Skip to main content
Monthly Archives

April 2016

||||

The Problem With Patching: 7 Top Complaints

By Patch ManagementNo Comments

Is your security team suffering from patching fatigue? Check out these tips and eliminate critical vulnerabilities in your IT environment.

A term that’s cropped up recently among IT managers is “patching fatigue,” referring to the overwhelming number of patches organizations need to keep their IT environment up-to-date and secure.

According to the 2016 IBM Security Report, which covers 18 years of patches, there are over 100,000 known vulnerabilities, which works out to around 5,000 a year per device. Only a few hundred would affect each device in a network at any time, but these security risks pile up quickly. Even with a small environment, that’s a monumental task. It’s no wonder “patch fatigue” has caught the attention of many IT departments.

[vc_single_image image=”9509″ img_size=”medium” alignment=”center”]

Tripwire recently conducted a survey of nearly 500 US-based IT professionals about their struggles to keep up with patching. Based on the Tripwire data, here are the seven top complaints about patching – and suggestions for streamlining the process.

[vc_single_image image=”9510″ img_size=”medium” alignment=”center”]

Complaint: Patch Management Is Too Time Consuming. No matter the size of the organization, whether it’s a few hundred or over a 1,000 endpoints, patching can take hundreds of hours every month. There’s also added concern if a patch requires a system restart, more so for servers, as significant downtime and lost business is a likely result.

What To Do About It: Deploy a patch management tool that automates the patching process during maintenance windows where the business is least affected, usually during weekends or after hours. It also helps to focus first on mission critical patches and identify areas that are most vulnerable.

Complaint: It’s More Than Microsoft And Operating Systems. The patching process isn’t limited to Windows or other operating systems. Third-party applications also have patches and not all the patches are created equal. Vendors like WordPress are relatively simple to update, but Java and Flash are often major pain points.

What To Do About It: Ideally, the patch management tool also operates with major third-party vendors. It’s imperative to identify what software is on which devices. If a department or collection of devices share similar software, then grouping the patches together will save time and resources.

Complaint: Java And Flash, The Problem Children. Two of the largest contributors to patch fatigue are Java and Flash because they are typically bundled with other products. Bundling creates version control issues as it’s difficult to know which patches for Java and Flash were deployed to which devices.

What To Do About It: Having an inventory tool is the best way to manage this issue. Properly scanning each device for the software and software version will enable proper patch deployment and remove guesswork.

[vc_single_image image=”9304″ img_size=”medium” alignment=”center”]

Complaint: Structured Scheduling And Critical Fixes. Patch Tuesday is Microsoft’s monthly release cycle – always the second Tuesday of the month – providing updates for its catalogue of products. While many IT managers would rather have critical fixes released on an as-created basis, the schedule has eased the burden for many IT managers. Companies like Apple, however, release on an intermittent basis, so if the environment has various operating systems, there’s a greater challenge.

What To Do About It: Get on a schedule. The schedule doesn’t have to match Microsoft’s, though many IT departments implement a Patch Saturday. It’s recommended to take one period during the month to patch devices. Rotating through groups of devices for less-critical patches helps spread the workload. Patching needs to take place quarterly at a minimum, otherwise it’s too dangerous for network security.

[vc_single_image image=”9511″ img_size=”medium” alignment=”center”]

Complaint: What Version Is This? Windows 10 Branching. Microsoft’s new strategy for Windows 10 involves updating the OS in two different fashions. Long-term servicing branch (LTSB) is the familiar Windows update with security updates and bug fixes, but alternatively customers can use the current branch (CB), which includes new features. New features help end-users, but testing and possible system downtimes are the most immediate drawbacks.

What To Do About It: Test before updating to the CB. If the business has legacy applications tied to older OS versions, then updating to the current branch is probably unadvisable. Staying up to date is important, but not at the cost of doing business.

Complaint: Don’t Deploy Every Patch. The Common Vulnerability Scoring System (CVSS) is an industry standard methodology to classify how critical a patch is to a device. But what matters most is how critical a patch is to a device in the business network. Many patches can be ignored due to vendor-issued severity, and conversely, patches not rated highly among most devices could be critical to the environment.

