11
Jan, 2021
99522290_update_400.jpg

Why Is It Super Important to Keep Your Software Updated?

99522290_update_400.jpg

Your business’ software is one of its critical assets, so it really can’t also host many risks to your security and business continuity. Therefore, keeping your software up-to-date and fully patched should be a priority. Let’s go over what patch management entails and why it is so important.

What Causes Software Vulnerabilities?

Many people might incorrectly assume that, once a software is released and paid for, it won’t be the source of any major security issues from that point forward. Unfortunately, this isn’t entirely accurate. As hackers and cybercriminals work to identify vulnerabilities in the code that software developers have created, the software developers will fight back by creating patches to resolve these vulnerabilities.

This pattern continues until the software is eventually abandoned for a new and improved option, much like we’ve seen with the progression of the Windows OS. The reason that we are so adamant that everyone needs to migrate away from the antiquated Windows 7 is because hackers have had years to devise new ways of undermining its security while Microsoft has shifted focus to its later iterations of the operating system.

Regardless, this cat-and-mouse game goes on, with consumers, business owners, and IT admins caught in the crossfire.

Without consistent updates, all software titles can potentially be leveraged against the user—and with so many kinds of software in use within a business, there needs to be a process to ensure that they are all attended to on desktops, laptops, servers, and mobile devices alike. A good rule of thumb: if a software title interacts with the Internet, its software will need to be updated eventually.

Defining Patch Management

Patch management is the process by which a business ensures that updates and patches are applied to all vulnerable pieces of software. Whether it’s a productivity solution, communication and collaboration tool, digital security measure, an operating system, any kind of software under the sun could potentially be a risk that needs to be promptly addressed.

While this makes patch management an essential part of operating securely, it can be notoriously time consuming to dive into. This is why our team at NuTech Services utilizes cutting edge technology to see to our clients’ software solutions and keep them patched and upgraded. As a matter of fact, the technology we use keeps watch over our clients at all hours to ensure that all applicable updates are properly implemented.

Reiterating Why Patch Management Matters

Let’s touch back on Windows 7 once again, as the issues it causes are severe enough to bear repeating. As these words are first being written, almost 20 percent of PC users are still using Windows 7, despite Microsoft abandoning support for it a year ago in January 2020.

This effectively makes Windows 7 a clear and present danger for anyone using it—to the point that the Federal Bureau of Investigation effectively begged users and businesses to abandon it in a press release this past August.

For assistance with your patch management processes and the upkeep of your assorted IT solutions, reach out to the experts we have here at NuTech Services. Our team will be here to assist you behind the scenes, all you need to do is reach out to us at 810.230.9455 for more information.

18
Nov, 2019
cloudupdate_68996071_400.jpg

Software Patching in the Cloud

cloudupdate_68996071_400.jpg

A lot of computing is done today using cloud computing – basically, making use of the computing power, space, and applications that a provider has on their infrastructure as if they were your own. Doing so can provide a very specific benefit to your security, but, have you ever wondered how the cloud itself is protected? 

With so much computing now done in cloud environments, it is important to address how this approach can benefit security, but still need to be secured.

How Patches Benefit from the Cloud

It isn’t a secret that any kind of software, from applications to entire operating systems, can have holes in it. These security flaws and issues could easily leave a business vulnerable to attack if they aren’t resolved. This is why software developers will issue patches, which are just corrections to these mistakes, for users to install. By applying the patch, the user is protecting themselves from threats that would otherwise exploit that vulnerability – but just on the system where the patch is installed.

Now, consider how many computers some companies use, and all of the different software titles that would be found on each.

Can you imagine going to each one and applying an update, each time a patch was released? Furthermore, you have to consider that more and more devices are mobile nowadays. This means that there is no guarantee that every device is present when someone goes on their patch application marathon. Factors like these frequently lead to incomplete patch deployments, and as a result, holes in organizational security.

However, by utilizing the cloud as you manage your organization’s patches, the device no longer has to be present in order to receive the patch. Instead, the cloud can be used to push it out to all of your devices, so once they connect to the Internet, the patch will be implemented. This means you can keep your employees using the solutions you want them to use, assisting both your productive operations and your security.

How the Cloud Benefits from Patches

However, it is important to take note that all the cloud is, is a computer located somewhere else (often owned by someone else). As a result, it can also be vulnerable to flaws and issues of their own – which is why you need to be sure that your cloud provider is properly maintaining the cloud solution with its own patches. This is especially the case if you are using an internal cloud solution.

NuTech Services can help you keep up on your updates, whether they involve the cloud or not. Reach out to us at 810.230.9455 to learn more about our services.

28
Oct, 2019
bug_216065370_400.jpg

Microsoft Releases Rare Bug Fix Off of Regular Patch Schedule

bug_216065370_400.jpg

Most of us like to take matters into our own hands, almost to a point where we might refer to ourselves as control freaks. So, when it comes to letting other people or even our own devices update themselves, we tend to click “remind me later” or “don’t ask me again”. Patches however, are a crucial task in the computing era. Keeping everything up-to-date aids your business in staying one step ahead of lurking threats. Recently, Microsoft announced that it had two major security updates which required emergency patches. 

The two vulnerabilities were patched off of Microsoft’s typical “patch Tuesday” due to the urgency. Most Microsoft patches are released on the second Tuesday of the month. The fact that these two were released ahead of time might seem like an insignificant occurrence, but the reality is this event is a major red flag.

Internet Explorer Zero-Day

The most significant patch was for a zero-day vulnerability that was found in Internet Explorer. It may be hard to believe, but people are indeed still using this antique browser to surf the web. The term zero-day suggests that the vulnerability that was discovered, had already been exploited by ill-minded cybercriminals. 

