Patch Tuesday May 2017

Patch TuesdayPatch Tuesday May 2017: all the monthly security news you need for your business. Why should you patch all your devices monthly? Patching is your first line of defence against ransomware, viruses and other web nasties.

Microsoft Updates

Microsoft released patches on May 9th that squashed over 50 security vulnerabilities in all their products (including Office for Mac). More details here.

Microsoft also released patches on May 12th for Windows XP and Windows 8 in response to the WannaCry or WannaCrypt ransomware outbreak first seen in Europe. That  was vulnerability was patched for Windows 10 back in March.

Android Agony

Google released more updates to the Android operating system this month. Android is the most popular phone to hack.

However just because Google releases updates that doesn’t mean your phone hardware manufacturer or service provider will actually update your device. The manufacturers and service providers are horrible at testing and releasing these critical updates for the clients.

Security researchers are clamouring for Google to forces the manufacturers and service providers to do something about the sad state of security for Android phones and tablets.

If you have an Android phone, be sure to run any updates to do receive. Also be careful about dodgy apps from the Google Play store and opening links in phishing emails.

Routers to Oblivion

Asus released an urgent patch for all the RT-N model routers this month. Hackers are able to change settings on the router and web hijack your search results.

If you haven’t updated your router in the last month, login to the control panel and do a firmware update now.

Byte of the Apple

Apple released seven security updates May 15th for all their iThingys and operating systems. And watches and Apple TV. More details here.

Be sure to install these updates. Apple products are vulnerable to viruses and web hijacking.

Intel Management Engine Vulnerability

Unbelievably your computer with an Intel processor can be hacked via a webpage.  Hacked at the firmware level so below the operating system and any antivirus software you may have.

The vulnerable chips are found in servers and desktops. However the patch for this flaw is dependent on the computer manfacturer (like Dell, HP, Lenovo) not Intel.

Computers from HP, Dell, Lenovo and Fujitsu are vulnerable. Be sure to install any manufacturer security updates for your computers when they become available.

More on this story here.

An ounce of patching protects from a pound of hacking. Be sure to update all your devices this month.

 

 

 

WannaCry Ransomware

WannaCry RansomwareWannaCry Ransomware (aka WannaCrypt aka WCry): what do you need to know?

WannaCry Ransomware Essentials

Most important points about this ransomware outbreak:

  1. It was patched for Windows 10 and 7 in March
  2. Most computers infected in Europe were running Windows XP
  3. Microsoft released a patch for Windows XP and 8 May 13th
  4. Antivirus vendors updated their software May 12th and 13th to protect against it
  5. If you have a good backup you’re protected.

WannaCry Ransomware Details

Where did it come from? In April, hackers leaked details about a tool that the U.S. National Security Agency was using to spy on computers. The tool was called EternalBlue and it used a vulnerability in Windows. Microsoft had already patched the vulnerability for still supported versions of Windows in March. Because of the outbreak in over 75 countries, Microsoft released patches for Windows XP and Windows 8 on May 13th.

How do you get WannaCry Ransomware? One of the companies infected in Europe has confirmed that the ransomware arrived via a phishing email. Once the ransomware is on the network, it scans for other vulnerable computers to infect.

The reason why the outbreak was so bad in Britain’s hospitals is that they’re still running Windows XP to support legacy hospital equipment.

How do you protect your business?

How do you protect your business from WannaCry and other ransomware?

  1. Patch every month
  2. Educate your employees about phishing emails
  3. Have a good backup
  4. Create a recovery plan

What about antivirus? By the time the antivirus software vendors updated their software, it was game over for all those hospitals in England. In fact the company that used to boost how it totally protected the NHS in Britain now has changed to their advertising to how they understand the security needs of NHS.

You can’t rely on antivirus to protect you from new threats. It only protects you from known, old threats. It’s not your first line of defence. Regular patching is your first line of defence.

Patch Tuesday April 2017

Patch Tuesday April 2017Patch Tuesday April 2017: lots of security showers for your business this month. Please take time this Easter to update all your devices.

Apple Bytes

Apple released a very important update for the iPhone in the last few weeks. This update prevents your phone from being hijacked by drive-by infected routers. Be sure to patch your iPhone as soon as possible.

