IT News

If you have not updated your Apple devices (iPhone, iPad, Apple Watch, or computer yet), Apple is urging its customers to do so immediately. After researchers at Citizen Lab discovered a breach in Apple’s software, the security team at Apple went into action to address the matter and release an update. The origins of the spyware called Pegasus was developed by the NSO Group. The exploit is considered a “zero click remote exploit, which enables criminal elements and foreign adversaries to turn on the camera and microphone and record calls, texts and emails on any Apple device.

Microsoft has gone to great lengths to improve their Teams app by adding new and improved features since businesses have moved to remote working one year ago. Microsoft’s next step in developing a more robust videoconferencing service comes by adding PowerPoint Live to Teams. Before this update drops, Teams meeting participants can only display their presentations by capturing their screen. But with the addition of PowerPoint Live, presenters can stream their presentations directly through the meeting app. Not only does this streamline presentations, but it allows speakers to “read the room” within the meeting and more easily view the meeting’s chat for questions or comments. The presenter needs to open the PowerPoint deck they want to show and then click on the Present in Teams button to use this feature. The feature is limited to Microsoft’s customers with an Office 365 E3/A3, Office 365 E5/A5, or Microsoft 365 for Government license. To aid Microsoft blogger Lishan Yu has released an article on the feature to help ease users in with a tutorial on the anticipated update. Yu also states that PowerPoint Live will first come to Teams in the beta channel version 2104 (Build 13926.20000) and later. To read Lishan Yu’s tutorial, Click Here. To learn more about PowerPoint Live in Microsoft Teams, Click Here.

This white paper from Amazon outlines how you can use Amazon Web Services (AWS) to run sensitive workloads regulated under the U.S. Health Insurance Portability and Accountability Act (HIPAA). It focuses on the HIPAA Privacy and Security Rules for protecting Protected Health Information (PHI), how to use AWS to encrypt data in transit and at-rest, and how AWS features can be used to run workloads containing PHI. Click Here to view the white paper.

Microsoft Windows has begun releasing updates in hopes of fixing a bug that bluescreened computers when using specific printers. The first fix released on Monday, March 15th, resulted in users reporting in printers spitting out blank pages or with missing graphics. Microsoft released a second patch on Thursday, March 18th, with users saying, for the most part, that it’s fixed the issue and they can print again without bluescreening. If you haven’t already, you can get this update simply by going to Settings > Update 7 Security > Windows Update. You can manually download it from the Microsoft Update Catalog website or see Microsoft’s Documentation instructions on how to update your Windows Server Update Services (WSUS). March 18, 2021—KB5001649 (OS Builds 19041.870 and 19042.870) Out-of-band Release Date: 3/18/2021 Highlights Updates an issue that fails to print the graphical content in a document after installing the March 9, 2021 update. IMPORTANT As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update (WU) and Windows Server Update Services (WSUS). Installing KB4577586 will remove Adobe Flash Player permanently from your Windows device. Once installed, you cannot uninstall KB4577586. For more details about Microsoft’s plans, see Update on Adobe Flash Player End of Support. This bug initially came from the March 9th, 2021 update, KB5000802, and was previously covered on the Nims Associates website. For more information on the bug and its updates, click here.

Following news on Microsoft Exchange server attacks, now Microsoft Windows’ infamous Blue Screen of Death has made a resurgence when printing under certain conditions in recent March updates. After downloading last Tuesday’s 03/09 KB500802 patch, you might receive an APC_INDEX_MISMATCH error with a blue screen when attempting to print to certain printers in some apps. The platformed affected by this issue include: Client: Windows 10, version 20H2; Windows 10, version 2004; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803 Server: Windows Server, version 20H2; Windows Server, version 2004; Windows Server, version 1909; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803 Microsoft has identified that this impacts a subset of Type 3 printer devices. To learn what Type your printer driver is, follow these steps: Press the Windows key+r or select Start and type run and select it. Type printmanagement.msc and press enter or select the OK button. If Print Management opens, continue to step 4. If you receive the error, Windows can not find ‘printmanagement.msc’. Then select Start and type manage optional features and select it. Select Add a Feature and type print, select the check box next to Print Management Console, and select install. You will now need to start at step 1 again. Expand Print Servers, expand your computer’s name, and select Printers. You can now see the Driver Type for each of your installed printer drivers. Microsoft provides a workaround to mitigate the problem with this video. The Command Prompt commands from the video are as follows (you will need to replace KX driver for Universal printing with the name of your printer, as explained in the video): rundll32 printui.dll,PrintUIEntry /Xg /n “KX driver for Universal printing” rundll32 printui.dll,PrintUIEntry /Xs /n “KX driver for Universal printing” attributes +direct To learn more about the issue, click this link for the official documentation. https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-20h2#1570msgdesc

