Coleman Technologies Blog

Technology is increasingly important for business, which is why when making decisions about what technology to use and how to use it, decision makers need all the information they can get. Since businesses today depend more on software than ever, it is extremely important that you know why it is so important to keep your business’ applications updated and patched. 

For the small business, technology is an issue; and reasonably so. For something that holds so much importance for an organization, there are bound to be problems attached. These problems can disrupt efficient workflows and ruin some situations. In this week’s blog, we will take a look at four things you can do to cut down on your technology troubles. 

Even the solutions designed to keep businesses and organizations safe are vulnerable to the threat of a cyberattack, as when it all boils down, these tools are still software solutions, no matter how secure they might be. The company in question today—Barracuda—is a huge name in the cybersecurity industry, and it has become the victim of a zero-day exploit. Let’s go over how you can prevent your business from experiencing the same thing.

It’s easy to use the terms “patches” and “updates” as if they mean the same thing, and they are often used interchangeably within the same context. However, understanding the difference between the two can make a world of difference in terms of how you approach implementing each of them. We’re here to clear things up a bit and help you better understand the patches and updates you deploy on a month-to-month basis.

With so much computing now done in cloud environments, it is important to address how this approach can benefit security, but still need to be secured.

How Patches Benefit from the Cloud

It isn’t a secret that any kind of software, from applications to entire operating systems, can have holes in it. These security flaws and issues could easily leave a business vulnerable to attack if they aren’t resolved. This is why software developers will issue patches, which are just corrections to these mistakes, for users to install. By applying the patch, the user is protecting themselves from threats that would otherwise exploit that vulnerability - but just on the system where the patch is installed.

Now, consider how many computers some companies use, and all of the different software titles that would be found on each.

Can you imagine going to each one and applying an update, each time a patch was released? Furthermore, you have to consider that more and more devices are mobile nowadays. This means that there is no guarantee that every device is present when someone goes on their patch application marathon. Factors like these frequently lead to incomplete patch deployments, and as a result, holes in organizational security.

However, by utilizing the cloud as you manage your organization’s patches, the device no longer has to be present in order to receive the patch. Instead, the cloud can be used to push it out to all of your devices, so once they connect to the Internet, the patch will be implemented. This means you can keep your employees using the solutions you want them to use, assisting both your productive operations and your security.

How the Cloud Benefits from Patches

However, it is important to take note that all the cloud is, is a computer located somewhere else (often owned by someone else). As a result, it can also be vulnerable to flaws and issues of their own - which is why you need to be sure that your cloud provider is properly maintaining the cloud solution with its own patches. This is especially the case if you are using an internal cloud solution.

Coleman Technologies can help you keep up on your updates, whether they involve the cloud or not. Reach out to us at (604) 513-9428 to learn more about our services.

The two vulnerabilities were patched off of Microsoft’s typical “patch Tuesday” due to the urgency. Most Microsoft patches are released on the second Tuesday of the month. The fact that these two were released ahead of time might seem like an insignificant occurrence, but the reality is this event is a major red flag.

Internet Explorer Zero-Day

The most significant patch was for a zero-day vulnerability that was found in Internet Explorer. It may be hard to believe, but people are indeed still using this antique browser to surf the web. The term zero-day suggests that the vulnerability that was discovered, had already been exploited by ill-minded cybercriminals. 

While not much information has been released on the event, Microsoft did call it a remote code execution exploit that, if accessed, could have given a user control of another user’s account. The attack requires phishing someone who is exploring the internet on Internet Explorer, and luring them onto a malicious website. Once there, an attacker would be able to gain access over the victim. 

Internet Explorer is such a forgotten browser that the event did not spark a lot of controversy. This is largely due to the fact that Internet Explorer makes up just two percent of the active market share. However, for the relatively small amount of users that continue to surf, an event like this is still a huge disaster. 

Microsoft Defender DOS Bug

The second patch that Microsoft expedited was a denial of service vulnerability in Microsoft Defender. The antivirus program comes standard in all Windows 10 PCs, and truly is the core of Windows 10’s sterling security record. 

The bug that was discovered wasn’t necessarily obvious, or easily exploitable. In order to do so, the attacker would need the ability to read, understand, and write code. Doing so would allow them to disable Windows Defender components, giving the attacker access. This would give them free rein to do whatever malicious act they chose to deploy. 

Patches aren’t optional. If you are worried about your business’ vulnerability, speak to one of our experts at Coleman Technologies. We have the know-how to keep your software up to date. Give us a call at (604) 513-9428 today!