Our Blog: Stuff we think you should know

Haber Group has been serving the New York area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Search Bar Is Now More Secure

Your Search Bar Is Now More Secure

August saw yet another Patch Tuesday designed to resolve security issues in Microsoft products. Out of the 48 vulnerabilities resolved, 15 affected Windows, while 25 were rated as critical, 21 as important, and 27 that allowed for remote code execution. This might sound a little overwhelming, so we’ll try to simplify it a bit--a lot of flaws were fixed, and the majority of them can be considered dangerous for your organization.

Since only 15 affected Windows itself, you might be wondering where the others were applied. Other Microsoft products, including Internet Explorer, Microsoft Edge, Sharepoint, SQL Server, Hyper-V, and Kernel, all required a response from the developer. Only two of these flaws affected all versions of Windows and Windows Server, yet none of them were being exploited in the wild by hackers trying to find their next victim.

There is one vulnerability, however, that should require your immediate attention, and this is the one which targets the Windows Search function in your device. The vulnerability in question, CVE-2017-8620, can be exploited remotely via Server Management Block (SMB) to take over a system. This includes both a Windows workstation or a Windows Server unit. Thankfully, the flaw doesn’t exist in SMB itself, and is unaffected by the dangerous threats like the WannaCry ransomware and NotPetya.

According to the Windows advisory, the vulnerability is exploited through the way that Windows Search handles objects in memory. Basically, hackers can send specialized messages through Windows Search to change user permissions. Once they have done so, the possibilities are limitless. Hackers could install, remove, or change applications on the targeted device, as well as view, change, or delete data stored on it. Even scarier is the ability to create an entirely new account with full administrator privileges.

This type of vulnerability is something out of a hacker’s dream, allowing them to take full advantage of a victim’s computer with relatively little trouble. The good news is that as long as you apply the required patches and security updates, the issue can be resolved easily enough. How does your organization combat vulnerabilities? You need to implement patches and security updates in at least some capacity, as not doing anything at all is a recipe for disaster--especially with a threat as thorough as the one mentioned above. Thankfully, there is a solution for organizations that either don’t have the time or the resources to implement patches in a timely manner.

Outsourced IT services, including remote patching and maintenance, can be acquired by organizations of all sizes, without breaking your budget or dragging down operations due to maintenance. You can take advantage of enterprise-level solutions designed to help your organization optimize security, without hiring an internal IT department and adding new salaries to your budget. Haber Group can help your business identify and repair weaknesses in its computing infrastructure. To learn more, reach out to us at 866.625.3560.

Our clients that are subscribed to our Managed IT services will be covered and will be getting the Windows updates once it has been fully tested.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, 18 February 2018

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Cloud Hackers Technology Privacy Email Malware Business Internet Hosted Solutions Business Computing Microsoft Computer Software Windows 10 Ransomware IT Services Backup Android Smartphone Small Business Google Network Security Windows User Tips Productivity Mobile Devices Hardware Gmail Data Browser Data Management Efficiency Business Continuity Phishing Internet of Things App Encryption Facebook Office 365 Upgrade Smartphones Saving Money Innovation Outsourced IT Office Tips Microsoft Office Big Data IT Support Tip of the week Artificial Intelligence Word Managed Service Provider Managed IT Services Remote Monitoring Cloud Computing Workplace Tips Data Recovery Employer-Employee Relationship WiFi Chrome Windows 10 Data storage Spam Miscellaneous Money Social Media Disaster Recovery Business Management Firewall IT Support Customer Service Productivity Apple Two-factor Authentication Settings Server Content Filtering Antivirus Cybersecurity Robot Risk Management Government Business Technology HIPAA Computing Automation Google Drive Augmented Reality Infrastructure Safety Communication LiFi Mobile Device Mobile Security The Internet of Things Analytics Scam Bandwidth Tablet Outlook Vulnerability IBM Wireless Search Holiday Apps Customer Relationship Management Data Security Wi-Fi Administration Hacking Virtual Private Network VoIP End of Support Password Mouse Passwords Presentation Managed IT Services Hacker IT Management Avoiding Downtime Network Office Telephone Systems Save Money Virtual Reality Wireless Technology Maintenance Recovery Hosted Solution SaaS Data Backup YouTube communications Unified Threat Management Monitors Printing Data loss Cryptocurrency Public Speaking Running Cable SharePoint Lithium-ion battery Virtual Desktop Network Management BYOD Managed IT Service Managed IT Fraud Laptop Digital Bitcoin Lenovo Applications Information Technology Downloads Computer Care Touchscreen Vendor Management Google Docs Break Fix Fun Shortcut Undo Disaster Halloween Spyware Windows 8 Superfish IT Technicians Google Wallet Multi-Factor Security Training Application Gadgets Writing Dark Web Patch Management Hotspot Virtualization Automobile Uninterrupted Power Supply Scary Stories Paperless Office Drones Google Calendar Users Retail Net Neutrality Language Solid State Drive Sports How To Social Networking Legislation Education Heating/Cooling IT service Social Engineering Humor FCC Deep Learning VPN Computing Infrastructure Hard Disk Drive Firefox User Hacks Budget Comparison Servers Politics BDR sip Title II Bring Your Own Device Alerts Competition Collaboration Buisness Techology Specifications 5G IT solutions Document Management Server Management Tech Support Google Maps How To telephony Online Best Practice Mail Merge Licensing File Sharing Samsung Network Congestion Unified Threat Management Black Friday Statistics Cortana Websites Marketing Storage Microsoft Excel Business Growth Address Cooperation IP Address Downtime Quick Tips Computers Current Events User Error Legal Cyber Monday Bluetooth Dark Data Blockchain Alt Codes Staff Website Cybercrime Corporate Profile Mobile Office VoIP Display Going Green Printer Smart Technology Hard Drives Knowledge Permissions Typing Wearable Technology WannaCry Access Control Mobile Device Management Time Management Operating System Distributed Denial of Service Unified Communications Digital Payment Refrigeration Experience Cabling Chromebook Meetings Cleaning Private Cloud Mobile Data Webcam Emoji Work/Life Balance Error Point of Sale Black Market Law Enforcement Physical Security CrashOverride Twitter Mirgation Staffing Gadget Personal Information Administrator Web Server Remote Computing GPS Computer Repair Cameras Processors Tracking Health CCTV Alert Electronic Medical Records Mobile Computing Identity Theft Travel G Suite Notifications Supercomputer Botnet Upgrades Motion Sickness Taxes Crowdsourcing IT Budget Machine Learning 3D Printing Update Emergency Domains IT Consultant Relocation Unsupported Software