Late Thursday Microsoft issued a warning of another threat to Microsoft Exchange (Outlook). Microsoft discovered a new family of ransomeware known as DearCry being used to direct attacks on un-patched on-premise Exchange Servers. In response Microsoft released an update today that serves as a temporary measure to help protect users from vulnerable machines. This is the second attack in just 10-days against Microsoft after initially discovering a foreign state sponsored hacking group was able to breach on-premise Exchange Servers via zero-day vulnerabilities. As of March 10th it was reported that up to 125,000 Exchange Servers remain vulnerable to the initial attack.

This week Microsoft announced an exploit in public facing on-premise versions of Exchange server (Outlook) after discovering it was breached by Chinese state-sponsored hackers. The hackers were able to access Exchange through un-realized vulnerabilities. According to researches at Volexcity, the hack appears to have started as early as January 6. The foreign hackers gained access by using stolen passwords or applied zero-day vulnerabilities to mask themselves as a person with legitimate access.     Zero-day refers to a newly discovered software vulnerability whereby the software developer has “zero days” to fix a problem that has been just discovered. The hackers capitalized on the attack through leased virtual private servers in the U.S. The intent of the hack was to gain access into critical governmental agencies, competitive industries in order to extract classified information and intellectual property. What does this mean? What this means is many organizations are currently susceptible to information stealing. The modus operandi of state sponsored hacking is to thoroughly study everything in the organization over a lengthy period for more coordinated efforts into broader exploits by stealing the full contents of user mailboxes. What can you do? Microsoft has released emergency patches for Exchange 2013, 2016 and 2019. Although it has been reported that Exchange 2010 is not affected by the breach, Microsoft has released a patch for it anyway as an extra measure of precaution. The patches are available on the Microsoft Tech Community Site for internal IT personnel or outside IT support to deploy.

Microsoft Windows has begun releasing updates in hopes of fixing a bug that bluescreened computers when using specific printers. The first fix released on Monday, March 15th, resulted in users reporting in printers spitting out blank pages or with missing graphics. Microsoft released a second patch on Thursday, March 18th, with users saying, for the most part, that it’s fixed the issue and they can print again without bluescreening. If you haven’t already, you can get this update simply by going to Settings > Update 7 Security > Windows Update. You can manually download it from the Microsoft Update Catalog website or see Microsoft’s Documentation instructions on how to update your Windows Server Update Services (WSUS).

Adobe Flash Player’s death knell has tolled for four long years. In 2017, Adobe announced its End of Life (EOL) plans to terminate the multimedia software after 2020. January 12, 2021, has come and gone, taking Flash with it. However, its ghost still lingers and can cause problems if not uninstalled immediately. The Flash Player has become notorious for its easily hackable architecture that has allowed ne’er-do-wells to inject malware into Flash user’s computers. It has been so infamous that Apple’s late co-founder, Steve Jobs, drafted a letter in 2010 criticizing its poor performance, the massive power draw on devices, and inadequate security. With Adobe stopping support, it is only that more likely for hackers to exploit the media player. Adobe urges that users uninstall the software immediately to evade such attempts. Luckily, this long-anticipated end has been planned for and will likely not heavily impact web browser usage as sites switched to new, more reliable software or even create their own “flash players,” as New Grounds did. Newgrounds, a web-based video game and video animation site, has built all of its content almost entirely on Flash Player for the past 20 years. Anticipating the EOL of Flash spurred them to create their own “Newgrounds Player” to continue to support their over 80,000 games and 150,000 animations.