Windows users being exploited due to a TIFF issue

You need to be aware of this… Reposting from one of our partner’s blogs…  WatchGuard:

 

Attackers Exploiting a Zero Day in Windows, Office, and Lync

by Corey Nachreiner

Today, Microsoft released a critical security advisory warning customers of a serious new zero day vulnerability that affects Windows, Office, and Lync.

In a nutshell, the vulnerability has to do with how certain versions of Windows, Office, and Lync handle specially crafted TIFF images. If an attacker can trick you into viewing a malicious image, including ones embedded in Office documents, he can exploit this flaw to execute code on your computer, with your privileges. If you have local administrative permissions, as most Windows users do, they attacker gains complete control of your computer.

McAfee researchers first discovered this flaw being exploited in the wild, and they share some interesting details about the issue on their blog (Microsoft also shares some extra technical detail here). While the flaw lies in Microsoft’s image handling components (GDI+), the public attack actually arrives as a malicious Word document with an embedded TIFF, which the attackers send via email. Microsoft claims attackers are only exploiting the flaw in limited, targeted cases.

Since they just learned about the flaw recently, Microsoft hasn’t had time to patch it yet. However, they have released a FixIt which mitigates the issue. FixIts are not considered full patches, but they can protect you until Microsoft releases their final update. If you use any of the affected versions of Windows, Office, or Lync, I highly recommend you apply the FixIt as soon as you can. Microsoft does also offers a few other workarounds, such as disabling the TIFF codec, or using the EMET tool (something I suggest you do in general), but I think the FixIt is the quickest and most reliable solution.

I’ll continue to follow this issue as it evolves, and will post here as soon as Microsoft releases a patch. — Corey Nachreiner, CISSP (@SecAdept)

Corey Nachreiner | November 5, 2013 at 6:31 pm | Tags: 0day, exploit, Lync, memory corruption, office, remote code execution, TIFF, windows, zeroday | Categories: Security Updates | URL: http://wp.me/pVP8E-1cn

Support for Windows XP and Office 2003 is coming to an end

Support for Windows XP and Office 2003 is coming to an end

On April 8, 2014, Microsoft will end support for the decade-old Windows XP. This means you will no longer receive updates, including security updates, for Windows XP from Microsoft. Support of Microsoft Office 2003 will also be ending on the same date.

Security Risk
Without critical Windows XP security updates, your PC may become vulnerable to harmful viruses, spyware, and other malicious software which can steal or damage your business data and information. Anti-virus software will also not be able to fully protect you once Windows XP itself is unsupported.

Software Issues
Many software and hardware vendors will no longer support their products that are running on Windows XP as they are unable to get the Windows XP and Office 2003 updates. For example, the new Office leverages the modern Windows and will not run on Windows XP.

No One to Call
When problems arise, online and phone-based technical support will unfortunately no longer be available to assist you or your IT partner, leaving you on your own to deal with the problem.

Down Time
The risks of system failure and business disruption could increase because of the end of support, lack of supported software, and the increasing age of hardware running Windows XP.

If that has not convinced you to upgrade, then we should talk further! Give us a call at 864-990-4748 and let us convince you to switch your business over to a modern and supported operating system.

We can upgrade one computer or one thousand. We offer Microsoft licensing sales and consultation, as well as new computers from Lenovo, Samsung, Toshiba, Asus, Acer and our favorite vendor, Nexlink with either Windows 7 or Windows 8, and we offer installation and migration here in the Greenville SC area!

Slow computer – we can fix that! Viruses, spyware, adware, malware clean up in Greenville, SC

Though it is only a small fraction of what we do, when we help a client with a computer that is running slow, it may have the biggest impact on their day-to-day user experience over just about any other service or product we offer.

I was reminded of that earlier today when I received this in email from Jan at one of the local non-profit organizations we serve, Pleasant Valley Connection:

I can’t even believe how much better my computer is working.  I no longer have to wait 30 minutes for an email to go or come.  It’s a MIRACLE – thanks to Mr. H.

It struck me that we probably don’t make a big deal of it and tell everyone that we actually DO clean up computers and remove the malware, viruses, trojans, spyware, ad trackers and bogus search bars, and other things which can have a dramatic impact on the speed of your computer, not to mention the security of your data.

