easily deployed in under 30 minutes and is operated entirely from the cloud, can be tailored to fit any business model.

“CMS presents a unique opportunity to quickly and simply manage a device fleet and perform tasks such as software audits for our customers using a cloud product from a proven and trusted vendor — and earn additional incremental revenue,” says, Willie McVey, Director of Business Operations for Plan b Professional Services, a UK-based MSP that provides business-critical program recovery and delivery within some of the most taxing global IT environments. “The product is fully supported and is backed by in-house managers who help with pre-sales, training and deployment — which means no more managing our management tool.”

CMS is gaining recognition as the ultimate tool for maintaining secure IT environments for customers while minimizing administrative burdens and maximizing profits. In the last year, CMS was named one of the most innovative products at the 2014 Best in Biz Awards, Most Innovative Software at Network Product Guide’s Annual IT World Awards, Top Innovator of 2015 by the Association for Corporate Growth, and was characterized by Network Computing magazine as “a refreshing new approach to endpoint management which does away with the excess baggage associated with traditional solutions.”

For more information on Verismic’s award-winning Syxsense, visit www.syxsense.com.

ABOUT VERISMIC: Verismic Software, Inc. is a global industry leader providing cloud-based IT management technology and green solutions focused on enabling greater efficiency, cost-savings and security control for users, all while engaging in endpoint management. Headquartered in Aliso Viejo, Calif., Verismic is a growing and dynamic organization with offices in four countries and 12 partners in nine countries. Over the past two years, Verismic has worked with more than 150 companies ranging from 30 to 35,000 endpoints delivering a variety of solutions for organizations of all sizes as well as managed service providers (MSPs). Verismic’s software portfolio includes the first-of-its-kind agentless, Syxsense ;Power Manager; Software Packaging and Password Reset. For more information, visitwww.verismic.com.

[vc_single_image image=”4711″ img_size=”full” alignment=”center”]
December 17, 2015
Love0

On the 8th Day of December, Microsoft Sent to Me: 12 Bulletins!

By NewsNo Comments
[vc_single_image image=”7980″ img_size=”full” alignment=”center”]

This month’s Patch Tuesday lists 12 bulletins that resolve more than 70 individual vulnerabilities. Eight of these bulletins are rated “Critical,” and the remaining four are rated “Important.”

There are 10 vulnerabilities marked as Remote Code Execution, which are usually exploited through your users. I recommend extra vigilance during the holiday season when hackers aim to exploit your environment with a large number of enticing online games, such as “Elf Bowling.”

I highly recommended that you make MS15-124 through MS15-131, with particular emphasis on MS15-131, a priority for your remediation cycle this month. This recommendation is justified by combining the vendor severity, independent CVSS score, vulnerability impact and current exploits.

Since the vulnerabilities in this latest release all have a “High” CVSS rating, I recommend deploying all updates as soon as possible to ensure peace of mind.

1. MS15-124 is one of the usual suspects affecting Internet Explorer on all versions of Windows. It has been marked as Critical and requires a reboot to resolve this vulnerability.

2. MS15-125 is a critical Remote Code Execution vulnerability affecting Microsoft Edge on Windows 10 and requires a reboot to resolve this vulnerability.

3. MS15-126 is a critical Remote Code Execution vulnerability for the VB scripting engine on Windows Vista, Windows Server 2008 and Windows Server 2008 R2 core edition. It may require a reboot depending on how many updates are installed at the same time.

4. MS15-127 is a critical Remote Code Execution vulnerability for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2. It requires a reboot to resolve this vulnerability.

5. MS15-128 is a critical Remote Code Execution vulnerability for all versions of Windows Office 2007, Office 2010, some versions of .NET Framework, Skype for Business 2016, Lync 2010, Lync 2013, Live Meeting 2007 Console, Silverlight 5 and Silverlight 5 Developer Runtime. This patch requires a reboot, and due to the amount of technology this vulnerability can exploit, it’s wise to pay extra attention to this one.

For those who are still using versions of Lync before 2013, pay close attention to MS15-128. It may upgrade Lync to Skype for Business. You want to be careful and avoid spending many hours restoring your Lync services after receiving unexpected upgrades.

6. MS15-129 is a critical Remote Code Execution vulnerability for Silverlight 5 and Silverlight 7 Developer Runtime. It does not require a reboot.