Apple also released updates for iTunes, Garageband (yes, you can get hacked via Garageband, not a happy tune), mac OS X and all the Ithingys.

There is also a critical security update for Office for Mac. Hackers are exploiting a vulnerability in Word.

Windows 10 Creator Update

Microsoft released a massive update for Windows 10. Most of the changes are not visual so you won’t see the difference. Most of the changes are functional: improvements to Windows Defender, Edge browser and Windows Updates. With Windows Updates, you will finally be able to defer updates so they don’t bork your computer during business hours.

Windows 10 Creators Update pauseOther Microsoft Mayhem

Critical security patch for all versions of Office: yes, it’s 2017 and you can still get hacked via Word.

Microsoft also released patches for Edge, Internet Explorer, WordPad, .NET framework and the list goes on.

Expect these updates to slow down your network while they download and then busy your computer while they install.

Android Agony

Google released a critical update to prevents your phone from being hacked via drive-by wifi.

Five other patches released.

Please update your phone as soon as possible. Android is the next frontier in hacking.

Adobe Hot Flash

There’s a shocker: Adobe released updates yesterday for Flash, Reader and Creative Suite desktop application. Also Photoshop gets patched.

Patch your devices and enjoy your Easter in peace.

 

How to force Windows 10 Creators Update

Windows 10 Creators UpdateHow to force Windows 10 Creator Update: it’s coming April 11. And you want to force this update to fit your schedule.

Why?

This major Windows operating system update takes about an hour to install. Then there’s you’re learning time. You have a busy business and you don’t want this happening during working hours.

How to force

Go to this link Download Windows 10 and install the upgrade assistant (takes about a minute). Then run the update. That takes about 20 minutes. After that you can let it reboot the system for you (handy feature if you want run the update overnight) or you can force it.

Windows 10 Creators Update

Rebooting and Rebooting

Most of the pain occurs on the reboot. When I ran the update on my desktop, it required three reboots and just under an hour for the installation to finish.

Your installation time may be shorter or longer depending on your hardware, disk space and software.

You definitely don’t want this happening during business hours,

Windows 10 Creators Update

Unless you’re using 3D software (or a gamer) you’re not going to see major improvements in the operating system.

Most notable changes are better security and functionality in the Edge browser (which most folks don’t use and it resets your home page without asking) and Windows Defender.

Best change is that after installing the Windows 10 Creator update, you will now have the option to pause updates. Just this week I was at meeting where the presenter’s laptop insisted on installing updates just as he was getting ready to speak. Ouch!

Don’t let Windows 10 Creators Update ruin your work day next week. Force the install now.

Windows 10 Creators Update pause

Router updates

router updatesRouter updates: when was the last time you updated the most important part of your network?

What is the router?

The router is a box that connects your office devices to the Internet. It’s connected to the modem provided by your Internet Service Provider (aka ISP). The router provides the wifi service as well as the connectivity for your devices. It manages the traffic and provides a firewall between your office and the evils of the Internet. The router does all this via firmware which is a kind of operating system. And like operating systems, firmware needs updates.

Lifespan of router

How long do routers last? Usually about 4 or 5 years if they’re updated regularly.

There are exceptions.

Router Problems?

How do you know if you’re having router problems? Internet keeps dropping out or is slow. Wifi is unreliable. Your VOIP phones sound crappy. You keep getting redirected to the wrong web page. And your Internet Service Provider says it’s not their problem.

Problem Routers

If you’ve got a D-Link router, you’ve got a problem. The FCC is suing D-Link right now over their router security problems.

Netgear is also on the bad list. Most of their routers are vulnerable to a hack that is actively being exploited. And there is no patch for most of their models.

Router updates

If it’s older than 4 years, if it’s D-Link or Netgear, I recommend you replace it right away.

And don’t use the router offered by your ISP. First, the routers from the ISP usually have very limited functionality for managing traffic (important for VOIP and VPNs and file shares accessible from the Internet). Second, the ISP doesn’t usually run the updates or even let you know their equipment needs security updates. Third, it makes it easier for them to monitor your network traffic for marketing purposes.

Patch Tuesday January 2017

Patch TuesdayPatch Tuesday January 2017: all the patch news you need for your business this month.

Patch Tuesday January 2017

First some general news. CVE Details, a group that tracks most of the tech world vulnerabilities, released their 2016 list of top vulnerabilities. Android had the most security holes last year but by vendor, Adobe tops the list mainly for Flash.