If you didn’t know, then that’s my fault. I am too busy trying to tell you all the big, amazing, high-tech things we do, like IP security cameras that allow you to watch your business from anywhere in the world, or the uber cool Voice over IP phone systems we sell, or access control, etc.

If I have failed you by not telling you that we can make your life better, increase your productivity and the productivity of your users on your business network, thus saving you money, then I apologize. Give us a call or use our contact form and let us know how we can help you.  We work with one single computer you might bring to our office, or we can go to your location and work there on one or one hundred computers.

 

RDX Removable Hard Drive System Test Center approved by CRN

Tandberg Data RDX removable hard drive solutions have been Test Center approved by CRN

Our partner, Tandberg Data has recently had the honor of having their RDX removable hard drive system Test Center approved by CRN.

Click above to link through to the CRN review.

Congratulations to Tandberg for their continued excellence in the field of backup solutions.

If you would like more information about RDX removable hard drive solutions from Tandberg, please use our contact form, or call us at 864-990-4748. We offer sales and support for backup systems in the Greenville SC area.

How To Disable Ad Tracking in iOS7

David Haskins with Haskins PR here in Greenville, SC made the following video which you might find useful. In it, he explains how to disable the Ad Tracking functionality which sends targeted ads to your IOS7 device, a privacy concern for many.

More info about Haskins PR is at www.haskinspr.com or you can reach them at 864-502-8899

iOS 7 is more than just a bunch of pretty changes and features

By now you surely have iOS 7 installed on your Apple iPhone, iPad, or whatever iThing you own. If you are like me, you are happy with the new features, for the most part, and missing some old functionality. If you are really picky, you might have found a dozen little bugs by now, but then again, you could have found the work-arounds either on your own or by googling for them too.

Whether you have updated or not, one thing is for sure, iOS 7 does offer a number of security enhancements.  Without counting them, let’s just say, there are a LOT.  Dozens in fact.

http://support.apple.com/kb/HT5934 is where you will find the list.

So, for those of you who are holding out to update your device because you like what you have, or you don’t care about new features – you may wish to consider it simply as a security enhancement.

One word of warning – the update may take a while…  Start it and go get a bite to eat. I’ve heard some people say it took them several hours, though in my experience it was less than an hour, it just seemed longer.

What ever you do – do NOT hold the power button and force the device down during the update installation. There have been many bricked phones and tablets due to that.  Also, you really should plug it into a power source and have reliable internet access during the update.

Should you have any issues, let us know, we will be happy to assist here in the Greenville, SC area…   864-990-4748

Is your video surveillance system being used to watch you?

Typical video baby monitor

Typical video baby monitor

An article caught my eye the other day, where a hacker had gained access to the video baby monitor a family had deployed. In doing so, they harassed the family a bit by saying their child’s name and moving the camera.

If your video surveillance system is configured to where you have remote access, you could be allowing someone to view what you view, to hear what you hear.

Should you want to secure your camera system, you can do so in several ways:

  • Disable default logins and passwords.
  • Use strong passwords.
  • Place your camera system on non-standard ports.
  • Employ a VPN to connect security to your home or business network.

Need help in the Upstate (Greenville area) of South Carolina? Homeland Secure IT can assist you. We offer sales, installation and support of video surveillance systems, including IP and CCTV.  Call us at 864-990-4748 or use our contact form for more information!

Are you afraid of social media?

I have a hard time trusting people who are not active and open on social media. My perception is that they are hiding something…

What are some reasons for NOT using social media to connect with people and share either your personal or business life (or in my case, both)???

Reasons people might abstain from being social on the internet:

– Owe money – don’t want to be found
– In the witness protection program
– Have multiple personalities (gets too confusing to be logged into the right profile)
– Running from the mob or a drug lord because you ripped them off
– Have multiple girl/boyfriends/husbands/wives and don’t want them to find out about the others
– Do illegal things and don’t want to be discovered by authorities
– Do stupid things (party, etc) and don’t want to be discovered by friends or family
– A “devout Christian” who doesn’t want to let their church know they are in a same-sex relationship, or go out drinking on Saturday
– Avoiding the IRS – Don’t want them to know you are buying new boats and planes
– Paranoid about “them” – because “they” are probably watching you right now. (NSA anyone?)
– Paranoid about identity theft – because there’s absolutely no other way for people to get information about you ;)|
– Don’t want their insurance provider to know they do extreme sports
– Afraid an employer will find out they living beyond their means (stealing from the company, or don’t NEED a raise)
– Job hunting – don’t want potential employers to know they drink every night and sleep late every day
– Really dislike their family and friends and don’t WANT a relationship
– Afraid of connections, commitments, etc.
– Court order forbids them from having a public social media page (or contact with children)
– Lack of technology – No internet access or device with a browser
– A strong commitment to family where they don’t want to miss a moment with their wife or children
– Too darn busy to use Social Media, even when in the bathroom like most people do and had rather spend that “downtime” playing Temple Run or Candy Crush
– Fear of the unknown – just fear in general

Any other reasons come to mind?  Just reply with your comments and let me know.

What about work?

What about at work?   Do you have a business network where you forbid the use of social media sites? Some work places have put in a total block of all social media sites, the firewall stops that activity dead in its tracks on devices connected to that network, however, that does not prohibit employees from using their own personal devices.   This has prompted some businesses to put a strict written policy in place as well which states that an employee can be dismissed just for checking their personal phone, tablet or laptop during business hours.

Homeland Secure IT can help with the hardware and software end of this, should your company want to block usage of social media. We can provide firewalls and/or software to block and/or monitor this type of activity.

We offer tried and true solutions from the brands you know best, such as Cisco, WatchGuard and Trend Micro.

Have a need or wish to discuss this?  Reach out to us at 864-990-4748 or use our CONTACT form.

 

Windows 8.1 could make a lot of people happy

The number one complaint we have heard from purchasers of new machines that come with Microsoft Windows 8 is that the desktop experience is not what they expect. Especially if they do not have a touchscreen.

Typical mouse and keyboard users flip back and forth between the desktop.

Have no fear, Microsoft has had mercy on your soul and the upcoming update will address that issue and many others! Booting directly to the desktop, however, will be the one feature that causes most people to immediately update, and will likely boost new computer sales in our opinion.

Here’s the whole long list of upcoming Windows 8.1 changes as it looks currently:

What’s New in Windows 8.1

We built Windows 8 to bring a modern computing experience to businesses and to help professionals stay connected to their colleagues and clients from anywhere, anytime. Windows 8.1 advances this vision and introduces new manageability, mobility, security, user experience and networking capabilities that will be available later this year – with the goal of offering customers the best business tablets and versatile modern business PCs driven by the most powerful operating system designed for today’s modern businesses.

Below is a list of some of the new and updated features that we invite to you test out when the Windows 8.1 experience becomes available later this month.

Bring Your Own Device (BYOD) Enhancements

Workplace Join

A Windows 8 PC was either domain joined or not.  If it was a member of the domain, the user could access corporate resources (if permissioned) and IT could control the PC through group policy and other mechanisms.  This feature allows a middle ground between all or nothing access, allowing a user to work on the device of their choice and still have access to corporate resources With Workplace Join, IT administrators now have the ability to offer finer-grained control to corporate resources.  If a user registers their device, IT can grant some access while still enforcing some governance parameters on the device.

Work Folders

Work Folders allows a user to sync data to their device from their user folder located in the corporation’s data center. Files created locally will sync back to the file server in the corporate environment. This syncing is natively integrated into the file system.  Note, this all happens outside the firewall client sync support. Previously, Windows 8 devices needed to be domain joined (or required domain credentials) for access to file shares.  Syncing could be done with third-party folder replication apps. With Work Folders, Users can keep local copies of their work files on their devices, with automatic synchronization to your data center, and for access from other devices. IT can enforce Dynamic Access Control policies on the Work Folder Sync Share (including automated Rights Management) and require Workplace Join to be in place.

Open MDM

While many organizations have investments with System Center and will continue to leverage these investments we also know that many organizations want to manage certain classes of devices, like tablets and BYOD devices, as mobile devices. With Windows 8.1, you can use an OMA-DM API agent to allow management of Windows 8.1 devices with mobile device management products, like Mobile Iron or Air Watch.

