IE9 & IE10 Vulnerability Exposing Website Login Credentials

An as-of-yet un-patched IE vulnerability is being exploited in the wild by criminals.  Reports are that it is a fast growing,  widely exploited attack that has increased in distribution dramatically over the past few days.  At risk are those running Windows 7 or Windows 8.x that use Internet Explorer version 9 or 10.  Criminals are using phishing attacks and or hacking and infecting high-profile/high-volume websites with the code necessary to inject instructions into the browsers rendering engine.   That injected code then grants them access to login credentials used during the current browsing session.  This of course exposes credentials used for all sorts of sites including banking and finance.  A general fix release has not yet been made available via Windows Update,  but Microsoft has released a fix-it-tool as a temporary work around.

Our suggestion is to switch to Firefox or Chrome if at all possible,  and at a minimum install the temporary patch from Microsoft (included in the links below).

Microsoft Patch : https://support.microsoft.com/kb/2934088#FixItForMe

Alternate Browser Download link Links:
     Chrome : https://www.google.com/intl/en/chrome/
     FireFox : https://www.mozilla.org/en-US/firefox/all/

Further Reading:
    http://technet.microsoft.com/en-us/security/advisory/2934088
    Computer World Article
    http://www.itworld.com/security/406979/ie-zero-day-exploit-being-used-widespread-attacks
   

Target Data Breach : Hows Your Security ?

It’s recently come to light that the Target data breach, in which millions of credit card numbers and pins were compromised,  was accomplished through the usage of a 3rd party HVAC vendors stolen account credentials.  Aside from the obvious questions of  why on earth does the HVAC network come in contact with the financial network, or why would either a 3rd party or the heating and air system personnel have access to financial data – it also brings up plethora of other interesting topics for you to consider with your network.  Hopefully Target has some good answers to the questions above — perhaps the HVAC password was used to gain access to other credentials that had access on financial networks….  whatever their answers may be  — what questions should you ask about your network in light of their revelations ?

With an ever-increasing level of connectivity between ancillary devices and our data networks, careful thought should be given to what devices have access to your data network.   What vendors have you provided critical password or account information to over the years that might not be segmented from your network (Phone vendors,  copier vendors,  HVAC service personnel,  postage machines, CCTV/DVR equipment etc.).  Are those devices and accounts restricted to only the areas for which they need access ?   Do you keep track of and delete/change passwords for these vendors when they are replaced or when begin using a new vendors for various services ?   What is the password policy of the vendor ?  If they are going to require  long-term access to devices on your network,  wouldn’t you like to know how many of their former personnel might know passwords and access-paths to your network.  How do they handle password storage on their end ?

What about your predecessors or current/former coworkers.  How many of them had been given or may have gleaned a critical username or password.  Did they provide (with authority or not) any account information to vendors or 3rd parties.  When an employee/vendor leaves — did you do a complete change of all passwords for all devices and existing personnel they might have known.

Some obvious solutions to Targets issue would be to implement VLAN’s to segment non-critical devices from your data network, and further segment departments where it makes sense.   Separate physical networks when it makes sense to do so.  Implement some policies to mitigate security issues,  and audit your systems to make sure you have good documentation of who has access.  Rotate those passwords periodically,  especially with vendor changes.

As an MSP,  we often have passwords to everything on our clients networks from routers to QuickBooks,  as do most internal IT departments (especially in the small to mid-sized business sector).  It’s not always necessary,  but it is extremely convenient when problems arise,  and convenience is often direct opposition to being secure.  We have and build trust relationships with our clients as professionals,  and provide contracts stating how the above issues are mitigated by our policies and procedures.   Do you use an MSP — and what are their policies on stored passwords and critical network information ?

If you don’t know the answers to the above,   time to do an audit of your accounts and access levels to all your infrastructure,  your topology,  vendor policies,  and possibly your own policies.  Don’t forget to thank Target for the lesson!

Next Step -> Encrypting sensitive data and securing communications

MS announces an update to the Windows 8.1 Update !

The Windows 8.1 update made windows 8.1 a little more user friendly,  giving us a start button back (even if it lacked an actual functional start menu to go with it),  along with the ability to boot to desktop and get quickly back to the desktop when forced to the Metro interface.  Now windows has officially announced an update for the windows 8.1 update.  Microsoft is calling it the ‘Windows 8.1 Spring Update’ — because — yeah,  no idea,    I guess Windows 8.11 harkened to much back to Windows 3.11 for workgroups,  a popular/functional OS ?  (I think most techies around then would agree that windows 3.11 was finally the first really usable version of windows 1,2 or 3 and that given it’s lifespan and widespread adoption — windows 8.11 could have benefited from that comparison … but I digress). 

