Executive Summary
- Happy New Year. We hope that you were able to enjoy time with family, friends and loved ones over the holidays and that you’re doing well in the New Year.
- Microsoft is getting the year off to a rough start, patching 80 vulnerabilities including one that is being actively exploited.
- Ubiquiti noted Monday that it had “…became aware of unauthorized access to its systems hosted by a third-party cloud provider…”.
- Adobe Flash Player is officially end of life.
- We are excited to announce that we will be looking into more / different / better ways to interact with you over the coming weeks and months. I don’t have a lot of details available to share at the moment but announcements will be made on our website and mailing list as we’re able to share more.
Updates
Microsoft released updates to address 80 vulnerabilities this month including 10 that are considered critical, meaning that an attacker could exploit the vulnerability remotely with no user interaction required. There’s a lot of focus on two of the updates in particular, one in Microsoft Defender (CVE-2021-1647) that’s widely considered to be trivial to exploit and requires no user interaction (simply get an infected file onto the system and Windows Defender will access it automatically) and CVE-2020-1660, another remote code execution (RCE) flaw that got a CVSS score of 8.8 out of a possible 10 (very bad).
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critcial, it’s important that the updates are installed.
Additional details on this months Microsoft updates are available from Microsoft, Brian Krebs, SANS (who note 130 updates) and ZDNet.
Adobe has so far released 7 updates to products including Bridge, Captive, InCopy, Campaign Classic, Animate, Illustrator and Photoshop More important news from Adobe though is that Adobe Flash Player is finally end of life.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here and Here including links to download the update(s) and instructions for installation.
Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of? Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?
Cyber Tech Cafe an IT Service Company with a focus on helping small to medium business get the most out of their technology investment. As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.
If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know. We look forward to the opportunity to earn your business.