You Need to Turn Off Auto-Updates Now
It’s been reported that MeDoc, a third-party accounting software, is the source of the latest global ransomware attack. Security experts say accounting program provider MeDoc was breached and the NotPetya ransomware was spread via forced automatic updates. This new attack, given the title ‘NotPetya’ by Kaspersky, has so far been detected in Poland, Italy, Germany, France, the US, the UK, Russia, and Ukraine. This is yet another global ransomware event within a month.
While patching is vitally important, many recent attacks have seen successes against Microsoft Software, which is much more likely to be kept up to date than third-party content. Third-party software tends to be left for last, or forgotten about, and could pose a greater vulnerability to your systems.
NotPetya has highlighted the danger of relying on auto updates to secure your operating systems and third party applications. CMS has always recommended disabling auto updates in apps and OS to allow you to properly test, pilot and control distribution of updates.
Over the years, Microsoft has released many defective updates causing errors and blue screens, leading to cumbersome patch recalls. Typically, patches do not go through the same level of testing as a full software release, which creates risk for your business.
Systems Management best practices is to test patches on all images, then use a controlled, staged distribution. With CMS, creating a strategic deployment is rapid, reliable, and stable. We have the leading library of third-party vendors and are always adding more based on customer recommendations.
Turn off auto-updates and trial Syxsense today!
Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include:
|Wireshark||Network Protocol Analyzer||Wireshark_2.2.7|
|Glary Utilities||PC cleanup||Glary_v5.78|
|Trillian||Instant Messenger||Trillian_6.0 Build 59|
|Notepad++||Source Code Editor||Notepad++_7.4.2|
|Chrome_58.0.3029.140||Includes bug fixes, security updates, and feature enhancements.
However, the following devices are NOT live with this update.
AOpen Chromebox Commercial
Dell Chromebook 11 (3120)
Enguarde based 11″ Chromebooks
HP Chromebook 11 2100-2299 / HP Chromebook 11 G4/G4 EE / HP Chromebook 11 G3
HP Chromebook 14 ak000-099 / HP Chromebook 14 G4
Lenovo ThinkPad 11e Chromebook
|Wireshark_2.2.7||Bug fixes and updated protocol support
|Firefox_54.0||Added Burmese locale. Added support for multiple content processes (e10s-multi). Simplified the download button and download status panel. Various security fixes.
|Thunderbird_52.2.1||Fixed: Problems with Gmail (folders not showing, repeated email download, etc.)
|Glary_v5.78||New UI and enhancements
|AIMP_v4.13.1897||Common: localization have been updated
Audio Converter: special build of LAME codec with unicode file names support has been added
Fixed: Sound Engine – some scrunchies can be heard when stopping playback by closing the application
Fixed: Sound Engine – app hangs on lost the audio focus if DirectSound method is used for output
Fixed: Playlist – playlists with relative paths in AIMPPL4 format are imported incorrectly if file path is started form + or – character
Fixed: Tag Editor – WAV-file that was edited in AIMP opens in Adobe Audition with the “meta data is corrupted” message in some cases
Small bugs were fixed.
|LibreOffice_v5.3.4||New features and bug fixes.
|Trillian_6.0 Build 59||Fixed:
Bot: Proper message headers for previous message history from bots
Media: Screen capture could fail on a certain display bit depth
Message Window: Fixed issues related to closing the second message window with the single tab setting.
Settings: Properly show Trillian 5 license information in account area
What’s New: Translations not working correctly.
Add SWIFT language support.
Fix replace in files regression.
Enhance Find Replace dialog (resizable & remove search direction radio buttons).
Fix a crash issue while doing a column insertion on a CJK unicode document.
Fix repeated notification dialog for modification from outside of Notepad++.
Fix a visual glitchy during tab drag and drop.
Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.