What To Do About It: Controlling the selection of missing updates, especially those with serious consequences if not deployed, lessens the potential impact. A patch management tool that also identifies patches and gives greater clarity limits the strain.

Complaint: Patching And Vulnerability Management. Patching and vulnerabilities are frequently intermingled terms, but they are not interchangeable. Even after patching, there are still vulnerabilities that may exist in the network and it’s important to identify where these potential pitfalls exist, typically in legacy applications and older OS versions.

What To Do About It: Patching is the first step for securing an IT network, but the job hardly stops there. Gaining a thorough understanding of the IT network through accurate reporting will identify areas of concern. It’s also important to remove discontinued products; this alone mitigates many problems. But until devices begin self-upgrading or self-patching, it will continue to fall to the IT manager to discover the best way to manage each challenge and relieve the many headaches associated with patching fatigue.

This article was originally posted on Information Week’s Dark Reading.

April 25, 2016
Love0
||

April Patch Tuesday: Badlock, Zero-Day, Ransomware Keep Us On Our Toes

By Patch Management, Patch TuesdayNo Comments

Just as dreams of summer vacation begin to occupy our thoughts, a nest of security risks crops up. This month’s Patch Tuesday consists of 13 security bulletins, six rated Critical and seven Important, remediating a total of 29 vulnerabilities.

One of the Critical bulletins, MS16-050, resolves nine vulnerabilities in Adobe Flash and was also released by Adobe as a Zero-Day update. We have nine remote-code execution and two elevation-of-privilege vulnerabilities, which should be marked Critical for any organization. All 13 patches recommend a reboot to ensure remediation of the vulnerability; unfortunately, this might be a headache for admins and partners. Verismic suggests making the following vulnerabilities a priority this month based on vendor severity and CVSS scores: MS16-050, MS16,044, MS16-037/038 and 039.

[vc_single_image image=”8925″ img_size=”medium” alignment=”center”]

2 Patch Tuesdays a Month?

When Microsoft announced that it is dividing Patch Tuesday into two segments, I have no doubt that partner technical leads and IT department heads pondered the question: Do we really need two Patch Tuesdays a month?

To make the process more palatable, Microsoft will provide feature and product updates on the first Tuesday, followed by security updates on the second Tuesday.

Let’s face it, it has to be better than last month’s situation of Office updates released over a course of 11 days.

[vc_single_image image=”7824″ img_size=”medium” alignment=”center”]

The dividing of Patch Tuesday spawned a mammoth first release of non-security updates on April 5, with approximately 40 updates published for Office 2010, 2013 and 2016. Nothing was released for 2007, but Microsoft has yet to publish its official list.

We anticipate that if this strategy works for Office, operating systems will follow. It could mark the end of the standard Patch Tuesday — and added workload for partners and IT administrators.

More information and customer comments can be found on Microsoft Technet, here.

Zero-Day Threat Impacts All Versions of Flash

On April 8, Adobe announced a bug that is affecting customers in the wild by exploiting a vulnerability in a browser’s Flash plug-in. What makes this vulnerability so serious is that an end user only needs to access a website to become infected. To make matters worse, the malware could hand over complete control of a system to the attacker. A zero-day fix has been produced to address the issue.

Usually, these types of threats are possible only with some end-user permission, such as clicking OK or downloading a file. This vulnerability can cause infection by simply looking at an infected Web page.

Don’t think that if you’re not using Windows that you have a free pass — updates are required for OS X and Linux operating systems, too. I strongly recommend taking this very seriously.

Ransomware: Does ‘Severity’ Mean ‘Priority’?

We’ve seen a rise in ransomware and backdoor malware impacting large organizations. Ransomware forces the affected end user or business to pay significant amounts of money to release systems from the locked state. Often, infected systems are not operational and cannot be cleaned with a traditional antivirus solution. Infection is commonly caused by what the industry calls “drops” delivered via innocent-looking emails and messages on websites asking users to click links or download software.

Following the drop, the infected system calls out to the Internet and waits for the attacker to access the PC and set the ransom. Teaching users not to click links, access websites or download untrusted software are the most cost-effective forms of defense. These simple practices minimize most risks associated with this type of threat. Ransomware has a hard time infecting systems without user interaction.