After analyzing the top list for 2016 by product and vendor, I recommend you patch Android devices first, then Apple devices (both iThingys and OS X devices) and then Microsoft. The reason why I picked Apple is that it is number 4 on the list per vendor (behind Microsoft) but people neglect Apple updates. And they underestimate the threat to Apple products. There are lots of ransomware apps and browser hijackers aimed at Apple products.

Adobe Agony

Adobe Reader UpdateWhat a surprise, yet another Hot Flash update from Adobe this month for both Windows and Mac users. And it fixes vulnerabilities Adobe says are not being used by hackers yet. Give the hackers a day to backwards engineer the patch.

The most appalling update from Adobe this month is for Acrobat and Reader. As usual Adobe is bundling crapware with this security update. But what they are concealing is that in the update is an add-in for Chrome which sends telemetry back to Adobe. So Adobe is using this update to spy on your browsing of PDFs files on the Internet.

You can uninstall this add-in in Chrome but really. This why people don’t like to run updates.

Microsoft Mayhem

Windows UpdatesIt’s 2017, and your computer can still be hacked via Word. It’s amazing.

Besides fixing a Word security problem, only three other updates from Microsoft this month.

I suspect this is a light load while they prepare the new big update for Windows 10 aka Creator’s Update that is due out in the next few months.

WordPress Woes

The WordPress core was just updated last month to version 4.7. And now there is version 4.7.1. This is a security update for vulnerabilities that are actively being hacked. Protect your website and update the WordPress core, all plugins and themes. Be sure to back up your site before you do the update.

An ounce of patching is better than a pound of hacking.

WordPress updates

Patch Tuesday November 2016

Patch TuesdayPatch Tuesday November 2016: lots of security goodness for all your business devices!

Apple bytes

Apple released updates for most of their devices at the end of October as part of their new product rollout. Even the Apple Watch and Apple TV got updates.

Most important were the security updates for OS X Sierra, El Capitan and Yosemite. Be sure to install that update ASAP.

iOS was updated to version 10.1.1. That update applies to iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later.

iTunes and iCloud for Windows were both updated.

Office for Mac was also updated for security by Microsoft.

Microsoft Updates

Microsoft released 14 patches this Tuesday affecting everything. Yes, it will take a long time to download these patches and yes you will have to restart the computer after.

Updates included patches for Office, Internet Explorer/Edge, and various parts of the operating system and the Microsoft version of Flash.

One of the patches fixes a security hole that hackers are actively exploiting.

Adobe Hot Flash

Another lunar cycle and another hot Flash security update from Adobe. Again this patch fixes a security hole that hackers are actively making merry with. You can get this patch directly here.

While there were no new updates for Adobe Reader/Acrobat this month (lots last month), Adobe released a security update for the Windows version of their Connect software.

Android Agony

Google released a big security patch that squashes 82 vulnerabilities for Android. Hopefully your Android vendor will push out the patch to your device.

One big vulnerability, known as “Dirty Cow” , is not yet patched. It’s expected for next month’s round of Android patches.

WordPress and Wix

WordPress core remains at 4.6 but version 4.7 is expected to land soon.

All the popular plugins have updates this month: backupbuddy, iThemes security, Yoast SEO, JetPack.

Check your dashboard monthly for updates

Wix websites need to be patched ASAP as a nasty security hole has been plugged. Check your dashboard or call your website designer to make sure your Wix website has been updated.

A ounce of patching is better than a pound of hacking.

 

 

Patch Tuesday October 2016

Patch TuesdayPatch Tuesday October 2016: all the patch news you need this month for your business.

Windows 10 Woes

Among the 10 patches/bulletins released one week, one of them is a show stopper for Windows 10. As folks have been updating I am getting calls of dead or looping Windows 10 computers. It’s usually happening to computers in 4 years old range. Still investigating but it looks like a patch and some antivirus products are conflicting in the boot process so the computer won’t get even close to the login screen. Yikes!

Other Microsoft updates

Internet Explorer/Edge browse received a big security update. Also all version of Office still supported. Just a reminder Microsoft officially only supports Office 2013, Office 2016 and Office 365 now.

