IT News, Solutions and Support

Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: updates

Microsoft releases 14 patches for Windows

bug-162019

Microsoft released patches for 14 vulnerabilities in its Windows operating system, Office and Internet Explorer software on Tuesday, including four it deemed critical, it’s highest severity rating.

All four of the critical bugs could allow attackers to remotely execute programs on a targeted system, something that in the past has allowed hackers to steal personal information such as passwords or take over machines for the purpose of sending spam.

The patches were released as part of the company’s monthly “patch Tuesdaysecurity update for its major software products. The company had originally planned to deliver 16 updates Tuesday, but two are marked as yet to appear. They include one that was expected to carry a critical rating.

At 14, the number of patches is a monthly record for 2013 and 2014.

They include a problem with Windows Object Linking and Embedding that could allow remote code execution if the user visits a website containing malicious code. If the user is logged in as the administrator, the attacker could gain the ability to install programs and change and delete data. A related patch for Internet Explorer fixes the vulnerability with malicious websites and 16 other problems with the software, said Microsoft.

A security update for the Microsoft Secure Channel software in Windows fixes a problem that leaves Windows Server vulnerable to attack from specially crafted packets. The fourth critical patch fixes a hole in Windows that allows attackers to invoke Microsoft XML Core Services from a malicious website and then remotely execute code on a target system.

A further seven patches are marked as important—the second highest rank.

One vulnerability in Microsoft Office allows for remote execution of code, four additional problems allow attackers to assign themselves higher privileges and two allow bypass of certain security features in Windows.

via Microsoft releases 14 patches for Windows security problems | PCWorld.

Microsoft Patch Tuesday tackles three critical vulnerabilities, including ‘Sandworm’ | PCWorld

After a relatively quiet few months, Microsoft Patch Tuesday is back in full force, covering three zero-day vulnerabilities that administrators should attend to as quickly as possible.

Microsoft issued eight security bulletins Tuesday, covering a total of 24 vulnerabilities found in Windows, Internet Explorer, Office and the .Net framework. Three of the bulletins are marked as critical, which means administrators should test and apply these patches immediately. A single bulletin can cover multiple vulnerabilities within one technology.

Three of these vulnerabilities are already being exploited by malicious attackers, hence they are being called zero-day vulnerabilities. This is the first time in recent history—and perhaps ever—that Microsoft has fixed three zero-day vulnerabilities in a single round of patches, which Microsoft typically issues on the second Tuesday of each month.

“Sandworm” is the most notorious of the three and is a vulnerability in Microsoft Windows that has already been used in attacks on NATO and a number of European government agencies, telecommunication firms and energy companies, according to cyberthreat intelligence firm iSight. Microsoft Bulletin MS14-060 fixes this bug.

“This is an urgent one to fix,” said Wolfgang Kandek, chief technology officer for IT security firm Qualys.

Microsoft marked MS14-060 as important rather than critical because for the attack to work, it would require a user to click on a file. Qualys ranks this vulnerability as more severe in that it is pretty easy to trick a single person into clicking on a file, such as a PowerPoint presentation, which would be all that would be required for an attacker to gain access to an internal network with a well-crafted script, Kandek said.

Sandworm is a good reminder for administrators to make sure that they set the user permissions correctly on desktop and laptop computers, meaning not to give an end user full administrative privileges on the machine, Kandek said.

Internet Explorer gets patched, too

The second zero-day flaw addresses a problem in Internet Explorer and the fix is found in MS14-056. This vulnerability “could allow an attacker to break out of the sandboxing capabilities in Internet Explorer,” said Amol Sarwate, director of vulnerability research at Qualys.

The third zero-day, addressed in MS14-058, also comes from a flaw within Windows, namely from the way the operating system kernel drivers handle TrueType fonts. An attacker could embed some malicious code within a TrueType font. When a user visits a site with these ill fonts, Windows will download the font package and automatically execute the code buried within.

Beyond Microsoft’s patches, administrators will also have a busy week with patches from Adobe and Oracle, Kandek said.