[vc_single_image image=”7532″ img_size=”medium” alignment=”center”]

Unfortunately, education isn’t always effective — last year, ransomware cost victims more than $18 million The ransom fees varied from $200 to $10,000.

Recently, I noticed several cases when this type of vulnerability could have been avoided if the IT department had adopted a regular patch-deployment process. Even so, businesses that have adopted a regular patching process still become affected. The question is, Why did they remain susceptible? I wonder, are security officers using patch severity level alone when deciding which patches to apply immediately? Could this be a root cause?

Our research indicates that remote-code execution flaws offer ransomware purveyors the most opportunities to infect systems by targeting specific flaws in software or programs. My advice: Apply immediately any patch that fixes a remote-code execution.

In the latest 13 bulletins released by Microsoft, there are a total of nine remote-code execution vulnerability types. There is a good chance that one of these is being used to deploy the so-called drops on unpatched systems.

Also note that there is a general misconception that Apple’s Mac OS is not as prone to cyberinfections as Windows. This rings true for viruses, but malware and ransomware are on the increase for Macs. For example, more than 6,000 users of an app were affected on a single weekend when an attack tampered with the BitTorrent client code. By using a stolen developer certificate and re-signing the Transmission app, the built-in gatekeeper protection was bypassed.

There is no doubt that Mac OS ransomware will continue to pop up as attackers search for new and better ways to entrap users. While Apple’s Gatekeeper usually stops untrusted applications, it’s advisable to download only vetted apps from Apple’s App Store.

Patches:

MS16-037 & MS16-038 resolve six vulnerabilities each for Internet Explorer and Edge; the flaws could allow remote-code execution if a user views a specially crafted Web page using Internet Explorer. Note that a specially crafted Web page is increasingly becoming the tool of choice for the dispersal of ransomware.

MS16-039 resolves four vulnerabilities in .NET Framework, Microsoft Office, Skype for Business and Microsoft Lync. If users open a specially crafted document or visit a Web page that contains specially crafted embedded fonts, they could infect their systems if they have local admin access.

MS16-040 resolves a vulnerability that could allow remote-code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. When in control, depending on the user’s network privileges, the attacker could access data and or install further applications, including malware.

MS16-041 resolves a vulnerability in the Microsoft .NET Framework. A malicious application could be a Trojan or similar program designed for even greater infiltration of the system and potentially to steal data.

MS16-042 resolves four vulnerabilities in Microsoft Office that could allow remote-code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploits the vulnerabilities could run arbitrary code in the context of the current user. The attacker gains full control of the device and access to other machines across the network.

MS16-044 resolves a vulnerability in Microsoft Windows that could allow remote-code execution if Windows OLE fails to validate user input properly. Users become open to attack once they are convinced to click on a malicious URL or visit a malicious Web page.

MS16-045 resolves three vulnerabilities in Microsoft Hyper-V. The most severe of the vulnerabilities could allow remote-code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Users that do not have the Hyper-V role installed are not affected by this vulnerability.

MS16-046 resolves a vulnerability where an attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. This vulnerability is classified as Important by Microsoft and affects all versions of Windows 10.

MS16-047 resolves vulnerabilities in Microsoft Windows that could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack. An attacker could then force a downgrade of the authentication level of the SAM and LSAD channels and impersonate an authenticated user. A man-in-the-middle attack occurs when an attacker re-routes communication between two users through the attacker’s computer without the knowledge of the two communicating users. Each user in the communication unknowingly sends traffic to and receives traffic from the attacker while thinking they are communicating only with the intended user.

MS16-048 could allow security-feature bypass if an attacker logs on to a target system and runs a specially crafted application. The security update addresses the vulnerability by correcting how Windows manages process tokens in memory.

MS16-049 resolves a vulnerability in the HTTP protocol stack that could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.

MS16-050 resolves multiple vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1 and Windows 10. This security update is rated Critical. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11 and Microsoft Edge. It will no doubt have a mirrored release from Adobe in it Patch Tuesday bulletin.

The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0 to 10.0 are High, those in the range 4.0 to 6.9 are rated Medium, and 0 to 3.9 are considered Low.

