Boost IT

IT Management, Cybersecurity, & Cloud

Windows Updates

ALERT! Badlock Bug in Windows

by

Badlock Bug

On April 12th, 2016, a crucial security bug in Windows and Samba will be disclosed. We call it: the Badlock bug.

Engineers at Microsoft and the Samba Team are working together to get this problem fixed. Patches will be released on April 12th.

Admins and all of you responsible for Windows or Samba server infrastructure: Mark the date. (Again: It’s April 12th, 2016.)

Please get yourself ready to patch all systems on this day. We are pretty sure that there will be exploits soon after we publish all relevant information.

When on April 12th will the patches be released?

Patches will be released around 17:00 UTC. That’s about the same time the Microsoft Patch Tuesday occurs.

Is there a CVE for Badlock?

Yes. Badlock has an assigned CVE. It will be listed here after the patches are released.

Why announce Badlock before April 12th, 2016?

The main goal of this announcement is to give a heads up and to get you ready to patch all systems as fast as possible and have sysadmin resources available on the day the patch will be released. Vendors and distributors of Samba are being informed before a security fix is released in any case. This is part of any Samba security release process.

Weighting to the respective interests of advance warning and utmost secrecy we chose to warn you beforehand, so that everyone has a chance to be ready to install the fixes as soon as they are available. Once the patch is released to the public, it will point to attack vectors and exploits will be in the wild in no time.

Who found the Badlock Bug?

Badlock was discovered by Stefan Metzmacher. He’s a member of the international Samba Core Teamand works at SerNet on Samba. He reported the bug to Microsoft and has been working closely with them to fix the problem.

Information courtesy of badlock.org

Cyber Security Tips for SMBs : Part 4 (Security Patches & Updates)

by

Part 4 : Aren’t Security Patches & Updates Done Automatically?

This is the forth post in a series of cybersecurity tips to secure your network.  Here are the first 3.
Cybersecurity Tips for SMBs : Part I (Anti-Malware Software)
Cybersecurity Tips for SMB : Part II (Firewall Solutions) 
Cybersecurity Tips for SMBs : Part III (Still Need Anti-Virus)

Security Patches & Updates can be installed automatically for some softwares, but not for a handful of the ones that are most vulnerable to viruses and malware. And then there are times when installing the patches or updates fail. Some may say “Who cares about malware?” but malware is how hackers get in to steal your identity or passwords so they can be tested on other sites.  We have written two other posts about The Importance of Anti-Malware Software and The Value of a Hacked PC that prove this.

What’s the difference between a security patch and an update?

A security patch is released to plug a security hole in a software or app.
An update is released to improve or fix the functionality or features of a software or app and can include security patches.

Which Software Patches Do I Need?

  1. Windows Updates (Security Patches & Updates)

    cyber security tips for smbs
    Really? Stop working so I can reboot? Ugh.
  2. Internet Explorer (Security Patches & Updates)
  3. Mac OS X (Security Patches & Updates)
  4. Adobe Flash Player (Security Patches) There are 408 Adobe Flash Player Vulnerabilities to date.

    cyber security tips for smbs
    And you want me to stop working to update Flash player too?
  5. Adobe Reader (Security Patches)
  6. Adobe Acrobat (Security Patches)
  7. Java (Security Patches) There’s a long list of patches for Java on Oracle.com

    cyber security tips for smbs
    Do you really want to install an unknown toolbar?
  8. Firefox (Security Patches & Updates)

And there are more that require updates. TechCruch.com lists security patches for numerous other softwares.

Most updates Still Require a Person’s Approval to Install

There are 3 issues with this.

  • Forget to install the patch or update and the device is at higher risk of infection or being hacked
  • Can you tell whether that pop-up window is fake or not?
  • If the update doesn’t install properly, most people just keep working and no one is notified.
Windows Update Error
What Would You Do if You Saw this Windows Update Error?

What’s My Best Option?

An experienced managed services provider (MSP) can automate the entire process using the Remote Monitoring and Management (RMM) tools built into their Managed IT  platform. They can:

  1. Monitor which software needs patching
  2. Inventory the security updates & patches to be applied
  3. Pre-screen/test all updates (some updates cause problems while fixing others)
  4. Automate installation of security patches & updates behind the scenes
  5. Report failed installations
  6. Schedule manual repair of those failed security patches & updates

And you never have to lift a finger.

What To Do

It’s easier than you think.

With the help of an experienced security professional, create a comprehensive security strategy and stick to it. Many business owners or IT departments put a security plan in place, get to the point that things are performing smoothly, and then make the mistake of deviating from the plan since “nothing is happening” or “some websites are being blocked”.  Security is not static.  Adjustments need to be made.

Protections are happening behind the scenes and some websites are blocked because that’s what the firewall is designed to do to protect you from yourself, and your scheduled security reports should be reviewed so you know you’re getting your money’s worth. Contact Us if you need help. Our managed security patches & updates solution is part of our remote monitoring and management (RMM) component of our Managed IT platform and is very affordable, easy to implement on a small or large scale, and won’t interrupt people’s work.

Spend more time doing what you love and less time worrying about security.

Manage security well and spend more time at the beach.
Spend more time doing what you love.

There are 4 parts to a Great Security Strategy

  1. Anti-Malware Software
  2. Managed Firewall
  3. Anti-Virus Software
  4. Security Patches & Updates

Make sure you get a enterprise level anti-virus software, and have it managed (updated and auto-clean infections, and produce reports) by a professional if you don’t have the skills.  Viper Business Edition and McAfee Business Edition are two great anti-virus softwares we use, but we always use them in conjunction with a managed firewallanti-malware software, and a patch management service, which is part of our Remote Monitoring and Management service. RMM is the foundation of great Managed IT Support.

One Note About Passwords

And, as always, make sure you use strong passwords.  The longer the better and don’t use your sports team name or your birth year, graduation year, etc in it.  Hackers know most people use their addresses and birthdays and kid’s and pet’s names, too.