Mobile Device Management

When a user enrolls their device, they are joining the device to the Windows Intune management service.  They get access to the Company Portal which provides a consistent experience for access to their applications, data and to manage their own devices.  This allows a deeper management experience with existing tools like Windows Intune. IT administrators now have deeper policy management for Windows RT devices, and can manage Windows 8.1 PCs as mobile devices without having deploy a full management client.

Web Application Proxy

The Web Application Proxy is a new role service in the Windows Server Remote Access role. It provides the ability to publish access to corporate resources, and enforce multi-factor authentication as well as apply conditional access policies to verify both the user’s identity and the device they are using resources, and enforce multi-factor authentication as well as verify the device being used before access is granted.

RDS Enhancements

Enhanced Virtual Desktop Infrastructure (VDI) in Windows Server 2012 R2 with improvements in management, value, and user experience. Session Shadowing allows administrators to view and remotely control active user sessions in an RDSH server. Disk dedupe and storage tiering allow for lower cost storage options. User experience for RemoteApps, network connectivity and multiple displays has been improved. Administrators can now easily support users with session desktops to provide helpdesk style support. Administrators now have even more flexible storage options to support a VDI environment without expensive SAN investments. End users will find RemoteApp behavior is more like local apps, and the experience in low-bandwidth is better, with faster reconnects and improved compression, and support for multiple monitors.

NFC Tap-to-pair Printing

Tap your Windows 8.1 device against an enterprise NFC-enabled printer and you’re all set to print. No more hunting on your network for the correct printer and no need to buy a special printer to take advantage of this functionality. Simply attach an NFC tag to your existing printers to enable this functionality.

Wi-Fi Direct Printing

Connect to Wi-Fi Direct printers without adding additional drivers or software on your Windows 8.1 device, forming a peer-to-peer network between your device and the printer.

Native Miracast Wireless Display

Present your work wirelessly with no connection cords needed; just pair with a Miracast-enabled projector via NFC and Miracast will use Wi-Fi to let you project wire-free.

Mobility Enhancements

VPN

We have added support for a wider range of VPN clients in both Windows and Windows RT devices. We have also added the ability to have an app automatically trigger VPN connections.

Mobile Broadband

At Windows 8 launch, the devices had embedded radios that were separate components within the devices.  Windows 8.1 supports embedded wireless radio, which gives you increased power savings, longer battery life, also enables thinner form factors and lower cost devices.

Windows To Go

With Windows To Go in Windows 8.1, the Windows Store is enabled by default. Windows To Go users may roam to any number of machines and access the Windows Store and use Windows Store apps.

Broadband Tethering

Turn your Windows 8.1 mobile broadband-enabled PC or tablet into a personal Wi-Fi hotspot, allowing other devices to connect and access the internet.

Auto-triggered VPN

When you select an app or resource that needs access through the inbox VPN – like a company’s intranet site – Windows 8.1 will automatically prompt you to sign in with one click. This feature will be available with Microsoft and third-party inbox VPN clients.

Security Enhancements

Remote Business Data Removal

Corporations now have more control over corporate content which can be marked as corporate, encrypted, and then be wiped when the relationship between the corporation and user has ended. Corporate data can now be identified as corporate vs. user, encrypted, and wiped on command using EAS or EAS + OMA-DM protocol. This capability is requires implementation in the client application and in the server application (Mail + Exchange Server). The client application determines if the wipe simply makes the data inaccessible or actually deletes it.

Improved Biometrics

All SKUs will include end to end biometric capabilities that enable authenticating with your biometric identity anywhere in Windows (Windows sign-in, remote access, User Account Control, etc.). Windows 8.1 will also be optimized for fingerprint based biometrics and will include a common fingerprint enrollment experience that will work with a variety of readers (touch, swipe). Modern readers are touch based rather than swipe and include liveliness detection that prevents spoofing (e.g.: silicon emulated fingerprints). Access to Windows Store Apps, functions within them, and certificate release can be gated based on verification of a user’s biometric identity.

Pervasive Device Encryption

Device encryption previously found on Windows RT and Windows Phone 8 is now available in all editions of Windows. It is enabled out of the box and can be configured with additional BitLocker protection and management capability on the Pro and Enterprise SKUs. Consumer devices are automatically encrypted and protected when using a Microsoft account. Data on any Windows connected standby device is automatically protected (encrypted) with device encryption. Organizations that need to manage encryption can easily take add additional BitLocker protection options and manageability to these devices.