While not much information has been released on the event, Microsoft did call it a remote code execution exploit that, if accessed, could have given a user control of another user’s account. The attack requires phishing someone who is exploring the internet on Internet Explorer, and luring them onto a malicious website. Once there, an attacker would be able to gain access over the victim. 

Internet Explorer is such a forgotten browser that the event did not spark a lot of controversy. This is largely due to the fact that Internet Explorer makes up just two percent of the active market share. However, for the relatively small amount of users that continue to surf, an event like this is still a huge disaster. 

Microsoft Defender DOS Bug

The second patch that Microsoft expedited was a denial of service vulnerability in Microsoft Defender. The antivirus program comes standard in all Windows 10 PCs, and truly is the core of Windows 10’s sterling security record. 

The bug that was discovered wasn’t necessarily obvious, or easily exploitable. In order to do so, the attacker would need the ability to read, understand, and write code. Doing so would allow them to disable Windows Defender components, giving the attacker access. This would give them free rein to do whatever malicious act they chose to deploy. 

Patches aren’t optional. If you are worried about your business’ vulnerability, speak to one of our experts at NuTech Services. We have the know-how to keep your software up to date. Give us a call at 810.230.9455 today! 

7
Aug, 2017
patching_information_400.jpg

Security Terms That Every User Needs To Know

patching_information_400.jpg

Chances are that you’ve seen quite a lot of stories on the Internet, or in the news, about the many security threats out there. Some of these, including ransomware, exploits, and reluctance to update software, might fly over your head if they’re not part of your everyday business vocabulary. Knowing what these terms mean is of the utmost importance in today’s workplace. We’re here to help you understand what some of these security terms mean for your organization.

Ransomware like WannaCry are one of the primary reasons why it’s so important to understand how network security works, and all of the terminology behind it. After all, hackers understand how to exploit your network’s weaknesses, so you’ll want to know all about the primary way to protect your business’s data from them: security patches.

These patches are issued by software developers to resolve certain issues or troubles found in their products. For example, a patch might be designed to address a recently found vulnerability in the program’s code, or resolve a particularly troublesome issue with the user interface. Understanding how these patches work is critical if you want to ensure the security of your business, your personal computer, and everything in between. Here are five of the most common terms used when speaking of security patches.

Patch Tuesday
Even if you allow your computers to update and install patches automatically, you should still have an idea when these patches are installed. Microsoft has a set schedule that they use to release these patches. They are released on specific days of the week, including the second Tuesday of each month, and sometimes the fourth as well. Perhaps in the future, data exchange will allow newer operating systems to be updated more frequently, or at the very least in real time, keeping your systems more secure.

Security Patching
Patches are basically issued to fix something that’s wrong with a computer application or program. It is these patches and updates that are provided on all of the official patch days, like Patch Tuesday. Of course, immediate patches to imminent threats of Microsoft’s software are issued for release as soon as one is created. These zero-day threats are so dangerous that they need to be resolved as soon as possible, making them top-priority for your organization.

Hotfixes
These are sometimes called quick fix updates, quick-fix engineering updates, and general distribution releases. These hotfixes generally include a patch that fixes just one small thing wrong with your application. These small issues are usually important enough that they need to be issued immediately without waiting for the next batch of patches. Even though Microsoft has long since forsaken the term “hotfix” specifically, it’s still used as a common way to refer to these fixes in the technology sector.

Zero-Day Threats
These types of weaknesses are those that are being used by hackers even before they are discovered by security professionals. The name “zero-day” refers to the fact that the software developers have no time, or zero days, to develop a patch to resolve the issue. These are some of the most dangerous threats out there, and need to be a priority for companies trying to keep damage to a minimum.

Whitelisting
Whitelisting is the process through which a patch or application is deemed secure or safe for your business. This allows your whitelisted app to access information found on your network. Contrary to whitelisting, blacklisting is the process of banning network access to certain apps. Whitelisting was a popular term used to discuss the security patch resolving the issue with the WannaCry ransomware, as IT departments wanted the patch to be “whitelisted” first to guarantee that the patch would be enough to stop it.

Is your business security-savvy enough to identify major problems with your network infrastructure? To learn more about how you can protect your business, reach out to us at 810.230.9455.

19
Dec, 2016
shift_and_f10_400.jpg

How 2 Keystrokes Can Bypass the Security of Windows

shift_and_f10_400.jpg

Usually, when a troubleshooting feature is put in place, it is meant to assist the user in resolving an issue. However, one such feature in Windows 10 could ultimately lead to more problems, as it also can serve as a free-ride vulnerability for an opportunist bystander.

Security expert Sami Lailo discovered that if someone keys in Shift + F10 during a ‘Feature Update’ in Windows 10, they are able to access a Command Prompt window with Admin privileges. Compounding this with the fact that Microsoft updates disable BitLocker while they are in progress, means that someone could feasibly access the hard disk without the aid of any external device.

If that someone happened to be ill-intentioned, they could potentially wreak havoc through the command-line interface. Admittedly, the perpetrator would have to move quickly, but if they had come in with a plan and the foreknowledge of a Feature Update being implemented, they would have plenty of time to do what they had come to do.

Lailo reached out to Microsoft, and the company is now working to resolve this issue.

The current fix? Don’t leave an updating workstation unattended, despite the long periods of time updates can sometimes take.

Once Microsoft releases a patch, businesses and organizations will want to apply it. Keep in mind, any NuTech Services clients on our managed services will have the update applied once it is tested. Give us a call at 810.230.9455 to learn more.