Hot Flash

Another Hot Adobe Flash patch harvest this month. Please Adobe, can you fix your product? Windows updates Flash for Edge as part of Patch Tuesday but if you are running Firefox on top of Windows (like most sane people do) you need to update this separately from the Adobe web site here. Remember to uncheck all the unwanted crapware they insist on bundling with the security update.

Adobe also released security updates for Acrobat and Reader products. In the program, go to Help on the menu and click Check for Updates.

But wait, there’s more. Also an update for Creative Cloud desktop software.

These updates are for both Mac and Windows Users.

Apple forcefeeds Sierra

Unbelievably Apple has taken a page from Microsoft and will automatically download the new OS X Sierra to your Mac if you have updates enabled. Gee what could wrong? Just ask Windows users. Program compatibility issues, hardware issues to name the biggest annoyances.

WordPress Whirlwind

WordPress core is still at 4.3 but lots of updates for plugins. Be sure to backup your website before doing the updates. Also, do the plugin updates in small batches, no more than 3 at a time. Otherwise you can get WordPress wobbles.

Java Jive

Oracle released a critical update to Java October 18th. Java is a plugin required by some websites to work properly. Install this update as soon as possible. If it prompts you to remove the previous version of Java, say yes.

Oracle is being sued in the United States.for how they updated Java in the past without removing the previous buggy versions.

An ounce of patching is better than a pound of hacking.

Patch Tuesday September 2016

Patch Tuesday September 2016Patch Tuesday September 2016: most of your technology needs patching and updating today!

Patch Tuesday Harvest

Adobe, Android, Apple and Microsoft all released critical patches and updates today. Hard to choose which is more critical. I recommend you update Windows, Android devices and then Adobe products based on the number of vulnerabilities patched.  But don’t forget your Apple harvest.

Microsoft Updates

Windows, everything from Windows Vista to the most recent Windows 10 and server products, requires 14 patches most of them critical. You will have to restart your computer after update.

Breakdown details here.

Android Agony

Google released 47 patches for 57 Android flaws. Most of the patches fix malware and privacy problems.

Complete technical breakdown on the Android patches here.

Hot Flash

Adobe released a security patch for our monthly favourite hot Flash.

Also there’s an update for Adobe Digital Editions (Adobe’s ebook reader).

As Flash is a favourite with hackers, you need to update it quickly.

Apple Harvest

Apple released a patch earlier this month for OS X and Safari that blocks the Pegasus spyware. This in addition to patches released last month for iOS products to block the same spyware. Details here.

September 13th Apple released iOS 10. Initially some iPhones were bricked by this update but the problem has been fixed.

Details on the iOS 10 features here.

Also, if you’re running an iPhone 5  or iPhone 5c and you’re worried about how iOS 10 will run on older hardware, it’s been tested. See this review here.

I know September is a busy month for most business owners but do make time to patch.

Patch Tuesday August 2016

Patch Tuesday August 2016Patch Tuesday August 2016: it’s a summer harvest of security updates for everyone.

WordPress

I frequently talk about updating the WordPress core and plugins but when did you last update your theme? Updating the theme for security can sometimes break features on your web site (talk to your web designer).

However theme security is very important. Wordfence released a blog on which themes are hacker favourites.

If you’re using Genesis on your web site, it received an update (see screenshot above) as well as some of it’s child themes.

All the usual plugins (Yoast SEO, security plugins and JetPack) received updates in the past few weeks as well.

Java Jive

Oracle released a new Java version last month. Yes, you need to update Java as it is still required by some web sites to function.

A client asked me yesterday how often Java needs to be updated. Oracle releases Java updates every three months unless there is a significant security update they need to push out.

Apple

Apple released updates for iOS (all your iThingys), iTunes and some OS X updates as well.

It’s not just about security but also functionality. Yesterday I had a client where we couldn’t install the print app for her new printer because her iPad was so out of date.

Polish up your Apples with some updates this month.

Microsoft

Nine updates yesterday covering all Windows and Office products.

There was also a big Windows 10 update that caused problems for some computers. Avast antivirus decided it didn’t like the updates.

Also, increasingly I am getting calls from clients about Office software problems usually right after Office patches have been installed. Here’s a video on how to repair your Office installation.

Be sure to spend some time this week updating your web site and devices. An ounce of patching is cheaper than a pound of hacking.

Repair Office