Improved Internet Explorer

Internet Explorer 11 improvements include faster page load times, side-by-side browsing of your sites, enhanced pinned site notifications, and app settings like favorites, tabs and settings sync across all your Windows 8.1 PCs. Internet Explorer 11 now includes capability that enables an antimalware solution to scan the input for a binary extension before it’s passed onto the extension for execution

Malware Resistance

Windows Defender, Microsoft’s free antivirus solution in Windows 8, will include network behavior monitoring to help detect and stop the execution of known and unknown malware. Internet Explorer will scan binary extensions (e.g. ActiveX) using the antimalware solution before potentially harmful code is executed.

Device Lockdown

With Assigned Access, a new feature offered in Windows 8.1 RT, Windows 8.1 Pro, and Windows 8.1 Enterprise, you can enable a single Windows Store application experience on the device. This can be things like a learning application for kids in an educational setting or a customer service application at a boutique, Assigned Access can ensure the device is delivering the intended experience. In our Windows Embedded 8.1 industry product, we deliver additional lockdown capabilities to meet the needs of industry devices like point of sale systems, ATMs, and digital signs.

Modern UI experience

Variable, Continuous Size of Snap Views

You have more ways to see multiple apps on the screen at once. You can resize apps to nearly infinite sized windows, share the screen between two apps, or have up to three apps on each monitor.

Boot to Desktop

We have made configuration options available which will allow you to boot directly to the desktop in Windows 8.1.

Desktop and Start Screen

Improvements have been made to better support users who prefer a mouse and keyboard experience to access applications.

These are just some of the key features available in Windows 8.1 We encourage you to test out and try these features when you evaluate Windows 8.1 for use both in your work environment as well as at home in your personal life. Please note that Windows Server 2012 R2 may be required in order for some of these features to be available.

Microsoft Office 2003 and Office for Mac 2011 Document Handling Vulnerability

This comes straight from our partners over at WatchGuard Security Center blog and may affect you if you are using Office 2003 for Windows or Office for Mac 2011. We happen to concur with the author’s thoughts that this is probably much more severe than Microsoft’s own rating of “important”.

If you need assistance with this, or any other computer security issue in the Greenville, Spartanburg or Anderson SC area, please call us at 864-990-4748. We are ready to help you!

Office 2003 Document Handling Code Execution Vulnerability

by Corey Nachreiner

Severity: Medium

Summary:

  • These vulnerabilities affect: Office 2003 and Office for Mac 2011
  • How an attacker exploits them: By enticing you to open maliciously crafted Office documents
  • Impact: An attacker can execute code, potentially gaining complete control of your computer
  • What to do: Install the appropriate Office patches as soon as possible, or let Windows Update do it for you.

Exposure:

As part of part of Patch Day, Microsoft released a security bulletin describing a vulnerability in Office 2003 and Office for Mac 2011. Specifically, the Office components used to parse PNG image files suffer from a buffer overflow vulnerability involving the way they handle specially crafted images. By embedding a malicious PNG image into an Office document, and tricking one of your users into downloading and opening or previewing it, an attacker can exploit this vulnerability to execute code on that user’s computer, inheriting that user’s privileges. If your user has local administrative privileges, the attacker gains full control of the user’s machine.

Though Microsoft only rates this security update as Important, since the attack requires user interaction to succeed, we believe it poses a significant risk because many normal users trust Microsoft Office documents. You should patch this flaw as soon as you can.

Solution Path

Microsoft has released an update for Office to fix this flaw. If you use Office 2003 or Office for Mac 2011 you should download, test, and deploy the update as soon as possible, or let Windows Update do it for you. See the “Affected and Non-Affected Software” section of Microsoft’s bulletin for more details on where to find the updates.

For All WatchGuard Users:

Though you can use WatchGuard’s XTM and XCS appliances to block certain files and content, such as Office documents, most organizations share these types of documents as part of normal business. Instead, we recommend you install Microsoft’s updates to completely protect yourself from this flaw.

Status:

Microsoft has released an Office update to fix this flaw.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).