Updates:

MS16-037: Cumulative Security Update for Internet Explorer (3148531)
(Restart: Requires Restart, Vulnerability Impact: Remote Code Execution, Severity: Critical, CVSS Score: 9.3)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged-on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs, as well as view, change, or delete data, and even create new accounts with full user rights.

MS16-038: Cumulative Security Update for Microsoft Edge (3148532)
(Restart: Requires Restart, Vulnerability Impact: Remote Code Execution, Severity: Critical, CVSS Score: 9.3)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted web page using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

MS16-039: Security Update for Microsoft Graphics Component (3148522)
(Restart: Requires Restart, Vulnerability Impact: Remote Code Execution, Severity: Critical, CVSS Score: 9.3)

This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a web page that contains specially crafted embedded fonts.

MS16-040: Security Update for Microsoft XML Core Services (3148541)
(Restart: May Require Restart, Vulnerability Impact: Remote Code Execution, Severity: Critical, CVSS Score: 9.3)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote-code execution if a user clicks a specially crafted link that could allow an attacker to run malicious code remotely to take control of the user’s system. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.

MS16-041: Security Update for .NET Framework (3148789)
(Restart: May Require Restart, Vulnerability Impact: Remote Code Execution, Severity: Important, CVSS Score: 9.3)

This security update resolves a vulnerability in the Microsoft .NET Framework. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application.

MS16-042: Security Update for Microsoft Office (3148775)
(Restart: May Require Restart, Vulnerability Impact: Remote Code Execution, Severity: Critical, CVSS Score: 9.3)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker, who successfully exploited the vulnerabilities, could run arbitrary code in the context of the current user. Customers, whose accounts are configured to have fewer user rights on the system, could be less impacted than those who operate with administrative user rights.

MS16-044: Security Update for Windows OLE (3146706)
(Restart: Requires Restart, Vulnerability Impact: Remote Code Execution, Severity: Important, CVSS Score: 9.3)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote-code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a Web page or an email message.

MS16-045: Security Update for Windows Hyper-V (3143118)
(Restart: Requires Restart, Vulnerability Impact: Remote Code Execution, Severity: Important, CVSS Score: 7.4)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote-code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

MS16-046: Security Update for Secondary Logon (3148538)
(Restart: Requires Restart, Vulnerability Impact: Elevation of Privilege, Severity: Important, CVSS Score: 7.2)

This security update resolves a vulnerability in Microsoft Windows. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.

MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527)
(Restart: Requires Restart, Vulnerability Impact: Elevation of Privilege, Severity: Important, CVSS Score: 4.3)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack. An attacker could then force a downgrade of the authentication level of the SAM and LSAD channels and impersonate an authenticated user.

MS16-048: Security Update for CSRSS (3148528)
(Restart: Requires Restart, Vulnerability Impact: Security Feature Bypass, Severity: Important, CVSS Score: 7.2)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker logs on to a target system and runs a specially crafted application.

MS16-049: Security Update for HTTP.sys (3148795)
(Restart: Requires Restart, Vulnerability Impact: Denial of Service, Severity: Important, CVSS Score: 7.8)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.

MS16-050: Security Update for Adobe Flash Player (3154132)
(Restart: Requires Restart, Vulnerability Impact: Remote Code Execution, Severity: Critical, CVSS Score: 10)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1 and Windows 10.

This article was originally published on Channel Partners.

April 25, 2016
Love0
|

Steps to Manage IT for Starting and Growing Your Business

By NewsNo Comments

You’ve heard the expression, “Don’t put all your eggs in one basket.” So why put all your investment capital in one part of your business? IT resources can eat a large chunk of your startup or investors’ capital, taking funding away from more crucial aspects of a new business. While having the right IT solutions for your business is important, you may not need an extensive IT setup immediately. This is especially true now that the cloud is a safe, efficient and cost effective option.

