Skip to main content
Tag

Windows Updates

||

Sophos and Windows 7 Updates Incompatible

By News, Patch ManagementNo Comments

Sophos and Windows 7 Updates Incompatible

Reports indicate Sophos Endpoint Antivirus is incompatible with the latest updates for Windows 7, causing a total crash on the log on screen or BSOD.
[vc_empty_space]
[vc_single_image image=”29338″ img_size=”full” alignment=”center”]

Sophos Endpoint Antivirus is a hybrid antivirus solution that provides businesses protection against malware, viruses and offers a remote management tool. Regrettably, there are reports that it is not compatible with the latest Windows updates for Windows 7 causing either a total crash on the logon screen or BSOD.

The issue occurs with the following Microsoft updates:
  • KB4493446
  • KB4493448
  • KB4493450
  • KB4493451
  • KB4493458
  • KB4493467
  • KB4493471
  • KB4493472
Robert Brown, Director of Services for Verismic said, “We have learned Sophos recommends immediately removing these updates from your active deployments, and if already deployed to remove them swiftly until the issue is resolved. A patch is not yet available, but to make things easier our customers can search for these updates in Syxsense and easily remove them without causing any further end user disruption.”
[vc_separator css=”.vc_custom_1551288486254{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:%2Fsyxsense-trial|||”]
||

Thank You For Not Patching

By News, Patch ManagementNo Comments

Thank You For Not Patching

New studies show how patching continues to impact most organizations with real consequences.
[vc_empty_space]
[vc_single_image image=”29334″ img_size=”full” alignment=”center”]

Nearly 60% of organizations that suffered a data breach in the past two years cite as the culprit a known vulnerability for which they had not yet patched.

Half of organizations in a new Ponemon Institute study conducted on behalf of ServiceNow say they were hit with one or more data breaches in the past two years, and 34% say they knew their systems were vulnerable prior to the attack. The study surveyed nearly 3,000 IT professionals worldwide on their patching practices.

Patching software security flaws by now should seem like a no-brainer for organizations, yet most organizations still struggle to keep up with and manage the process of applying software updates. “Detecting and prioritizing and getting vulnerabilities solved seems to be the most significant thing an organization can do [to prevent] getting breached,” says Piero DePaoli, senior director of marketing at ServiceNow, of the report.

“Once a vulnerability and patch are announced, the race is on,” he says. “How fast can a hacker weaponize it and take advantage of it” before organizations can get their patches applied, he says.

Get started with Syxsense to elevate your approach to IT patch management and protect your business from major vulnerabilities and threats.

[vc_separator css=”.vc_custom_1551288486254{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:%2Fsyxsense-trial|||”]
|||

Microsoft Patch Tuesday Updates Are Freezing Windows

By News, Patch Management, Patch TuesdayNo Comments

Microsoft Patch Tuesday Updates Are Freezing Windows

If you installed the latest round of Microsoft patches and found that your computer experienced errors or started to freeze, you are not alone.
[vc_empty_space]
[vc_single_image image=”29323″ img_size=”full” alignment=”center”]

What’s occurring and which versions are affected?

Microsoft has confirmed that computers are freezing during the latest “Patch Tuesday” update process. However, the issue could be more prevalent than Microsoft is stating.

Microsoft has indicated that there is “an issue on devices with Sophos Endpoint Protection installed and managed by either Sophos Central or Sophos Enterprise Console (SEC) that may cause the system to freeze or hang upon restart after installing this update.” Users of Avast for Business and CloudCare have reported freezing upon startup and Avira antivirus users are experiencing slow devices.

The security update in question includes fixes that were part of KB4489892. It was primarily meant to provide further mitigations against Spectre and Meltdown, but included other improvements as well.

It appears that a large number of Windows versions are affected by the update problems, including Windows 7, Windows 8.1, Windows Embedded 8, Windows Server 2008, Windows Server 2012, Windows Server 2012 R2 and Windows 10.

How do you fix it?

If the Sophos Endpoint is installed, Microsoft has temporarily blocked devices from receiving these updates until a solution is available. However, there is no confirmation of the problems that Avast and Avira users are facing—only Sophos.

If you have installed the Patch Tuesday updates and need to fix them, we highly recommend rolling back the updates in question.

