Your Search Bar Is Now More Secure

Your Search Bar Is Now More Secure

August saw yet another Patch Tuesday designed to resolve security issues in Microsoft products. Out of the 48 vulnerabilities resolved, 15 affected Windows, while 25 were rated as critical, 21 as important, and 27 that allowed for remote code execution. This might sound a little overwhelming, so we’ll try to simplify it a bit--a lot of flaws were fixed, and the majority of them can be considered dangerous for your organization.

Since only 15 affected Windows itself, you might be wondering where the others were applied. Other Microsoft products, including Internet Explorer, Microsoft Edge, Sharepoint, SQL Server, Hyper-V, and Kernel, all required a response from the developer. Only two of these flaws affected all versions of Windows and Windows Server, yet none of them were being exploited in the wild by hackers trying to find their next victim.

There is one vulnerability, however, that should require your immediate attention, and this is the one which targets the Windows Search function in your device. The vulnerability in question, CVE-2017-8620, can be exploited remotely via Server Management Block (SMB) to take over a system. This includes both a Windows workstation or a Windows Server unit. Thankfully, the flaw doesn’t exist in SMB itself, and is unaffected by the dangerous threats like the WannaCry ransomware and NotPetya.

According to the Windows advisory, the vulnerability is exploited through the way that Windows Search handles objects in memory. Basically, hackers can send specialized messages through Windows Search to change user permissions. Once they have done so, the possibilities are limitless. Hackers could install, remove, or change applications on the targeted device, as well as view, change, or delete data stored on it. Even scarier is the ability to create an entirely new account with full administrator privileges.

This type of vulnerability is something out of a hacker’s dream, allowing them to take full advantage of a victim’s computer with relatively little trouble. The good news is that as long as you apply the required patches and security updates, the issue can be resolved easily enough. How does your organization combat vulnerabilities? You need to implement patches and security updates in at least some capacity, as not doing anything at all is a recipe for disaster--especially with a threat as thorough as the one mentioned above. Thankfully, there is a solution for organizations that either don’t have the time or the resources to implement patches in a timely manner.

Outsourced IT services, including remote patching and maintenance, can be acquired by organizations of all sizes, without breaking your budget or dragging down operations due to maintenance. You can take advantage of enterprise-level solutions designed to help your organization optimize security, without hiring an internal IT department and adding new salaries to your budget. Haber Group can help your business identify and repair weaknesses in its computing infrastructure. To learn more, reach out to us at 866.625.3560.

Our clients that are subscribed to our Managed IT services will be covered and will be getting the Windows updates once it has been fully tested.

Protecting Your Data Is Easier With A VPN
Tip of the Week: 3 Tips to Turn You Into An Outloo...


Already Registered? Login Here
No comments made yet. Be the first to submit a comment

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Email Hackers Privacy Malware Business Internet Business Computing Microsoft Hosted Solutions Computer Software Windows 10 Ransomware Google Network Security Backup Smartphone User Tips Android Mobile Devices IT Services Hardware Small Business Data Management Windows Browser Gmail Productivity Managed IT Services Tech Term Saving Money App Business Continuity Data Cloud Computing Facebook Internet of Things Server Phishing Data Recovery Encryption IT Support Word Remote Monitoring Business Management Artificial Intelligence Office 365 Disaster Recovery Smartphones Managed Service Provider Cybersecurity Efficiency Upgrade Social Media Office Tips Workplace Tips Chrome Infrastructure Outsourced IT IT Support Government Big Data Windows 10 Tip of the week Data Backup Productivity Microsoft Office Spam Innovation Customer Service Apple Settings Analytics Data storage Employer-Employee Relationship Two-factor Authentication Content Filtering Managed IT Services Firewall Bandwidth IT Management Passwords YouTube WiFi communications Miscellaneous Robot Avoiding Downtime Money Risk Management The Internet of Things Vulnerability Applications Antivirus VoIP Communication Augmented Reality Paperless Office Save Money Data Security Data loss LiFi Business Technology SaaS Network Virtual Private Network Safety Apps Hacker Storage Server Management Hacking Holiday Unified Threat Management Hosted Solution Telephone Systems Outlook Mobile Device Monitors BYOD Maintenance Presentation Search HIPAA Printing IBM Office Scam Tablet Automation Wireless Wireless Technology End of Support Recovery Administration Computing Customer Relationship Management Password Mobile Security Google Drive Wi-Fi Virtual Reality Website VPN Mouse Vendor Management Break Fix Cookies Cabling Information Technology Cooperation Hard Drives eWaste Firefox Best Practice telephony BDR Servers Writing Hotspot Professional Services Google Docs Black Friday Regulations 5G Network Management Windows 8 Computers Microsoft Excel Star Wars Cortana Multi-Factor Security Mirgation Halloween Cables Dark Web User Nanotechnology Fun Remote Computing Managed IT Google Wallet Staff Refrigeration Continuity Business Growth Techology Google Maps Current Events Retail Language USB Smart Office Digital Lenovo Cyber Monday Social Networking Public Speaking Downtime Wires Touchscreen Display Blockchain Cost Management Mail Merge Legal Google Calendar Chatbots Competition Scary Stories Unified Threat Management Dark Data Net Neutrality Screen Reader Disaster Shortcut Drones Printer Wearable Technology IP Address Cybercrime Digital Payment Solar Alt Codes Statistics Going Green Social Engineering Computing Infrastructure Dongle Politics Work Spyware Superfish Smart Technology Motherboard Chromebook Voice over Internet Protocol Social Permissions Assessment Knowledge Address Legislation Identity Sports Collaboration Quick Tips Typing User Error FCC Smart Tech Education Uninterrupted Power Supply Patch Management Access Control Mobile Office Undo Business Intelligence Bluetooth Marketing Alerts Service Level Agreement Tech Support Document Management Optimization Deep Learning Humor Distributed Denial of Service Router Hacks Gadgets Fraud Application Internet Exlporer Experience Unified Communications Computer Care Corporate Profile Operating System Comparison File Sharing VoIP Cryptocurrency Title II Connectivity Samsung Solid State Drive Budget SharePoint Mobile Device Management Virtualization Running Cable Modem Virtual Desktop How To Licensing Websites Identity Theft Recycling How To Bring Your Own Device Networking sip Managed IT Service IT service Heating/Cooling Users Value Training WannaCry Specifications Compliance Buisness Time Management Bitcoin Network Congestion Online IoT IT solutions Hard Disk Drive Downloads IT Technicians Lithium-ion battery Laptop Automobile Twitter Botnet Supercomputer Mobile Computing Gadget Staffing Domains Motion Sickness Crowdsourcing Taxes Physical Security Personal Information Administrator Web Server Upgrades Machine Learning IT Budget GPS Update IT Consultant Computer Repair Processors Cameras 3D Printing Relocation Tracking Meetings Cleaning Health Alert CCTV Unsupported Software Private Cloud Webcam CrashOverride Emoji FinTech Work/Life Balance Electronic Medical Records Mobile Data Error Company Culture Black Market Point of Sale Law Enforcement Emergency Travel Notifications G Suite Managing Stress