Our Blog: Stuff we think you should know

Haber Group has been serving the New York area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Search Bar Is Now More Secure

August saw yet another Patch Tuesday designed to resolve security issues in Microsoft products. Out of the 48 vulnerabilities resolved, 15 affected Windows, while 25 were rated as critical, 21 as important, and 27 that allowed for remote code execution. This might sound a little overwhelming, so we’ll try to simplify it a bit--a lot of flaws were fixed, and the majority of them can be considered dangerous for your organization.

Since only 15 affected Windows itself, you might be wondering where the others were applied. Other Microsoft products, including Internet Explorer, Microsoft Edge, Sharepoint, SQL Server, Hyper-V, and Kernel, all required a response from the developer. Only two of these flaws affected all versions of Windows and Windows Server, yet none of them were being exploited in the wild by hackers trying to find their next victim.

There is one vulnerability, however, that should require your immediate attention, and this is the one which targets the Windows Search function in your device. The vulnerability in question, CVE-2017-8620, can be exploited remotely via Server Management Block (SMB) to take over a system. This includes both a Windows workstation or a Windows Server unit. Thankfully, the flaw doesn’t exist in SMB itself, and is unaffected by the dangerous threats like the WannaCry ransomware and NotPetya.

According to the Windows advisory, the vulnerability is exploited through the way that Windows Search handles objects in memory. Basically, hackers can send specialized messages through Windows Search to change user permissions. Once they have done so, the possibilities are limitless. Hackers could install, remove, or change applications on the targeted device, as well as view, change, or delete data stored on it. Even scarier is the ability to create an entirely new account with full administrator privileges.

This type of vulnerability is something out of a hacker’s dream, allowing them to take full advantage of a victim’s computer with relatively little trouble. The good news is that as long as you apply the required patches and security updates, the issue can be resolved easily enough. How does your organization combat vulnerabilities? You need to implement patches and security updates in at least some capacity, as not doing anything at all is a recipe for disaster--especially with a threat as thorough as the one mentioned above. Thankfully, there is a solution for organizations that either don’t have the time or the resources to implement patches in a timely manner.

Outsourced IT services, including remote patching and maintenance, can be acquired by organizations of all sizes, without breaking your budget or dragging down operations due to maintenance. You can take advantage of enterprise-level solutions designed to help your organization optimize security, without hiring an internal IT department and adding new salaries to your budget. Haber Group can help your business identify and repair weaknesses in its computing infrastructure. To learn more, reach out to us at 866.625.3560.

Our clients that are subscribed to our Managed IT services will be covered and will be getting the Windows updates once it has been fully tested.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, 23 November 2017

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Cloud Hackers Privacy Technology Email Malware Business Hosted Solutions Microsoft Computer Business Computing Internet Windows 10 Backup Ransomware IT Services Software Windows Google User Tips Productivity Network Security Hardware Smartphone Small Business Data Management Android Data Browser Business Continuity Phishing App Facebook Upgrade Saving Money Smartphones Mobile Devices Gmail Office Tips Microsoft Office Tip of the week Big Data IT Support Word Internet of Things Remote Monitoring Cloud Computing Office 365 Workplace Tips Efficiency Managed IT Services WiFi Productivity Data storage Spam Miscellaneous Artificial Intelligence Social Media Disaster Recovery IT Support Managed Service Provider Customer Service Outsourced IT Apple Settings Server Content Filtering Cybersecurity Robot Data Recovery Risk Management Employer-Employee Relationship Innovation End of Support Safety LiFi Windows 10 The Internet of Things Chrome Analytics Save Money Tablet Outlook IBM SaaS Search Wireless Money Apps Virtual Private Network Customer Relationship Management Unified Threat Management Administration Monitors Hacking Firewall VoIP Managed IT Services Password Passwords IT Management Mouse Telephone Systems Presentation Maintenance Hacker Avoiding Downtime Encryption Office Network Two-factor Authentication Mobile Device Wireless Technology Recovery Hosted Solution Antivirus YouTube communications Printing Computing Google Drive Superfish Spyware Information Technology Undo Multi-Factor Security How To Fun Google Docs Uninterrupted Power Supply Windows 8 File Sharing Halloween Patch Management Samsung Gadgets Scam Network Congestion Google Wallet Application Virtualization Websites Google Calendar Solid State Drive Scary Stories Virtual Reality Vulnerability Users Networking Computers How To Drones Bandwidth Legislation Heating/Cooling IT service Hard Disk Drive Social Sports VPN Data Security Display Firefox Education Humor Deep Learning Comparison Servers BDR Hacks User Government Techology Wi-Fi Budget Google Maps sip Digital Payment Competition Bring Your Own Device Specifications Server Management Mail Merge Buisness IT solutions BYOD Unified Threat Management Automation 5G telephony Best Practice Black Friday Statistics Address Marketing Cortana User Error Communication Quick Tips Computer Care Storage Business Growth Cyber Monday Vendor Management Bluetooth Data Backup Corporate Profile IP Address Current Events Downtime Printer Writing VoIP Legal Training Dark Data Website Alt Codes Automobile Cybercrime WannaCry Mobile Office Going Green Hard Drives Knowledge Access Control Retail Time Management Cabling Typing Business Technology Data loss Mobile Device Management Refrigeration Unified Communications Experience SharePoint Social Engineering Network Management Operating System Infrastructure Public Speaking Cryptocurrency Running Cable Managed IT Lenovo Digital Lithium-ion battery Virtual Desktop Politics Downloads Touchscreen Augmented Reality Disaster Bitcoin Collaboration Laptop Shortcut CCTV Alert Document Management Tech Support Electronic Medical Records CrashOverride Identity Theft Travel Notifications G Suite Supercomputer Botnet Upgrades Motion Sickness Crowdsourcing Taxes IT Budget Machine Learning 3D Printing Update IT Consultant Relocation Unsupported Software Meetings Chromebook Cleaning Private Cloud Mobile Data Mobile Computing Webcam Emoji Work/Life Balance Error Point of Sale Black Market Law Enforcement Physical Security Emergency Paperless Office Twitter Gadget Staffing Domains Administrator Personal Information Web Server Remote Computing Holiday GPS Business Management Computer Repair Cameras Processors Tracking Health