December 2024 News & Updates

Dec, Wed, 2024
nathan
CTC NEWS , Industry News , Monthly Newsletters , Tech news

Policy Update – Starting 1 January 2025, a 3% surcharge will be added to any credit card payment of $1,000 or more. Additional information is available on our policies and procedures page here.
New Email Security Partner – We are excited to announce our new partnership with Proofpoint and the Proofpoint Essentials email security platform. The Proofpoint platform includes basic email security features similar to what we were able to offer through AppRiver and adds an impressive array of additional features including seamless integration with Microsoft 365 and Exchange, email encryption, Data Loss Protection (DLP), Social Media protection, Security Awareness Training, One-Click Message Pull to remove malicious emails from user inboxes, emergency mailbox access and more. We will continue supporting clients wishing to remain with AppRiver but are happy to discuss migrating to the new platform.
Upcoming End of Life for Windows 10 – We’re officially under one year before the Windows 10 End of Life (EOL), currently scheduled for 14 October 2025. Prior to that date, you will need to make certain that all Windows 10 computers are either upgraded (Windows 11 Requirements) or replaced. Additional information is available from Microsoft here.
Holiday Schedule
- Christmas – We will be closed Tuesday, 24 December and Wednesday, 25 December 2024 for the Christmas holiday and the office will open for regular business hours on Thursday, 26 December 2024.
- New Year – We will be closed Tuesday, 31 December 2024 and Wednesday, 1 January 2025 for the New Year holiday and the office will open for regular business hours on Thursday, 2 January 2025.
Client Forms – In an effort to make requesting support easier for common tasks (onboarding and offboarding users, for example), we are launching a number of forms that clients can use to request support. Links to the forms are located at the top of our website under Client Forms.

Updates

Patch Tuesday, December 2024, the last scheduled updates for 2024 from Microsoft. In this release, Microsoft has patched 70 (or 71, depending on who you ask) bugs including one actively exploited zero day (CVE-2024-49138, a vulnerability in the Common Log File System), 16 Critical vulnerabilities including one Remote Code Execution vulnerability (CVE-2024-49112) with a CVSS score of 9.8 (out of 10, that’s bad) and then 54 vulnerabilities rated as Important. Something that struck me as interesting is that nine of the critical vulnerabilities are in Remote Desktop and Remote Desktop Services. Remote Desktop and Remote Desktop services are tools that can be used to get “console access” to computers remotely and it’s baked into most Windows versions. Unfortunately though, it’s not terribly secure even if there aren’t critical vulnerabilities in it. It can still be used, but the best practice is to secure it behind a VPN connection. A quick Shodan.io search returns 1,688 RDP servers open and waiting for someone to connect to them at the time of this post. If your company has or needs remote desktop access and you’re using or considering Remote Desktop, please reach out to your IT Support Team before you do. In many cases, your firewall may be able to provide the VPN connection that you need to make it secure. If not, your IT Support Team may have alternatives (all of our MyIT clients have access to Splashtop to securely access any or all of their managed endpoints). Ultimately though, exposing Remote Desktop or Remote Desktop Services to the Internet is just not a good plan and should be avoided if at all possible.

Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’. These updates are categorized as Low, Moderate, Important or Critical. Details on the categories are available here. The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server. If you have one or more of these products installed, especially if the update is listed as Important or Critical, it’s important that the updates are installed.

Additional details on this months Microsoft updates are available from Krebs on Security, SANS Internet Storm Center, Tenable, Bleeping Computer and the Patch Tuesday Dashboard.

Adobe has patched a (relatively) whopping 18 bugs this month, including several that are rated critical, across it’s product line including Acrobat and Reader, After Effects, Animate, Bridge, Connect, Experience Manager, FrameMaker, Illustrator, InDesign, Media Encoder, PDFL SDK, Photoshop, Premier Pro, Substance 3D Modeler, Painter and Sampler. It is worth noting that this is the first bug patched in Reader in three months.

Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month. Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products. Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc

Additional details are available from Adobe Here including links to download the update(s) and instructions for installation.

Need IT Support for your Home or Business? We’d love to help!

Are you a small to medium sized business looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of? Are you looking for an IT Service Provider who understands small to medium sized businesses needs and the challenges that we face that can work with you to grow your business rather than just sell you time?

Cyber Tech Cafe an IT Service Company with a focus on helping small to medium business get the most out of their technology investment. As a small business ourselves, we understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call “MyIT” that are designed to address the most common concerns (patch management, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.

If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know. We look forward to the opportunity to earn your business.

Article Submitted by Nathan J. Underwood, CEH