[vc_separator css=”.vc_custom_1551288486254{padding-top: 20px !important;padding-bottom: 20px !important;}”]

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
[vc_btn title=”Get Started with Syxsense” color=”warning” size=”lg” align=”center” link=”url:%2Fsyxsense-trial|||”]

Future Windows 10 Updates Will Demand Dedicated Disk Space

By News, UncategorizedNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

The Next Upgrade Will Section Off 7GB of Storage

Due sometime in March or April, the next Windows update will do something new. 1903 will section off and hold 7GB of drive space. This sectioning is being called “reserved storage” and Microsoft argues it will improve functionality by guaranteeing there will always be space for critical OS functions.
Windows updates have always required a chunk of storage space to run the update. But after the task had been completed, that space was released back to the user. Now, it will create a section that will always be held. However, new updates will utilize this new portion before attempting to take any more space in an update.

There are still unknowns about how this will work. For instance, will this reserved storage space be manageable through group policies?
This change leaves IT with an important question, do all Windows devices have the necessary space to facilitate this new demand? To prevent going to every single device and noting its current storage space, utilize an IT solution with comprehensive inventory information.

[vc_single_image image=”26212″ img_size=”full” alignment=”center”]

Syxsense Realtime Security displays current data from your devices. The information is fresh; not from hours or minutes ago, but from right now.

Looking at the free disk space information, there will be no question as to which devices have enough space to handle this new Windows function.
Come trial Syxsense Realtime Security and all of its features before Windows rolls out their next update.

[dt_default_button link=”url:%2Fsyxsense-trial%2F|||” size=”big”]Start a Free Trial[/dt_default_button]
|

‘Roll Back’ To The Future

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Beware: Windows 10 Feature Updates are Double Work!

Windows 10 Feature Updates (Windows 10 Servicing) will dominate the agenda of many IT Managers as Microsoft uses their new release method to introduce new operating system experiences and security enhancements for their flagship operating system. These are scheduled for release every 6 months until the end of extended support in October 2025.

Before you start your journey, you need to be aware that each feature update will have its own support for 18 months, forcing IT Managers to keep releasing these updates at least every 12 months.  If you are still using Windows 10 version 1607, support has already ended.

 

Verismic recommends that IT managers plan out their Windows 10 Feature Updates as soon as it is publicly available.  But Beware: upon installation of the Windows 10 Feature Update, any patch or update which has been deployed since the date of that feature update will have to be re-deployed to bring that system back up to date.

Robert Brown, Director of Services for Verismic says, “IT managers spend a lot of time planning and deploying their Windows updates each month. They need to understand that after installing any Windows 10 Feature Update, they will be effectively rolled back in time to the date of that release. Example Fig.1 below, next month if you apply 1803, you will have to re-deploy all updates since March – that could be over 40 updates per device. Use Syxsense to make re-deployment far easier and more efficient.”

[vc_single_image image=”24413″ img_size=”full”]

Microsoft is giving IT Managers double the work, but Syxsense simplifies patching. Our Patch Manager quickly identifies any device in need of updates. Then a maintenance window can be created to deploy the updates after business hours, avoiding any loss in productivity.

Start a trial of Syxsense today.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Equifax Hack – What To Do Now

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”full”]

Three Steps To Protect Yourself and Your Company

Earlier this month we learned that criminals gained access to certain files in Equifax’s system from mid-May to July by exploiting a weak point in website software.

The big lesson here: Prepare yourself; this will happen again. You should already assume you are affected by the Equifax hack, just to be safe. Here are three steps you should take to protect yourself.

[vc_single_image image=”12852″ img_size=”200×200 px” alignment=”center”]

It is becoming increasingly difficult for companies to protect online data. To prevent a catastrophe, it’s important to implement rigorous patch management methods.

Updates should be tested and deployed in a safe, but rapid fashion. Reports and audit logs should also be provided to track the status of any tasks or view any systems that have been improperly accessed.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Syxsense is the solution for managing your IT environment. Our content is thoroughly tested, so you can rely on a smooth deployment. Our reports and audit logs are detailed, so you won’t miss any critical information. With two-factor authentication and 2048-bit encryption, you won’t have to worry about your IT tool being a weak point.

Secure your environment and discover a better way to manage with Syxsense.

March Patch Tuesday: Patching Chaos

By News, Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

The Eye of the Patch Storm

Two months have passed since the beginning of the year where we saw one of the smallest releases of patch content for the past couple of years, to then having an entire baseline cancelled at the last minute in February.

Some IT managers may have counted their lucky stars for the reduction in their workload so far this year – that is until they see this massive release.