You can make your business or investors’ capital go much further if you are slightly conservative. To start, purchase IT assets and utilize the cloud instead of buying physical or on premise resources. Avoid over-investing in IT resources you may not need immediately and invest your capital in other ways. Those who are first starting a business can use these tips to effectively manage IT with realistic resources:

[vc_single_image image=”7289″ img_size=”medium” alignment=”center”]

Count on the cloud: Why is everything moving to the cloud? Because it’s cost effective and efficient — two things every startup or small business is looking for. With the cloud, there is nothing to manage, no infrastructure cost and no large capital needed for hardware. Little maintenance is required and you don’t have to pay consultants to install and update applications. The cloud is more secure and flexible so you can move from one vendor to another as you grow.

Strengthen your core: Determine the core infrastructure functions your business needs. From there, decide how many workstations and how much storage space you need to run your business. You’ll find that almost all core functions a business needs, like Microsoft Office 365, can be found and managed from the cloud and configured to meet your requirements now and in the future.

Save with a suite: Today, more businesses large and small are choosing cloud-based programs over on-premise versions to handle not only IT functions, but financial business as well. For your accounting and sales tracking needs, consider using a suite of programs. Keep track of your accounting with programs like QuickBooks Online and NetSuite, which can be used online through the cloud. Record and report sales stats and manage CRM (customer relationship management) with solutions like Sales Force conveniently through the cloud.

Skip the phone system: Even your phone system can be cloud-based. The primary way businesses currently communicate is digitally over the web. We collaborate and perform daily business tasks largely by email, webcasts and online meetings. Why pay a fortune for a phone system? You can provide several modes of communication with a cloud-based phone system, like Ring Central.

[vc_single_image image=”9286″ img_size=”medium” alignment=”center”]

Cloud-based phone systems offer many of the same premise-based system features, but also include solutions for online meeting services, sales presentations and more. This saves a new business money on communications with coworkers and clients.

Of course, you’ll need some computers to use all of these services. To keep them updated and secure, consider applying a cloud-based IT systems management solution, which requires only a web browser to deploy and can quickly manage all computers within your new business.

When you’re starting or growing a company, capital is key. Spending it wisely is the most important thing you can do to get your business off to the right start. Spending all your capital dollars on IT resources too early in the game may not be the best financial choice.

Managing IT resources using the cloud can be a safe and cost effective resource for a new business. Consider the benefits of managing core IT functions in the cloud and investing capital on your business’s more pressing startup costs.

This article was originally published on sbonline.com.

April 19, 2016
Love0
||

Network World Product of the Week – Remote Desktop Access

By NewsNo Comments
[vc_single_image image=”9408″ img_size=”large” alignment=”center”]

Remote Desktop Access, one of the latest features of Syxsense, was selected as one of Network World’s products of the week.

Syxsense allows small and large IT teams, as well as MSPs, to manage devices inside and outside their network from the cloud without needing to deploy an agent.

Remote Desktop Access further complements CMS by enabling individuals to access their work computers and retrieve documents through any browser.

See the full roundup of Network World’s products here.

April 18, 2016
Love0
|||

What Does Windows 10 Branching Mean for Your Environment?

By Patch ManagementNo Comments

With Windows 10, Microsoft introduced a new strategy for providing updates to its operating system. Traditionally a new version of Windows is released every few years, throughout its lifetime Microsoft will apply security updates and bug fixes but no real new feature updates.  With Windows 10, Microsoft is giving users a greater choice in how they receive new features with the introduction of a long-term servicing branch (LTSB) and a current branch (CB) version.

The LTSB works in much the same way as Windows has always done with regular updates every month and product updates every few months. Alternatively, customers can choose to use the CB method which provides security updates, bug fixes and new features every few months in what is commonly known as Servicing or a Branch Update.

[vc_single_image image=”9423″ img_size=”medium” alignment=”center”]

When each LTSB is released, it will merge with the Current Branch which will allow customers to transition from Current Branch to LSTB should they wish to do so.

Now that we understand our options, what are the benefits? To a traditional business the transition to a new operating system can be a lengthy and drawn out process. Testing needs to be carried out, pilot groups setup, approvals agreed to, and so on.

LTSB will most likely be the way forward initially but what about the manpower and time the Current Branch platform could save? Imagine a complete and secure update that only needs applying four times per year.

