September 2021 News & Updates
Executive Summary
Lots going on in September including updates from the usual suspects (Microsoft and Adobe) but also a couple of significant releases from Apple and Chrome this month.
- Test your backup – Many organizations, especially in the wake of so many ransomware attacks, have implemented backups. Few though think to test those backups to make sure that they’re working. Simply restoring something from the backup to make certain that a) the backup is running and b) you can recover what it’s backing up is usually sufficient. If you don’t have a backup or aren’t sure when the last time it was tested (if ever) was, we’d love to help. A monthly test of your backup is included as part of all of our MyIT Plans.
- Cyber Risk Insurance – If your company is applying for or renewing your Cyber Risk Insurance and you have questions about the requirements, we’d love to help. Our MyIT Program is built specifically around The 18 CIS Controls and, as a byproduct, generally meets or exceeds the requirements for most policies.
- Enhanced Patch Management – Our Enhanced Patch Management continues to be a huge success for our MyIT Clients. If you don’t have a way to curate, install and track vendor updates that are vital to maintaining the stability and security of your systems, we’d love a chance to talk to you about how our MyIT program can do that (and much more). We have made a small adjustment to the reboot requirement for updates to display the reboot notification for a full hour before automatically rebooting. Additionally, for non-critical updates, the user has the option to delay the reboot for up to eight hours.
Updates
Microsoft released updates to address 86 vulnerabilities this month including three that are considered critical, meaning that an attacker could exploit the vulnerability remotely with no user interaction required and 2 have been previously disclosed. According to Microsoft, at least one of the vulnerabilities was previously disclosed and is being actively exploited in the wild.
Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critcial, it’s important that the updates are installed.
Additional details on this months Microsoft updates are available from Microsoft, Brian Krebs, SANS and ZDNet.
Adobe released 15 updates this month (so far) including critical updates to products ranging from Acrobat and Acrobat Reader to Photoshop to Cold Fusion, Framemaker and the XMP Toolkit SDK.
Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).
Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.
Apple issued an emergency update to address a bug that’s already being exploited to allow attackers to install malware on iOS products. The vulnerability is rated as High (CVSS 8.0) but has been patched by Apple in all known vulnerable products. Additional details are available in the National Vulnerability Database and from Apple.
Google has also jumped into the frey this month with a new version of the Chrome browser that addresses nine vulnerabilities that are currently under attack. in the wild Additional information on Google Chrome bugs are available here.
Need IT Support? We’d love to help!
Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of? Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?
Cyber Tech Cafe an IT Service Company with a focus on helping small to medium business get the most out of their technology investment. As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.
If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know. We look forward to the opportunity to earn your business.