The focus (thank goodness) of this update appears to be on improvement for non-touch devices.  Microsoft has finally decided that they should provide an OS that works for the 97% of their base who don’t have (and or don’t want to use) a touch screen as their primary input device.   They have therefore added improvements and changes that actually make the OS useful for ‘the rest of us’!   The other major changes will also lower the space and memory requirements to run windows 8.1,  bringing the OS requirements within range of a much wider audience.

Since SP2 usually marks the point where a MS product is stable (in my opinion),  I guess we’ll wait to see if Windows 8,  + 8.1 update,  + Spring Update = a SP2 level product,  or if we’ll still be waiting for an OS on which we can be productive and feel comfortable recommending adoption by our clients,  family and friends.   Right now I highly recommend Windows 8 with no updates to all of our competitors :)

More Reading:
http://wind8apps.com/windows-8-1-update-spring/

FIX : XP svhost.exe / wuauclt.exe causing 100% CPU

UPDATE:  http://redmondmag.com/articles/2014/01/16/windows-xp-resource-hog.aspx
They’ve finally manged to roll-out the fix for the bug that has been causing the windows update issues.

 

Even though XP is shortly to be relegated to Microsoft’s end of product support trash heap,  we still support a number of clients who either haven’t,  or due to legacy programs/hardware cannot update some of their systems.   We’ve recently starting have spurious calls of ‘my machine is very slow’ etc.,  and our techs login to find that the CPU is pegged at 100% (or 50% for those with hyper-threading enabled).   The culprit is the familiar svhost.exe slamming the CPU.  Not uncommon on an infected or problematic machine as this wrapper is responsible for a multitude of services, but no infection was found on most of the machines.

These recent cases have all quickly been tracked back to wuauclt.exe (Windows Automatic Update Client),  disabling auto update and killing the active processes of course fixes the problem,  right up until somebody decides to re-enable it,  or attempt to run updates manually — then it’s back with a vengeance.   Then there is the obvious — even though it’s slated to stop receiving updates in a little more than four months, disabling updates is a poor if not stupid solution.

We’ve finally found the fix that is working for nearly every system with this affliction:  http://technet.microsoft.com/en-us/security/bulletin/ms13-097
For the majority,  those with XP 32bit SP3 up to date with IE8 – the direct link hotfix is here http://www.microsoft.com/downloads/details.aspx?familyid=1dbcb79c-bfb8-4e01-8824-8f834a012091

The real question is why Microsoft hasn’t fixed this issue during the last several ‘Patch Tuesdays’ (several have come and gone while this issue has been occurring,  and even since they released this bulletin).   One might conclude they think there might be an advantage to having customers get frustrated with their aging,  about to be deprecated (for updates) systems,  especially at the end-of-the year and holiday buying season. Surely not J   No matter what,  for those with legacy software and hardware (especially in manufacturing) whom will need their XP systems to operate for a long time to come,  the above fix should help bring some life back to your system.

Brady Tucker
ITSS

Why should you outsource your IT Services ?

Why Outsource ?

Maybe you shouldn’t,  at what point and for what reasons does it make sense ?
      In-House Workload of existing personnel
      Time-Critical operation that needs to be completed now.
         One-Time or Short-Term increase during large desktop migration/rotation, wiring, Server swap ?
      Have a Third-Party overlook your current disaster recovery/infrastructure/Security plans.
  Additional Knowledge or experience that in-house personnel cannot provide.

Optimize your work/data flow.
  Are you utilizing the software and equipment you have to it’s full potential ?  
   Many companies have an SBS server,  and use it only for a file server.
     Host your Own mail.
         Allow secure access to your Smart Phones/travelling clients – seamlessly.
         PUSH e-mail.
         With or without external filtering.
     Host your Own website – rarely a good idea – only if traffic/bw/server exposure make sense.
   Never forget backups/disaster recovery.        

Documentation
  One place for all your logins/passwords
  Kept Up to date
  Time Consuming
  Absolutely necessary to save you time/money if/when disaster occurrs.

Backups
  Not Doing it ?
  Think Your Doing it Right ?
  Test your backups.
  What would you have to do to recover from disaster.
  Tape / Disk
  Offiste

Maintenance
  Slow Machines ?
  Identify Problems with Servers/Hardware before they occur.

Anti-Virus,  Malware
  All-In-One corporate solutions
    Multiple to choose one.  Absolutely critical.
       If you don’t use anything.. we can almost gurantee your already infected.
  Clean-Up process
    Ever evolving, as are the methods, number and cleverness of the attacks.
    We keep up-to-date because,  we have to.
    Save yourself hours of time by utilizing maintenance/Corporate wide AV solutions w/reports

Anti-Spam / E-Mail Filtering / Smart Filtering / White-Listing and Blacklisting
  Corporate Filtering

Our Partnerships