On Tuesday, Adobe released a set of patches for its Flash multimedia player. Oracle is also releasing a wide range of patches for its enterprise software. In particular, administrators should take a look at the Java patches, Kandek advised.

via Microsoft Patch Tuesday tackles three critical vulnerabilities, including ‘Sandworm’ | PCWorld.

Is it time to upgrade?

rp_windows_81_update1_power_button-100228393-large.png

Is it time to upgrade? This is probably the most frequent question I get from my clients. And for good reason. It’s not always easy to tell if upgrading makes sense. Not even for IT Pros.

The reason is simple: It’s complicated. There are a lot of factors which have to be considered when deciding to upgrade, and there are many questions you should ask yourself when planning for your future IT needs.

The first thing to consider when evaluating an upgrade is Cost. But even cost is more complex than you might think.

How much does it cost now? What is the cost of support/maintenance over the life of the product? How long should I expect it to last?
What about the costs of lost productivity if I DON’T upgrade?

What about less tangible costs related issues:

  • incompatibility between versions
  • poor performance of older versions
  • security issues due to reduced/absent vendor support
  • increased support/maintenance costs – older stuff takes more time to keep running

Besides costs, there are also risks. The risk of failure increases with the age of any product. Older stuff breaks. Bottom line.

Besides risk of failure, there are also security risks, especially when we’re talking about software. Older software & hardware drivers are updated less frequently than current versions. Really old software that is out of support may not be updated at all, which can be a problem due to both security and reliability concerns. Some older software may not work properly on newer operating systems, and can pose a risk of data loss due to crashes. Suffice to say you are taking a big risk by using unsupported products on your network. Bottom Line: If you can afford not to, don’t.

Sometimes the question of upgrading is simpler because you might HAVE to upgrade. Forced upgrades are commonplace, and although you may not actually be “Forced”, once you’ve built your company procedures around a piece of technology, you cant always just switch and stop using it.

After technology has been deployed across your business, change can become expensive. Vendors know this, and they’ve learned that most companies will choose to upgrade rather than change software that everyone in the company uses. But even though the costs to deploy a new solution and provide training are more expensive than the upgrade, if your business depends on numerous programs, the cost of upgrades can quickly become a multi-headed monster…one that feeds itself.

The typical scenario goes something like this:

You have to upgrade to the current version of Quickbooks because their payroll feature is no longer supported on the older versions. The new version of Quickbooks won’t run on Windows XP, so now you have to upgrade all of your Quickbooks workstations to Windows 7. Your time keeping program won’t run on Windows 7, so you now have to upgrade that program too, but of course the new version won’t run on Windows XP, so you the rest of the PCs on your network now need to be updated to Windows 7.

Next, you find out that your older version of Office 2003 is crashing due to incompatibilities with some of the newer software as well, so now you also need to update to Office 2013. File format changes between Office versions mean the Office 2013 upgrade needs to be deployed companywide to keep everyone on the same version.

images

So you bite the bullet and start upgrading to Windows 7 and Office 2013, in addition to Quickbooks. You buy some new PCs, and upgrade some others hoping to get a few more years out of them. Several $1000s into the upgrade process, someone points out that the older workstations, to which you already upgraded with more RAM and larger drives to allow the OS upgrade, are now being brought to their knees by the resource hungry newer versions of software.

Oh yeah, and two of your printers (you know, the ones you’ve had for years, that print perfectly and that you have 2+ year’s worth of toner for) are no longer supported under Windows 7.

So before you know it you’ve replaced all of the PCs on your network, upgraded all of the major software packages, and replaced a couple of printers that didn’t need replacing. Worse yet, you’ve also just set yourself up to repeat the process about 5-7 years from now.

By the time all is said and done, the whole Upgrade question can get pretty confusing. Figuring out what to upgrade can be a daunting task, and without proper planning the expense and risks only increase.

rp_help_350.jpg

So what do you do? Here are some guidelines.

