Dear Clients & Associates
Please read this notice and/or forward it to the appropriate person.
Subject: Microsoft Releases Emergency Critical Patch
Microsoft issued an emergency critical update Thursday (10-23-08) addressing a malicious Internet worm that could allow attackers to infiltrate systems remotely and take control over users' computers without any user interaction.
Typically, Microsoft issues regularly scheduled updates on the second Tuesday of every month. The fact they released what is known as an "out-of-band" patch indicates that they believe the vulnerability could be severe.
This vulnerability, which affects almost every Windows operating system, is rated critical for multiple versions of Windows 2000, XP and Server 2003, but is given the less severe rating of "important" for Vista and Server 2008.
If left unpatched, this vulnerability could allow remote attackers to infiltrate systems in order to take control of users' computers and steal data without any contact with a user. Once a machine is infected, it has the ability to rapidly spread to other vulnerable computers within the network.
While all of TrustPoints Support Clients are protected by internet firewalls and End-Point Security Software, we haven’t seen any information on the possible vectors of attack. We don’t know if the current exploits were direct, or if they were delivered via web-browsing, email, instant messenger, etc. And we certainly can’t be sure about the status of PCs that are brought into the office from the outside. Once an infected machine is on the network, it will attempt to infect others.
We typically test any updates first, because on occasion a Microsoft update can cause issues with a system in general and application software in particular. In this case, we will be updating all server and workstations asap. If you are not a Support Client or you don’t keep up on patches, we suggest you consider applying at least this one patch as soon as possible. If you are concerned about your application software, please contact their support staff or website for information. Please be advised that some Microsoft Patches will require a reboot of the system to finalize installation.
If you have any questions on this issue, how it applies to your environment or how to apply the patch, please contact your assigned Engineer, our HelpDesk at 440-325-2102 or me directly at 440-325-2101.
For more information on this vulnerability please visit:
http://www.sophos.com/support/knowledgebase/article/47804.html
http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx
Regards,
Dave
440-325-2101
Friday, October 24, 2008
Sunday, October 5, 2008
Holiday Shopping Warning
Dear Clients & Associates,
As we enter into the fall season, we begin to hear talk of the upcoming holidays. While some employees’ have already begun making a list and checking it twice, about 1 in 5 office workers will do some, if not all of their holiday shopping online during work hours. The average amount of time an employee spends shopping for holiday gifts alone can be a staggering 16 hours during the month of December. This is a costly and possibly dangerous way for employees to spend company time and resources, even if they are on their lunch hour.
The holidays place extreme demands on our time and pulling up our favorite shopping sites while at the office may seem like a harmless task, or is it? More than ever before employers need to be cautious about employee’s online activities. Most employees are unaware that the features that make many common websites appealing and user friendly can be compromised and expose your network to worms, trojans, viruses and hackers. The use of your internet connection for online shopping may significantly impact the performance of other business applications in your office.
It is becoming more and more common for the websites of trusted retailers and financial institutions to be defaced, attacked or hacked. These “trusted” sites can easily deliver malicious code to unprotected computers and servers on your network. And, just because it was safe last week doesn’t mean it is safe this week. Additionally, there are spoofed sites that can be presented by search engines that look just like “trusted” sites such as Amazon, Newegg, Overstock and even eBay, but they’re not! These spoof sites are designed to look exactly like the real thing so that you will feel comfortable and safe while entering your user name and password and even your credit card information. These scenarios pose a major threat on a professional and a personal level. While most employees understand the threat that viruses pose, they don’t understand the threats from spy-ware and other malicious code.
With regulatory acts such as HIPPA, GLB, SOX and PCI, businesses need to be vigilant and insure that a compromised PC doesn’t leak sensitive information and expose the company to legal or financial risks. It might interest you to know that a poll by the American Management Association and the ePolicy Institute indicates that 26 percent of companies have terminated employees because of internet misuse.
Most companies have policies in place that define the use of their electronic systems. Make sure your employees are familiar with your company's policies. Companies have a right to monitor employee’s electronic activities and it’s not just limited to the Internet or email system. This extends to voice mail, instant messages, and even postings employees have made on blogs and online message boards. Most electronic activity can be tracked and logged. Logs are usually created in email systems, content filters, browsers, firewalls, etc.
There are several options available to help ensure the safety of your company’s electronic information and assets. While we all understand that it may not the intent of employee’s to harm company assets, we need to be diligent in our efforts to prevent and control disasters from occurring. We suggest that you discuss these issues and any concerns you may have with your Network Engineer or give our Helpdesk (440-325-2102) a call and ask about a Network Health Audit.
