Our Blog: Stuff we think you should know

Haber Group has been serving the New York area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Search Bar Is Now More Secure

August saw yet another Patch Tuesday designed to resolve security issues in Microsoft products. Out of the 48 vulnerabilities resolved, 15 affected Windows, while 25 were rated as critical, 21 as important, and 27 that allowed for remote code execution. This might sound a little overwhelming, so we’ll try to simplify it a bit--a lot of flaws were fixed, and the majority of them can be considered dangerous for your organization.

Since only 15 affected Windows itself, you might be wondering where the others were applied. Other Microsoft products, including Internet Explorer, Microsoft Edge, Sharepoint, SQL Server, Hyper-V, and Kernel, all required a response from the developer. Only two of these flaws affected all versions of Windows and Windows Server, yet none of them were being exploited in the wild by hackers trying to find their next victim.

There is one vulnerability, however, that should require your immediate attention, and this is the one which targets the Windows Search function in your device. The vulnerability in question, CVE-2017-8620, can be exploited remotely via Server Management Block (SMB) to take over a system. This includes both a Windows workstation or a Windows Server unit. Thankfully, the flaw doesn’t exist in SMB itself, and is unaffected by the dangerous threats like the WannaCry ransomware and NotPetya.

According to the Windows advisory, the vulnerability is exploited through the way that Windows Search handles objects in memory. Basically, hackers can send specialized messages through Windows Search to change user permissions. Once they have done so, the possibilities are limitless. Hackers could install, remove, or change applications on the targeted device, as well as view, change, or delete data stored on it. Even scarier is the ability to create an entirely new account with full administrator privileges.

This type of vulnerability is something out of a hacker’s dream, allowing them to take full advantage of a victim’s computer with relatively little trouble. The good news is that as long as you apply the required patches and security updates, the issue can be resolved easily enough. How does your organization combat vulnerabilities? You need to implement patches and security updates in at least some capacity, as not doing anything at all is a recipe for disaster--especially with a threat as thorough as the one mentioned above. Thankfully, there is a solution for organizations that either don’t have the time or the resources to implement patches in a timely manner.

Outsourced IT services, including remote patching and maintenance, can be acquired by organizations of all sizes, without breaking your budget or dragging down operations due to maintenance. You can take advantage of enterprise-level solutions designed to help your organization optimize security, without hiring an internal IT department and adding new salaries to your budget. Haber Group can help your business identify and repair weaknesses in its computing infrastructure. To learn more, reach out to us at 866.625.3560.

Our clients that are subscribed to our Managed IT services will be covered and will be getting the Windows updates once it has been fully tested.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, 24 September 2017

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Cloud Best Practices Privacy Email Hackers Malware Technology Business Hosted Solutions Computer Internet Windows 10 Business Computing Microsoft Backup Software IT Services Productivity Windows Hardware Ransomware Google Smartphone Data Phishing App User Tips Data Management Network Security Facebook Upgrade Saving Money Mobile Devices Gmail Business Continuity Microsoft Office Internet of Things Big Data Word Android Smartphones Efficiency Cloud Computing Workplace Tips Office Tips IT Support Small Business Disaster Recovery Spam Miscellaneous Managed Service Provider Managed IT Services Social Media Apple Settings Customer Service Content Filtering Remote Monitoring Robot Office 365 Server Innovation Data storage Data Recovery WiFi Browser Administration Windows 10 VoIP Password IBM Wireless Tip of the week End of Support Apps Encryption Customer Relationship Management Network Hacking Productivity Firewall Save Money Hosted Solution Passwords Presentation IT Support Avoiding Downtime YouTube Hacker SaaS communications Office Wireless Technology Managed IT Services Recovery Printing Risk Management IT Management Unified Threat Management Monitors Telephone Systems Google Drive Outsourced IT LiFi Cybersecurity Employer-Employee Relationship Mobile Device Chrome Analytics Safety Artificial Intelligence Outlook The Internet of Things Search Money Deep Learning Touchscreen Virtualization Humor Hacks Shortcut Social Engineering Disaster Spyware Users Budget Superfish Bring Your Own Device sip Politics Patch Management Buisness Uninterrupted Power Supply Collaboration Mouse IT solutions telephony Best Practice Tablet User Vulnerability How To Solid State Drive Wi-Fi How To Cortana File Sharing Storage Samsung Business Growth Heating/Cooling Network Congestion Competition IT service Websites Current Events VPN Downtime Hard Disk Drive Virtual Reality 5G Firefox Legal Dark Data Alt Codes Servers Computers Cybercrime BDR Going Green Virtual Private Network Two-factor Authentication Knowledge Marketing Typing Server Management Display Google Maps Mail Merge IP Address Unified Communications Experience Operating System Cryptocurrency Statistics Running Cable Website Maintenance Digital Payment Computing Address Virtual Desktop Mobile Office Quick Tips Hard Drives Bitcoin Bluetooth Automation Laptop Corporate Profile Information Technology Data Backup Mobile Device Management VoIP Refrigeration Google Docs Computer Care Windows 8 Antivirus Communication Halloween Public Speaking WannaCry Google Wallet Vendor Management Lithium-ion battery Augmented Reality Time Management Training Writing Scary Stories Cabling Data loss Automobile Drones Business Technology Bandwidth Fun Network Management Undo Social Managed IT Retail Sports Infrastructure Digital Application Gadgets Lenovo Education Remote Computing Web Server GPS Holiday Business Management Computer Repair Processors Cameras Tracking CrashOverride Health Alert CCTV Document Management Tech Support Mobile Computing Electronic Medical Records Identity Theft Travel G Suite Notifications Supercomputer Botnet Upgrades Motion Sickness Taxes Crowdsourcing IT Budget Machine Learning 3D Printing Update IT Consultant Government Relocation Unsupported Software Chromebook Meetings Cleaning BYOD Domains Private Cloud Mobile Data Emoji Webcam Work/Life Balance Error Emergency Black Market Point of Sale Law Enforcement Physical Security Twitter Paperless Office Staffing Gadget Administrator Personal Information