  • Keep all software up to date with regular security patches and updates.
    • Most major vendors offer frequent software and firmware updates.
    • Out of date software escalates risks.
    • Windows Updates and Service packs ensure security and productivity
    • Productivity apps that are used frequently business-wide, represent the greatest risk of failure or security breach, and must be kept current .
  • When version upgrades are required, plan to upgrade ALL PCs at once
    • When all systems are on the same versions, ensured compatibility means better productivity
    • Support costs are reduced when software platforms are uniform across your business
  • Don’t run unsupported software.
    • If the vendor is no longer updating the older version, upgrade to the new version.
    • If the vendor is no longer offering upgrades, consider an alternative product/vendor.
  • Avoid upgrading Operating systems by instead replacing PCs.
    • OS Upgrades are costly.
      • Purchase price of software license
      • Cost of support to backup system, install upgrade and resolve issues
      • Cost of hardware upgrades to meet OS requirements and ensure performance
        • RAM/Hard drive Upgrades
        • Peripheral upgrades
      • Reduced productivity: diminished performance resultant to pairing last generation hardware with upgraded OS
    • Unless you have 25+ PCs, purchasing PCs with OS license is cost effective comparable to Enterprise Licensing
      • Preinstalled OS saves setup time
      • OEM licenses are much cheaper than a retail license for Windows
  • PLAN. PLAN. PLAN.
    • Budgets are your friends.
      • When purchasing a new PC, consider the anticipated useful life
      • Develop a schedule to replace ALL PCs regularly that meets your budget
    • Choose wisely.
      • Choose Vendors for Warranty and Support as well as features and price
      • Avoid Custom software and hardware solutions if possible
        • Custom software can be a nightmare to maintain, and vendor support may vary.
        • Custom vendor support contracts can be expensive, and the hardware/software may become unusable without support. Third party support may be difficult/impossible to find.
        • What happens if your developer/system builder goes out of business?
    • Develop a long term plan for the ongoing replacement of all IT equipment
      • Waiting until everything is really old can be a disaster.
      • Generally, a 4-7 year rotation schedule is appropriate for most IT equipment
      • Version consistency for Operating Systems /Software = reduced support costs and increased productivity

So what now?

As you may have heard, support for Windows XP officially ended earlier this year. So, should you update those Windows XP computers now? Or replace them?

Well, I know your old Windows XP pcs have already been replaced/upgraded, right? I’m sure you are NOT wondering how big a risk it might be to put off the upgrade awhile. I mean, if Microsoft says you need to buy 20 new PCs this year, you’re just gonna do it, right? You don’t want to piss of the MotherShip in Redmond now, do you?

Well, let’s say you DON’T have an unlimited IT budget…You probably have some tough choices to make.

          

To help put the question in perspective, ask yourself these questions if you are debating about the XP upgrade:

  • Do you run any HIPPA compliant software or keep sensitive data on your networks? – YES, UPGRADE
  • Do you process credit cards, work with financial data, or pay bills online? – YES, UPGRADE
  • Do you make purchases or use Internet Banking? – YES, UPGRADE
  • Is Internet Explorer 9 or greater required for any websites you use frequently? – YES, UPGRADE
  • Is your system slow and it seems like you are always waiting for it to catch up? – YES, UPGRADE
  • Do you use Internet Explorer to surf the Internet? – Switch to Chrome or Firefox or UPGRADE
  • Is any of your CURRENT software UNSUPPORTED on Windows 7? – YES, EVALUATE. Additional software upgrades may be required.
  • Are all of your printers and peripherals compatible with the new software? – YES, UPGRADE; NO, Evaluate extra costs.
  • Will the upgrade cause any other problems? -YES, Evaluate. Obviously, every situation is different.

Still don’t know what to do? Let us evaluate your situation and help you figure it out.  That’s what we do best.

Proactive Computing – Intelligent IT Solutions and Support.

Why Breach Detection Is Your New Must-Have, Cyber Security Tool | TechCrunch

Why Breach Detection Is Your New Must-Have, Cyber Security Tool | TechCrunch.

Cyber attacks are all over the news, and it seems like no one is immune — Home Depot, Target, Adobe and eBay included. So why are CIOs still fighting cyber criminals with one hand tied behind their backs?

