TechKnowledge Base – Edition 2

 

 

ACTION RECOMMENDED – Windows Vulnerability

The following legacy OS versions (Windows 7 / XP / XP Pro / XP Embedded and Windows Server 2008 / 2003) are susceptible to CVE-2019-0708, a critical Remote Code Execution vulnerability.

Given the potential impact to customers and their businesses, Microsoft has made the security updates available for platforms that are no longer offered mainstream support.

View MS Patch

Despite the patches being made available by Microsoft, GBS recommends moving away from any operating system that is not fully supported by the manufacturer. If your organization is running any of these legacy operating systems – contact us to discuss an upgrade plan.

 

 

ACTION RECOMMENDED – CISCO Flaw

A flaw in many Cisco routers puts work email and so much more at high risk.

The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation.

It is vulnerable to remote tampering. And it gets worse because the data is stored unencrypted in flash that is accessible to the main processor. This allows an update to the firmware. Since the firmware can be modified, the device may need to be replaced to resolve the compromise.

Bad actors can load code using this method and compromise the router completely. Allowing internal communications that aren’t always encrypted with strong encryption to be read by the bad actors.  

Click the link below to read more about the issue and see the affected CISCO products.

View Cisco Security Advisory

 

 

 

 

Yes – We Really Do This

Recently, it came to our attention that some clients and friends were not aware of the breadth and depth of the solutions we design and deploy. 

Would it surprise you to know that GBS is much more than an IT-only solutions provider?

In fact, we are the only fully-integrated technology solutions provider in Greater Cincinnati. Over our nearly 25 years in business, we have built an unmatched level of in-house competencies delivered by industry-certified technicians.

Solutions include:

  • Cloud Services
  • Application Development
  • Web Development & Management
  • Structured Cabling
  • Audio/Video
  • Automated Lighting, Window Shading
  • Access Control
  • Video Surveillance
  • Unified Communication solutions
  • Cyber Security; and of course
  • Full-service IT Solutions and Managed IT Services

The next time you need a new technology solution – think GBS.

 

 

 

CISA Releases Key Observations

According to the May 13th released Security Report issued by the Department of Homeland Security’s Cyber + Infrastructure Security Agency (CISA), a dramatic increase in the number of risks are being reported during Microsoft Office 365 and cloud service migrations. 

 Top vulnerabilities: 

  • Multi-factor authentication not enabled 
  • Mailbox auditing disabled
  • Password sync enabled
  • Authentication unsupported by legacy protocols

With a multitude of Office 365 migrations and hundreds of successful cloud deployments, GBS’ cloud-certified engineers have the experience and training to eliminate risks during your next cloud deployment.