Executive Summary
- We will be closed Thursday, 24 December and Friday 25 December to celebrate Christmas with family and friends.
- We will be closed on Friday, 1 January 2020 for New Years Day.
- Probably the biggest news for December (so far, 2020 isn’t over yet) is what looks to have been a very successful compromise of SolarWinds with impacts reaching both far and wide including the Department of Energy, National Nuclear Security Administration, Treasury and a who’s who of other critical infrastructure and large enterprise. There’s additional information from FireEye here and Krebs here but, short term, removing anything related to SolarWinds immediately would likely be a good plan.
- Microsoft patched 58 vulnerabilities this month with only nine listed (by both Microsoft and SANS) as critical and none currently being actively exploited.
Microsoft patched 58 vulnerabilities this month, nine were classified [by Microsoft] as CRITICAL and the remaining rated important or moderate.
None of the vulnerabilities are currently being actively exploited but, with vulnerabilities in Exchange Server and Sharepoint server, an abundance of caution would be a good plan. There were also vulnerabilities patched in Windows 10 as well as Windows Server 2016.
As always, don’t be be the low hanging fruit and remember, all the cool kids update!
Additional details on this month’s Patch Tuesday are available on the sites below:
Adobe
Adobe has so far released 14 patches this month, including at least one for Adobe Acrobat for Android.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here and Here including links to download the update(s) and instructions for installation.
Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of? Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?
Cyber Tech Cafe an IT Service Company with a focus on helping small to medium business get the most out of their technology investment. As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.
If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know. We look forward to the opportunity to earn your business.