7. MS15-130 is a critical Remote Code Execution vulnerability for Windows 7 and Windows Server 2008 R2. It requires a reboot.

8. MS15-131 is a critical Remote Code Execution vulnerability for Office 2007, Office 2010, Office 2013, Office 2013 RT, Office for Mac 2011, Office 2016 for Mac, Office Compatibility Pack SP3 and Excel Viewer. Although this covers a large amount of Microsoft real estate, it does not require a reboot.

Some of these vulnerabilities are coming under attack from active exploits. Microsoft Office users should make MS15-131 the first patch to consider applying without delay. Active exploits are more likely to be the ones that attackers use to compromise your network.

[vc_single_image image=”7824″ img_size=”full” alignment=”center”]

9. MS15-132 is an important Remote Code Execution vulnerability for all versions of Windows and may require a reboot.

10. MS15-133 is an important Elevation of Privilege vulnerability for all versions of Windows and may require a reboot.

11. MS15-134 is an important Remote Code Execution vulnerability affecting Media Centre on Vista and Windows 7, 8 and 8.1. It may require a reboot.

12. MS15-135 is an important Elevation of Privilege vulnerability for all versions of Windows and requires a reboot.

This month is one of those times when you need to ignore the Microsoft Severity Rating and go with the opinion of industry experts.

I strongly advise this patch be deployed as quickly as possible. The vulnerability is present in all supported versions of Windows and could allow Elevation of Privilege if an attacker targets a system with a carefully crafted application.

Read the full article at channelpartners.com.

December 17, 2015
Love0
||

Patching: Protecting an Organization’s Proprietary Information

By Patch ManagementNo Comments

For the CEO or COO hearing the word patching for the first time from the experts in their IT department, an array of ideas might float into their head. “How much is this going to cost me?” “I thought we just solved that data breach protection protocol two months ago?” Or, “I am tired of solutions that don’t fix the problems with our company data, they just seem to be band-aids.”

Unfortunately this is the hurdle facing information technology professionals as they work around the clock to protect their company’s proprietary data from exogenous threats. According to the Cisco 2015 Annual Security Report, only four in 10 company IT departments have a coordinated patching strategy.

A patch is in fact not a temporary solution at all, but rather a strategic method by which to update existing software programs by inserting new code into the current operating code. These updates may involve areas such as mitigation of software bugs to addressing vulnerable security systems, or simply installing software upgrades provided by vendors.

[vc_single_image image=”8192″ img_size=”full” alignment=”center”]

A patch is in fact not a temporary solution at all, but rather a strategic method by which to update existing software programs by inserting new code into the current operating code. These updates may involve areas such as mitigation of software bugs to addressing vulnerable security systems, or simply installing software upgrades provided by vendors.

These operating system updates may be from Microsoft on their Patch Tuesdays, but also can include third party vendor software updates like Adobe, Cisco, Java, Apple and others.

In the current environment where data security issues and protocols are the primary concern for a business, the fundamental issue becomes how an IT department provides the necessary patching services to all of the organization’s endpoints.

[vc_single_image image=”7869″ img_size=”full” alignment=”center”]

First Steps

In developing a strategic approach to patching, the reality is that there must be buy-in from the leadership team. Patching is a pro-active engagement, not a reactive one. Think of this analogy, a computer much like the human body can get sick. In order to alleviate the symptoms, one would take medicine, or in the case of the machine an antivirus. The concern though is that the antivirus/medicine does not solve the underlying reasons for being sick: diet, exercise, etc. Following the analogy, computers that just rely on antivirus software and have not been attended to with a coordinated patching effort (solving underlying problems) are more vulnerable to breaking down, malfunctioning or having security compromises.

Once buy-in is established from company leadership, an effective patching framework needs to be built, and can be done by answering five key questions associated with deployment.

Which updates should I install?

The best approach to this first query is to prioritize what updates are most necessary and beneficial for the firm’s end users. Three categories are useful to designate the types of updates that flow from software vendors.

  • Critical updates offer significant benefits, such as improved security, privacy, and reliability.
  • Important updates address non-critical problems or help enhance your computing experience.
  • Optional updates can include updates, drivers, or new software to enhance your computing experience.

Read the full article at windowsnetworking.com.

December 3, 2015
Love0