Don’t Panic, but Microsoft Needs You to Apply Some Updates ASAP

Right on the heels of us watching Windows 7 fade into the sunset, Microsoft has caused panic by announcing on Tuesday two serious flaws in a number of their products.  The flaws are so bad that the Department of Homeland Security (DHS) has issued a directive to all federal agencies to fix it within 10 days.

“Ok now I’m panicking!”

First, stop panicking.  We have time to talk about this!  You may remember, we call those flaws “vulnerabilities”.  They are holes in the code on your IT devices, that when left unpatched, can allow hackers to use them to their advantage.  Like an open back door to your house, if you don’t know it’s open, a stranger could walk right in.

In Microsoft’s case, the vulnerabilities were kept secret until Tuesday, when Microsoft released its monthly updates for January.  In releasing the update, they disclosed that there were two major issues that impacted a number of their products, specifically:

• Windows 10

• Windows Server 2012

• Windows Server 2016

• Windows Server 2019

These vulnerabilities have gotten the cybersecurity industry talking.  Luckily, we’re not going to dive into the specifics of Elliptic Curve Cryptography (ECC) as this is the ACT, but you bet we’re going to tell you what you need to do to protect yourself!

“Right, so what do I do?”

You may remember from a previous post the idea of “vulnerability management”, which is composed of five key concepts: Identify, Evaluate, Remediate, Validate, Repeat.  Let’s use this model to lay out an action plan for how to protect yourself:

IDENTIFY

Done.  We know there’s a problem because Microsoft, DHS, and even the ACT have told you!

EVALUATE

Now you need to ask yourself which of these products you use.  At home, you probably have Windows 10. At work, you may have all of the items on the list.

REMEDIATE

The good news: Microsoft has already released a patch for this vulnerability!  All you have to do is go install it. Check your updates on your Windows 10 computer and get them installed.  If you have servers at your work, make sure you get the updates installed as soon as possible. It doesn’t have to be today, but don’t dilly dally.  This isn’t an update you can put off.

If you use a contracted IT group to install updates every so often (say every other month), call them right now and tell them you need them installed this month.  Have them take the time to test that the updates work and won’t break anything if installed, but don’t delay installing them for more than a month. By then, hackers will be using the vulnerability to launch cyber attacks and that could spell disaster.

VALIDATE

Make sure that the updates are installed correctly!  Check that the Windows Update is showing zero updates available, and ask your IT person at work to show you that the updates have been successfully installed.  If they haven’t checked, you’re still at the same risk of being hacked as before. Even better, have Hive Systems stop by and run a Vulnerability Assessment to make sure that you’re not vulnerable any more.  We’re ready to help, so let’s talk.

Follow us - stay ahead.

Read more of the ACT