Microsoft have released eighteen updates this month, nine are rated Critical with the remaining rated Important. Last week Microsoft also released 17 KB updates covering Office version 2013 and 2016. Full details of that release can be found here.

Last year we raised our concerns about rolling patches together, and last month only two months since Microsoft adopted this strategy were our concerns realized. Because of a single bad patch, the entire baseline was cancelled. 

Don’t get us wrong, we understand the benefit of rolling content into single cumulative updates, but we also appreciate the level of testing needed to ensure a safe combination of updates when rolling them together. That same level of care should be adopted when deploying updates in your environment to ensure bad updates do not cause business outages.

A school study at the University of Maryland was the first to quantify the near-constant rate of hacker attacks of computers with Internet access—every 39 seconds on average.

[vc_single_image image=”11077″ img_size=”medium”]

Robert Brown, Director of Services said “Perception as to the current threat to a company’s network should not be founded on the content released by vendors such as Microsoft alone. There are multiple perimeters you can secure to protect your assets, but remember to also look at the tool you are using to secure your environment. In the past few weeks, IBM have released over 20 security updates for their premise and cloud based patch management tools, meaning your toolset should have a perimeter of its own.”

According to the SANS Institute, 95 percent of all attacks on enterprise networks start with a successful spear phishing attack. Full details of this article can be found here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

We have chosen a few updates to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly, the independent CVSS score for the vulnerability. The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Number

Bulletin ID

Description

Impact

Restart Requirement

Publically Disclosed

Exploited

Severity

CVSS Score

Recommended High Priority

1

MS17-006

Cumulative Security Update for Internet Explorer (4013073)

 

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Remote Code Execution

Yes

Yes

Yes

Critical

8.8

Yes

2

MS17-007

Cumulative Security Update for Microsoft Edge (4013071)

 

This security update resolves vulnerabilities in Microsoft Edge. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Remote Code Execution

Yes

Yes

No

Critical

8.8

Yes

3

MS17-008

Security Update for Windows Hyper-V (4013082)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

Remote Code Execution

Yes

Yes

No

Critical

8.8

 

4

MS17-009

Security Update for Microsoft Windows PDF Library (4010319)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.

Remote Code Execution

Yes

No

No

Critical

8.8

 

5

MS17-010

Security Update for Microsoft Windows SMB Server (4013389)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

Remote Code Execution

Yes

No

No

Critical

9.8

Yes

6

MS17-011

Security Update for Microsoft Uniscribe (4013076)

 

This security update resolves vulnerabilities in Windows Uniscribe. The most severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Remote Code Execution

Yes

No

No

Critical

7.8

 

7

MS17-012

Security Update for Microsoft Windows (4013078)

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker runs a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.

Remote Code Execution

Yes

Yes

No

Critical

9.8

Yes

8

MS17-013

Security Update for Microsoft Graphics Component (4013075)

 

This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Remote Code Execution

Yes

No

Yes

Critical

8.4

Yes

9

MS17-014

Security Update for Microsoft Office (4013241)

 

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Remote Code Execution

Maybe

Yes

No

Important

7.8

 

10

MS17-015

Security Update for Microsoft Exchange Server (4013242)

 

This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.

Remote Code Execution

Yes

No

No

Important

5.4

 

11

MS17-016

Security Update for Windows IIS (4013074)

 

This security update resolves a vulnerability in Microsoft Internet Information Services (IIS). The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL which is hosted by an affected Microsoft IIS server. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.

Remote Code Execution

Yes

No

No

Important

6.1

 

12

MS17-017

Security Update for Windows Kernel (4013081)

 

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application.

Elevation of Privilege

Yes

Yes

No

Important

7.8

 

13

MS17-018

Security Update for Windows Kernel-Mode Drivers (4013083)

 

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

Elevation of Privilege

Yes

No

No

Important

7.8

 

14

MS17-019

Security Update for Active Directory Federation Services (4010320)

 

This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.

Information Disclosure

Yes

No

No

Important

4.3

 

15

MS17-020

Security Update for Windows DVD Maker (3208223)

 

This security update resolves an information disclosure vulnerability in Windows DVD Maker. The vulnerability could allow an attacker to obtain information to further compromise a target system.

Information Disclosure

Yes

No

No

Important

2.8

 

16

MS17-021

Security Update for Windows DirectShow (4010318)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

Information Disclosure

Yes

No

No

Important

3.3

 

17

MS17-022

Security Update for Microsoft XML Core Services (4010321)

 

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.