This is going to take a serious change in security updates and business logic but Microsoft has really thought out of the box with this and is striving towards customer experience improvements.

LTSB has efficient and reliable patching methodology, but it does cause headaches for users on a monthly basis.

This could be Microsoft’s driver. In the past, Microsoft tried improving things by taking a different path, sometimes this works, sometimes it doesn’t.

Prime examples of this are Windows Vista and Windows 8. Hopefully the Current Branch methodology won’t be another “back to the drawing board” adventure. It’s a great idea, the planned rollouts are sound in principle, so what could possibly go wrong?

We have already had the 1511 build update released in November (10586), this was a 3GB download and took 40 minutes to upgrade the OS which obviously requires a reboot to complete, so will this prove more cumbersome than the monthly patch updates?

This update contained welcome improvements to the initial build released back in July 2015. No new operating system features or security fixes are being introduced in this update.

James Rowney, Service Manager from Verismic says, “In my experience users like to have as little disruption as possible in their day to day routine so I think at first they will jump at the chance of a rest bite from the monthly reboots. That is until they realise that the new updates could render their machines unusable for an hour!”

A careful strategy will need to be adopted with long term pilot groups of most likely IT department users before attempting to implement this solution to the average user.

[vc_single_image image=”7291″ img_size=”medium” alignment=”center”]

It may be the case that these updates are not deployed 6-12 months after release because of this, but the security implications of this delay could be extremely dangerous.

March has brought us the next update which fixes only a handful of bugs but some significant changes. Windows 10 build 10586.122, (KB3140743)

  • Improved reliability in numerous areas, including OS and Windows Update installation, startup, installing and configuring Windows for the first time, authentication, resuming from hibernation, shutdown, kernel, Start menu, storage, Windows Hello, display modes, Miracast, AppLocker, Internet Explorer 11, Microsoft Edge browser, network connectivity and discovery, and File Explorer.
  • Improved performance in video thumbnail generation, NetLogon, Windows Store, and standby power consumption.
  • Improved support for devices including some wearables, displays, and printer scenarios.
  • Reset app default when a registry setting is deleted or corrupted and streamlined notification about the corruption.
  • Fixed an issue causing favourites to be lost after updates are installed.
  • Fixed several issues that individually could cause certain apps to fail to launch, update, or allow in-app purchases.
  • Improved quality of Cortana voices and translations of multiple languages of an Internet Explorer dialog box.
  • Improved support for apps, fonts, graphics and display, airplane mode, Group Policy, PowerShell MDM, Windows Journal, Microsoft Edge, printing, touch display, roaming credentials, Push-Button Reset, Windows UX, local and streaming video, audio quality, error reporting, USMT, and VHD creation.

A handy unseen before feature with Windows’ 10 is the Preview New Features option. This option is a kind of pilot in the wild for Microsoft in where the new features are released to members of the Windows Insider program. Windows Insiders are a growing community of free testers for Windows across the globe and enables Microsoft to see how their new updates perform outside a sandboxed environment.

More out of the box thinking from Microsoft which should be applauded, had this group of testers been available prior the Windows 8 launch then maybe Microsoft could have held off with this initial release.

This article was originally published on tmcnet.com.

[vc_single_image image=”7078″ img_size=”medium” alignment=”center”]
April 13, 2016
Love0
||

Adobe zero-day update gets top billing in April Patch Tuesday

By Patch Management, Patch TuesdayNo Comments

An Adobe zero-day update received top billing as Microsoft released its April Patch Tuesday fixes.

Microsoft issued 13 bulletins for April Patch Tuesday, including a zero-day update for Adobe Flash Player and cumulative security updates for IE and Edge.

There were also even important bulletins, bringing the total for 2016 up to 50.

[vc_single_image image=”8925″ img_size=”medium” alignment=”center”]

“Every one of the 13 bulletins requires reboot, which spells massive headache for admins because you’re not secured until the reboot,” said Robert Brown, director of services for Verismic Software Inc., in Aliso Viejo, Calif. “Until the reboot, you can still be exploited and susceptible.”