Shockingly, most companies are still relying on outdated, only partially effective methods to protect their sensitive data, mainly with technology that focuses on preventing incoming attacks. But actually stopping bad guys from slipping inside enterprise networks and getting their hands on sensitive data is nearly impossible these days. In fact, among organizations with over 5,000 computers, over 90 percent have an active breach of some sort at any given time. What’s worse, those organizations may not even know about it…

…The most concerning part of all this is that very few organizations are now using new breach-detection technologies and can actually discover these ongoing breaches themselves, meaning attacks are even more destructive for their victims. Despite numerous alerts, Target, for example, didn’t detect the recent breach that led to 40 million stolen credit card numbers….Read More

 

 

Dialog boxes may be killing Internet Explorer

Internet Explorer running slow? Dialog boxes could be at fault

Internet Explorer running slow? Dialog boxes could be at fault | PCWorld

 

If you’ve noticed Internet Explorer running slowly lately—or just halting altogether—here’s one possible cause: dialog boxes.

On Friday, the same day that Microsoft recommended users download the latest updates for Windows 7 and 8, Microsoft issued a hotfix for Internet Explorer. According to asupport article issued Friday, “web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time.”

Microsoft issued the hotfix for Internet Explorer versions 7 through 11—basically every major version.

For more information about how Dialog boxes may be killing Internet Explorer, follow the source link below to check out the PC World article to find out how to fix the problem.

via Internet Explorer running slow? Dialog boxes could be at fault | PCWorld.

Looking Ahead To Windows 10 | TechCrunch

A preview of Windows 10 will be made available in either September or October, according to ZDNet’s Mary Jo Foley. That timeline keeps ‘Threshold’ — Windows 10’s codename — out into the public market as a finished product likely in early 2015.

The Windows 8 era isn’t merely closing, it’s racing to an end.

via Looking Ahead To Windows 10 | TechCrunch.

Microsoft pulls update after crashes

Microsoft pulls update

People often ask me why I recommend disabling Automatic updates in Windows. Well here’s one reason…

Apparently this update has been causing crashes and slowdowns. So if you have automatic updates turned on and your PC just recently started acting unbecomingly, this might be the problem.

“Microsoft said that it had discovered three issues with the updates associated with its August updates last week (specifically updates 298279129702282975719, and 297533), otherwise known as the security and feature updates that began rolling out on August 2.”

“Microsoft recommends that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the 2982791 security update.”

Not quite as easy as it might seem. It seems you need to tinker with the registry, which can completely brick your PC if you don’t know what you’re doing.

As a humorous side note, if you are still running Windows XP, you don’t have to worry at all!

Microsoft pulls August Windows update after crashes | PCWorld.

Microsoft will kill support for IE 8, the world’s most popular desktop browser, by 2016 | VentureBeat | Business | by Harrison Weber

Microsoft will kill support for IE 8, the world’s most popular desktop browser, by 2016 | VentureBeat | Business | by Harrison Weber.

They can kill support, but can they make you people who are still using a 4 year defunct browser upgrade…or better yet, switch?  #Chrome

Microsoft will kill support for IE 8, the world's most popular desktop browser, by 2016 | VentureBeat | Business | by Harrison Weber

Support for Windows XP has ended

images

In case you haven’t heard, support for Windows XP has ended. That means no more updates (although there is a hack that can continue updates…ssshhh). Wondering what it means? Do these questions nag you?

What is end of support?
What does this mean?
How do I migrate off Windows XP?
Potential risks of staying with Windows XP

Click for info directly from Microsoft:

Support for Windows XP for Enterprise Business is ending.

Microsoft Announces August Update To Windows 8.1, But Don’t Call It Update 2 | TechCrunch

“This release is somewhat notable as it underscores Microsoft’s faster release strategy for non-numbered releases, which is to say smaller, incremental updates rather than platform-wide releases. If you use a Windows machine, in other words, you can expect your machine to improve month-by-month”.

Microsoft Announces August Update To Windows 8.1, But Don’t Call It Update 2 | TechCrunch.

download