New security threat to Vista

Windows_Dec17_CThere are many popular programs and systems produced by software giant Microsoft. From operating systems to word processing software, businesses use Microsoft’s software on a daily basis. Because of this widespread use, the software often comes under attack. One of the latest known attacks is on Vista, Lync and older versions of Office and Microsoft tackled this last month.

The early November security advisory noted that hackers are actively attacking machines using Windows Vista and Lync, as well as Office 2003-2010 users. If attacks are successful, hackers gain the same access privileges as the user and are essentially able to control your system.

According to the blog post on Microsoft, “The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment. If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document. An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user.”

What this means, is the hacker is sending emails to users with a Microsoft Word document attached. This document contains an image that is broken and by exploiting the bit of code that displays the image, the hacker can gain access to your system.

As stated above, this exploit will only work on systems with Windows Vista, Microsoft Office 2003-2010 and Windows Server 2008, and Lync. If you don’t use the specific versions of these, programs your systems are secure from this particular threat. The other good news about this particular vulnerability is that attacks are mostly limited to the Middle East and South East Asia. That being said, it is only a matter of time before businesses in Europe, Australia and North America are targeted.

Is there anything I can do to protect my business?

Microsoft has released a security update for this fix, and users who have automatic updates enabled on Windows Vista should be secure from it. If you haven’t updated your easiest option is to:

  1. Click Start followed by Control Panel.
  2. Select Security.
  3. Click on Check for updates and follow the prompts.

While this will work to keep your individual systems secure, you may need to update your servers and other software. Your best bet would be to contact your IT partner to see how they can help ensure an update is installed correctly.

It is also be a good idea to put some preventative measures in place.

  • Implement a firewall - Firewalls are a security measure that allow users to set rules about what type of data is allowed to enter or exit a network. This helps ensure that networks are secure and not transmitting potentially harmful data.
  • Email scanning - Many security solutions also offer email scanning. How these services work is they scan emails for either spammy content or attachments that could pose a security threat e.g., broken images, such as in the recent Microsoft exploit.
  • Keeping all systems and programs up-to-date - The best way to prevent security breaches or problems is to keep your systems and all of your programs, even the ones you don’t use, up-to-date. This is because hackers usually go after easy targets, with the easiest being systems that aren’t updated.
  • Watch your attachments - Because this exploit has to be physically introduced into your systems by a user downloading and opening the document, and it is usually attached in an email, you should tell your employees to ensure that they look at the attachments in emails and to not open them if they look suspicious.
  • Update to newer software versions - Windows 7 and 8, Office, and Server 2012 are newer systems, and for the most part remain more secure than their older counterparts. Not to mention the fact that many software developers, security included, mainly focus on the newer versions of Windows. Therefore, it may prove worthwhile updating to newer systems.

If you are looking to learn more about this security problem, how to secure your business or to upgrade to a newer version of Windows, please contact us today to see how we can help.

BCP vs DR - what's the difference?

BCP_Dec23_CIt appears as if there is an increase in disasters striking companies around the globe. From something as small as a hacker stealing important information, to as large as a disaster that leaves your premises in ruins, disaster can strike at any time. Many companies are starting to develop plans to prepare for any disasters, two of the most common being Disaster Recovery (DR) and a Business Continuity Plan (BCP).


Quick Analysis for Excel 2013

Office_Jan02_CThe spreadsheet is one of the most valuable tools available to business managers and owners, and Microsoft Excel is the most popular spreadsheet program. Excel has many features that make it popular. Among the most useful is the ability to create charts and graphs that allow users to visualize their data. Excel 2013 offers a new feature – Quick Analysis – that makes visualizing data even easier.


Is your password secure?

Security_Dec23_CThe number of accounts and websites we have to log in to is growing, and will continue to do so for the foreseeable future. One downside of this increased activity is that security breaches will also continue to rise as well. When it comes to security, often the weakest points are the passwords people use. Far too many passwords are weak and easily guessed, which puts systems and data at risk.


Get more out of LinkedIn

SocialMedia_Dec17_CWebsites like LinkedIn have quickly become the most popular, influential and arguably most useful to business users. LinkedIn is a social network, so if you have a profile it is a good idea to interact with other users. However, it is slightly different than other social media sites in that it’s mainly aimed at businesses looking to to connect with other businesses and professionals to connect with their colleagues.