Information Disclosure

Yes

No

Yes

Important

3.5

 

18

MS17-023

Security Update for Adobe Flash Player (4014329)

 

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

Remote Code Execution

Yes

NA

NA

Critical

 

Yes

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]

The Best of 2016: Our Year in Review

By NewsNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Our Year In Review

2016 was a big year for Syxsense. As a company, we are constantly growing, adding new features and always focused on our customers.

IT systems management is frequently changing and it’s crucial to keep up with the latest news, strategies and updates. Every month, we share the latest Microsoft and third-party patches, explaining which to prioritize and how to implement the most effective patch strategy.

With plenty of changes on the way for 2017, be sure to stay on top of patching and IT systems management in the new year. Even when other tasks fill up your to-do-list and seem more important, prioritizing patching is the best New Year’s resolution for any IT manager. Explore the highlights and some of our favorite content from the past year.

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START FREE TRIAL[/dt_default_button]

Patch Tuesday: January Patches Bring February Headaches

By Patch Management, Patch TuesdayNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

New year, new steer for Microsoft patching professionals

Microsoft has released four bulletins in total of which two are rated Critical and 2 rated Important. Last week, they released 22 KB non-security updates for Office 2013 / 16 and an update for Word Viewer.

Overall, this is a fairly uneventful release for the first month of 2017 with Microsoft seemingly winding down in preparation for the newly launched Security Updates Guide database that will become the monthly patch Tuesday resource as of next month.

This move on the face of things looks like a good idea, but how will this be perceived by businesses that are used to choosing their updates? This new practice changes the way information is referenced and will most certainly cause a headache for IT administrators who will have to rethink their whole patch management procedure.

James Rowney, Service Manager for Verismic said, “When I first read about this last year, I couldn’t believe that Microsoft were taking such a valiant step towards forcing updates. This really feels like Microsoft is taking an intermediary step towards mimicking the Apple approach of just applying a updates / patches without notification. While this approach does seem to work for Apple I am not so sure that Microsoft has an OS stable enough to follow this practice just yet.”

Chrome coming into its own

Google announced at the end of 2016 that they would be marking web pages as unsecure if the page is not served using HTTPS and holds personal data like login details or financial input tables. These changes will only apply from Chrome revision 56 onwards so we can expect to see this take gradual effect as browsers update as opposed to a flick of a switch scenario.

[vc_single_image image=”11077″]

These changes go hand in hand with Google’s plan to encourage its users to adopt secure login methods. There are obvious pitfalls here as HTTPS doesn’t keep certificates or TLS liberties up to date and webmasters could also see negative movement on their Google rankings. However, this is generally a positive step forward.

Google recently announced that they hit a milestone where more than 50% of their desktop pages now load over HTTPS. Further information and the official notification can be referenced here.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

To help your IT Security Officers, we have chosen one update from this Patch Tuesday to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly the independent CVSS score for the vulnerability.

MS17-003 – Late comer to this month’s releases is this security update to Adobe Flash Player, research indicates that this could have been a Zero Day release later in the week and affects all supported versions of Windows. The urgency to get this out shows the importance of this update, we recommend that this patch is rolled out with high priority at your earliest convenience.

The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Bulletin ID

Description

Impact

Restart Requirement

Severity

CVSS Score

MS17-001

Security Update for Microsoft Edge (3199709)

This security update resolves a vulnerability in Microsoft Edge. This vulnerability could allow an elevation of privilege if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited this vulnerability could gain elevated permissions on the namespace directory of a vulnerable system and gain elevated privileges

Elevation of Privilege

Requires restart

Important

6.1

MS17-002

Security Update for Microsoft Office (3214291)

This security update resolves a vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Remote Code Execution

May require restart

Critical

7.8

MS17-003

Security Update for Adobe Flash Player (3214628)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016

Remote Code Execution

May require restart

Critical

9.3

MS17-004

Security Update for Local Security Authority Subsystem Service (3216771)

A denial of service vulnerability exists in the way the Local Security Authority Subsystem Service (LSASS) handles authentication requests. An attacker who successfully exploited the vulnerability could cause a denial of service on the target system’s LSASS service, which triggers an automatic reboot of the system. The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests.