This month’s batch of patches address 173 individual vulnerabilities, more than four times as many flaws that were addressed last month. There are 29 common vulnerability and exposures, Brown said, which is a dictionary of identifiers for publicly known information security vulnerabilities,- but since some cover more than one operating system, they are counted as individuals.

[vc_single_image image=”9304″ img_size=”medium” alignment=”center”]

Adobe, Graphics Component updates receives top priority

Security analysts gave MS16-050 the top priority this month. The bulletin resolves a number of vulnerabilities in Adobe Flash Player. Adobe released its own update, APSB16-10, last week, and said it is aware of reports that one of the vulnerabilities is being actively exploited on machines running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier.

Microsoft also released a patch for zero day in Windows that allows for privilege elevation.

“Those two vulnerabilities, being able to get into systems through Flash and then being able to escalate to administrator roles using one of the Windows vulnerabilities, that’s kind of the one-two punch that an attacker has to have to fully control a system and do whatever he or she wants with it,” said Wolfgang Kandek, CTO for security vendor Qualys Inc., in Redwood City, Calif.

The Adobe vulnerability is crucial to patch, analysts said.

“This is the most important update of the year,” Brown said. “The bug can exploit the browser’s Flash plugin, but what makes this so serious is that you don’t need to do anything other than access a webpage. If you simply access a webpage, you’re infected.”

Kandek gave the second highest priority to MS16-039, which resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe vulnerability could allow remote code execution (RCE) if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts, but the bulletin also fixes elevation of privilege vulnerabilities that are already being exploited in the wild.

Read the full article at techtarget.com.

April 12, 2016
Love0
|

Adobe issues emergency update to Flash after ransomware attacks

By News, Patch ManagementNo Comments

After researchers discovered a security flaw that was used to deliver ransomware to Windows PCs, Adobe issued an emergency update to its widely used Flash software on Thursday.

Adobe urged more than 1 billion Flash users on Windows, Mac, Chrome and Linux computers to update the product as quickly as possible after security researchers said the vulnerability was being exploited in “drive-by” attacks that infect computers with ransomware when tainted websites are visited. Ransomware encrypts data, locking up computers, then demands payments that often range from $200 to $600 to unlock each infected PC.

[vc_single_image image=”9304″ img_size=”medium” alignment=”center”]

Trend Micro Inc., Japanese security software maker, said it warned Adobe about attackers exploiting the flaw to infect computers with a type of ransomware known as ‘Cerber’ as early as March 31. Cerber “has a ‘voice’ tactic that reads a ransom note to create a sense of urgency and stir users to pay,” Trend Micro said on its blog.

Adobe’s new patch fixes a previously unknown security flaw. Such vulnerabilities, known as “zero days,” are highly prized because they are harder to defend against since software makers and security firms have not had time to figure out ways to block them. They are typically used by nation states for espionage and sabotage, not by cyber criminals who tend to use widely known bugs for their attacks.

Why Windows Update is Not Enough

The severity of the attack is a reminder to IT managers that patching is essential. An effective patch management process can proactively close the holes that are so often used by hackers to gain access to data.

“We released this update immediately,” says Jonathan Cassell, solutions architect at Verismic Software. “With Syxsense, it’s easy to push out patches on demand or even on a recurring maintenance window to ensure all devices stay up to date.”

Whether you use an antivirus solution or WIndows Updates, you are not protected from a security breach. Adding an effective patch management strategy is the key to keeping your data and your company safe from cyberattacks and running efficiently. Avoid a doomsday scenario with proper patching, so your company won’t be left with a crippled infrastructure exposed to unnecessary risk.

Source: reuters.com

April 8, 2016
Love0
||||

Top 5 Ways Apps and Technology Solutions Protect your Anonymity Online

By NewsNo Comments
[vc_single_image image=”9288″ img_size=”medium” alignment=”center”]

By Ashley Leonard, President & CEO of Verismic Software

Technology advancements from social media to virtual reality are transforming the way individuals interact, share information, conduct business and access entertainment. One of the most disruptive innovations is the ubiquity of the smartphone and mobile devices such as tablets. In a report from Flurry Insight, a Yahoo-owned analytics firm, time spent on all mobile devices surged by 117 percent from 2014 to 2015. Much of the activity comes from apps. According to Flurry, app activity grew by 58 percent in 2015, accounting for “the average U.S. consumer spending 198 minutes per day inside apps compared to 168 minutes on TV.” If mobile web browsing is included in the calculation, the average American spends three hours and 40 minutes per day on mobile devices.