Regards,
David
Still not Convinced? Check out these statistics:
• Non-work related Internet surfing results in up to a 40% loss in productivity each year at American businesses.- Gartner Group
• Employees use company high-speed Internet access to visit sites such as Broadcast.com and MP3.com more frequently at work than they do at home because of the high-speed Internet access at work.-Nielsen Ratings
• 85.6% of employees use office email for personal reasons.- NFO Worldwide
• 70% of all web traffic to Internet pornography sites occurs during the work hours of 9am-5pm.- Sex Tracker
• 92% of online stock trading occurs from the workplace during work hours.
• 64% of employees have received politically incorrect or offensive emails at work.- Business Week
• 30% of American workers watch sports online while at work.
• 24% of American workers admit to shopping online while at work.
• 30 to 40% of Internet use in the workplace is not related to business.- IDC Research
• 37% of workers say they surf the Web constantly at work.- Vault.com
• 77.7% of major U.S. companies keep tabs on employees by checking their e-mail, Internet, phone calls, computer files, or by videotaping them at work.- American Management Association
• 63% of companies monitor workers' Internet connections and 47% store and review employee e-mail.- American Management Association
• 26% of companies say that they've fired employees for misuse of office e-mail or Internet connections, and 65% report some disciplinary measure for those offenses.- American Management Association
As we enter into the fall season, we begin to hear talk of the upcoming holidays. While some employees’ have already begun making a list and checking it twice, about 1 in 5 office workers will do some, if not all of their holiday shopping online during work hours. The average amount of time an employee spends shopping for holiday gifts alone can be a staggering 16 hours during the month of December. This is a costly and possibly dangerous way for employees to spend company time and resources, even if they are on their lunch hour.
The holidays place extreme demands on our time and pulling up our favorite shopping sites while at the office may seem like a harmless task, or is it? More than ever before employers need to be cautious about employee’s online activities. Most employees are unaware that the features that make many common websites appealing and user friendly can be compromised and expose your network to worms, trojans, viruses and hackers. The use of your internet connection for online shopping may significantly impact the performance of other business applications in your office.
It is becoming more and more common for the websites of trusted retailers and financial institutions to be defaced, attacked or hacked. These “trusted” sites can easily deliver malicious code to unprotected computers and servers on your network. And, just because it was safe last week doesn’t mean it is safe this week. Additionally, there are spoofed sites that can be presented by search engines that look just like “trusted” sites such as Amazon, Newegg, Overstock and even eBay, but they’re not! These spoof sites are designed to look exactly like the real thing so that you will feel comfortable and safe while entering your user name and password and even your credit card information. These scenarios pose a major threat on a professional and a personal level. While most employees understand the threat that viruses pose, they don’t understand the threats from spy-ware and other malicious code.
With regulatory acts such as HIPPA, GLB, SOX and PCI, businesses need to be vigilant and insure that a compromised PC doesn’t leak sensitive information and expose the company to legal or financial risks. It might interest you to know that a poll by the American Management Association and the ePolicy Institute indicates that 26 percent of companies have terminated employees because of internet misuse.
Most companies have policies in place that define the use of their electronic systems. Make sure your employees are familiar with your company's policies. Companies have a right to monitor employee’s electronic activities and it’s not just limited to the Internet or email system. This extends to voice mail, instant messages, and even postings employees have made on blogs and online message boards. Most electronic activity can be tracked and logged. Logs are usually created in email systems, content filters, browsers, firewalls, etc.
There are several options available to help ensure the safety of your company’s electronic information and assets. While we all understand that it may not the intent of employee’s to harm company assets, we need to be diligent in our efforts to prevent and control disasters from occurring. We suggest that you discuss these issues and any concerns you may have with your Network Engineer or give our Helpdesk (440-325-2102) a call and ask about a Network Health Audit.
Regards,
David
Still not Convinced? Check out these statistics:
• Non-work related Internet surfing results in up to a 40% loss in productivity each year at American businesses.- Gartner Group
• Employees use company high-speed Internet access to visit sites such as Broadcast.com and MP3.com more frequently at work than they do at home because of the high-speed Internet access at work.-Nielsen Ratings
• 85.6% of employees use office email for personal reasons.- NFO Worldwide
• 70% of all web traffic to Internet pornography sites occurs during the work hours of 9am-5pm.- Sex Tracker
• 92% of online stock trading occurs from the workplace during work hours.
• 64% of employees have received politically incorrect or offensive emails at work.- Business Week
• 30% of American workers watch sports online while at work.
• 24% of American workers admit to shopping online while at work.
• 30 to 40% of Internet use in the workplace is not related to business.- IDC Research
• 37% of workers say they surf the Web constantly at work.- Vault.com
• 77.7% of major U.S. companies keep tabs on employees by checking their e-mail, Internet, phone calls, computer files, or by videotaping them at work.- American Management Association
• 63% of companies monitor workers' Internet connections and 47% store and review employee e-mail.- American Management Association
• 26% of companies say that they've fired employees for misuse of office e-mail or Internet connections, and 65% report some disciplinary measure for those offenses.- American Management Association
Subscribe to:
Posts (Atom)