Remote Code Execution

Denial of Service

Important

7.5

2016: The Year of Ransomware

By Patch ManagementNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Rise of the Cybercriminal

Ever watch the end of year “World’s dumbest criminals?” You know the ones: the handsome gentleman caught on camera robbing a convenience store while his sidekick fills out a lottery form complete with name and address.

Unfortunately, cybercriminals aren’t quite so easy to catch. With ransomware incomes hitting almost $1 billion in 2016, what you can expect in 2017 is continued reinvention and more growth in the world of cybercrime.

Kaspersky declared 2016 to be the year of ransomware. This financial malware victimizes users and forces them to pay significant amounts of money to release systems from a locked state. Small businesses faced eight times more ransomware attacks in the third quarter of 2016 than in the same quarter of the prior year. Hardly a day goes by without a new ransomware attack or variant making headlines. Witness just a few of the attacks in 2016:

  • October, San Francisco public transportation ticketing machines and transit stations taken offline.
  • Hollywood Presbyterian Medical Center in Los Angeles had its ambulances diverted and access to medical records, x-rays, and CT scans denied.
  • Madison County, Indiana, suffered a widespread ransomware attack that shut down virtually all county services.
  • In May, The University of Calgary was attacked by a ransomware that locked staff, students and faculty out of their emails.

If anything, cybercriminals are getting smarter. In late December 2016, federal prosecutors charged hackers with insider trading. Using data garnered from the computer systems of U.S. law firms that handle mergers, hackers manipulated the stock market to generate more than $4 million in illegal profits.

Many cyber-attacks could be avoided if IT departments adopted a regular patch-deployment process. What difference can a small patch make? What was once a small crack in defenses transforms into computer crashes, data leaks, and corruption. Zero-day attacks are cyber-attacks against software flaws that are previously unknown.

The wily hacker searches for and ultimately finds an error, a loop hole, made by the programmer. Whether the programmer worked on the Windows operating system, your internet browser, Flash, or the myriad of other programs you rely on every day, coders are bound to make mistakes. Criminals love it. Zero-day loop holes exploit that human error.

[vc_single_image image=”11077″]

Because they rely on known entities like malware signatures or URL reputation, standard organizational defenses like virus protection or firewalls are powerless against zero-day threats.

The cybercriminal leverages the unknown and uses the time between when the loophole is found, and the leak is patched to do as much irreparable damage as possible.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big”]START FREE TRIAL[/dt_default_button][vc_empty_space]

Usually, these types of threats are possible only with some end-user permission, such as clicking OK or downloading a file. In 2016, Adobe announced a bug that affected customers by exploiting a vulnerability in a browser’s Flash plug-in. In this case, infection occurred by simply looking at an infected Web page. Breathing easy because you don’t use Windows? Don’t. Updates are required for OS X and Linux operating systems, too.

Terrifying to think a single employee could click a link, access a website, or download software and expose the entire organization to risk.

Among the predictions for next year from an Intel Security McAfee Labs report are an increase in attempts of dronejackings, more intrusive mobile phone hackings and malware aimed at exploiting the Internet of Things. Hackers will become increasingly adept at bypassing existing corporate defenses, and ransomware remains a top concern. Other threats growing in 2017?

  • Watering hole attacks, laser focused attacks on high valued targets
  • Class action lawsuits against companies that fail to protect customer’s personal data
  • Distributed Denial of Service (DDoS) attacks like the ones that temporarily took down Amazon, Twitter,Netflix and others

In its fourth annual “Data Breach Industry Forecast” white paper, security company Experian says it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals. “While some tried and true attacks continue to serve as go-to methods for hackers, there are evolving tools and targets that are likely to become front-page news in 2017. Organizations can’t wait until an attack happens to ensure they are protected—they need to look at the signs early on to start preparing for new types of security threats,” the report said.

With the 2017 onslaught of vulnerabilities, you’ll need a wall of defenses – combating attacks on multiple fronts. Patch and keep operating systems, antivirus, browsers, Adobe Flash Player, Quicktime, Java, and other software up-to-date. According to a Barkly study, common security safeguards including email filtering, firewalls, and antivirus aren’t enough to stop cybercriminals. They found 95 percent of ransomware attacks can bypass firewalls, and 100 % bypassed antivirus protection. Be sure to double down on protection in 2017. Are you using an automated patch management system? Do you have an organized method of discovering, evaluating, and deploying software updates?

What’s one guaranteed prediction for 2017? Programmers will keep making small mistakes, and hackers will continue to turn them into big profits. Someone ends up the victim, don’t let it be your business.