This means a significant amount of reading, shopping, banking and streaming video is occurring. According to Flurry, “in 2014 app stores generated $21 billion (USD), and 2015 in-app purchases are expected to exceed $33 billion.”

It also means that a massive amount of user information is exchanged, tracked and disseminated. This lack of anonymity can lead to loss of privacy and identity, financial theft, and unsecure data and files. Here are five apps and technology solutions for remaining more anonymous in the digital world.

Search
One of the most common practices on the Internet is searching. Although engines such as Google and Bing provide the information you need when you need it, they also monitor user behavior including what sites are visited and search histories. This personalized information is then shared with third parties including advertisers and businesses. An interesting alternative are search engines that do not track or exchange search data. One of the most popular is DuckDuckGo, a service that promises not to track user searches, or collect and share any personal information. The company, founded in 2008, has surpassed 10 million searches a day in 2015. DuckDuckGo also offers a mobile app named a Top 50 iPhone App of 2013 by Time Magazine.

[vc_single_image image=”8879″ img_size=”medium” alignment=”center”]

File Storage
The storage of proprietary information is increasingly a focus of business, and with more information moving to the cloud there’s an increased concern with its protection. Services such as Dropbox and iCloud are well known, but Box is a service that adds layers of encryption and security to the storage platform. According to the company, “over 39 million people and 50,000 organizations – including over 52 percent of the Fortune 500” utilize Box technologies.

[vc_single_image image=”9285″ img_size=”medium” alignment=”center”]

Purchases and Payments
Consumers are increasingly using devices to conduct transactions. Not only is this a convenient means of purchasing, but is also more secure than debit or credit cards. According to Accenture, Apple Pay is the dominant player in mobile payments accounting for 68 percent of U.S transactions. The innovation behind Apple Pay is that credit or debit card numbers are never stored on the iPhone, iPad or Apple Watch, rather in each transaction the software creates a unique identification number. This method along with the user authenticating the device with their passcode, provides an enhanced level of payment security, as card data is never transmitted and merchants never have access to the actual credit or debit information.

Stuck in Traffic
One of the biggest anonymity concerns in the digital sphere is traffic analysis, which allows authorized and unauthorized third parties to monitor user activity across networks. This type of surveillance is a significant threat to privacy and security, as the sites and individual visits can be viewed, and those sites can determine the physical location of the user.

One of the most effective methods of avoiding traffic analysis is the use of a secure network called Tor, originally designed in cooperation with the U.S. Navy to provide secure information exchange.

Tor prevents traffic analysis by pinging users’ communications across multiple places on the Internet opposed to simple one-to-one information routing. The technology works primarily by disguising the path of data flow. Those monitoring the knowledge exchange will have a greater difficulty identifying a data packet’s header which discloses source, destination, size, timing, and other critical information.

One Password
Passwords can be taken and used by others to invade privacy, and steal identity and property. Users have many passwords for financial accounts, email, shopping sites and dozens of others, and any one can be compromised. The solution? A password manager service such as 1Password, which protects all passwords under the umbrella of one master password that only the user knows. All information is secure through encryption and across all devices. A user’s online security is even safer with the protection of a management software solution that integrates and guards the digital information, which an individual chooses. 1Password offers 18 information templates including social security, bank account numbers, driver’s license information, notes and rewards programs.

[vc_single_image image=”9286″ img_size=”medium” alignment=”center”]

Conclusion
The digital universe is growing rapidly. Information is exchanged in larger quantities at faster speeds over more devices. The International Data Corporation estimated that 14 billion devices are connected to the Internet as of 2014, and the digital space holding 4.4 trillion gigabytes is doubling every two years, set for 44 trillion gigabytes by 2020.

Individuals need to be aware that their valuable and personal information is at risk. The use of innovative solutions can develop a more secure presence of anonymity in an evolving technology sphere.

This article was originally featured on engadget.com.

April 7, 2016
Love0