We Need How Many Updates?

When IT systems are running properly it’s easy to assume everything is OK. But unlike refrigerators, information technology needs frequent attention to keep everything running smoothly – particularly regarding security updates and patches.

Servers, desktops/notebooks/tablets/handhelds/smartphones, firewalls, switches, and even printers are complex devices made up of thousands of parts and often millions of lines of software code. It’s unavoidable that hardware and software will need some updates as bugs and functional issues are found. Some of these are from issues ‘missed’ during initial design, but many updates are in response to interoperability issues with other vendor products, newly released technology, and new threats.

As a result many vendors release monthly updates for their products and more critical updates as they occur. Some of these are automatically installed although some require manual attention. So to help you understand why it’s so important (and often legally required) to keep up with these updates, here’s a summary of what’s been released just this month.

Microsoft is releasing 79 patches (22 identified as critical) including a critical fix for Windows (CVE-2019-0863) that is so important they are even releasing a version for the long-since unsupported Windows 2003 Server and Windows XP. They also have a patch for a just-discovered bug with Intel CPUs. Some of the required updates will require going back to hardware manufacturers to download new firmware.

Just so you know Microsoft isn’t a solitary bad example, Apple has also released fixes for every Mac and MacBook released since 2011.

Then Google has patches out for Android and Chrome. Mozilla is preparing a long-term fix for it’s FireFox browser. That’s due May 21.

But this month I think Adobe holds the record with patches for Flash, 83 individual vulnerability patches for Acrobat/Reader, and media Encoder.

So what’s the takeaway? Your business has to keep up with these patches and updates to stay safe and to show compliance with security and privacy laws. Doing it manually is almost impossible and even if you did have the luxury of someone to run around doing all this, how would you track what’s been done?

One of the easiest ways is to use a package like MicroData’s Essential Care Managed Service. You can learn more at microdata.com

Everyone stay safe out there!

Windows 7 and Server 2008 R2 Critical Patches

If you have any computers running Windows 7 or Server 2008 R2, heads up! The previously released patches for Meltdown actually opened up another vulnerability – much worse than what was exposed by Meltdown.

According to researcher Ulf Frisk who previously found glaring shortcomings in Apple’s FileVault disk encryption system, the early Microsoft patches left a crucial kernel memory table readable and writable for normal user processes. Or in non-technical speak, the vulnerability allows any program or application of any logged in user to manipulate the operating system and extract and modify any information in memory.

Ouch!

The regular batch of March patches from Microsoft contained a fix but Microsoft has released a subsequent special emergency fix for this issue. So if your Windows 7 and 2008 R2 machines aren’t set for performing regular updates for critical patches, you should apply that special emergency fix as soon as practical. You can download that patch here. Other versions of Windows aren’t affected.

If you’re a MicroData customer with any of our Managed Service or Security service plans, this issue has already been automatically taken care of for you.

Everyone stay safe out there!